Analysis
-
max time kernel
177s -
max time network
190s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
23-05-2024 08:27
Static task
static1
Behavioral task
behavioral1
Sample
6a574bd205a965a3dd98c73f298d18c8_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6a574bd205a965a3dd98c73f298d18c8_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
6a574bd205a965a3dd98c73f298d18c8_JaffaCakes118.apk
-
Size
22.7MB
-
MD5
6a574bd205a965a3dd98c73f298d18c8
-
SHA1
6215d46e938a8ed2283670ccd574adec4b663c37
-
SHA256
4f741736c872428c891ee892f9fa4b0ab7a98662b9b73556641a7ead144352c5
-
SHA512
85cee1ccbe351565c6acd818118db25629e113d9deeaee9038d99d347b0dd4bb8e2d48dbcc4cf17b0c08ae867309ea2ae7b0399404ecb4c50a81313bd5e8a669
-
SSDEEP
393216:033IeLpluNKBBj+Jol/XA1imiZa1cmE9dl2uFPV2TTVPEgkbRhM0mDdp7j8wS/4+:OIIXuNKBBj+wdY1cnPjFPQV8gw7LUXS1
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.songcw.employeecom.songcw.employee:pushcoredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.songcw.employee Framework service call android.app.IActivityManager.getRunningAppProcesses com.songcw.employee:pushcore -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.songcw.employeecom.songcw.employee:pushcoredescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.songcw.employee Framework service call android.app.IActivityManager.registerReceiver com.songcw.employee:pushcore -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.songcw.employee:pushcorecom.songcw.employeedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.songcw.employee:pushcore Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.songcw.employee -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.songcw.employee:pushcoredescription ioc process Framework API call javax.crypto.Cipher.doFinal com.songcw.employee:pushcore
Processes
-
com.songcw.employee1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
com.songcw.employee:pushcore1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.songcw.employee/files/jpush_stat_history/active_user/nowrap/1528f11c-2117-44db-ad5d-7b3050b6416fFilesize
159B
MD52322aa986672b44b7e4bea59972f0d74
SHA1ca85dbcdf5a0b2def635f61afaef1bb5f6bf6da3
SHA2561ccfbcde4c81ff40e97aacbd082f4f61f8372a2357da6bfb22c959a050d14886
SHA51292cf4214cc6e7540631d3b33d28e7d8048a60cc2a2c515420e674d0ea01d78299f0ab08ee8cf58d102299268f118f82288959a50d98728974405a0b8e80c84d0
-
/data/data/com.songcw.employee/files/jpush_stat_history_pushcore/normal/nowrap/b0153131-6450-41f5-b8e4-3c61cdda35c2Filesize
187B
MD5db93ae0beca9676e453d3fa7d05a82f2
SHA174b97ea5e8ae28f19a7ceffa926095a328a4e3ce
SHA25614146ba3d336fe635f65f3990b50f39022e66edb985efbe106fdb3708620c794
SHA512f2b53f6d1ce4094c4623a7246e8c5947a8d2402eb74e2dd9e0f73e11ccb440ea839d96dc775408e183abbca5fb5206f1927af85cee083006badd7d3a29bb791a
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD57519e63d74670ca44e5c9eab16eaaf69
SHA16b2f30f59f4b7717f4d5d6587e426f30ef36e200
SHA25662f63788229204b713f71283d1720e933e00a5c618947f92bb15939e0258af39
SHA51243cddc15f810bc9fb5f6cf8982a451e0c92288fe06d12bd3021f16c571f9475118c96441e5df023f8e8c4e41422defa9f84e749718ef352e023cec1b7b253a24