Analysis
-
max time kernel
64s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
23-05-2024 10:54
Static task
static1
Behavioral task
behavioral1
Sample
6ab48143125de5598a5c4d8d80092954_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6ab48143125de5598a5c4d8d80092954_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6ab48143125de5598a5c4d8d80092954_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6ab48143125de5598a5c4d8d80092954_JaffaCakes118.apk
-
Size
2.0MB
-
MD5
6ab48143125de5598a5c4d8d80092954
-
SHA1
53c62c6a12ffb7a54b4a27a108587656b5901c06
-
SHA256
76bc03a9c2c03fd86eef6e7e562eaa18fb184daff791b59d29c69c66604a812c
-
SHA512
8ad50bff70891def71c212208f05cf1da2d2e1438a957a14f72f56998707fc1ebe57c91cc6f48ebde1cbbc60401c2c633d06befa2fbc4fccb68e6a69832b0897
-
SSDEEP
49152:D0D77lEdgMINw6QaCza7kW9u0kzH81E954Ut:o7l5Nw6Qaya7kSnkDOE954Ut
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.losg.xiaozhulaihuaioc process /system/app/Superuser.apk com.losg.xiaozhulaihua /system/bin/su com.losg.xiaozhulaihua -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.losg.xiaozhulaihuadescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.losg.xiaozhulaihua -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.losg.xiaozhulaihuadescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.losg.xiaozhulaihua -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.losg.xiaozhulaihuadescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.losg.xiaozhulaihua -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.losg.xiaozhulaihuadescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.losg.xiaozhulaihua -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.losg.xiaozhulaihuadescription ioc process Framework API call android.hardware.SensorManager.registerListener com.losg.xiaozhulaihua
Processes
-
com.losg.xiaozhulaihua1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.losg.xiaozhulaihua/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDYxNjcwMDI4Filesize
1KB
MD5b92147fe44591fe09239659577f4c270
SHA17ea400ee29a7e2c904cdb368f58a45cac6666836
SHA256856e88ef566fb37acd9a60d1086883b83262d408714a7980d4f6690bbe648afb
SHA512ddf35b3882ea20bc5aa13fce3940bb5b27510c3579218c302921449dc5aadcd017e2f98560cba1af360e90ffb9219b7889c8304daa6ec0eaa2fdfaf2fc5d646b
-
/data/user/0/com.losg.xiaozhulaihua/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDYxNzAwMTc2Filesize
1KB
MD56cb2d507a3a0f9b56d24a2fe7504d99d
SHA16f615519cce13721a2cba92910112fa1b68e40f8
SHA2565d5c51de765d27cbe4d82097b07d301ccc7a50218d092beb65586c34fc2bf897
SHA512068c078666fe6b7c3ac61b0e0bec8989c10f2e59a542f99bdd346198fe37a2d42d5e21805722ce481ecb244f60d91899383c10096565b0c0b20ecfc4cb833a3a
-
/data/user/0/com.losg.xiaozhulaihua/files/umeng_it.cacheFilesize
350B
MD5fc439de22babce44620eee0f96e85b82
SHA12d8acbb892654bb106889cf8c1ff9487ed7038fe
SHA256b06132462b5edf69c1ed6d377238fa84cd2a3df122933593c6b20a18793e5d97
SHA512dc3944c22d7ec79ee74ac8c4cf6edea515f82f7aaeab8f7d6c1593513940e1ef321ddfae33710472bf5585731ac446734e0b45f5d78beda5502870ead48e5a8a