Analysis
-
max time kernel
35s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
24-05-2024 00:36
Static task
static1
Behavioral task
behavioral1
Sample
6ccd389ae873556ec2d65ef93d52f74d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
6ccd389ae873556ec2d65ef93d52f74d_JaffaCakes118.apk
-
Size
19.4MB
-
MD5
6ccd389ae873556ec2d65ef93d52f74d
-
SHA1
f0261db72297c49a254b98df202d811bb6ae3362
-
SHA256
0db138fdf9b4608d71c9aa2a8870d2c7469ca89e1b431ab329c59592d512da63
-
SHA512
8e2216a48ed335f4c934170a25d113b803917ff66e99f3b0672292a572e4bc6197350fe8b3995b90f49739583db7ea9200dcf80329cc392b0ca708a4ca9d0f60
-
SSDEEP
393216:3wVhPltzhcSP1Zzq3zwwQuMYTUplp6qOsfGxQkFLDvwlt3NLw9ug:3wXbZFq38e9T6Osfaol7s93
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yyq01.wxgcom.yyq01.wxg:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yyq01.wxg Framework service call android.app.IActivityManager.getRunningAppProcesses com.yyq01.wxg:remote -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.yyq01.wxgdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yyq01.wxg -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yyq01.wxgdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yyq01.wxg -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.yyq01.wxgdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yyq01.wxg -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
Processes
-
com.yyq01.wxg1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
com.yyq01.wxg:remote1⤵
- Queries information about running processes on the device
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yyq01.wxg/files/jpush_stat_history/active_user/nowrap/54207c40-30ec-4c03-b204-21eaecaa9029Filesize
159B
MD549d15f5fdb9599d2b7048b8d0d66742b
SHA1a11939ebc6c93656a390725718d336f3dc2c2f66
SHA256e2ef9d14b97e4108ee81b74623e5580c309c27f9e89c1ca1a213c28e8f286be4
SHA512dfec9379a7b38f076516c930191ac0b1350e08eb7ba2018297866f1c7722ea4b471c3396c6f6649018b38483464e23c89b0e85043990b7e2e544ad57524a85be
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD5d89097760a18ecb3c5ad4039bc540949
SHA1c36f2a551efafded5e29e1bc4af2e293d1c82d39
SHA256b853790a2a0504145a65270aa5b4f03a7c64bc4e52dc7e1b1f389d85b8e88356
SHA512843048fb2fff8bec206d423d03abedd36ef3b0a51fd8160acd34be0c2cde26795b1e9d535a10577f413033591676867b5e57b8187724e555d0aff017d92a21b8