Analysis
-
max time kernel
179s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
24-05-2024 02:35
General
-
Target
6d12a0ba5958ef60908946d1c9687fe6_JaffaCakes118.apk
-
Size
30.8MB
-
MD5
6d12a0ba5958ef60908946d1c9687fe6
-
SHA1
ea745933444cedc6aab302296e58e8268021f038
-
SHA256
55035f4bb41653c94b75d256176bde55dcdb543dc73df7b329a436d5ff7500ee
-
SHA512
ffe3999f80b53769b56c148e8697a030ca3cca167af892c7ba33b0e7191f0a4a440ee86828deab9148cf83eaaff0bf624e6321815e20e2f04e4c4d9baf919dcd
-
SSDEEP
786432:C+HOYbTV6A7GlFTUb4QU8Tw/sat1+T9+2ZV:pHOYXeFTQU8Sz+p+M
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
-
Requests cell location 2 TTPs 4 IoCs
Uses Android APIs to to get current cell location.
-
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
-
Checks if the internet connection is available 1 TTPs 3 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
Processes
-
com.ynxhs.dznews.wenshan.funing1⤵
- Requests cell location
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.ynxhs.dznews.wenshan.funing:pushservice1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/sh -c getprop2⤵
-
-
getprop2⤵
-
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
-
-
com.ynxhs.dznews.wenshan.funing:remote1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/sh -c getprop2⤵
-
-
getprop2⤵
-
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
240B
MD5f76a2738d9ee1241e509de05854a6b38
SHA1094fbb47d66bf47496c5f7df562e321bc7c472d6
SHA2566dfafc68f317c60df2e3ec5d419d070e608b3042af11c7817796f2ec783a4192
SHA5124e2bd230df21f8cc383bc8c98a15bee52f6c56b06817c3ffe776cb543a68b1d25e0dd1324ed46f83fda2641553950b96308651196716e3f938ef554a58d97ed4
-
Filesize
84KB
MD593985929eaa6d8b39896c1e580c0b09b
SHA19267d8ead42bf302abcf80071fd0cc861959ec6d
SHA2560ae0346c47a6255ab2b9a2f77470558206125c3c050fddb66e20907b711c861a
SHA512c0f95be11a40b4dd8456537add370c3afc7d1b5aebb160d9149772c0fcecbbcd5d6fb6533e7464ebcf161b7fc525b4b9ae8ad400478126a0f62ce222ec474b99
-
Filesize
92KB
MD52181f7d032381a15d83a281b40967ee9
SHA1d2ee6382152ae20da1f5cb741cf70399b5e2d269
SHA256f9a7a042df1b129a2c33cdb7318c3773574067d22cb5a6ea10752ff8381540aa
SHA5127db210d6c592f722ae12fc18421129819c058ba165d25627ea3c6217a02560f67e4bf4cfc4fcf5a04b905951ad03a2a415107745d70253c37876d5411f385697
-
Filesize
512B
MD54ff9feea07afa1dc503b081c2412bc67
SHA1545d7b874500416cc7e7e705bbdb0881efc4780d
SHA25662dff12a5d06ae611e66a6c54c046f754916d49a5fbcf8245592486e420a895c
SHA512ac38fb0fef05f687c0d060de718034c9566cba35b130d62fa910d518f9eff9fc4060b10a93e0719b6ad2e2f0c9c58a5a5a2f4460b4c6db8f5c1e50861fcb32ce
-
Filesize
32KB
MD54e8994d4beda752e9d28c1d44f678185
SHA1c358a00bc95882ef1d86ae8eceb90cc81a69ebae
SHA256b8930c6adcfbcb867f6b5217c15eaa296c8f685e4273919b87994cc42a016611
SHA512e19af09d8031e1a224e6da57bac1105a3987c59e06d9c81f8d6a1a18311b083fe525426cb96dc2f87632c8cbe3d18cd46e239bc7d548ada5126aeb0008ea0263
-
Filesize
80KB
MD549982e707648d231d45440f5e2f72697
SHA1763740051ac60bd12711211048abada05d105538
SHA256819dbaa049bd7f311537bef4716d1ae991161e7d28dfa4efbdb837152a189ff4
SHA51265344dfdbb9ef977d6d8325fa55fc4fd2c65ea28cc69ae8d91a63adb7c1e275686919d1dc3bcb916f86f5a49203e7558b2ce42368bd9890699344600a532bae6
-
Filesize
24KB
MD5b876092ff49038dfd83e6d77f9d322cd
SHA113e920aa7b019a46c0378211770b46c96d008109
SHA25633b1de0981153cffed59ce474a8a16d51decff027e7ad851f737dbcfe2dc0f52
SHA512dc431b0d7c8d5f786b632cd305b70f9e8575f22e224ca927385bd2451cf319ac2567add1fee6bf8707259a1ba96b24b5a0c1933e18d2f9dbbb04c90ac61da937
-
Filesize
36KB
MD582aba2d427f63af05eb3c3c0682a7f8b
SHA1a9307781219f84687bc4578037ad3b11f12f3132
SHA256e15dda3058f439a41bbe7ac89b8018d3b40933fa760bc3e6c20ea2294bf4ccba
SHA512f2f0de4df31446b0a656967c5bda350772532ac4dc318be9b384258763e467798207949a4d8db16d47a0c2297c9a2f650c413dc73fd1aee05e3cda7165a4f850
-
Filesize
40KB
MD59092f116349504a93bf24ad216956a8c
SHA19b8d0b8356d72425ce55eb430bdc9c9d97f67824
SHA256bb717dd6ae8bc2e722b06efd9a72fcb4c202fc9291febd20fe65558120058487
SHA5120737e5b359d5181fa666dec030bca71c087f602232be79126d9d405957d43bc40c35ab34882164fea924a9d07909ef226a79b399e155ad06c00cb646220ef351
-
Filesize
48KB
MD5ea04d3f4c66f4f554cb961591826518a
SHA15b7ace9ebb17d1f0044e19b1d6d25377c08cbb84
SHA256b2eddf9d02c61bf9fb4a4741b462f1ba3332c84f16c7e2d10fbb440135fa79a7
SHA5124e51a02cd46090894ddfbd6efa526c65a0059e752f1a1c5b536ee1eed91d73ee9fc672b1077648cdc96a3bcfc0daacbbb71ab72be341170bcd77bde42c27833f
-
Filesize
16KB
MD5f2f16578d0be8afbc73fc2be66c3b2a5
SHA13d16af57dc723d9bf90e7f8b08e1dc9d06a7c845
SHA25613f65dbc4c5063377165e02a6e4ece5061017e947f07e8279b004c205bb64c4b
SHA5129c3e1bad5c9ccb0ea5bf5c15d753516ffedbad0254610f21674919b3b1f99b42983c6e6acdd61f628723bb406b26fce81c2d3a67ea8ecd1040f0894a5bb00500
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
32KB
MD5f92165d08c95f1728878cea2a607af2f
SHA119b136d6dfabb1bef629d49118c2da8e6836e3f9
SHA2561913923d2ed5938829525b6b87f84d2ccff537032033df33a405307b8855d290
SHA5125bfbd8bd2bc49e525e15a1093c4c75558b8ea38c45632b25477888f39c45e78104e48d2fc2cefd514703429aab946835315e12f5d26ebfc019e62a15cc62437b
-
Filesize
189KB
MD5b1237379c37cdb29ca3b446e9d0843e1
SHA1e4d3ceb4a5681c226fa7906eec082680613babc4
SHA2563978051233068cc316c2f3b8cf447762d3478334646f698b69e3deae6fc6ab10
SHA5126832216166d78b04b0923ca901debf5c7616594030c0147bb76c81b9f3b777b98b6af7b524c54722efc5208825114db91c81ad55abd1f51aab3828fc20cc8b27
-
Filesize
20KB
MD57ed1c2224b9a27b404019ee4658a7fe2
SHA1a87399aaed26e02e8b704561fdf5dfa234b229b1
SHA2564ad2caf09e1b53ac1df11e451c78597b925f5210605487886a5873abe1000f4e
SHA5127064b5dd6fb0649f638cd3ab04636584e15f83c86556f2c8c582d9268c639945c70f2be094aa510886a0b8c56ee3a8ac053f66e3df2a7280b87156dfb3ccafca
-
Filesize
20KB
MD5dfdcb37484c23da90cbe6901e182629f
SHA1b79da35a9d2121a786cdc474bbe268fbcf0c8ffa
SHA2567b54cb7c38c0cdd0e19a877d448cbd21cc766c45a32c8ed479378d2d0909a240
SHA5127b19f9a4afa03c328643c22715d015e230dcf21f3afa4791b606cb43310d7e7b680eeaa9f3a5e119c097c1e55a575d19f93a8e6a76eefdbe5bd1f41d130ff2c1
-
Filesize
20KB
MD51f6328b43b67c11a32bf741b2c664c56
SHA12159e404b486044991061794ec9b09d668593a82
SHA256949a30410301684e40ce2c319428d98e2677d997cf21b5e9347d2149ad25a496
SHA512c4341462688ccce4e10638f450c0b4b57fcfacbda3c36bb17318d427ed553ebc7cec4a0fab7028294e4a3671a0c1416b2c059b0ba35a496ffdf2dac13354a1b4
-
Filesize
32KB
MD5aff8828adfc882f1b74170334548b7a5
SHA11f2f1256f44a01d1f516d26df85bfda1cbc720de
SHA25624e4afe50ad8019312e35b32575781dc62c646de2a48f2f030bb57b92d974111
SHA512f0f3cb9f731e05dede5ee32661c33c1ac8ccdfe4d429a9258cea3118764a8aa8d6232bfda83af598537d10e1f7c42d794135d805ccc71a4b84bca1bdefaa0581
-
Filesize
32KB
MD5233b984f25233c8731d7916f9b30bde5
SHA187e7619b4a7c4cc5379120f6fa340c78a88be7fb
SHA256b018ed350b0484d2bb355d162d0610e00ed4fe5f488734fe19a1c00e94437cec
SHA512d85877255adadc74cc32dc902b666c172d8cfe849084fd2f709c77a28f4f6b61920c5380f52c886f02a2d1387d40909b6055df37127dee9f650f6cdc3d463b2b
-
Filesize
12KB
MD5548717770db397bf94b163bf65d16e18
SHA17d6cf331330a852bdc234a4a30ded9088640a7c4
SHA2568acbb12e4ad5a49c9468cbdc07c92a899759d454acdd60f2e0d95adb4c022a7c
SHA512722f67ac5632054540cbabfa9627a3489d38a4e2a754102f8dc066a1674a040a75f0afea405341f20ed15d6114a5ba0ff229ba23361b3bb4a227807bc120b16c