Analysis
-
max time kernel
178s -
max time network
190s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
24-05-2024 04:01
Static task
static1
Behavioral task
behavioral1
Sample
6d46aad80e4e365bc19e9defeefd679f_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
6d46aad80e4e365bc19e9defeefd679f_JaffaCakes118.apk
-
Size
30.9MB
-
MD5
6d46aad80e4e365bc19e9defeefd679f
-
SHA1
61c77e5af5ad44b331d14c408c94f160b33a01fc
-
SHA256
b0dcbfcf7fd2cabed138bf2da63c9594fc9367126de8c02f44b6c8170e133696
-
SHA512
fd762aa2affaad00aef2209485a79f66da565738e074d257c8058dfd0699aa740d3723c4f045490ff88e7a53278afed6cc9e0c75196b15994bf0b6d403f08e17
-
SSDEEP
786432:K5R97oAb89GsHPDLRRjGIcYpOVKZ3Pl9juRbQziWXj3:GBoGsHPvRRjogOV89yRbQzpXT
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.workinghoursdescription ioc process File opened for read /proc/cpuinfo com.workinghours -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.workinghoursdescription ioc process File opened for read /proc/meminfo com.workinghours -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.workinghourscom.workinghours:multdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.workinghours Framework service call android.app.IActivityManager.getRunningAppProcesses com.workinghours:mult -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.workinghoursdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.workinghours -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.workinghourscom.workinghours:multdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.workinghours Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.workinghours:mult -
Reads device software version 1 TTPs 1 IoCs
Uses Android APIs to read software version number for the device (IMEI/SV for GSM devices).
Processes:
com.workinghoursdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getDeviceSoftwareVersionForSlot com.workinghours -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.workinghourscom.workinghours:multdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.workinghours Framework API call javax.crypto.Cipher.doFinal com.workinghours:mult
Processes
-
com.workinghours1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Reads device software version
- Uses Crypto APIs (Might try to encrypt user data)
PID:4525
-
com.workinghours:mult1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4564
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.workinghours/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/user/0/com.workinghours/app_crashrecord/1004Filesize
222B
MD54d1046cbf2f5db61a37b8e2f96f3590d
SHA154ca12a7434ee345dcb7038daf2a4fe99f5d09bc
SHA2562e07bcdda0b291c3b47522e228b612f4fdd09dab16dac9d2ef6db3269ba6546b
SHA512e14e6062bdb56de2c635fb4a939dc44ddcadc6eadbc176a5735a726f38e9a323063b8b81d1ea8666b1534ec69ea63077909d85688342c041a7f426bc6d9843eb
-
/data/user/0/com.workinghours/databases/bugly_db_Filesize
52KB
MD50be56eca7d255bda3db3ab794e33c267
SHA1a947f5970f07915b8601b9a3808c8bfba4e602da
SHA25619c3dc1f8ede88b4ae051a84523a5910a41dc92376ae56a40ebfd6f02982d54b
SHA512873d25ee4913d8e734488f7a6fc1950a49e8e61904ea08c7fbb88949acc7072c112a896b363ff05bc270c652cd4540c85353368b07920532293f29db988f1a11
-
/data/user/0/com.workinghours/databases/bugly_db_-journalFilesize
512B
MD555d1743ce73280259c7a32ed6dcaff6c
SHA1ffa4777c82e82d1fec9b8bd54ad46508f48015dd
SHA256aca482b504bb57f8d943ec0be56356f609bca44d4d49ac9fd034cf7523342b96
SHA512e05cece3ff3519ee9f0f3876406dc6bdbe3e1788d6d1aa0c086b0a783ca252fc10e4dd22ebc52d4104bc113a3b91f39ab81119b9b9e3dd66a6cf8daccef7e246
-
/data/user/0/com.workinghours/databases/bugly_db_-journalFilesize
8KB
MD5c55362035ac461c9de883bc9738674e9
SHA1e2aafab14710df7acafd7bb944184a2d35986378
SHA256addca422ad85edda22d5de8c9981be4b526fb653d7523847c539accd78cc9001
SHA51241d40ce938175574cb29077aeb48e1c502458bed135f018b99a99628ca071f48aaa0390e1b60899f080e28837910e2fad696aaab48aace181c7a74963a9cb756
-
/data/user/0/com.workinghours/databases/bugly_db_-journalFilesize
8KB
MD593e505c828aea8ae57211cf5e0504b01
SHA1bce673c755ead00282c448723be41d862077a917
SHA2560d00d2aae17a7bf42823365de024de5ec0ed5767deb4797de7d7e3b2cd561675
SHA512f97ff658089b655c6cfba2003f0f72a6754acc8381cd5943f0e132586a3cfa9e5555fb2b7fee1deec2885525a5f33389d60d346db447fbf7eacf25b5fc72db7f
-
/data/user/0/com.workinghours/databases/bugly_db_-journalFilesize
8KB
MD56858b910276609b266a72c84ac0c2f10
SHA119dffe899f6a3b3b8354239d971380eb8cb45354
SHA256e86d9558103f62d84880aefa7b59d6b477f0a63a2cf971df388cadd244868411
SHA512678996e3918f04dd96f007daeea6bf9b7d6896f0c3cd8bd394c2c74cdc90587cf14dd5b75b94f546cc7c93bb2b0c418370496953eddfb91048a586a59867d684
-
/data/user/0/com.workinghours/databases/bugly_db_-journalFilesize
8KB
MD567b8fedff3f7ccb1494599800e1df64f
SHA1db3440ecee57f5f5ce78fda60641878ee0df1c95
SHA256f27d600cd6899df7280baeb9e065e4a2cd207b646a1e2882d2a69b28bc444cfd
SHA5129aa6dc281f4882f2ad9ea6020842043134d7754fbf633a118f27c4960bf8a7954770ba2342920abfa1f7bc7f3f2b143f2432eb9d6f351bdf42229358ab0e8211
-
/data/user/0/com.workinghours/databases/ygjDbFilesize
48KB
MD53f132c7a7303caf5beb88d76dbc94315
SHA1e40a6fdbfae973e7b5f39e5ad13c7688b2d099df
SHA25667216053b87ff58aa7ef6d605b7e0b1c2769ee599271ffaeba836c4d5480a5d0
SHA512398ae5ddf63099d426dbd69bf1c2de77cb2652a355be5e47e8c7e01892231f2ba5603d526eb9c202d72739cdc2b6ea05f723a4da7e23b7faaae59146bd25bd0f
-
/data/user/0/com.workinghours/databases/ygjDb-journalFilesize
16KB
MD5fa43fe55ef82c4f310734baaf1d2de35
SHA115b982cd6f64701ba5dab4ec1bd9ede69eff12a8
SHA256c120d81b8206eadbf4de56586719a5e6613200da752e7069484268d705c616d2
SHA5124fba1263cde42e800df39b61f5d5c301c27afa6168bbbe03b2dbff69dd1cf979930c4558111c1f3953f4ab7a08d1a0718f8ca5ef8243e4acf74b5844b16072c8
-
/data/user/0/com.workinghours/databases/ygjDb-journalFilesize
8KB
MD5e6c91ca779cfcbdb0ed76b9612a9972c
SHA12985cf5d153ea20da7dcb8e13654e69b0f721a19
SHA25638b2dcf825e32a05beaab4f1890fcad87950832ae9a56b4abd5b74251f3896d1
SHA51216e39dce30a90fa8794dc7a1cdef68ee24af80381ee833822ac686e369bcd51d6cdecd429bfcd890cad001ce9d5b71fd73f043b478b7598f6e22bd1592755ecf
-
/data/user/0/com.workinghours/databases/ygjDb-journalFilesize
8KB
MD5911963dfd733eb795c1b58952ed6009f
SHA1917239ef6e7d672772dcc9e35424aa55a883b475
SHA2560c90b7e58c756aab4dbe4aa3b551dab9ca54a9ba3d05e5eb5eb726d12f905170
SHA512effb22e653101a9d57d2a09b361b8ab4f9ce1d9a48152e9ca80bf10a1a67f5d58fd1e7b31c0e63b3d8b3fe530be39f380008a2c6438a94c45fbce83b73a249b4
-
/data/user/0/com.workinghours/files/jpush_stat_cache.jsonFilesize
183B
MD5e99fc94985eebb291b96f992a660aa36
SHA110e748dba17372532a6e9e0284532db4bb6f2832
SHA2565ec386adcf0067e432db8ee842f62babe33be852aa238f6077c2f43bd04a2a4e
SHA5123f9276b143f7538c0ce3a130ba64373ad51753e2b74c3ffcbd0da00debfae599791973fe852825ee4e286456b6a75292996838ed2a40cbc777dfa9384846702b
-
/data/user/0/com.workinghours/files/jpush_stat_cache_history.jsonFilesize
304B
MD5181987eae9d873ac94f9e0ce42423f59
SHA150f0eea620655cb8bfaae077f5a669b2d59ef297
SHA256175cf439668449bc22feacd68ff3003462640e7b20aa6430467fa8af44d49060
SHA512165513cfa7093c3b014339123caf5fa6e3e8d37213b73259eb479f0039c7b27309eb6f6d6e838d1917c7e39b62b0be5ea1ce9a686eac14a6fe71be7f109ff39c
-
/data/user/0/com.workinghours/files/jpush_stat_cache_history.jsonFilesize
174B
MD5b118de8d6c2fce69d58896bf4f3046d3
SHA1329167a90f67652cc2d9cbc9266806cfd078943b
SHA2569c720cec5bee54d9ff9d00523f59ff75c09104f70cc22cea36c8cad983122745
SHA51288aa39d7c4f79e97fee83fa49a988a5d48ba2c8220ffdc8d129f543781cca219abbe0a3b1ee9d3e691bfeeb6e76c163c51decd75ae49c7ae6b29bca15ad05f4f
-
/data/user/0/com.workinghours/files/libcuid.soFilesize
227B
MD516310701e6c87d128fb18d9547478255
SHA14b851e14fe077b84672ebaf6e98c13f5b1b7d54f
SHA25602576776e4d0c7b9bf743eb052c91a81c019505f40f7b3ab119723f15788857b
SHA512bf352eadbc6c3ef7d3f28beebf987edc19d26eaf97d50254c81360220ab960fb88ddf08e3826b5e716a875f9c4d4726f7f755f64d5356f2934df04bd83dda5b6
-
/storage/emulated/0/backups/.SystemConfig/.cuid2Filesize
109B
MD5e833f59edfdbf80fa828f2ac23f59310
SHA1f65ba9f9b0e29929390176d9b6c5930875d2a57c
SHA256e5acdd406b4be5fdf4236b8224ddc6f825c6ef80bc9002609734861ac89a74ed
SHA51257369802fe67ffb0082fa243de77083ab70d46de24b23b3dd949ccb56f1e69e63997af73c07699fab4ae7f422a69f75afbf1306e193f5338d296a56f13970e1a
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD571324324f9e62213d9f4e72c2a5d0d27
SHA13b872c5a6adf1aaa06fa87d10e0579fecb8c8994
SHA2563a845d98097087fd99ce05f582f57d35ebb0157d63cd2dda9a32abc44159d668
SHA512a9c2c4ebb74d6934c3c45dd55e52418b4f04b21e7c4fde253db4cefd0b3802ee25553ef3b6c14fe9f5e390888c3d67c9a6493eda0c01ac3faa469dff8dcf36a9