Analysis
-
max time kernel
179s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
24-05-2024 13:48
Static task
static1
Behavioral task
behavioral1
Sample
6eb9f3ad05408d99680f326d07d17a43_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6eb9f3ad05408d99680f326d07d17a43_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
6eb9f3ad05408d99680f326d07d17a43_JaffaCakes118.apk
-
Size
7.5MB
-
MD5
6eb9f3ad05408d99680f326d07d17a43
-
SHA1
f65aece0b21d29601291c8585dc361d7dbdcd55b
-
SHA256
10384255c298d073bb93dea288b6d88fa83ea722a81c1b15cc784e5042fb6696
-
SHA512
e41b86cfa6dd2d4b2032cb05a4f39a25e2d8cf478d45d21f597ea72e9e3ece93618d0b871457324245f0f4bf806fa444b2c35cc66f5783231a972877d923c5d9
-
SSDEEP
196608:qlTTb1VF4n6s2iwQEZY7BkZatBOfd8ocnJoLrQA0AxoPG3nZTbXkAG:wTTbju6piwQBNkM2X3QQxoExLkv
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.zuimeia.suite.magiclockercom.zuimeia.suite.magiclocker:pushservicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.zuimeia.suite.magiclocker Framework service call android.app.IActivityManager.getRunningAppProcesses com.zuimeia.suite.magiclocker:pushservice -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.zuimeia.suite.magiclockerdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.zuimeia.suite.magiclocker -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.zuimeia.suite.magiclockercom.zuimeia.suite.magiclocker:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.zuimeia.suite.magiclocker Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.zuimeia.suite.magiclocker:pushservice -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.zuimeia.suite.magiclockerdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.zuimeia.suite.magiclocker
Processes
-
com.zuimeia.suite.magiclocker1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
-
ps2⤵
-
com.zuimeia.suite.magiclocker:pushservice1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.zuimeia.suite.magiclocker/files/com.zuimeia.suite.magiclocker:pushserviceFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
/storage/emulated/0/magic_locker/magic_locker/images/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/storage/emulated/0/zuimei/air_locker/video/guide.mp4Filesize
2.2MB
MD56c89424862fabf9d783686239d21765f
SHA11cce8bb3829185c68936a124fd84adcfeeb2011b
SHA2565d4befa7736e2435ebfa1df4dffc53f55d2515e91706b4cbae903081066e95ae
SHA5125860346773e3a10531613294a4beb750fbb273a446fe254916f16ba3fc47c63a505e1cbf453d127a8ecb5003c651169f9a24d34577ae9ba2f1f92b19f45a6a20