Analysis
-
max time kernel
179s -
max time network
133s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
29-05-2024 15:55
Static task
static1
Behavioral task
behavioral1
Sample
8142e957e23ebfc72f39e604be23c85c_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8142e957e23ebfc72f39e604be23c85c_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
8142e957e23ebfc72f39e604be23c85c_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
8142e957e23ebfc72f39e604be23c85c_JaffaCakes118.apk
-
Size
2.0MB
-
MD5
8142e957e23ebfc72f39e604be23c85c
-
SHA1
b97ac5b4faf4366d9b565941f49071d585ac0e99
-
SHA256
eeb66f9a06bf50ac5ee96c7f62b2c1ca35666d4bebcb5fea3428482176188845
-
SHA512
c590b9d331d265ebe1f46200eda9eb2ee066bb9af756de647456bd2a2ae7e4cba7edfadbd85587b27753798dede48b6ac0ebe8762e6a7a26a2fdca83678ad577
-
SSDEEP
49152:HEYOTBboDOoPvltt2xcpDVw9v8ElonkLreLHqmMwV6n8AhCoOLBF:qTYOoX92xmDVwlNTXeDABn8AhTOLBF
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Processes:
com.android.application.wallpaperspid process 5112 com.android.application.wallpapers -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.android.application.wallpapersdescription ioc process File opened for read /proc/meminfo com.android.application.wallpapers -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.android.application.wallpapersioc pid process /data/user/0/com.android.application.wallpapers/app_ttmp/t.jar 5112 com.android.application.wallpapers -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.android.application.wallpapersdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.android.application.wallpapers -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.android.application.wallpapersdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.android.application.wallpapers -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.android.application.wallpapersdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.android.application.wallpapers -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.android.application.wallpapersdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.android.application.wallpapers -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.android.application.wallpapersdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.android.application.wallpapers -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.android.application.wallpapersdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.android.application.wallpapers
Processes
-
com.android.application.wallpapers1⤵
- Removes its main activity from the application launcher
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5112
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.android.application.wallpapers/app_ttmp/oat/t.jar.cur.profFilesize
299B
MD54c0c2576008c386938e57d5f2d2549b5
SHA1c0d6eef05070117aeea1e6fd018f8d4e5369dc5f
SHA25648727c19c57584b7ad2b30e18ecf8cda9fcbb36deab50a66b7d06c72886b8002
SHA5124a8673daf69c358c79dbc2bcc1248ffac310899ba08b8d4afa1bb2bb1ebc14c1bdffd5f740dba8e013751c874e6f65b7c2037850dbb5bd42905f57fd269f4522
-
/data/data/com.android.application.wallpapers/app_ttmp/t.jarFilesize
203KB
MD5c3184db83870a63deb45ed578f25fec7
SHA1b1b84184e9e994135fe2dcca1a05fefa0e10ff5f
SHA256a0aff146f7d62f6e680d500a910c746dfbc86a628822606034e89bbd94be87a9
SHA5124484ef58dc4b1adf975d77d92cffcbcf3282b93d4c1871e9b65b749f926d654abccd2efc208e025698c8537fe936b906d58bb68d82360116b8a3796430dff7d9
-
/data/data/com.android.application.wallpapers/app_ttmp/t.jarFilesize
203KB
MD5aa175c29a495452fd9f867ea8c531bbd
SHA188f10f671a08a3cc5ddefc9d29abe1638557ef7f
SHA2563c619f2a3f0849ed6cb0b4e1c9b78f5e7f4eaa0fd44f43d9f5fa056451e2c0bc
SHA512e7c77b1586ddcb1911507ba52529c0faef2f987b3379cff41ab0145e6b9bf1f8e649a405c8409bfc4aa0bc7d5293e04168c4582ae09fb65b665da87890e301bf
-
/data/data/com.android.application.wallpapers/databases/com.android.application.wallpapersbFilesize
72KB
MD5174df6e7fd017a15cc0db8d4ad860c87
SHA19cb35b596997334d040aaa55e50ae0da058c53aa
SHA256536c660403c295e04888621c0447bd9a06fbe451f1be6081bebfe06451a6f438
SHA512dd2dfc3b54eb54a8dfe4f45601b0b289c4454ca5802813bab62dc440d62895283e5256361513b1ff853674c3ef0e1e8092a61399237d62ef810d5b21a58a1f6b
-
/data/data/com.android.application.wallpapers/databases/com.android.application.wallpapersb-journalFilesize
512B
MD5c2104276c9fae23c93c7083118232341
SHA1eba93358cfdc76b46a97ffa2346ee1aa4d41b40c
SHA256690b7bdbab3d28615da5d30436d5e25d92fe143f6e500abcf4081b12840f0c22
SHA512c95fba575f339e068852b9e857b5627e2c9219746c6237c62abef01d291e623bea14cdfaaff71e9a247f84c77a67938f95d811f33bd5e2aec1c90dde0388f172
-
/data/data/com.android.application.wallpapers/databases/com.android.application.wallpapersb-journalFilesize
8KB
MD50b19fdd0d4f6736a816dc3781db9626a
SHA1dc979fe8ea10c4e31682660600480d9c9bba0b48
SHA256b8d7c7634d71f1d88b1e2073e73b02e7ca0abc5b23f886092c1a72f03f6627b0
SHA5126c261421595b026698805aaac596034511b383f10844d57cbc03b9dbb27db6723df00c9ac8066e4aa649f23912401d2190be67e32206dd91c3df987617c14f91
-
/data/data/com.android.application.wallpapers/databases/com.android.application.wallpapersb-journalFilesize
8KB
MD59517706d735caac68f2cd116eec99469
SHA1066ebf458df8979cb63bb00cfc2dcbb1bd413512
SHA256c98d9d7b16dd263ef4bb47b3cdb66c6f5448d9a428f41157f24046b06f64bad6
SHA512641ee4bc32ed18445034253c3c32f8b02f1f5a176c230f95b65474b1521395b8fbe952329e1e6f7c792322e1ac086519b8ac0f4062a7785aaec0f92f52cbdf17
-
/data/data/com.android.application.wallpapers/databases/com.android.application.wallpapersb-journalFilesize
12KB
MD561e22df5be42365b25476de79cf5ae4a
SHA1f11672cbaa427694af378fab2fbaf00bae263097
SHA256033d8041a68167bc168521758d4c6586e56f281a7370f04bf8be2cdaf49fd2df
SHA512a0f7db4deaa665e19ba0811994cb8618b27f4320d409d04e93edc9d1b4599f0c554fed7d4a018069c9ae8a57ef74a38d42b0bd3e62df5b6455aad42dd652586a
-
/data/user/0/com.android.application.wallpapers/app_ttmp/t.jarFilesize
431KB
MD55383314e449e4568547db17cf9acc7ac
SHA11fa9f9984c07d8ef6a7727ae93b19cf5c65542c5
SHA2560111cdccccf60eea765d4d3f75e3ac382e48ea7bb7569d24c028e0bbf8c0c842
SHA512a9cce14d74c1e4ec38942a2c102ec62894a0f0feb3ddcb4ec4cc69853379ed5421640a5c77edd59e6e1302af932b88dd6c772a6f4bbe041a04d2b9e4b7283549