Analysis
-
max time kernel
5s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
01-06-2024 03:50
Static task
static1
Behavioral task
behavioral1
Sample
8949113d36ef384f47cc70a1dffd18ab_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8949113d36ef384f47cc70a1dffd18ab_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
8949113d36ef384f47cc70a1dffd18ab_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
8949113d36ef384f47cc70a1dffd18ab_JaffaCakes118.apk
-
Size
4.8MB
-
MD5
8949113d36ef384f47cc70a1dffd18ab
-
SHA1
c9e3c4a147f63bef5035764ec4b59336646b13a0
-
SHA256
35c3b2b50dc85b260fb98e5cb1ac33ec10a29946de0d2bf40f054e0d0dcfdea2
-
SHA512
49f253e692bcb644f915c35f653aa459caab27e13f0d3c6a580639b8935b370cfa8a6fe4ae9250189632b529fa85205d37cf9276a3b048c8f730fcb360343b31
-
SSDEEP
98304:ElBxnXLS/e95HdmnKotNYaXxhZ0W8NrKFD7her3D3fJvd:EdLGCdmK4YaYrqx6391
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.coolsnow.gif2video -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.coolsnow.gif2video -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.coolsnow.gif2video -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.coolsnow.gif2video/.jiagu/classes.dex 4269 com.coolsnow.gif2video -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.coolsnow.gif2video -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.coolsnow.gif2video -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.coolsnow.gif2video -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.coolsnow.gif2video
Processes
-
com.coolsnow.gif2video1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4269
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.9MB
MD5dc59811ad8212f0b7e1d78e273dda0ff
SHA13ee6f5766f69bd9c78c2442b654ea493894fcd20
SHA2564eee9700ea2e4c99dcd4ccc9fd3c477f1ae344eebdf2015f84e2c1374eb15771
SHA51235c22b76dbc86273548f72434beeec4ab907f11588ddf8cf405e2a488063f764f341ccb584bde968d110082d05c24d5d768c64338bffcebbc5db7e2ddf4293e4
-
Filesize
558KB
MD598736de515958ae37ae93a0a0e997098
SHA172d0f9d43f7c9bdc9f19d13834c0872f5652c0f9
SHA256335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421
SHA512cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf
-
Filesize
32B
MD545ed1541d7f44071e210968f2b7dddfb
SHA1075e15e7937a7778057219f67c262bd7e2aff310
SHA2565b357b0ae5f1193bc054c43a2a7f3ba4197d3a40e9a0f95f2af1668fadda8e09
SHA51224b4b28e13b9edacaa0373f78b313f04498e501789b01186155244823708c188a481840c34045447244e70184cb9af013cf23a90860bf74de722b38bfafa58fe
-
Filesize
32B
MD562c56cb6ea0a495b2ff2e999a4591d8b
SHA1c3c359a73d3e558d4cfe94317681bb76b638d5f3
SHA256ae74a2af8fc9b3b620393d6891ba8679d368a9205706e655a063fa5a31b64020
SHA5126a022ffe606ffc03d7819cad3666dc9440a36c4e916f3aa1a76f41d52bf6147b8b51461050c6d0fe40f0b180a324bea88259a7649038a4784c4221707240bdeb
-
Filesize
32B
MD574c5be926c91af4b5ff7be685b48adf5
SHA12a299d3dc6a086d25ebf6a1d8a28b739dfaf3180
SHA25691bddc926355aa817daef947f53684da7db10d44b1a4b7f5e877670f8ea97880
SHA512d21aa59438716382eee33becc58c23b66637d37b152b50b1dac5a5fdeef960f41314ff6be58c884dd0772f896695463ddd8e344ceb2dbb5023cb1a4b6ad6a950
-
Filesize
307B
MD568abdf12075d9082dd57352e11a7188a
SHA1fa2b7bc45fa299b2c8b21c1935dcb74d2e5cbe7d
SHA256f4a9c44a497a40a790d711d75d1085b1ad46c8a77cd49449d4d0def96abc4086
SHA51278dd6364c299af485f906bed90b924479678cb44cbf0e187a076f0b90745cb957c5620178382463f4707359fff94391d9fd122d8cd460853757b4182c0759d4f
-
Filesize
307B
MD5d44ece18b39b02d9a570df2e296392d2
SHA103b0bd85b2452f16c2c776aaf4f585c4a111d0f0
SHA256116b202db95bb563e845e96531da5938049346a8d8734a61f65264f4eeae2d12
SHA512ecdb607c53c995198d3aa19d12905a299ad7027e53a09f172bd8801bd86ca24ad5e8c1580314749648e533eab0c3427c5fdbedf4e8f46a5b5308af526aeab6a8
-
Filesize
314B
MD5b0fdb5f441a5b6c3ae05390882e06356
SHA1cd2203e48086646619fceafaed67a80d99eba941
SHA256d31c30927a73f2935a9779b8649ca1bbab0dfe86e0521e24fcf2c12f72ad96cf
SHA5121160206c27d50aecbf83fa9139d6e0db70256bb998d598666fb33b512aff9510787464fa8de2e80a6f7b98dfe3d8bd73a7d16c5662f0fa281af32648921849f3
-
Filesize
32B
MD5d48d4caeac57cff779751b3279930e99
SHA10f5d08b55eb8ff68fa0a7a44180097c38d2eb609
SHA256fb7d802756aae7612dc5f96a3f215bb8405ce486e8fa849e8a8a218c6c9d6465
SHA5128ed880ee76ab3ad84b8dac5b801b60acb41c15d0b9d5c91abb271a73bd5ab06d443f8491b13ddee49bc27d7d9f9d932e9069ec0d0d86fa3e22d719aac841d1a6
-
Filesize
32B
MD5da5451d88bdbd4c7b30e95ced4a90be6
SHA1bef393923343a5a5fc24af96f6be708ebce937ab
SHA256e9a559dc2f5998826ddea5bf7cb3711b4815a874fbb6d9d6e8e403cc19076626
SHA512a5231bda44b94cd6af44bc6cd663f9b05b0f30e63d51e18d2e0a45d088e4e8e8d980d5e03a94789490714636bc4845387c86cf402d80fa1c4aeff5ed8f394fa3
-
Filesize
27B
MD582796ec92cf05fcfe5384ab25776c852
SHA12de2076e67da7191b39512ceab73c181a2a2f956
SHA256acb069526c9b801383844b03e06853ee3d459861a567a5bbe1ebbbdc22ac29dd
SHA5128745cf9e088aeb58e4fa725ba605c7562c13ad5cce7e5143e7a261503bea364b86123fb40a0ce5e3d9d8af242bddd302dd00cc63ebf44745ac3ef88ab9ff12a6