Analysis
-
max time kernel
126s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
02-06-2024 09:46
Static task
static1
Behavioral task
behavioral1
Sample
8da7dc1501f70fecf9fedef7e9b84156_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8da7dc1501f70fecf9fedef7e9b84156_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
8da7dc1501f70fecf9fedef7e9b84156_JaffaCakes118.apk
-
Size
11.7MB
-
MD5
8da7dc1501f70fecf9fedef7e9b84156
-
SHA1
755082eae55647e1ff69b0d023ec3ea07f8673ab
-
SHA256
f24cdbb1e8b40771f2798543664e39a08ec02c3aa9c6c552ff7008a9d6a75478
-
SHA512
85f579c0726d0b30717982326f144dbd3c13c5017388bcd86c92661cf5fc16c42c5df9d185ef201d57bb5acf863df819c340def95133ac38cba7c66a5dacbf45
-
SSDEEP
196608:JyAQKxUingKz/hHf1YtM+u76lANK6L5jEgKSVt7pkzpzFK5qS12dV1HFFCUdFtIm:Jy1STntzl+u7tNlLBxHN8545qSarFWoT
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.damaiapp.yyldescription ioc process File opened for read /proc/cpuinfo com.damaiapp.yyl -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.damaiapp.yyldescription ioc process File opened for read /proc/meminfo com.damaiapp.yyl -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.damaiapp.yyldescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.damaiapp.yyl -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.damaiapp.yylcom.damaiapp.yyl:pushdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.damaiapp.yyl Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.damaiapp.yyl:push -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.damaiapp.yyldescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.damaiapp.yyl -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.damaiapp.yyldescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.damaiapp.yyl -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.damaiapp.yylcom.damaiapp.yyl:pushdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.damaiapp.yyl Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.damaiapp.yyl:push -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.damaiapp.yyldescription ioc process Framework API call javax.crypto.Cipher.doFinal com.damaiapp.yyl
Processes
-
com.damaiapp.yyl1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4279 -
cat /sys/class/net/wlan0/address2⤵PID:4431
-
cat /sys/class/net/wlan0/address2⤵PID:4455
-
cat /sys/class/net/wlan0/address2⤵PID:4507
-
cat /sys/class/net/wlan0/address2⤵PID:4586
-
com.damaiapp.yyl:push1⤵
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4410
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f5ae32aa1d107b065c2b758b7d8cc54e
SHA16f4c6201365aab1b4d6c1a1669213db716eaa1c1
SHA256d96bd17a72f054221436b1e049350c1a11ad752a4e2dda89019394efd248979a
SHA51235f7148afc30d4766733709af5daafe22c32039f358d2ef24cb9a1462e960141153ae95905b0516a15eb04c6f380445a52c381a0883e8f591f0711f3b7c6a6ea
-
Filesize
512B
MD509ad0d79e37c0c268c2f57972a664b4c
SHA19d8c8376b5d76b1af2d974c19e5c02fd2a6b4cea
SHA2567d71a2691ae8ad62b3f41e18413c15a5ff24473cd59b508c180666116f166d2d
SHA5124dadc55bffd9b39611a7a70a9ab3e8e2256468c3156a3b525122ab65c831097d22ebdba49547d0538698a26fe8b0900da1d7e07e65b2c97845cfea7d5f93b7cb
-
Filesize
32KB
MD5925498e61d387efc74d273222b650e4a
SHA1c0a6c6e79101032b94d21a4a7d107b9a933274da
SHA256de33cee842b3970ca9f4777e9f0e3c95e53ca7c031b727befb9c1c5d6a49f9d7
SHA5126f47bfb71e4509ec60e89ebeda865089728f0526d6f279ae1eaeab8dac08b6c3b3d8689e27dd0e6c4c69e4b7c9007ffa17b69659492a464516d8360719a4e012
-
Filesize
40KB
MD5611c5bd1100f7b0d15880a802fc1d7ea
SHA180b51c2dd977160ce386660daeab20433e963761
SHA256edfaccb7c759377d78e6647540b4369c38310b0e170ddc9dac95ab7f6cd03f6c
SHA5129bfaaaa3073697694a50883e396423b9841af6fe8757f933fe36b2a63a579a6bd044f6848a9d6e1e66f68b49f61df13bf380be95629dcc50d02a1923accba35d
-
Filesize
111B
MD567a428c1200ef80aaeadfbbabf991b63
SHA191d57a4e2a878ca4e8a399714ccbd9e962c27bc3
SHA256100a14a1e3b345e3d84e272dc2a19c3a7774e13962f7106513aec5702eefc691
SHA512edb5bff46a88dcf651efc6f75258c44c6b79e72f73f41b761839ad4c7121830dda77e67070259133b615be80587cb6b462bfc335a5d533dde42ba59c342a610f
-
Filesize
222B
MD5169d05a158d4c04a06cf663eb1dcced9
SHA181a9649d2be11eb27db0ebfbfc2f27c8d7fd90fd
SHA2568fdab9fe9fffcce810528bfefd82753a367f78fca0977384d326a8841a65f8af
SHA51203dfff135cbb5a1fa4b0ee8785c722866dc31431d80df09ba70762642fcfc08b49b424f88ff9a268f8a64d22383d915aeb81b9adaeb03afbeba7b320d28d12f0
-
Filesize
222B
MD5658e0884ad8fb7a218f3257c0a4cdca4
SHA19efb4e451aaff9e582b0dc0e6799d5d0ee808e71
SHA25686cd85da6a0b186ccf143dbca7d911625533e9d581fecdb5ab017f75b32f5f25
SHA512dd6adf31339e7325d8445a620c09c351b187580f1b8c53047041cf79d73432e4dbb9ba3ced21b2b56fc7e6e1274cf86937affe354a47936db87fba473795fb05