Analysis
-
max time kernel
128s -
max time network
152s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
02-06-2024 09:46
Static task
static1
Behavioral task
behavioral1
Sample
8da7dc1501f70fecf9fedef7e9b84156_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8da7dc1501f70fecf9fedef7e9b84156_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
8da7dc1501f70fecf9fedef7e9b84156_JaffaCakes118.apk
-
Size
11.7MB
-
MD5
8da7dc1501f70fecf9fedef7e9b84156
-
SHA1
755082eae55647e1ff69b0d023ec3ea07f8673ab
-
SHA256
f24cdbb1e8b40771f2798543664e39a08ec02c3aa9c6c552ff7008a9d6a75478
-
SHA512
85f579c0726d0b30717982326f144dbd3c13c5017388bcd86c92661cf5fc16c42c5df9d185ef201d57bb5acf863df819c340def95133ac38cba7c66a5dacbf45
-
SSDEEP
196608:JyAQKxUingKz/hHf1YtM+u76lANK6L5jEgKSVt7pkzpzFK5qS12dV1HFFCUdFtIm:Jy1STntzl+u7tNlLBxHN8545qSarFWoT
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.damaiapp.yyldescription ioc process File opened for read /proc/cpuinfo com.damaiapp.yyl -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.damaiapp.yyldescription ioc process File opened for read /proc/meminfo com.damaiapp.yyl -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.damaiapp.yyldescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.damaiapp.yyl -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.damaiapp.yyldescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.damaiapp.yyl -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.damaiapp.yyl:pushcom.damaiapp.yyldescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.damaiapp.yyl:push Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.damaiapp.yyl -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.damaiapp.yyldescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.damaiapp.yyl -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.damaiapp.yyldescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.damaiapp.yyl -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.damaiapp.yylcom.damaiapp.yyl:pushdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.damaiapp.yyl Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.damaiapp.yyl:push -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.damaiapp.yyldescription ioc process Framework API call javax.crypto.Cipher.doFinal com.damaiapp.yyl
Processes
-
com.damaiapp.yyl1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5092
-
com.damaiapp.yyl:push1⤵
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:5270
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD52fb5e0568801128e0b79bbedbd61eaa7
SHA1b3762ae9ba2735cf5126032bf79512a8ea17bd8f
SHA2567afbd4c1c94b41086a7493b1a32585047a3b3fc01a3c3a3688d6e712726381ef
SHA512a5832add9b0708f68d4a105e27f9b3ac30d10644d35948e63be63aad84415f9d0a5a64a2c5f4fa7c549918c8ded1f7c7df2dbd892d0bc14e93b9818fed8ca9f3
-
Filesize
512B
MD5192cffbd24709a0a4f35c5d7e6af5e3c
SHA18125bf1ac0c7e060695ee437655852834e441710
SHA2562f0a41d1a36c68d328e38a88a93a0d935a9234169612db4a9f87a246043f0612
SHA51228933baa51682ee0db6a5b0fa312acf2ab97e8e89b76d975eb62380c22fb3111bc9cfe90374c9090e127298960314330edf73d836c858b355ae939cd293aa07d
-
Filesize
8KB
MD52ee89a308fb561fe04da45ef7bfaccf9
SHA1344cb6b3dccdad37cfebd7d4837c744982574f50
SHA256b252ec6b2684e6c35f296fc70b4e1bc57d0eee2418658393885c324a682c89c5
SHA51293136d26de542b0395db036875fd77ff9f9f0c6342dac95b0619661c2085c78496cead4865cb1947a52bc2f1e15edbaa53bb34a3ed4fc5726ef38f87801d6c20
-
Filesize
8KB
MD55227e8a027e1fe9371838807997eb177
SHA1815e7195a7fcbd1b9dd048df12c94b2576c6d24a
SHA256d20581bb0ed180a0ae4df5124d17c012f0a36c907472b41a0592295aba1bb797
SHA51287836bbc77962cdc2a9a029c177de09c5a729c23ea417940d96dfdd8d6fe3d74d8814405d971fbb0170d294c25a18cc5583fc0cfd5a17df401cb63d4e5a2af81
-
Filesize
111B
MD5d2c91fb4b8935ff1b88b960e2cb01be7
SHA15e3414b93d2a3a8b951c178a6c280ddf7899e96d
SHA256a97764334d66254459a4b786c74cf2aabda2eecb964e989862fd9c385a1697e5
SHA5128cc1b893bff3f8cf5ab91a2640340ae1ad4426112a081c5170fdd7ab799700d050bfda7f29888f6716d1585abe039cf68e513c6577db933f611d6661f0f57f80
-
Filesize
222B
MD5f2ad664e596d1396e96515d4643d583e
SHA1568e5f1216479a95b506440e4f253c5639b03612
SHA25675d14c7567ddf6bce0651f37f4f74b8d7b43ac6b2075bccd92b52367ca5e0cdc
SHA51288b7429a8ee88d560ecff15f1a3634bcac0d6b71d83aa4f227f43c24b30f49950f1c78de1fc0a10edafdb8acf62b8a97747b12a5e3332bd23b94133b7c770e78
-
Filesize
222B
MD561964523ed2c957633219754aeb8bce5
SHA12acd2c84d9342d5faceab53ff25bd5a4fe4b3c95
SHA256ee2ad72586435c383d29aa10fcce5aa6746a97905daf92eef4e62d1f3eb2420c
SHA512a560a7bbeb3577de5fd9177249f6cb97b8179ebd5aa7ee08760c0bca888f56d79811bfb0d02e8c6224518bfe141a36559f23211c52f33e0ea1122296fb72adca