Analysis
-
max time kernel
47s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
02-06-2024 11:20
Static task
static1
Behavioral task
behavioral1
Sample
8de6580c8b890804d8f83bf9bede068e_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8de6580c8b890804d8f83bf9bede068e_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
res.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
res.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
res.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
8de6580c8b890804d8f83bf9bede068e_JaffaCakes118.apk
-
Size
3.3MB
-
MD5
8de6580c8b890804d8f83bf9bede068e
-
SHA1
04b5de28b425952a982a4c94047c5ff0e404f71a
-
SHA256
cb699a4b8132ee3791dfe7b6746cfdb44d3289d7aac6f48afc6185360ecb1aa7
-
SHA512
59740fa62332ab2df0bde8103dc41ece2febc7287759d045eec73115f12151ec1f3b7c90f8faacd2bf2152541f94fd5380bf31f04499f7bb1dbaa04d7242e1a3
-
SSDEEP
98304:yP8Q6cvYj1fScdN3f4mB5pq1+nDsxA1rY1CG7+AHH:3Q66YjRNph5pqgDsxA61om
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.lyztjdb.bt.qipadescription ioc process File opened for read /proc/cpuinfo com.lyztjdb.bt.qipa -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.lyztjdb.bt.qipadescription ioc process File opened for read /proc/meminfo com.lyztjdb.bt.qipa -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.lyztjdb.bt.qipadescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.lyztjdb.bt.qipa -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.lyztjdb.bt.qipadescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.lyztjdb.bt.qipa -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.lyztjdb.bt.qipadescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.lyztjdb.bt.qipa -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.lyztjdb.bt.qipadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.lyztjdb.bt.qipa
Processes
-
com.lyztjdb.bt.qipa1⤵
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4309
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
101B
MD56276166988a33abf6cb34237f184ad29
SHA15da2a5ff24a70e8c96d410349c483dd17b470767
SHA256cb3c1b6dc7b20f0880e1018c9053b1e9a14ff0cdbed2f9f5473c01cbd2759205
SHA51297c4f71f320b24ac5e12370e487a0c4fff621b612c3bb5e9baf3994696ef5a48e40c2d50b3be6843fc8c652699a84741c3a4ef269c2a05816254f99742254a89
-
Filesize
12KB
MD53fe30614d7e0d11db870b4624f6c50e0
SHA1053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA25667c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae
-
Filesize
512B
MD539f3f26232b1e140a0e87fac9885fa8c
SHA11a5da4f0dd7042daf47e73633e16112385c87eab
SHA25603b9896da654f07382c331b4dd9cde85040c55ef66291704f2897cb29ff6828c
SHA512d2da65b93742d20ef914c8fc9e760e7aa8adc3bbff412567c82de4079c04fa720d2561e1a162bb750cfade8e4ea97d0ae6d084f571f5b85b3ce1deaf931426da
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
4KB
MD51374e7af879cd4e81a5ef57d0573f294
SHA1426e8c94e56e3e2ff33cbc77f8258ec49c81660e
SHA256e2f807c2418f48afcb0149b6d51ed6fda0c4cc5ee7c48188fea49cec2c1e5233
SHA512cb230b5c13304318755f81899bbd0b2bd6265f5cff3f330c498b8c9e91732a8cb3d80a1f2f14c81ce63bcaf3d2fc176bc76b0cb21257a5c2aa902f7d469425cd
-
Filesize
16KB
MD5ef35cfb86e7df6cb5a714693915de918
SHA182f0274ba8f01c1f3b050430d6276dcf1279e920
SHA256bace24718b1cb4505fff2bed7fbc4233b9b6162257c12c50b6faeb4b56301a0e
SHA51218fec79f43a876bfb1ef7ccb60709ddce1600f5f7865a6dc12ef35098cd4b36e25bd376f0b00bfb192129109cbeae85e86e13b10c4be2aadd45d51d23a70d162
-
Filesize
8KB
MD5eb223f98300e06b9ba695f7198d04b40
SHA1506edb8d3f0511d1bef881009adfe4124f189b52
SHA2565b7c7a1c8133390f1a72251f9e635187d1b430c8899f506e176d25428e23596f
SHA5126314fba8343a215da4b5dc7ad9b5e9d0aa1ae9e2311f8e93921b485e1a79bf532f560383fcb5d43e215f55fc5a2def78be9448947bde85b131257c23251dab2f