Analysis
-
max time kernel
179s -
max time network
187s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
03-06-2024 03:36
Static task
static1
Behavioral task
behavioral1
Sample
906a9b8b116d95971794bdfb1c44670d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
AlipayMSP206_PPS3_V3.5.4.0619.apk
Resource
android-x86-arm-20240514-en
General
-
Target
906a9b8b116d95971794bdfb1c44670d_JaffaCakes118.apk
-
Size
16.8MB
-
MD5
906a9b8b116d95971794bdfb1c44670d
-
SHA1
55d422dd1fe040e4edb89242789076e37778c797
-
SHA256
3d9ec591f829440da0051dd755ecbf326e6f03f83eb3d88c51a6b633cb31b572
-
SHA512
59dbd73d2517922cd7baa4dd9ad3e4a6621a467b5eafc8c68fe643f493f0d4143d9531d52c5f796ebd58f2e74b20a981a2320c6bf202efe707aaeee8e672b835
-
SSDEEP
393216:cHXa8UQ6gG3pxsCyyGjpoamTRpMXdmj+O0Vm7zSY9Nro5MYoFEET:cKUG3p2yGjpxuROXde+tVm7mY9BOkEET
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation tv.pps.mobile:remote5 -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo tv.pps.mobile -
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo tv.pps.mobile File opened for read /proc/meminfo tv.pps.mobile:remote5 -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground tv.pps.mobile -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo tv.pps.mobile Framework service call android.net.wifi.IWifiManager.getConnectionInfo tv.pps.mobile:remote5 -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults tv.pps.mobile:remote5 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver tv.pps.mobile Framework service call android.app.IActivityManager.registerReceiver tv.pps.mobile:remote5 -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock tv.pps.mobile -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo tv.pps.mobile Framework service call android.net.IConnectivityManager.getActiveNetworkInfo tv.pps.mobile:remote5 -
Reads information about phone network operator. 1 TTPs
Processes
-
tv.pps.mobile1⤵
- Checks CPU information
- Checks memory information
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4268 -
df2⤵PID:4340
-
-
tv.pps.mobile:remote51⤵
- Requests cell location
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4380
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD5e035539b3fd8ac46db0f341b111ee1a6
SHA110bef338afd13bad31e8be41108c73c20ca4471b
SHA25602a5d75dd31acf5720e768aba128d856f56b03c7237f6e5f307e93372dd4cd25
SHA512ef6fe06fce635b20f9fe8f2db1bd0896814ce8551a7c7b4e5ed630f1e23ae4cb01afd4800db635cb39a56a7700e7d77e0634a59ab51f8829e49f00b5a904ff7b
-
Filesize
32KB
MD519752653a4563ce98650ae63e410e8f2
SHA12dfca04714228e1556537c172f57c65914c934b6
SHA256f4dab4bd68bbca6a62a861b90670bfa063887661004d68ba5ef8628817fff7f2
SHA512a2eb75333c917ba7d3a570dd65bddfad250821b7087872e9bef911c4c21d95d39b93bd63109ed20ee4a0628138675b0d990f1977fa589e118d053e61b4f8a247
-
Filesize
512B
MD5b16226d8691f767ae0e0b4a83ea4ef47
SHA1a8c757c7fe95ce9286f2bba0c2b31aa716283772
SHA2567556f94114452e4a5f7547ce28dc86e1f407865a1a7a1aa59203ef409e268e2e
SHA512cad93ff9059f3e074f394cb70d5e55825cf6ecad37af94eced5538276f21831cfcee70aebcc3859b7ea3c765731db7ce259bd5fa18699d0246967a10d5cad502
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
20KB
MD5f1bb264f939edf2594f5be723066c74c
SHA1859bae910708588a7e1bc77df4135fe8ae817602
SHA2566a7ecd4aa050bfb66501310a9ce9a2c1b0d62d53dfb171286eff2861ddea8ba9
SHA512f4a4bedd2adbcfb29a7c6122d0b1ff8236ccc916d1276d34a85b5f50b4ba9bd2f65c64c21e159ecb4f277f1595a64ad722c7dbbe8b12068c89118dcbe2151c93
-
Filesize
4KB
MD5210316c00fb8661ff2a62ce8eface6d4
SHA108138e73899e2c1f4fdf8d4126f00f660c5fa80e
SHA25600bc25eb824c3029ea42dc82686a396616df359d629300fbb8f2ad0fd59a9fe1
SHA5128625ce422af51a79e19caf49e7f9ef413d91702bcaf4ce3923ff2a86ae43e06db92095da24bd649d1fb1c249a501d7a83b626369ba9c6ee3c129d65494fdb46b
-
Filesize
512B
MD5cc16bce8ccfc6f3339f222f5d62da2e9
SHA1626940c19411b6c48d0917e5ebdd0ae6ea225c95
SHA256e616efdece5e2e0da2a56443c9868b8b40a4bed29134ccd4005804248fa92dc5
SHA5129856dacc978b3e4ff2332269b385c0417878e8d14c4ec39c89c03f74eeff7196034bff5f4b0af4d68fb5dfa1a69d614119bbecbddeb66421898e76b80aa9d3ae
-
Filesize
32KB
MD50ae59507c072e83ec6b9d1e1d19f9cea
SHA1d3fa708bfd73f3be45d18642edb9d55df07a072c
SHA256e529538b12695b407933679669c86809d4757df1f13d01aec10737f812bd2c72
SHA512eda88b9101c5307653a2cf15765bb085d1bba939dc7febced7b4dc732cdc544097b4a88e345a8dbb93c4ea1971c260f95ad94e8eb94d2407d71c223e10a829c1
-
Filesize
76KB
MD5eb15de62deb34f3353282d2799dd62a1
SHA1ac18499ae67e8814b4dc58067013576af6b07c5d
SHA25658a0cad104b25e6cc1fd9988ef9afeb19d1780245c196ec0c86e6d92d3e14d42
SHA51290c241130d00e4ec8d4583cd8e3dda02100e5123410ae7b1b34a694da672df1f5c8e36f0842e07e881f96cbf4135af3f6f9ca8e03becdf298f49bcb867bfba58
-
Filesize
62B
MD59baa35cb48108d59965c220981c65d16
SHA1dcd61906db2789b82c37e5954bf2f7a2793a065b
SHA256987fb9e2400a9e7ffceaa6962a32beddd5203ad8ba1cd653f7b414eea9c8986e
SHA51201de89d5535ec3789e0b310da6b712f2dcc722f80f629f08ecd21480ae9d0c3b6a5856ae9ef162ad2c436463450d482752c1d255c0667a179aaac6a41c073364
-
Filesize
15KB
MD54171efc03e81f976b5fd33736f376609
SHA1d5af5cabf0e771ad2235af876579e057a646f67f
SHA256d930b6e1e4b2497fba39333a4e37da642a38fb56ef64573dc73b871797787e85
SHA5129891aa155d691ff5cccb7770cac4b48f5c80134fa8f603f776e387246abb9a6057e2dd6ba7235c3a4fdcacd97f9258121413e308ade5ae274a7a80e0a4dbd5f1
-
Filesize
26KB
MD597a07616cf9f7b43a6ec7e90223a685f
SHA1a5a5cfc78eab371debfef5a373fc5032983919d6
SHA256f12aee37e7f689df194d6aed47ded7f32e458e390ecbbdbb06d9e56871e97b7f
SHA5126afde4f4dbe820887045eef95b61d17a063cc81c015c511ebaf768e9044dab421e51949c5a2868fbd926f6a4d0498a33928c53c66d48427743f04348a7a69870
-
Filesize
2KB
MD55d85768056c8be68376a82e90e258ab6
SHA18a2189ee3a86068ef6616cd1cfd64aeb908f61ad
SHA256fcf8587c2cc238bf697e6b6e6b049f281fd6b25a9c9fbbd1e0462cfe3c57e809
SHA512bca9d47445c11f5036dd6bc48118384e69eafd5dcb5fa3365ab3d905b99a09a23fa6d9705f598810cbf66b2ecb1101b3e21852680062622f6f5ebd48e78dcf66
-
Filesize
512B
MD55d2b3dfe70dcfa6013c43214c765a0d8
SHA126bffe95932fbe85d87fd55c90d6babc7de790d7
SHA2562a603358d030fbe945c4a0e4ec547ea257f561570468d9a536b757358b067282
SHA512c59efeb1aec6042013eb0eb0cffe02fad85f1b373cfc27a47d61c5cc7f846c0cdffac06b315a9a6d70609fb1a67124a864d8c4a7bca98a93783d00575c454352
-
Filesize
1KB
MD5c52d0984172c9f5245c203cc5dea2f73
SHA119d7417ad27af5574c61945458226591c9a6fdfd
SHA2568638984ff21276a405837559b6591ecb34d1b2159b24f2607bb7b57048252d84
SHA51275615c09d5e7461ed16a7c0b1b9cbff5f2dcb604b2a85492974dd0b2dab81e1c107b7ce663b838bd2c75d3dda9e0928f5a67c854ad5cee7b71f88d3a1838f159
-
Filesize
1KB
MD51429680bcb0685306f63c882ec2017a9
SHA1770aac0f82d0e374a0b970318e18f3cd9cfb3c4f
SHA256f49ebcb5a95931769fdd3f07152075a5e2559253d95a46d3aeff137ff229da40
SHA512e683cca409dfdaab1640ae5273e5b93983376d3208fc4eec2101922bdc1d464812a570d3e9019824755e3cb8fabf46b0696be43134073dae6952b54ad0304f43
-
Filesize
1KB
MD5abfa19d676ffc78f87f8423f5018fc2d
SHA1182f0be13fc14d7a9cc5bac0e692b0cc0018debc
SHA2566c74e6a6fe6af25d0ab652117ad3488caf644247542ab01159534c78bf2930f8
SHA51293448577e33a363de259a5dd1d2543205404dee1ff66cb4589a7c03362c5b9fa30e6eb412fa6d1a92844bf86a615a34742f66dba80b122dbb1400e634dea3e7b
-
Filesize
2KB
MD5b8f8a8c13f7cf7505c3f5affabf7bc79
SHA196bbb6564f87a91c198012f7894eb873bca115fd
SHA256097c7abe613f83e817d2ee1ed5f43b6c3e24af7ba77750fc52e92fef15300341
SHA5120bf2f02c7a808e1b50825e2ede8a095ecb00a28b6cf9a31d4e6c4d89740796a40e4a7dfc1d05de6d247d3b4da4a469f5932a86496a7e24db69187f1ec127aad6
-
Filesize
4KB
MD50d01fa7f87739d61c609e8dd2e10e3d2
SHA1979a617bcac47f79e7ebed9008be30fc926d2f93
SHA256856e57b8b50d622b96d6c931d2e1a18afd9874139e049c106f6a13266df2529c
SHA512a7a236f0c149c85445e3fd56b0aa2d796db4bdac041f3b1ab4b983776960ae2194be1ce1e4a396966921b8438ba60837abe165eb1a5e5eef6e360514f924d8de
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
193B
MD55bd37b876c6061b8a081f75405cabfc1
SHA10f5d574e6b9d952675c21810c34e7664d1e2f794
SHA256b0a1fb963c708b8a57f02cf07fba1b7243ab91e4a1343783861d74086800d8a9
SHA51217617bc2e96ad6161dec71595d52382d9c3d14b3310e951eebdc73b9ec00ae926c0ea813598411be74b54edcec753ee67aadf04a4f58036641c8cacd3e069521
-
Filesize
512B
MD50b23ffddc279ae262261207ad6429e6f
SHA14479f2a706b4d69890f82054a22838c8163334a0
SHA2562174c4b52370c4ffab2b000fe72e7477d404077eeb218578bf3d66800540d861
SHA5127a17030be5669c467f18139f5af061af967f796301f668732ff95e0b5840e6d45c338abf83432d7db56ee764dd6763a712bbb0502d77f53f0b742722974af409
-
Filesize
32KB
MD58586a9ac214c4be66b309e1916733110
SHA1a85492adfbbef75bde2b477a023a363f60b225eb
SHA2568820488dc7161beb530210e7f7d7d9b3932e4e4e0ad20b4ffd5571a0d2b6bde7
SHA512f2fa9c9671bad0812368002e86a888ffc7a4ebe0fe30e34969de0eedbb89bd14d5566cbcdc27b7e051aa88f681f29cf7616ecd17351590db4804be75bfcbb3cd
-
Filesize
58B
MD5a163eb0b7740b3aafe6ae2a28ef061ac
SHA1d79294523b7eeb29ed9530459e9cea60dc76eb24
SHA2561e30234a1538a319b8fd81f27006e48fbec43be3a26eda1e26c19d216a712244
SHA512ee209e237ef59b3cf966dbbfa25cd836d39f5bd46584e9772d044bab4a4ee18cf275db3f4819d55595f66d425da09b031f75fae52893b249d3929c9e6950b5a3