Analysis

  • max time kernel
    3s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    03-06-2024 03:42

General

  • Target

    906da15e8324d76b444260599781f6f1_JaffaCakes118.apk

  • Size

    3.4MB

  • MD5

    906da15e8324d76b444260599781f6f1

  • SHA1

    6da1b8fc3f73387419cb4055deadae57a87a5772

  • SHA256

    d6a55dc76718bbfcccb95da4b61f709ad4690abd688ace2434f1fc7a7469b1a6

  • SHA512

    c0307c7cdbdc8549c60c063dcc248e49e8128751f05c0d78ea1fce37b4386b3c54584b6dc0485c6b235dc761e055aa85d802a2d6c66021544af1ad732339f2f2

  • SSDEEP

    98304:u+wapITueYnQUiq89ycFanArMJvgJ69wng20FBk4y5niLN:u7jCe+e9yZA4J20FK4y5niR

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

Processes

  • com.yiwyxb.dk57923
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4284
    • ls /sys/class/thermal
      2⤵
        PID:4322

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads