Analysis
-
max time kernel
3s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
03-06-2024 03:42
Static task
static1
Behavioral task
behavioral1
Sample
906da15e8324d76b444260599781f6f1_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
906da15e8324d76b444260599781f6f1_JaffaCakes118.apk
-
Size
3.4MB
-
MD5
906da15e8324d76b444260599781f6f1
-
SHA1
6da1b8fc3f73387419cb4055deadae57a87a5772
-
SHA256
d6a55dc76718bbfcccb95da4b61f709ad4690abd688ace2434f1fc7a7469b1a6
-
SHA512
c0307c7cdbdc8549c60c063dcc248e49e8128751f05c0d78ea1fce37b4386b3c54584b6dc0485c6b235dc761e055aa85d802a2d6c66021544af1ad732339f2f2
-
SSDEEP
98304:u+wapITueYnQUiq89ycFanArMJvgJ69wng20FBk4y5niLN:u7jCe+e9yZA4J20FK4y5niR
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /system/app/Superuser.apk com.yiwyxb.dk57923 -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.yiwyxb.dk57923 -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yiwyxb.dk57923 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yiwyxb.dk57923 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.yiwyxb.dk57923 -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yiwyxb.dk57923 -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.yiwyxb.dk57923
Processes
-
com.yiwyxb.dk579231⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4284 -
ls /sys/class/thermal2⤵PID:4322
-