Analysis
-
max time kernel
178s -
max time network
190s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
-
submitted
04-06-2024 00:51
General
-
Target
93311810c15d37292d68638fa2a65843_JaffaCakes118.apk
-
Size
26.7MB
-
MD5
93311810c15d37292d68638fa2a65843
-
SHA1
54b6672a19f9e13d0793f8c3ebda3753be861f88
-
SHA256
8122775f808b608e5b4df402cf77f77e4a7fee4b46f0e43621b8a235d15f6005
-
SHA512
94f777a28622030a15797022a57b7a81f8662b1e4bb7e86c23f368920ab8aa8c6d6ad2e41b56b130e0abf5474d4ff5af99e4a925365716c90ed7a56b1f7522e2
-
SSDEEP
786432:nftE/GqhpCd26+PuXR6EBEPxX+pArA+360jF3iB:fS+qjCvY7Xy+3iB
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes
-
com.edu.todo1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
com.edu.todo:pushcore1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD575d46252620a12dd7343e91c8ba209bb
SHA16615b67e21963e5689685f8494f442dcd729d4d1
SHA256c433c8e3f847da2b98ee8b704ea3b7d0f38d6249626dfe26a22bef0c08e5fa71
SHA5129ae5f0ae0a77bc8c9a27a43252ba01d4bbb69a326eb028d2e887d701b202b66a7065765f2f0214d2b0701493634ff33c2104becdb80bf7e8c2657175857b7af8
-
Filesize
48KB
MD54e93a7a07efedcc6e3c741526d2d89a7
SHA1e25833d7a51783c17978a7c5e7953d7cf1df80f5
SHA25626fd97dcb56a0ae4ffee7b9514cb697de101ad39e3b2af2933b1eadf409b740e
SHA51294a5e0b50c0efc69b79fe9b46513537b798a45d00234a7fe1c529e7d5eb153704ec9966a0e0819983f726260579707d7b82e7b31f845fa7602e06c078b98319f
-
Filesize
221B
MD543f2ff74338e05830000af06472b999f
SHA1e9a3a832c46d292eb51e66d075269bc6033c83d2
SHA256a0543b7ffc30f1175057228ea30356ff561255d988324ad399b5e1a6c1871943
SHA51245eabfb2c5d3f219691ac159930fb168548dbdc02558f30ed30119018ab5a2ebe265d3ac20b2126be3f8656d5e9ad9473cd167b200a4a5b97bf24c679e611e2f
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
56B
MD50e5c2b6bdc375b6bdefe9b12f7373252
SHA1d80f0eba18eabfeafb1e984a732473edc9883691
SHA256ddb28bee0af2d97c9a55087185dd9b93dfa66386626f475bea89f43dc1abee15
SHA512059233d1830682013f6ae20f38920bfee7b96d4921d72db326e6c49c606d36ca6aab28adc9f56e258d55717a92ba2bb14d7a5053010696c870213a56a9fc535c
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD54ab34e4b7ee5d534766beae63a4f7f30
SHA1af423d8684d6758fa218f4826f000eaccd9ec6ba
SHA256dafa9a46a2220d6302e896ffa9767e2abbab7e296fd4bd9b34276077c5ba7f96
SHA512dc071d6b5157805ca3748d1831d606603204f84a87c4290961e822f9a7fcac62bc59c830ea1ad7fe0715c40544932805e062ac92c3e5ca78e63401215882c4d8
-
Filesize
28KB
MD51007dc1ad26f524a9f7661ce8cb5187b
SHA124bb2795390774e2c33a80858a3f58f02feac9b9
SHA256f65b639bf13a27957603f55e3d8988bb281c78eb69d3e9d2acfe5bcabc19cfc9
SHA512f5fdbdb1c1d2d133436d357ebe3ae72df7fad918cb4d52791d3abc7e71609795824d036f0634bf063e2b01c1932cf7261f56a6b5aa1521744ab654cd010fe0d1
-
Filesize
16KB
MD5c2fdf9cb5b185253776ef45b169c7fde
SHA1a4ec88f5b7157ae62894f9655f20a46dd5fa3602
SHA2569cabab94fafb5923486e65e5dc5274a73879dd12613d09e6e24518ea7facaae2
SHA5125896f1ea2951f292ac518f762fa020fddd6b104520e16a69167ba4ef903ff04bdd2fc9679eeb675855fa37d00aaa3b9c5a95157b4acaeb75b063db3e2340e998
-
Filesize
88KB
MD5d5b443af71f0727f8ccd51488f212ae3
SHA1a013a8e7becf924a5442b42e24f698bd070fedb9
SHA25618b52ad9795bb0944ac391ee1e993faacec011c13fdc18297f0eb1c1d534de61
SHA512175625a056d5e6d02c0d691491d2389f82b49248e64737beff46734af1d760287b4125cfd26e39be9459e922f24b72bbf1ecfe9869b3efdaa27b60b8fe9b49b8
-
Filesize
512B
MD5e95086172e0eb4887a505b95445d56e5
SHA17ae21de4364a44c113428677bbc984af00b87e2b
SHA256c39ec9cb7d0bfb1d3cf3a111b5afd3e78b1e3cc6b83492815aab5747646eed50
SHA5129a821919969480f0f80969d0cdd6e496655207510b91e5e257ee89f3b2740dc9b737e34f244c1c62ef9075c919f7d804fa0ce6a448fe0a48d7d443ebeba71248
-
Filesize
72KB
MD549792391cef92ceee8ba6a0ae556d4bf
SHA1aa32e79fcc2fbd037a8f079091e1e07f03b1ebd5
SHA256a28e19af7f31dc3d1ada9aecf31954c2b878dd9f2572b80b858556052db392bf
SHA5127fb58e88230c10752045fdbc6bb9cdc60336b58987ae5935236aae1689ebb985c9167565081ee2aa66045a5e480fb69c54650fc6443a3f807f421310a65237b2
-
Filesize
512B
MD568828a182d94a1f308c1047c92200bfa
SHA1ea58a017f3105912fbcc9e21c6015e62b7253646
SHA256301f70aef0b782948a72748da624c0e91fac38b3aeeaae2e81e4facd45e0f860
SHA5126b6e244982238b75c1fb1078cba196d12d59995d5e0fe688eca5f5bce6aff43dbecc384137a3151e47eb942dd55d11a73c5d322e9f2afb2245948318025429cd
-
Filesize
60KB
MD5d70364a018ce74179694b6f84bb29053
SHA19fbc0e60001fafd28c2907f2143aa834238ccc08
SHA256ed6e8365df07c30a526842da8112ed08e1cbeb8d2f005ea8f7844c8deee77e03
SHA5127f60525e2a239b127139415689aed46c154c81da424ac2baae50974d1d97c29f0a975b687958c2d58f32f45fd3f48bd77d399905258088cc9df1f43049055338
-
Filesize
4KB
MD5620f0b67a91f7f74151bc5be745b7110
SHA11ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA5122d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d
-
Filesize
213B
MD589fba86b8d9bc5f5fd71ecf8c222af42
SHA1480c20fa4c90bf15e7e16a2a0b621092f66b029e
SHA256e3973f5f05485091f2c85d6bc2fe72b06e20a5922000f2a435d1a0b360496fbe
SHA512fb663828b6822520209a3fa6b8d817f89d72c51420cdea05c1985447cf8f3714acad02b66e40e56bda3e43928a6ec5bdc2c9b8d8968618502b398c6e0caf91f0
-
Filesize
111B
MD5ed699dbff16babbd77e1583b704e137a
SHA18b40ed364792383e6f4e65e33fdab09cd45d7ec0
SHA256f71b8cb6bbf33331b2b11646540f6cd9047c6085bd2d5efa9f1a1724aaa37c62
SHA512bb0db440543ce0e9648451c4dccd563c5174814b44d3078f73f60f17177afc8010a703eefc098a7042af464b007e23b7636d56960639401dc89f411e7f0329a3
-
Filesize
167B
MD5d16a842c4aecad5dcf746da6440b05b5
SHA18101901a2ca9ef0cafe8861c21b097fa53ccad88
SHA2565415a08cb156f79dd58fc8e91f94b862ddbd604881fabd7e7418db29930467c8
SHA512222259946e7a9e1e9a12096fba1a7db22cb32be60db33b5ae928477b29b625a679008c435e7d1b06e12aa9caad71f966ec687f514d7023087977360be6a7f958
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD5fc4e63f7baad966a95222019da209ebc
SHA1cd58016f3cfd60ff2791b34be38ecbfb71627f5c
SHA2566ef4ea705b67bd508386cd8d1ff875ece84c1349a9d9357e40747f528162ae74
SHA512f5883c217d3f5d500ede5e818b45f3e20f667dd1bee5bc821ec14950296936f4a85c85f5868322ac87806a05902cad37a64a0d6367385ec2a85969e5343bbfdc