Analysis
-
max time kernel
8s -
max time network
151s -
platform
android_x64 -
resource
android-x64-20240603-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system -
submitted
04-06-2024 06:02
Static task
static1
Behavioral task
behavioral1
Sample
93cf7b59839c563f41e67ecae4d25c10_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
93cf7b59839c563f41e67ecae4d25c10_JaffaCakes118.apk
Resource
android-x64-20240603-en
General
-
Target
93cf7b59839c563f41e67ecae4d25c10_JaffaCakes118.apk
-
Size
19.3MB
-
MD5
93cf7b59839c563f41e67ecae4d25c10
-
SHA1
172d64ed0a1db2a05518bbc30cbd9e0cf0d503ae
-
SHA256
906d831f679b48c34bacdba7e18057761cbc75a341b8c200f591dd6bdf87410a
-
SHA512
c441838dedbf7c8257f1388993436511af334348b2474c4c941ee4c8c72cdd3172c0f09a5dc77a5ce997c4b1153c9a9744d91a91ba93334ca9faaa0107a5dca7
-
SSDEEP
393216:L5pZAHcRKvNbyOS70VCC32h3rutDa6x8uli2/Suli2/4TSpX8hzvWVySZxuli2/v:LnZAHcRCNebQ9L+7Gi3GiBTSmhzvWlxu
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/org.yihuantong.yhtdoctor/[email protected] 5195 org.yihuantong.yhtdoctor /data/user/0/org.yihuantong.yhtdoctor/[email protected]!classes2.dex 5195 org.yihuantong.yhtdoctor -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses org.yihuantong.yhtdoctor -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo org.yihuantong.yhtdoctor -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver org.yihuantong.yhtdoctor -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo org.yihuantong.yhtdoctor -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
Processes
-
org.yihuantong.yhtdoctor1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5195
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.3MB
MD52c0c043af20b8b371b4715fb58d01a41
SHA11621a94e920e06e425c008e5c95c14851ec5804e
SHA2563fe84b0bbd948d8a21fb7c72939210a2bbe0e1c0d162cb98fe185cfaa9ba1601
SHA512ff88e3b47641a9e2524cdc9328df24dcfe0bdcbec042b31aeac0c3d93a68057a671dc8c6382ecef3660a7dd3b929eb9296183486fc072bc47d46ce15d49bd6fc
-
Filesize
446KB
MD58f55d5deb281d8aa1a0b9f72f7185e58
SHA15ce262af6a74a11931bf4b1e92a59b9acab27f37
SHA256b57aa883bd4a8241fe2ebbeec0988614da1ad453f5784f3439335a6f800c7944
SHA5124d74f007dc4a19ac3a8ae3434f06d2509397301c0a9b0288475280801c8907ce48248459436416fb14fc5a3a6ce790d680b6b9c95d35afc49c2f0639199b56f6
-
Filesize
340B
MD5e3c4b962fb8b8ad6240e1bf8ee341b2b
SHA198155979a858bf8363cf2347ea47cfca5fcf617b
SHA256e329c6e669cdc141c488799068603be812de232d78bdea49ac8f33ecc89afbe0
SHA512f095287f59b08490f5a916abb5859bf6cbc22970ac085e067e9780bb24c4540cbacd18f5905c1aafc667fa58cb8511e3695f01748b190846ce6dd3b5c1b9c8bf
-
Filesize
314B
MD532dc3aefe9a3504364425ed39992286b
SHA15eb58550f4ff00ddf063585da7820adca7d87bf7
SHA2569357ba2f3d07be47a4667b303ed8c038d40799014e5a63357dfe24a2dbf3774a
SHA5124ab0054d7047f5029c9dc83aab69e7efad728533ac77a2170069ec2b7daa2d5fa1c32550b5f39b2667f9fe1ff7d8b2cd8b5094a3c4e6725417907a8d8a802775
-
Filesize
27B
MD536df1d488f3ebddbf00f0619938b33ad
SHA169c938d472e33340e31849a98b05f1af048cafd5
SHA256bc88ed0ea435f1f7eb71ae13ae2d0262d629aea4fa1093c3df64194df053bbd6
SHA512fdb44ee55c3e7465117b05f6bdcd35cbd2b97b3a7936e6c5aa57e19ac332b39703b07386a5ee4e8cf74a0bf49cfc9fd795aba29af5408981484193beae8a6f18
-
/data/user/0/org.yihuantong.yhtdoctor/[email protected]
Filesize6.2MB
MD57f479d3a9ce879695468e45940169822
SHA14608386df0e970842021a3eb4fb5ec3f050563d2
SHA25659b282a86563f8715621fbe74f9333290479caad85cd3bd058c3217960d2d463
SHA512ed5f09a7cde56feb3ff461527ab8c3a2382e34cf40485300356fa42fb9f43fa3c68997bf1ad508604e1513eb8350e972aff20073e3982a66876f17f39959b9af
-
/data/user/0/org.yihuantong.yhtdoctor/[email protected]!classes2.dex
Filesize3.1MB
MD5125d586ea81d4cd65fb43046619d72d2
SHA1cdd7a59fdbe79ef1c9dc37bc3846c251ea3fab5d
SHA2569db47008f1bee79c974bb05a06d3b52195e0b03b18f2b6f7e6dd022d32a46dfb
SHA512cca771548aef757c5554d117f579446c73a77b2d79bfef6aebea55ff5058e0694e97301aa0303c7b57900044c82c8a356cf9f6648a8bd1cc278f7e8c578c226f
-
Filesize
48B
MD54c4c5285293d5141f582aefa4e038669
SHA1e01852a72e5a8e6f7d63a21426b515118196047b
SHA25636c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399
-
Filesize
32B
MD54cc9250dcec37bec438571fb1b7110fa
SHA1c4696e35eb2f7bedd446adbc6d0244c985253073
SHA25676054d78c7bfddd9e10d69ce1cd2ae28bce89357740bbd9c0c166562b8754a21
SHA51290e4b4961fd4a8a0d6bc3016e9aba66f7f94fc8a1b21bf8f68d98d94fb3044978629ae45192adc5c4669e27e47f4bd19e16722a5c880aa7cb7c78c05b539a60e