Analysis
-
max time kernel
169s -
max time network
150s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
05-06-2024 11:58
Static task
static1
Behavioral task
behavioral1
Sample
9817a885936dd4b76bbae3d67421e227_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
9817a885936dd4b76bbae3d67421e227_JaffaCakes118.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
9817a885936dd4b76bbae3d67421e227_JaffaCakes118.apk
-
Size
14.0MB
-
MD5
9817a885936dd4b76bbae3d67421e227
-
SHA1
bb67a848c374c3c250bbba8a42dbbcca9498a2a4
-
SHA256
a5a8ea34f978049bf2d83fd5a3ca1a4c5364018423b67394f06918bf7c5134bd
-
SHA512
35e31d3e605265925fa3b2d081c391b6203c9e1ea693baed8d53d9623c12244b88f08981e9925b0bca124d40d49c4b8a59d79a991d53d1036235c841cc31c98f
-
SSDEEP
393216:2yFJNN86JY3DSjRVbV6H1XRrIa5XgJziHXTeX37:2yFJNQmjnV6dpIggi3Tyr
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.chediandian.customer Framework service call android.app.IActivityManager.getRunningAppProcesses com.chediandian.customer:ipc Framework service call android.app.IActivityManager.getRunningAppProcesses io.rong.push -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.chediandian.customer -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.chediandian.customer -
Acquires the wake lock 2 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.chediandian.customer Framework service call android.os.IPowerManager.acquireWakeLock io.rong.push -
Queries information about active data network 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.rong.push Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.chediandian.customer Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.chediandian.customer:ipc -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.chediandian.customer Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.chediandian.customer:ipc Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.rong.push -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.chediandian.customer Framework service call android.app.IActivityManager.registerReceiver com.chediandian.customer:ipc -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.chediandian.customer
Processes
-
com.chediandian.customer1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4273
-
com.chediandian.customer:ipc1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4307
-
io.rong.push1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4332
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD559bcf672d6aa933d7a5d5a6a41312d89
SHA11ccbf2bd3647dcb1ec22784f98a4aa035d507ffc
SHA256587526298ec8243e9e3affe269261af7c8b15c716b3f611a4fbc4768455011f2
SHA512a662d86f07752ec3b16d89fe6ee1af615a0af7806d8bc85386cb1c3b73abca26da4f77d95eb1563168ae31540fb8988a4ab7ef8bf42703b5b6e4bd6fa36ec233
-
Filesize
512B
MD5ff8e25b4d441642003dcde28d268057f
SHA175237c04e2838831c0979b9d67ef34b92597bac4
SHA256e3dc43118289047cc7779571dc25479a8b813da780ade92ebd2b38a1f845b1dc
SHA5120a899300b405440227a1ca83283d15a837fe83b02677df513a2203379327f6b2e6a95cc358d3c33da92f64e1a8bfc0d6e412b62071ecf6f9f7be6c3bef62d606
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
56KB
MD5ed3957d6289eb0a7b62149fbf8249938
SHA1913ba710b9f2696c7a0983e08b32aac3916959cc
SHA2560c8171deee46e3a04bb562c20999cbc21b15556e7dc8c1b7c56c647cd4640aaa
SHA5129b4ca6467ba6b13f19c37d10dccaf2aa51418774ccb690338e96afce816e2f0fb392503e8732daa076b7a283bc3f2edc526a3c57733740841f13d9aca250255f
-
Filesize
31B
MD58c8bcb7d36cb5a71729c00c4e7f2d330
SHA1a352667c61dc45f43cae74a7102fa692fba98d3e
SHA256fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150
SHA5124589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56