Analysis
-
max time kernel
24s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
10-06-2024 07:46
Static task
static1
Behavioral task
behavioral1
Sample
9a6e7473d3ea60ac7587580675aab6fc_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
9a6e7473d3ea60ac7587580675aab6fc_JaffaCakes118.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
9a6e7473d3ea60ac7587580675aab6fc_JaffaCakes118.apk
-
Size
13.5MB
-
MD5
9a6e7473d3ea60ac7587580675aab6fc
-
SHA1
19e49e8858f27050777ffccdbfb1470e1f8a791b
-
SHA256
770830abbfacbc0763adaa6dbb80a32c8db62a97adbbf002f9be020f613e4da7
-
SHA512
bd7b79cbe0e50a65c51ba3a451e2da71868671607b89f6f419f1352081a63b5e85fe3128f9e5b324b6790a4348f4af28e5aa6092a5490e32138f43de46c77aa5
-
SSDEEP
393216:EuaI8d3LRtq+nZq1q5b0g7HVXPrVZPolLMATbv+w1z6xVUWR18L7X:E5dbjq+cARL79PrbPuLMAvF6xO5LL
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.mcmlmpnimlmemmna.leiioc process /system/app/Superuser.apk com.mcmlmpnimlmemmna.lei -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.mcmlmpnimlmemmna.leiioc pid process /data/user/0/com.mcmlmpnimlmemmna.lei/files/AdDex.3.2.0.dex 4274 com.mcmlmpnimlmemmna.lei -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.mcmlmpnimlmemmna.lei -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.mcmlmpnimlmemmna.lei -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mcmlmpnimlmemmna.lei -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mcmlmpnimlmemmna.lei -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mcmlmpnimlmemmna.lei -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework API call android.hardware.SensorManager.registerListener com.mcmlmpnimlmemmna.lei -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.mcmlmpnimlmemmna.lei -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.mcmlmpnimlmemmna.lei1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.mcmlmpnimlmemmna.lei/files/AdDex.3.2.0.dexFilesize
250KB
MD5c5e1dd0a8096e3883a437597fa0b3713
SHA1d24a7d387943916a37c8d613e3e5502aa053efdc
SHA256a717d86d76a8bb7fa0eb718bbdd5fd176a80ee7571c65ff999ef72f11d1adb8e
SHA512fb3cdb82eaec7f8f76b6e8b4d48df43efc8448771bc9419eb19ffdfea075f029bbc33dce2706ce042aaf2d698a29e77e1899cb8b6c60d96528a1fb1bdfcc86e2