Analysis
-
max time kernel
107s -
max time network
139s -
platform
android_x64 -
resource
android-x64-arm64-20240603-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system -
submitted
10-06-2024 07:46
Static task
static1
Behavioral task
behavioral1
Sample
9a6e7473d3ea60ac7587580675aab6fc_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
9a6e7473d3ea60ac7587580675aab6fc_JaffaCakes118.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
9a6e7473d3ea60ac7587580675aab6fc_JaffaCakes118.apk
-
Size
13.5MB
-
MD5
9a6e7473d3ea60ac7587580675aab6fc
-
SHA1
19e49e8858f27050777ffccdbfb1470e1f8a791b
-
SHA256
770830abbfacbc0763adaa6dbb80a32c8db62a97adbbf002f9be020f613e4da7
-
SHA512
bd7b79cbe0e50a65c51ba3a451e2da71868671607b89f6f419f1352081a63b5e85fe3128f9e5b324b6790a4348f4af28e5aa6092a5490e32138f43de46c77aa5
-
SSDEEP
393216:EuaI8d3LRtq+nZq1q5b0g7HVXPrVZPolLMATbv+w1z6xVUWR18L7X:E5dbjq+cARL79PrbPuLMAvF6xO5LL
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.mcmlmpnimlmemmna.leiioc process /system/app/Superuser.apk com.mcmlmpnimlmemmna.lei -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.mcmlmpnimlmemmna.leiioc pid process /data/user/0/com.mcmlmpnimlmemmna.lei/files/AdDex.3.2.0.dex 4561 com.mcmlmpnimlmemmna.lei /data/user/0/com.mcmlmpnimlmemmna.lei/files/AdDex.3.2.0.dex 4561 com.mcmlmpnimlmemmna.lei -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.mcmlmpnimlmemmna.lei -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.mcmlmpnimlmemmna.lei -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mcmlmpnimlmemmna.lei -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mcmlmpnimlmemmna.lei -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework API call android.hardware.SensorManager.registerListener com.mcmlmpnimlmemmna.lei -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.mcmlmpnimlmemmna.leidescription ioc process Framework API call javax.crypto.Cipher.doFinal com.mcmlmpnimlmemmna.lei -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.mcmlmpnimlmemmna.lei1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.mcmlmpnimlmemmna.lei/files/AdDex.3.2.0.dexFilesize
250KB
MD5c5e1dd0a8096e3883a437597fa0b3713
SHA1d24a7d387943916a37c8d613e3e5502aa053efdc
SHA256a717d86d76a8bb7fa0eb718bbdd5fd176a80ee7571c65ff999ef72f11d1adb8e
SHA512fb3cdb82eaec7f8f76b6e8b4d48df43efc8448771bc9419eb19ffdfea075f029bbc33dce2706ce042aaf2d698a29e77e1899cb8b6c60d96528a1fb1bdfcc86e2
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD51aa8bf20b06e2020afeb21601e8b6092
SHA138ef6667d6ac125b0c7fe3b364ee21f3e0b4121b
SHA256981287be46bb5ee46a7111bec973e719dd7d44b96e1c85ea76f69fa9431503f0
SHA512d7406fea631de71997c0eed332b521df63299aa8eb7f106df096f2b31a51706bba01d315e5da846ed3c4ae2e9506b07dd71d15faf8d0518eb9e06809b075bde2
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD5466d6b08f4241f021948c02715c1db59
SHA174ecc826e3b6706f5c3bffac4f3a86d44b26fb1e
SHA256317d7cee5bc2b864b8e58c07e8123847009e4ca262b888d14536d832d74b3556
SHA5125bedaba0689b446764e96e7077c1119ebc9c52145f6d18785604b5375f8b75b3de57bc51229f813d86a4b5122126fa5586294f4dc8f7851c2b07081206f74b2d
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD5fb3a04aec717dad4f41fbe862c301b96
SHA15998b047b670b9fea29532a19cf55c1e1fade606
SHA2561a8ae4b662bd2210cbd38a4d02cc90904f3ca78c7c146cbdc9515ff0a96aad80
SHA5122e14f2992c321aebf34f5e5cc15ea5b9713d69d4be5566e7bf361501b9a8601eb236c6c0702b328022484cff5ad62eb1efb31988e602218d98c6ed65fcefb121
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD53a0a7347b2aa7caea75a5668dd99e469
SHA15eabf335df3616688ba8529e5507b207ea9ad147
SHA25603fdba8d55db740d75e908da76d1cd5c50ffa6a65134d7f855c2ef29ddd816fd
SHA5125ee5830f65fa9ecb1e427ef99a9468613bd2abfc165b8d9527059a7ebe10f3eafbdef1d350d9d7688eb481f2033aad8c367a1ac1a78d4f50b6ad5ff21ed20621