Overview
overview
8Static
static
69d16ba7afa...18.apk
android-9-x86
89d16ba7afa...18.apk
android-11-x64
8aisdk_qtt.apk
android-9-x86
aisdk_qtt.apk
android-10-x64
aisdk_qtt.apk
android-11-x64
com_lechua...el.apk
android-9-x86
unpreverified.apk
android-9-x86
unpreverified.apk
android-10-x64
unpreverified.apk
android-11-x64
Analysis
-
max time kernel
4s -
max time network
138s -
platform
android_x64 -
resource
android-x64-arm64-20240603-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system -
submitted
11/06/2024, 05:16
Static task
static1
Behavioral task
behavioral1
Sample
9d16ba7afa6f0abea72e9c95d28beeb9_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
9d16ba7afa6f0abea72e9c95d28beeb9_JaffaCakes118.apk
Resource
android-x64-arm64-20240603-en
Behavioral task
behavioral3
Sample
aisdk_qtt.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral4
Sample
aisdk_qtt.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral5
Sample
aisdk_qtt.apk
Resource
android-x64-arm64-20240603-en
Behavioral task
behavioral6
Sample
com_lechuan_midunovel.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral7
Sample
unpreverified.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral8
Sample
unpreverified.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral9
Sample
unpreverified.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
9d16ba7afa6f0abea72e9c95d28beeb9_JaffaCakes118.apk
-
Size
13.3MB
-
MD5
9d16ba7afa6f0abea72e9c95d28beeb9
-
SHA1
b8c3531192a1f2673fac1a37c7d86708ea8eac7a
-
SHA256
d1ec09f6af50a001be1fe9aaa529719c15b048a9d4af8108375d8fe99a2e8c16
-
SHA512
101680c9328b7535ecab4b40965cb3d6372df35d2f02132e32b3adca13bd9ba8958ea16984a93caa5992b87c70bc9af30a7e3715ee2d49f910739f6a39f0c723
-
SSDEEP
393216:ajC62EXHQaTPPdygR8JoUa5hnrfRiEvoSHsn2:IC62qHQaTPNR8JoUQnr5iE5E2
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/bin/su com.lechuan.midunovel /system/app/Superuser.apk com.lechuan.midunovel -
Checks Android system properties for emulator presence. 1 TTPs 3 IoCs
description ioc Process Accessed system property key: ro.bootloader com.lechuan.midunovel Accessed system property key: ro.product.device com.lechuan.midunovel Accessed system property key: ro.product.name com.lechuan.midunovel -
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
ioc Process /dev/socket/qemud com.lechuan.midunovel /dev/qemu_pipe com.lechuan.midunovel -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.lechuan.midunovel/app_aisdk/_aisdk_local.jar 4579 com.lechuan.midunovel -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.lechuan.midunovel -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.lechuan.midunovel -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.lechuan.midunovel -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lechuan.midunovel -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.lechuan.midunovel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.lechuan.midunovel -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.lechuan.midunovel -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.lechuan.midunovel
Processes
-
com.lechuan.midunovel1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4579
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
4System Checks
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
389KB
MD5e16a451b3aa12edc776003680ad09660
SHA180cd0c9da760b87ff100ae57e4ff2cf81e6b77e0
SHA256a9f1752e1ee67dc095e107cb75c324132792614f6fb713acc845eead3c3dcd2f
SHA5129f28dfdc2072bbc291f21e2b3fee903515586503184ce72c3e5d86df5adb2bcfb2d452a8f147fb0f3d9ae592327ce6ff9d444f99b5922c5ace40cffe13974588
-
Filesize
860KB
MD592f0125a0b3d619d7a45e713eba85fdd
SHA10b4fd32e83165a97119679995aeab3a7c4c0b948
SHA2564cb1e7422f746364c29ede6891eaca2725ae7a45b1d128322f2aeb73215aba1a
SHA512b2e174dcc13070399265421a83fa292cc2857f2ccb122cf203a1435a88f25e50efb3147a5f325c3df72e588e4473eee2bd0fde222f413ec46b3bbb752ab1356e
-
Filesize
40KB
MD5fe3b9e255b51bd38d108b786bd62243e
SHA10a24d2e6bc14980312ddb53267874b837cae8304
SHA256259851e0a157c959584ecc52ddc90c6c475413b3df0224ca0f766f3d38477f5b
SHA5125b97de979db54b434a16efa4514c79da318c8afb6cde12eec91fec0b38d2e6f483347fec49419589f923b777e1fadeab84a466d5b898f21620ffdaf9748b76c1
-
Filesize
8KB
MD5e22813ab725ba99f4bd01ac4876bad68
SHA1fa5242dc8d5eb602c7be5270911cce06c2396ed0
SHA25667c7f6e534d2a94fec510fdacd003f2697d6ed85b6b15ee02d9e013eaf6bc9a0
SHA512a93bc1d4f9c606829fafb62ffcc3fb23e6ec04a2b2c9137066d8983682e556705cdb040cae3f7badf2a56f99097b8a68109f16604cd277105d02b766d98f7a19
-
Filesize
512B
MD5a96605e2c31753fc758de86dea4dc5a9
SHA1147c24dfad45307c16fa965f33ee0019f5f181b2
SHA256a10a0614f7909fac3b43451ff2cbb54f87356c766c901f37d1bed2709fc67548
SHA5122a76cd8d5119a0bf152949ab2bde2b8886bcb2cbad79a6db9d9a363bc660c45175050c7cdcc23b18fae498656ae594a4d567842490049e8116c8932cc73c1427
-
Filesize
8KB
MD57b5d972f92c9d6714318ccd039f64b54
SHA1bc6b510107cd187e6b8af1279a86ef3d5e1117c7
SHA25624bd981997d866e032bb81b417fef81b3a0c8196898646cf09db516ee164c8d9
SHA51232ea15a894f11d7904b3b6467efb5435fecc33889719dbbb5c42185dc5d87246f70c6420e9cb7c7a18b88f0adb8996e8467275ac4d1ce3a3a328665c69b80ba6
-
Filesize
24B
MD5d8cdae670a32ddd5845776ac893ad3e9
SHA1726a18e735e48ee6d799c5bf64bc042a7f4fd7ae
SHA256617442de69b8b506c1b391a05f4299f1a721b61afe0941031f5d650db2ac9f90
SHA5126e1e66d5b98e4630aaa3a1f564d1853a07611c2167127b1e5155f12c71e2cdae609e9ff59e2f15511eb862695456411b4f7ddeba43b8f2aeb479fb213675bde6
-
Filesize
24B
MD5b470b029f4f51b0ab5ebaf9f886b98be
SHA1098e3d817e9a5e0828c37a39e09f3c77274984c8
SHA25699cd50e8d31d7c6a8d967f7f1bf482e9a8b147c83b10eaf211ec1bcf00012a31
SHA5127dc9eca09e67eca37632aa78a23cb8173a4effc269f157486c8e87a6510ff58c6879fd7161dd4a2a0543e0a74e76b6b9c55905e2e91251ec7aa26c8fe99a209a