Analysis
-
max time kernel
176s -
max time network
188s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
12-06-2024 10:09
Static task
static1
Behavioral task
behavioral1
Sample
a046066648cac784494ef883e7ba37fb_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a046066648cac784494ef883e7ba37fb_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a046066648cac784494ef883e7ba37fb_JaffaCakes118.apk
-
Size
16.4MB
-
MD5
a046066648cac784494ef883e7ba37fb
-
SHA1
b9d0b493bc8b7b4cb05a0ab7ce6c5f5dba07f773
-
SHA256
99ce7da89b5a967a9ccd9c06c70d1c7ca8dc92651b73725f928805ad0801cad5
-
SHA512
9503fda0b3b84bd3d335bd384161847140e3abd4cd886fb77d70de0b986fa122166a72e9a39a3a67dca3113b43dc2802d71724598802a50760f53a6980a3898c
-
SSDEEP
393216:UGPC6dSZ/tAJI+Cz6Yobz937ROIM93XxR2ixkyvVRWClBjPS+4:UGK4SZ/t6yg9rIIM9nxJkSvlBr4
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 5 IoCs
Processes:
com.sinaif.credit17ioc process /sbin/su com.sinaif.credit17 /data/local/xbin/su com.sinaif.credit17 /data/local/bin/su com.sinaif.credit17 /data/local/su com.sinaif.credit17 /system/xbin/su com.sinaif.credit17 -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.sinaif.credit17ioc pid process /data/user/0/com.sinaif.credit17/cache/td_fm.jar 4455 com.sinaif.credit17 -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.sinaif.credit17com.sinaif.credit17:pushservicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.sinaif.credit17 Framework service call android.app.IActivityManager.getRunningAppProcesses com.sinaif.credit17:pushservice -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.sinaif.credit17description ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.sinaif.credit17 -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.sinaif.credit17:pushservicecom.sinaif.credit17description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sinaif.credit17:pushservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sinaif.credit17 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.sinaif.credit17description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sinaif.credit17 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.sinaif.credit17description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.sinaif.credit17 -
Reads device software version 1 TTPs 1 IoCs
Uses Android APIs to read software version number for the device (IMEI/SV for GSM devices).
Processes:
com.sinaif.credit17description ioc process Framework service call com.android.internal.telephony.ITelephony.getDeviceSoftwareVersionForSlot com.sinaif.credit17 -
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.sinaif.credit17description ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.sinaif.credit17 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.sinaif.credit17:pushservicecom.sinaif.credit17description ioc process Framework API call javax.crypto.Cipher.doFinal com.sinaif.credit17:pushservice Framework API call javax.crypto.Cipher.doFinal com.sinaif.credit17
Processes
-
com.sinaif.credit171⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Reads device software version
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4455
-
com.sinaif.credit17:pushservice1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4500
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
228B
MD5c7cfda9733c02623417a6ae9ad36c05b
SHA1448a7f8052c2bcfc8bcaf190dd7e8d1138f710a4
SHA2569ac8101281ea7978af9c294ca5c99d7ea153376acb939e97ad0b2ef0799aadd2
SHA512012cffbc7c2d0175554a87ec9ed433a19db8b099941f4557a5a4732240bdcb997fae77c1c0629a88ae4b72d6c0751afa50536dff5a71f2b0348c23f5c1506951
-
Filesize
512B
MD562dc7f571a0484d488ddd5ffa9edad50
SHA1189236ac83989a8586e64b265da9b631882dc03d
SHA2565efb5173023a742a2e473bc95dd89f7db13b61f183d1f4b78d345993ff734499
SHA5125be34d9caa3ea568f24aa048f34d30c540476389d741fc81268b8e23bdcb0417193e82226ed64e0810b5703d423afb95f5685fe83baca4899911e3291189db41
-
Filesize
37KB
MD559a240f9a50b682069179656ca0fcb81
SHA19bcd5ae769a8fd99af5c4b01f1b09f3a36054aa9
SHA256939dca355c8c6a8a114ccdbd619a79f229d22d3615e4bcf5ff2177915f307412
SHA51223fca85588494b1effedc748cb8d1e4f35e2bc7ed4054128d5115493f63e7e33143da05c52ddb9f5d2c940adc04738cf2b5b9215f9253ad54e9d92adc2131b39
-
Filesize
84KB
MD5b94b2179695252d2d9220e97d14e2557
SHA13a0278afd368d25a40670745171a1248590e92a5
SHA256a165fd6c0ae33cc8162e164a63b5e5abfafea84a4ef69b3a2845dec716046448
SHA5120ca17f898c9fe03cbd1cefd19a021b351a7f7432a8520f7527900b9b553dadc305ec2e8ae51ac6eba6deacaa1472ccbb01bafae98646158234ba29213da1c1e5
-
Filesize
52KB
MD5adf5b2ba4b8a06c74c1d5d75f02f62a0
SHA1f03c8956acbc47e916d2c13bd3dc1f06d0f0a7d8
SHA256860534463ac5f8eec37154f332635cf3d7f58fa8f7143d102bfc4bd305aae027
SHA512f9c98e945f3931cac09305db65b0e1152aa0323b3e760200a16b41f69219be18bf165c27d7dde32a10b0d28f97a212e30f3cfd6a259cbb71c6d8ce197db65d94
-
Filesize
8KB
MD5bb9cc0ccbca1aa944865a72a6568b415
SHA1c7d0f703dee7ca431aa75f336046d9de6d9d07bc
SHA256b8b87f4ebce323e1d78854e80624ee624453c3cfa24ba9dd3aa03b4173463bcb
SHA51254b727e2f63a448ccd2c8640808125c0bd3fecda3c25ca559ec93820559ccda71a083174050d387ea1761bc57e90e9c4213d06b561630b60bfd71fedb1b79991
-
Filesize
8KB
MD54fedeb03a8ac7cc5e0cfdf830e459534
SHA13b51a3c9694110eaac0268170872cf117d870a49
SHA256bc344b0ebd95aa307bafa701d7970864f6a71390624ff68553365d7d399df062
SHA5127f7611091acbe4b450cd1e685c746bcab3fa99e97842dad359dca78b9b37a34791e5697ecb454f37db3473a951cd29e8ef5030dd6fb865ab3233a3e121fc5ff7
-
Filesize
8KB
MD59202beaa1ecf33f19366060062f4aca1
SHA110e90ed4fcb067bdc8d10e5889f5dee935550ab7
SHA256a95ff1a9104d750f04420fcb36fab42128cdfa5972fade7972b48d7424321b6f
SHA5124d734751f1d38af9e32db1f42d98d3a2380e0760c4d82e903b81ab4144394944276cc0d3184ab2a2ce46b54809eefbf6dfe1a087eb938460e2bbc981dc31d7b7
-
Filesize
8KB
MD5dcac1f3d642f86db28155f6c73177955
SHA1728bb36323dc51475af2fd090620313f62d822a7
SHA256a6fa51d5364136776fb8713165c81045012429d948729a3dcf1ed065d08e7296
SHA51277300e3f4e08a8d9bcaf7ebffdd8d478502119b801ab8508acb28eee1e5fe517a1dfa1fb9ea9e60eb9a0755c373ae739b615cf419668f6e9755f719b18422543
-
Filesize
48KB
MD5d96aa7708ddb9258b080ac4f924ac018
SHA15a452dda5d3dc0030064cf86f01390bd437e14e5
SHA2566d0952dc27acd0f1d328e51f8ba42a4c26feb2607beaed8d9f276e07305b016f
SHA51226d2b7ec55b747c6c8035604adcb6395d4dd51df64b6f16af479a6c856781a9045f6ba13d66e7c7ce60af6f397d6c619589d742cc2df9a19bbdae837c02a6283
-
Filesize
16KB
MD5a379a9041828024f9847a2b2f70ef333
SHA1cec27209d3f42c89f433aff94aecfd24f1967099
SHA25696c6e99ac9c32e5f1aedc957e6e0b24d502d627006a339d012741e22916eef61
SHA512a9651e6f3bd4e2b0edb465dc87a7a4fa1096cc99ac261ec1fb9c967e3350bcdc93dc32a2d49bebd80676f2ddd1e128b9c3d51747b81120c501918b3609651bdd
-
Filesize
16KB
MD5c4e807ad1cd05c0737d6e69cfde9db72
SHA16164bc2ad469b40ae9923a466cb84edb0bdb6a5e
SHA256f33935e2cff89ab460199fb73471ee590178408f9cea08a0a0d03755d172eabe
SHA5127c87c5ed2157b03eb4182983cbd859d76dc638772626d3502634a05d2d0ac7bbae9d35e7cd769a0d7c56b8f5bfa0de0eaccd9ec6ef1239b08e0fd68acb7bb6cf
-
Filesize
16KB
MD5c8b860fa5d9244011b8c13ed91af4dbe
SHA19fa1e910f10b9ac8457283e6dcb58542516938b4
SHA2568dee7bded2422a8b2046a168716165415a7af473657079cbd07aa8124de01162
SHA5120e532293b087ea64017e19d74414811809cf7df645154810b347008f4a7df1af5a1da84f2e642408b7cb8f6326f5a9e707c3c32ca98627a223cc88ad392d1203
-
Filesize
8KB
MD57a5146e82068256d5eae20aac45f94b8
SHA133a618d4b97ace4381c4bffa1bf6fb6f086d8248
SHA256023b9580a57f9efda3396b2b4108273034bd63653475c10eefb2b4cc2bd76235
SHA5125b17c45ef522c6fcb7280ee0b8888f5fc09d094acbb0155579e44c247dd4efa150796e09889d3a68eb7ae0bac1c27c999589757324c66ffbd3bf22666317dd00
-
Filesize
4KB
MD52f4bbc29559fe3978672cc46e634600f
SHA1349c6eaf93ef6ebd54deee0d2d42d67cab79076d
SHA256f5a07bbca123dd7ad9b589ed143d61ecfb6228066ed1b0279f6708e0123fd7da
SHA5120c1389fef7f5eb2c2d08e7acfebf512cf0ecfd9175d54c5036700e5a8cff593b98be33292a53d899a8cf103cb74b143a11805025086f6d0b00b71eb108e85c38
-
Filesize
8KB
MD5382f24e1ea47ea2279d01d9e5a46f109
SHA1efff0f2e31562700992b83db3f76d5348c053682
SHA256cbc8eccb0102d1220f336f593041ef7c41c89ea74d3ff6464a0a4322d7713ab5
SHA512687a430eae09e0c0a7e960156dbda39ede4acd50ef47f4f42144b28f6c65f9ca0e1849cd7321be9406d1dd1ff2f7d369bb57adce1db16bc6385e7c4d96541c7f
-
Filesize
8KB
MD5a8c4ed9df529f920390ac8e49a6b25a5
SHA1ad62ee520a678899e51d0eb6409408601df1f4aa
SHA2561ad31b23829747178621d16184475a08d56cc3ed6c1e7c363f63d4f96b220bf8
SHA512dfaae21f05d499f12b59e01c5ded2c777b69d40769d9cfd3f2d7801a8c75c22f60bccb10be230e58fe6f90518eebd065759318a1e71636de0fdc058da8eeea79
-
Filesize
8KB
MD51788a47ef21c0f21474a27e6ec1f6f1a
SHA1e288aa48298beed0c5f947894c9d5ca9ee5f9c2f
SHA256bd877cbb7b278258289fdfbc3a8d67fc7cc1234478f2ebc12bdc2c677de585c3
SHA512a3038e176b1100076fda8999a14a09003add8447d5f982344de12e566abb36f6f7175d2f50cdbef2104c89aefcebfa61d44f86faf83219f62783f15ab3ec1d05
-
Filesize
512B
MD5d2659024087ed385327026b27496b5a9
SHA1115418dcd40b29c06a1e796e6345b3ed282fd3af
SHA25698330349f0b571048ad2760b35648eefcd8e4cdeeb9caac3134efacbd88b103b
SHA5127efa7e6d60fd4cfaf707fb9ebc80e4a21a0aeb0cef7db4ae407864c6d44dc05bd0cbc9967ec90cb65d9bec80e2fbf75a8f40e95ad8caea529bb53a05c47fad81