Analysis
-
max time kernel
177s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
12-06-2024 11:02
Static task
static1
Behavioral task
behavioral1
Sample
a06d8dc6d77fb57b9106b182cececb48_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a06d8dc6d77fb57b9106b182cececb48_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a06d8dc6d77fb57b9106b182cececb48_JaffaCakes118.apk
-
Size
11.3MB
-
MD5
a06d8dc6d77fb57b9106b182cececb48
-
SHA1
c67ee40b33bc75c75e7c7150d00638ac96d77d61
-
SHA256
bda231d0832a836a7413c0f4881b568904a8cff04444a97a3c946c01774f3d1f
-
SHA512
1d60a569485cdfcff0a9201ea430c468c3fcfe0b2b75cbdc02efd56a714c4e0ff571e76ca38bf90038893b2b7636a54f6746217812abbea3b2301f83f7d8acca
-
SSDEEP
196608:UIjvizjafLIuO5rwFfUIMTM8YyTr+cV+baQbQmrmtjQHpQvdesm46I:HvizsFfUrM8YYr+heKiWpsm4D
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
cn.com.sina.auto.trialcn.com.sina.auto.trial:remotecn.com.sina.auto.trial:TcmsServicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses cn.com.sina.auto.trial Framework service call android.app.IActivityManager.getRunningAppProcesses cn.com.sina.auto.trial:remote Framework service call android.app.IActivityManager.getRunningAppProcesses cn.com.sina.auto.trial:TcmsService -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
cn.com.sina.auto.trial:TcmsServicedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation cn.com.sina.auto.trial:TcmsService -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
cn.com.sina.auto.trialcn.com.sina.auto.trial:remotecn.com.sina.auto.trial:TcmsServicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.com.sina.auto.trial Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.com.sina.auto.trial:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.com.sina.auto.trial:TcmsService -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
cn.com.sina.auto.trialcn.com.sina.auto.trial:remotecn.com.sina.auto.trial:TcmsServicedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.com.sina.auto.trial Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.com.sina.auto.trial:remote Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.com.sina.auto.trial:TcmsService -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
Processes:
cn.com.sina.auto.trialcn.com.sina.auto.trial:TcmsServicecn.com.sina.auto.trial:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver cn.com.sina.auto.trial Framework service call android.app.IActivityManager.registerReceiver cn.com.sina.auto.trial:TcmsService Framework service call android.app.IActivityManager.registerReceiver cn.com.sina.auto.trial:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
cn.com.sina.auto.trialcn.com.sina.auto.trial:remotedescription ioc process Framework API call javax.crypto.Cipher.doFinal cn.com.sina.auto.trial Framework API call javax.crypto.Cipher.doFinal cn.com.sina.auto.trial:remote -
Checks CPU information 2 TTPs 2 IoCs
Processes:
cn.com.sina.auto.trial:remotecn.com.sina.auto.trialdescription ioc process File opened for read /proc/cpuinfo cn.com.sina.auto.trial:remote File opened for read /proc/cpuinfo cn.com.sina.auto.trial
Processes
-
cn.com.sina.auto.trial1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4258
-
cn.com.sina.auto.trial:remote1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4296
-
cn.com.sina.auto.trial:TcmsService1⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4382
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD553dadf1687e5a83702d33d2bdb1781df
SHA1e8b469f398a6d4805b06e4a5e24ecffa90da3e62
SHA2566e0348851273fcadb21d3427c0a06811b1912ce70ad1090ef97030c6d89647d9
SHA512bf87af522229be4c0ff3182231411df841ba671d76aeb6fa7058ca8927cc279f99d8a0d892a91095da0b0e4662732dec42ace1b66dfff3430b32e44136049595
-
Filesize
60KB
MD5c03671569efb6cb36e2983813a0abed1
SHA1c47041fd89a06864495e20c7384f867fbb335952
SHA2562e383dd3da9b9258637d7f4c42900482df303a6de2878295458b9c1960f96778
SHA512b31636d5ec1e3d5e68a5e6683d8cdd9255bfa01af517b6d1e476e9b83b9b354c4326886da3a12678131e30cd6ac373d58c549fec4063fc02ddf4b9c18a0d08ad
-
Filesize
512B
MD5956ee78b3c3869f1996368d6ff026a44
SHA1260fc5526b591b1d71f65e2bbffc7f2345222497
SHA256717457e1dcce149f98d07fce7741d6e82f1ef4151ceaa1b4d3029548df277fca
SHA512583364cfcf4a603c3ac63bb3efc452842ad6e5609e4bb85662c991117e8d89fcc14097fbf2f22da66aa1f6b99daf900edf054bd8202c1c524357ab8c63d918f3
-
Filesize
52KB
MD531ef6f3c21aa28198f8498de735011d3
SHA13e05b8f6c81878f0bcdcddca1353969aa6e9f175
SHA25650ed6fd25f9f01ecc732e319a51af00552d1b04755b3a55ac9d5ed797f64912a
SHA5120d818884843b44acbcfa5db8fa1c8152a44be012123e9b7dae3b9c41581c1e59c4aec9938590381bb9269ef98c4c6319cdbc728c5068a8cb60ecaa9c446be6b3
-
Filesize
4KB
MD5d2046c4f5aa6eee7471370e20f7e8a01
SHA1f64b60606f4401178440cd7c8bbc6979c73a79a8
SHA25698b4584b1afa0a0351ab2bce2365d8648c3db2e31d43bf863214da0f4798fda9
SHA512161740aa51d9c7747bbceb656c0f2abb97a6ba769be9693fcc24505c8a8952ad8f286019e2390a30cdc32fe44653862c049b90335e9137405cb0f9b54b6b44c9
-
Filesize
512B
MD5921360c1107bb82b6648e63fe20937dd
SHA17f63f9f1ff08cce675245d532d054c9b3008452d
SHA256c822a037f1f7fa120294143840dd910d5c4af9359979f8b347b7de867a9ae9a0
SHA51248249d8c7f283d436fac41891975c16a5de1812459ef368c63b8576c036bbbe92d110dd7b81e41c94cb637bcec213c522ddf7e9f4caa5756a689ba68e966d052
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
20KB
MD5cc190ac03628b108c38ed7fbe4e9bbb6
SHA1f9e934f4d49a57284d4762edd1ea2f8782b705c9
SHA25651a4b736bd95e49ac12e0d8c57270970519b3669063fdf0f67cfe32a784a814f
SHA512e8e4c0f0a59c86f0eeeb1605468b755d1ad3ff56661eb923baef272bc43857daeb31ef55af6a57ea6e58dd56c78c14d6da0985c3be8155835f787ed496b6a224
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD52e7faf276ad1ad97fb9768c7b865af89
SHA126a94eb9ebff8db058aab20247a6726f32d49b24
SHA256923e00a1f9a2563945e1f51d8804f2b7ada1ab687da5d4e38cba2ca01b69d7be
SHA51263af1deb225c91b87f3b9d4c5d62787dfb34981af6929cc12451cf16640e491e3684f3b7d9ec6ff577ad3f73fe6fc4703d050ced083172bfb709064dfc882125
-
Filesize
32KB
MD5d6bb265c56f96645083ad82c613e00a7
SHA15e85979c8ea0c2307b46c735f06a28888f96189f
SHA256effbd2d9a53b07cff0c4f88c72f8473763c6dd219b2309c121be8b059038cfe3
SHA5126bcf3b34c709a80a574b6199bfdd58f5f40d627c205adc60558c8e3321eb517b5aa51a0b89009657a1f8f92fe11449232e41dfe4b99dc557e955aeff1b4108ea
-
Filesize
40KB
MD58fa9264b0ebd8cfe5f774fd53d7e82e5
SHA17c35057995157ad30ea4ec2df5890ce2974cf1fa
SHA256ea07928f19d504edfb3dc1357a4dae67a9710e563282736e9ab1c8a21881709c
SHA5122cb1118b49b84d997483cb04de8d80c43fdb71da3f5dd08452b15d149d928650c7814adddbf20dca19d31c4e3427361b0ccad182c5ca169b100cb1b4243ab5a5
-
Filesize
512B
MD58c1210b8b325e933693e7a11c025bf81
SHA18e84279c2f7c149708b8b18c96210d4fe9f661c1
SHA256c82075fb2b9143334f9857f4a8cadb8198b9f19d27dfef24053a2f44c9f0bc1b
SHA51251cd2ab4ea6ffd0f72652d3c5514906f4f76e8655b22a6e74f5b3be6a256a0e5045de3aa72a317d15011556b51c47231120ed81f647fc654d283d0aa6618cfd0
-
Filesize
32KB
MD52fd0fcb5fd1302bed38ab9529a63bf61
SHA1018042c4fae3c8ca4ad0991ef1ab674238fc1f2c
SHA256c7820c55c7f873f6bef076446053cd3f7e337ff719faf4cc636c9ed3e1f2067c
SHA5126447462bd7901df3efb83f863fe901656a00996dee029c2fffc934e2842c59e3fc0d26f23b12790ffbd1ccf95e85aebc31ace2badd34201e2faa4d03a94464a9
-
Filesize
20KB
MD50339ff7aadc415d18c1f81a8c08825ac
SHA1feb33204723644caa22b9dcca5229fb7a6fa2841
SHA256d97664be0e8283c72091a9ad5e314eac163b46b0b5c1eee5a6ff4158d54bfacf
SHA512d26286a577ee1fd23d485131386b3aee93202c55ed125ecfa78bd578c5c4259578343e123fb36fd1f17f5c4377ac844bef2a237bd5efa6d639b8be95c6504435
-
Filesize
305B
MD5bb779841a1251e2f6c99e6cc51638508
SHA129c153501acbd1676ed7fe9f9302bc3824db317a
SHA2563eaf892397c289d98ffd657e1fc1e5d97dd7fd62268b4095a6b844f7163b5edc
SHA512b963d8e7897f08694dea945d5fb260128ab319ce46415727a1f2cb63629f2a3857bfaed85259c203baed3bda8b15b12fa0bc0e6ae1b6982af2a094f7ffa38c82
-
Filesize
301B
MD5a28caa085620d2f9324de6aee07b986d
SHA1d902f33092c953674b794010af6b450c4a48160d
SHA25685de6c1617e1483d35a7dbffecae75cc70ff1aa5d42063612266d7f6985ac89e
SHA512b55182cb4286dcb08edc36138de5392b75bdd290daaf69c4d9da337d67b645fdf77114b97adcddd050007635ad78d6684dfc8b9329120ae9e33e763c3f8d69ea
-
Filesize
111B
MD5433db4cc40f302bd3c142c0a935ffd96
SHA15b5c3e391c6b73902d82ccb10eec7f1178fb6fb0
SHA256a8e97e4f1c3c969ea5529aa11af30b9365bac1b21b8372e25c8ba80ff86bccd3
SHA512e4d04005c10f9077de4883e10368497f9fa54e0fe458711df625cc8afa8b6b4b9845a81433a6885e6f441efd8b28a0e0d5f844f2a65fab73b0f49a7dde05c9fa
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
845B
MD5c4a0f67546cfe83f20ac5dcadea5a52e
SHA13456eeaf850c63719ba40f2c1370ca3bea12fe3b
SHA25632a9870ad25728470f990b05ccb74a58cad731bf4ffab008554a49f5e527bed4
SHA512624fb48eef4714da0c0fc321f84951a37b56eae7be0340faaf4d9c027abcf47cbb99d734827e8fef9d4f5ada3d4c2260982d2927cebcac3ba122c4273d3e82f3
-
Filesize
167B
MD52cd82ee7eca78d503fb0325c28744c93
SHA160499d95975c8ffc2a70c3914f0cb74ca89f691d
SHA256aa4172933f3fd36d7a2f5b22324097a8f765674346431d09c02c58893ae3bef5
SHA512a772ead5514f395a8c5a8c47a44118acc9351b5d97aa7aa97ae5c5612cc88884cec0be3f20064d1d13d2640cd8ed9789d6023876ae51df2d252cc2acb7df84d8
-
Filesize
40B
MD5f04b659268befdfb3bf35f99f1182871
SHA1a281f05e1e4fee01394066228bbe31c6f8b75d41
SHA25613c12210c81ee0746e0246dff30fdbf2bcaa532cfe9da680ce0e5f7b180c97b6
SHA512334444dc48fb62b54d3e161d7260a551b9a11fec49694e31809f80d8a0576f66d28ccf462fb7ce00cae0af554a1f86f10b24e123fd2b78c390321a39cf707d7a
-
Filesize
59B
MD5f37a5d4de4d3f8bb34e558874d383898
SHA176684099d2926d31e8bca888a5c82170d65fbbe5
SHA256dee77d19a6dd9b7dc589489c6f3c0a8d6bc9e8ae0a1925cb49c4017968cfa0a2
SHA5127b1162d238cfd45a4b7263bfab3b2eb5af809594844d841ac2474fd39943da925ece35ca9aaaf4476506d4426141a464f03f6deec407c75ade9cca0f7a621135
-
Filesize
83B
MD5d1e08c58ad79c0fda20c384824c6314e
SHA1a186adf02817909f9ad3236ffee551b1487a6777
SHA256d3176263c753b91ee41878f1394b82857530a9036903d5bc17cf1d38331f7f3e
SHA512c06c0535cd14eb26d76856511be2ecf942a7268345046943907e286197634d67e46424691b9fb44c0a138233c43f106796b7f7fc9fae7498fe748aad0abe0256
-
Filesize
50B
MD521e6e5e9d4c13b01e0030910e39d3fe4
SHA1d3a00329ad3f27a9b3b21dbdd48494d74a1a2267
SHA256291fce0e63c026e96d43e23f29a3f0f2c09b1efa6aee95ee3d923c8b9e597fbc
SHA512189e48fb2a6752c252fd8e883eda1ec43e1b742e00dd373b5b040d4adcdac00119e887ba31b2ef43470b705f0431dbe68ef1ade4dc708a27433719555dec6e28
-
Filesize
40B
MD5a04b9b1ab8bccfc3c3d342e802749034
SHA18e7382d9eed3dc68796e8ccdb08100b38b5452d7
SHA256353b21858254d616d4b7ab04ec787573ef1744268d855bb9a1c6b1d23714bac3
SHA5126d83ecde46cd0b487b62af4c5712cee6f1b49c69d322c048fc31f45ca3ec73b7f27b2c02f0ff078528cc3c8655efd26bcdfc4c4332239a5eb73d70ff1afba969
-
Filesize
52KB
MD5cea175483d1b0499a370f3536c2e516d
SHA1bf05be12839b7ed48c6a707451a5f7ed54fd7389
SHA25671d205ee3872f293411e9e68298c19a8dd7d075fa0ffe06ea3774f6bb88bbf87
SHA51240ce44ad4dc8dc1f44678e37c9d80f598b2964455a69e8abc2869253d7506c69f01d72258633914fdbbe7aa85a5b9302522da301c916593362e928781b89ae6c
-
Filesize
79B
MD5fdf924d47851a8ceaacbdcd60065d600
SHA131614c8f576f817dbfd79a8f9d1649b151e9c0a5
SHA256afcdde958059db4f1b7958b91b6fc769c6058a84ee2e2c03edff28297291ea87
SHA51281319cad96cea930cd19fb3f1cb2a55743724bcded75ac5162dbd54d6bbf053dc3bbe1d23d7d4695a554f74fee8fab98994b844fdff231a82fbdbc23cd97f159
-
Filesize
211B
MD5f51db7ea526e2d8c7a3b7029e4bc964c
SHA128993756fcb3897a19c2fa5cc6b06e4670e068f1
SHA256dba8cdf1d0ec18e520d7be20786626269f58ed85f557efaaa0f97e83e73cd315
SHA51263e0260bb19498e2004c9c8b224d8c5f3c06377aab1555a3adfb59c67bcb7a39f45d9da58dade8085e6f615f1aa8bd874cadf1fbde6b5d48662a57bc49abd937