Analysis
-
max time kernel
6s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
12-06-2024 10:34
Static task
static1
Behavioral task
behavioral1
Sample
a05769d0e61297067bb37b2c0b8001a2_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a05769d0e61297067bb37b2c0b8001a2_JaffaCakes118.apk
-
Size
20.3MB
-
MD5
a05769d0e61297067bb37b2c0b8001a2
-
SHA1
baf595ec7c335643e30265838d47eccf6609a28f
-
SHA256
b382868f93036193ac2deed4e18257a24f193a2361597989eeef911a6275307c
-
SHA512
a56b6302f9b99771f0939843b382329420e66f846c91cdcf21bd0705a1a17379f04164ab4ff0c9d92f9bb8a899133c7559f05b4f8ef854162e4f44155cb0b25f
-
SSDEEP
393216:fXmT9W2/1jDxc4oDawDUajeiN3OpCqjxs66F+Dn0mZ8USh+YPfr:6lXxc4ohwajeiNB98lSYAfr
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 8 IoCs
Processes:
com.ming.wbplusioc process /system/bin/failsafe/su com.ming.wbplus /system/sd/xbin/su com.ming.wbplus /system/xbin/su com.ming.wbplus /data/local/su com.ming.wbplus /data/local/bin/su com.ming.wbplus /data/local/xbin/su com.ming.wbplus /sbin/su com.ming.wbplus /system/bin/su com.ming.wbplus -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ming.wbplusdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ming.wbplus -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.ming.wbplusdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ming.wbplus -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.ming.wbplusdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ming.wbplus -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.ming.wbplusdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.ming.wbplus -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.ming.wbplusdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ming.wbplus -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.ming.wbplusdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.ming.wbplus -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.ming.wbplusdescription ioc process File opened for read /proc/cpuinfo com.ming.wbplus -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.ming.wbplusdescription ioc process File opened for read /proc/meminfo com.ming.wbplus
Processes
-
com.ming.wbplus1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4323
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
226B
MD587cb254252a25b99b5334dfea17fb994
SHA13261a1562ab70365d0cd3d9207b252babcecd8c1
SHA256dbf3c8a5f227560851d6c44258f72f157e7545782c01218f29353cbf73f960b0
SHA512da22af477694174d1e063942f575990e9fafc6a2a9a8fc99d310f44a24dbd390d6fa3f7c8f991f8bd1326dfdeeb479afd2f7cbc01498abeb9d3d06f4ec47549c
-
Filesize
25B
MD5ad675ce82842788181aed91dd840bfda
SHA16f74325b60aaa515cfa44ad0479593e743f238c2
SHA25696c07f45e37396ff74e4229bc05494b639cf306033e47049174d1d6e005bb8f8
SHA51227f21762802be051e69ed106ccd3f7c7e9475a0330435d07689e1c92665e4cdee2476c47b60f929d0c3fd8eb46f98db2bfdf7b3f7a4cff614069ee72f923fed0
-
Filesize
25B
MD5b568bd0b83dd27b6a3179e0f71b6fa1c
SHA1b32932160661c31223dc8ee1bea251b26e291943
SHA256f58682783a0b066ed9c37193cb794f8db32228aae9b28f6164bff5d7f87bd23c
SHA5120413d74b0c620efac7d419875dfc1445a37c5d77fec4e36567db271aaecce0de8cca2cb174070a0bf4fb58aa524aa585317aee3f2914a01f986adf70170bcbaf
-
Filesize
32B
MD550c0b477e7f4f77f230a3ccc3b0021e4
SHA1ab32e3b4946e34d4440fdb0ad8ffd5f9aa74894d
SHA2562fb7b57dfac42cef9b08ec9a8a7262972dd2a8f66b3d20a5b5117e8f42f78994
SHA5127675d38777836d31bb8e9a51a5d107a5b46830f2f93f14e7f43a27672cb143d2422d5c6bdd721c791827db8fdc034c2dc9117bca3af854832fc7d142b8043e84
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5aa878355dd4454a796ec087ecd4f630a
SHA142f9193e53732e5d62db51cd999a709ece68eb85
SHA2563f7df446c2215fe349ab1cd0a2a570deff3d8901b040c8f16fa8309696ba6830
SHA512f2c399f8bdaeff24607ee699750b5af239e0c5ac4cc3f4b650452272fdf971bd16be9428e10b4531a291d456dbe2d2bc09c225d688f0e209f908d2106b1d2dfb
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
48KB
MD5ee6c7b5d4f41dea5fc4d8a5be626afcb
SHA1336ddf8c2030d92a0341ccca1b6471285b3ebdd4
SHA2561a372f65f18c9ea38d360e406999e390527907b76ab53d18a615b20af8280b45
SHA51297a0f7f2bf3545b3c040c7022970d927abc161c978b2d4e709405a4c7e97ae148f1c8a791e5feee97ff256f34be3a00e18884442e29a6877b321ac69c5075f90
-
Filesize
512B
MD54f8484476f79941cfcad5a9b7fcd3788
SHA19f116014ed419d0e4e5e3d407fec0650e67373f6
SHA256afa4a0e1f4b129e2260f399febb2e807cd4425cc40a8c26d28e90b84ae6bc6f1
SHA512654280e13ce8367c1d6e3a3f2a8f280392bad21d77cde09b0782039db776a817d9417afd479e28f8f3bd6c867a04b0fa2cfeebf9fe5954e419f4b4bc427b1e92
-
Filesize
68KB
MD5c8dfff2a0f48f25af2f8c4adf704b838
SHA13191bdc6ae74e4074b7c8493ce244a905ebba1ec
SHA256f7e044ee361b2124a266f5ea48690795edb1d0f957e875bb97f1ba2add6037aa
SHA512537419824a689dc0f53f9ae05e33a58856e5da3d79f53fc5e4283c16067742dcbf36f7640834bdde58b4c713190d8785fed30db21c5af35f99244077343078c1
-
Filesize
512B
MD520886f227e227dabbe88f54ab50a14b9
SHA1812799bcfffe09ad7fda2ae65b69ce861e76cd69
SHA256490db430e5cfb2fd809c030b697c72bce75c4412f56844f7e1077772750ad441
SHA51253f900e27161759cc1d9c7be8e3e0c8e269567ef03310fc3dec10bd00fe0f3d8cf43842c642893c3ab32db266b9b0db768f5932fcd0fadfe55a85a3566318be8
-
Filesize
68KB
MD530e4c17a2c674d6f8ffcc030961549c7
SHA1bd89dea12262b321884eb47710ca0fb93858b5b3
SHA2563b1f81d5d43544daf8316e5a4d0ed12b55db76a34aa24124b87254899278149d
SHA5125ed9fff368351404310619cd3d534d35630faf9b60f0ff19ca85ad7d12aa92e98cb7e7248cbacc21bdeb42417515648b7768e1f889dc42ccd1ad895bdea11587
-
Filesize
512B
MD508220733f18d0133e1a565f18d103075
SHA11975a58e6b863f2d09515299fb112afbfa2fc698
SHA256822c02f79cde64f477272609d1c92cc81183b82a06f4a2125c0603ba0ccc91d9
SHA512e1a12909bd1b23fbda0d890f124e231adb92074e4ebf6495d72b814a0c516cd4884f3d62fca1414080b8552601e2d1f55f6fac386965972f3c2bbe1258588ff0
-
Filesize
32KB
MD56b21c78fbf3f08defe91af66a186fac8
SHA145922191bcf1eea457a8ea2e82193a5b922fe81b
SHA25645bd0171836896c448dd35590a4520a48292aea13d6c6108202ceae4eafe87fa
SHA512fa40551cc5999689958ea041f0b5053e9d0ec450fb7b47df8fe3793708b6bda5735d371d9cfb5e7cf3b96df2e5e9f9047486362f2c06b32bb1a1c6d163a07333
-
Filesize
424B
MD5fe9fc3c1144eab3312709686bafc92e6
SHA154cd617461f1358dcb9195378a3818f4d5240cd0
SHA256ee3b5d4f6c6640a937e8b8e7a46c53da29676cae8cd7f84b0a683989e6c57afc
SHA512c66205ba3fda384457a39b48c2a56f2137f31086ecb624956089af1e77ee681ecdfaa77b8a9256b96326ecf1e242496d5d898449406787d428d921ea49cea7b9
-
Filesize
36B
MD58e78ca369d27d0ead00e5ef2db838df5
SHA1fd1737f86ad7308ebe1cc9cf95eb2b11c7c46c7b
SHA2560efedb14a884ffc830558a06ff0ed2b3d0b8a4105a2c4ecc6466ce2788a60831
SHA512e0ed39b87a9a48be1c9c891549696719fd69a232e09e628b27e67abce0270e0b137f4a8f008f5458aa4683d4f084940382cdb686c50742507c9fde04a64f8df0