Analysis
-
max time kernel
172s -
max time network
132s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
12-06-2024 11:32
Static task
static1
Behavioral task
behavioral1
Sample
a08402385d8cbed44d8753765e93703f_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a08402385d8cbed44d8753765e93703f_JaffaCakes118.apk
-
Size
18.2MB
-
MD5
a08402385d8cbed44d8753765e93703f
-
SHA1
5a41e7552d7674f03d89dbe211d4c21734519345
-
SHA256
9f385c525da8ec58f96d5724cf7a6ecd161c830ae9503a6a565e1b393993220d
-
SHA512
cff299b5782a55ee396bae3649b1f180e3244105708b6be2695407081cb4cc8302c1414fd1260c89bbf7a94038423024a1eb52bbf14469afcd88405f13bff538
-
SSDEEP
393216:QT0+ujNhxSLSWardCJZSV+CJZSVQz4omgJhm9agOj7fz:QTsjbMt4oS0oSkgShA6jH
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.tudou.androidioc process /system/app/Superuser.apk com.tudou.android -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.tudou.androidcom.tudou.android:GameCenterDownloadServicecom.tudou.android:pushdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.tudou.android Framework service call android.app.IActivityManager.getRunningAppProcesses com.tudou.android:GameCenterDownloadService Framework service call android.app.IActivityManager.getRunningAppProcesses com.tudou.android:push -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.tudou.androiddescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tudou.android -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.tudou.androidcom.tudou.android:GameCenterDownloadServicecom.tudou.android:pushdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tudou.android Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tudou.android:GameCenterDownloadService Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tudou.android:push -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.tudou.android:GameCenterDownloadServicecom.tudou.android:pushcom.tudou.androiddescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tudou.android:GameCenterDownloadService Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tudou.android:push Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tudou.android -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
Processes:
com.tudou.androidcom.tudou.android:GameCenterDownloadServicecom.tudou.android:pushdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.tudou.android Framework service call android.app.IActivityManager.registerReceiver com.tudou.android:GameCenterDownloadService Framework service call android.app.IActivityManager.registerReceiver com.tudou.android:push -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.tudou.androiddescription ioc process Framework API call javax.crypto.Cipher.doFinal com.tudou.android -
Checks CPU information 2 TTPs 3 IoCs
Processes:
com.tudou.android:pushcom.tudou.androidcom.tudou.android:GameCenterDownloadServicedescription ioc process File opened for read /proc/cpuinfo com.tudou.android:push File opened for read /proc/cpuinfo com.tudou.android File opened for read /proc/cpuinfo com.tudou.android:GameCenterDownloadService
Processes
-
com.tudou.android1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4286
-
com.tudou.android:GameCenterDownloadService1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4346
-
com.tudou.android:push1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4373
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD54ea2940c2baac3662ec0fd24c5fbc527
SHA16897184d3b8886388832839519c7202314611e69
SHA25610269df72c6e88a870c223511ae0143427d4d10a2a9a1b897aba15ede49c6ae1
SHA512ba62238111d7cd668e7402ecfa1acfb3f4073b17573af917fb01db9193888f3f86879e3b1443102bef19bd6f32fac87a81815bf5f04bf3fb119557a2960aef8e
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
20KB
MD5ae7841c0cab8ab6b386b97725b080194
SHA1c22e091d8d762190c761e9fa4d230c8bb2459bd6
SHA2567fd32862e72efd7963e7517299c9e330e65078d9e0d914d2aa385549219fb4a8
SHA512ba87804622605dee04a907700d13a8abd3c128a3e57c426e739cbec66fdff6b1f3efee31da24f4cc89509d881b0d546ea90486f45a4b2a38a23054b3b705e1d2
-
Filesize
512B
MD5b3751480e7e28a0eb5e3cd13a00116de
SHA1d24bf31035c430bcfe90bb5ebe6af95fb84f1703
SHA2569947d71e977a6af63365a8dbff7d1b85e1c2340f17922242558fb684d7917cb8
SHA512bd52b7dc81d33d9f1de5971218b2d85a1efe29df0d3874ccd83de48ca54e5423f62a130d592df0900a8d03f05485724a0af95cd6dec596b925419344d1b6a740
-
Filesize
32KB
MD558ba6204679970882bbcf94e2494d7b0
SHA168b2c2a64b653063c45aa872c94428ea212f260a
SHA25662cfbe5044f7872d9ccc7ce6f54209b48161354fe9f59846194284dece73ead6
SHA5123d1bba7dab3f29bf0c1e4d1b703eb5cd56de65a4e7cdb759090eab3c88f3a7bf6fbecabf673ce99529b198d4f855f8a35cdcdad11b11ce095090bae769613411
-
Filesize
12B
MD5eecd47296c0b5468f4a132138bef6be9
SHA17d4f8bc4f5fdfa52b6969469c3764766e2f7d6b1
SHA2564f935bc93895f169d96c8988b15b89140b188165b5c96709f1b922430e33c86f
SHA512d2e28e5effd875f89164a638896ea489e003397296e2b4eee98f1e160bd4754d2108657f5b063210535042e8f7f59ecf31544e2ca2d810a5a4bb38879642d52d
-
Filesize
12B
MD5a7bb0dd56490cd42863ba29d32428bb2
SHA17d9a050814b0d7211ffbab6bbcd36c71d45cf75f
SHA25609328bd10c65af763511d37db45b012116956cdc2a5b9ccb3e27bb0b4cd0175f
SHA512da9323850d28064d4c72112436e35fefc30a07aedf37938455ebbf662877904c3a7eccd8d024757ac6acd35307d91b8fbae25738fe98575b15bba8f1f91551da