Analysis
-
max time kernel
177s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
12-06-2024 12:35
Static task
static1
Behavioral task
behavioral1
Sample
a0afa1db0734de8050df151ad4c92357_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a0afa1db0734de8050df151ad4c92357_JaffaCakes118.apk
-
Size
18.6MB
-
MD5
a0afa1db0734de8050df151ad4c92357
-
SHA1
86a9ee4ae1804fe5bb460e622cc12ac55b1ceff4
-
SHA256
4d1e6be467d6d8ae1ecd19fae94281a2e0e75dd7d74afc50646f79eee1a0251e
-
SHA512
61393a3268e9f3e533b8395b32727e1d0474e00f9fad4a0969df028c0ee04b8733a645db09401a05777e7a3cb251e58569f153acb764ccd52fee22420946c95a
-
SSDEEP
393216:9byYrbvXadZtNZQLsSDdbI4cmWhaOVJF7ca6Q2Q698N3cSinK/VSCKd:pyYfvXQ3ZbSh+cQ69o3cSIK/VTKd
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
Processes:
com.wTheOldWitch_7675058:Metricacom.wTheOldWitch_7675058ioc process /system/app/Superuser.apk com.wTheOldWitch_7675058:Metrica /sbin/su com.wTheOldWitch_7675058:Metrica /sbin/su com.wTheOldWitch_7675058 -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.wTheOldWitch_7675058:Metricadescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.wTheOldWitch_7675058:Metrica -
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.wTheOldWitch_7675058:Metricadescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.wTheOldWitch_7675058:Metrica Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.wTheOldWitch_7675058:Metrica -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.wTheOldWitch_7675058com.wTheOldWitch_7675058:Metricadescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wTheOldWitch_7675058 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wTheOldWitch_7675058:Metrica -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.wTheOldWitch_7675058:Metricadescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wTheOldWitch_7675058:Metrica -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.wTheOldWitch_7675058description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.wTheOldWitch_7675058 -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.wTheOldWitch_7675058description ioc process Framework service call android.app.IActivityManager.registerReceiver com.wTheOldWitch_7675058 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.wTheOldWitch_7675058:Metricadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.wTheOldWitch_7675058:Metrica -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.wTheOldWitch_7675058description ioc process File opened for read /proc/cpuinfo com.wTheOldWitch_7675058 -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.wTheOldWitch_7675058description ioc process File opened for read /proc/meminfo com.wTheOldWitch_7675058
Processes
-
com.wTheOldWitch_76750581⤵
- Checks if the Android device is rooted.
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4265
-
com.wTheOldWitch_7675058:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4392
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5dfd10357863183307e72ce8e1a205530
SHA1bf1556d8ee152a4307ecd149d6d0c72ee23cef01
SHA2562d4be46195d6f7ed3d35e1436877202110fae26052955816e1a9ced0c39227e2
SHA51263c8ca1f3ecbeb6d1b0d0d54fff927420ff1e6f15077a4d8a6063800e7873ac326552435b62c955077d27fe564181ea8afe51a097f79c47e1e548f10aa44af93
-
Filesize
32KB
MD5d42dc9d3791650dce48458b9d7d07e19
SHA101a2ed71362d758e48ef4377cdf9466e2f2e6186
SHA2564572fa51b61a65cb768b03d694fa5321bc4bc8b3dab0e703500597c07fbccbc7
SHA512aaf5b9b9e01e0efaf33c2abf17f00f064b216e74c5fb9938d9d3c136125d4d7b750a013c3a692bd852e56f424aa80770456fd411d2654ef10bfba67b27dcbeb7
-
Filesize
8KB
MD59a553921b377e8f951daf2cbf7996b3e
SHA18690f69bb7aa45a10711fb34bd1726e4363bdadc
SHA2569cd42d2e9d42c9018f7e23bbc7cc0b8cbe6134ecbd517179a5b7324c02929d43
SHA512d17614230d45ca610a2fc0efd89f236b50f8570229b01f8fa2f0128829d6ab8121e6753039a376f5558f940c6c84a420d47c78ed2e9584ebc0ee7408159bafe6
-
Filesize
20KB
MD589b9347e919d25b8051334b2aa33b2de
SHA1e36e43c609211ede5788b7e72a656e62bd04e5f4
SHA2562f3b62be87ad3cd6479a3c732d3609393af61e5978bf48aaaa6a4c5d0d8e6ece
SHA512d5eca1edf987a5b7f5f15e5a3bd2b813d5fdfeafd14d254e79dddc1dd29915315d74f1b13ad0ebc62e989ef9a1d454f9dde16c794533391d51addbdd2fc245b2
-
Filesize
32KB
MD5bd66dcb46a0161e61ae0656f74dc4b24
SHA1cea62a292dd67b883b867ef4e32eb182475e7556
SHA256c7f36c868d8e37c9d2dce66c6bdf9278fb26c538ae3be032bf71fbfed70990a2
SHA512bd5b1726acb8a28dc95998d57cda7abe27a15b9e2887302644b5c97bbe06f741d2bf6881fbc80a9421b55df814281c9e3b70989da38a6fb92c444256ec0612ce
-
Filesize
40KB
MD594827aab6dc02dfe9606e91f844a96d4
SHA101ede4ded508436374784ade4c68d8a6a7b02ed1
SHA256a50ffdf4137770355df34c94d3eb1edfe9567cc903e68eef3c0457172dc3fb39
SHA512068ca063b75dfda9344bff4cc5b60d0c86b5855f382f1730a735c2a7b26ea3fd770230d3911a7c40b614740069eca398f2c4285ab0d866be06c09a15a15cd3fa
-
Filesize
36KB
MD5967575234b8a9e064eac2e069293db56
SHA161f34022f97b2b9fc4b8d265d45b2e8fb740ad61
SHA25647fa9c9724b4065cea8afc5db3109462b7ededdeadc43506ae7ed3797f7a853f
SHA5122e1957b228dccfded29fc9102b8f5cf267bacbd13b73a4bce595f9bc861eb7a29f33e18ec71688643595d988fb68ff33691169a3d444c2b2b5132bbd545f3a64
-
Filesize
406KB
MD59d2149a632962978a7a1eecdb5c4e474
SHA16037af9538023521fb79e7d64372f6e6824e7196
SHA256838ae406231aabdea2305ee5567eb7645d035ea88b0106e210dd3e77601e6eb5
SHA512a4dd23d48be3b3dfdedabaf31c654cf9ae91db0a996a3a831c29d149c5a7e77a52957b54a5e7c4fca8de9cf00957c4cc18a361c72cef6975af9fb021128828cb
-
Filesize
40KB
MD5dd42a7643c383f6aa383ae34bdc529c5
SHA1f4fbb1d60628710adf8a17522f9d332ad1e3be3e
SHA256c4568291b733af50cb3843dda5e19d8380dd67a447cb168ea4fa2b7a60ee3c5a
SHA5122cb5231ab240306c758cdf69e4ae5a7b63514b71d910ca90d18e0e1b6b8d84a713f9c0009681eda8a4f2aaad7e5cde336f85135e2dac2830adfc36fd74fc2d87
-
Filesize
40KB
MD53302e5513705acb31ed7c649c53a776c
SHA18b9162970d24954b2aa5002c86dce9df979f53ed
SHA2569543aefaa155d586edb5dfa8797d4e8242e59b6e8b4ad5697d58c74a170a5d6a
SHA51263b3de3fc12e338ae72c6b4b6ace1223be060a1cf19c32d81fe25f22ff49398a8378ddb899fb6c019be000d14c30b6352cd67e0b1fe434109f8b3cc7c44ad123
-
Filesize
512B
MD55628cbe83e3ca8a32cc4a77f4875325e
SHA15ef7bc9a27b90ce4fe96b9d7ed047ba9c093dfea
SHA2562295aab340c0080a0defbb0f2670d86c4fb3c691a19287f502867e344df77701
SHA5128d082eb64ee9378dc84b88f55a79405726635c042523e5a666c1b13718bbbfdf5f914c5a3a777d9aa6faf80ce894d4a2c275c5e168adf35ce9666c570d47fb47
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
52KB
MD52ad680933dd8f14effe04840f5fd377b
SHA1c6fc0809ea57b9360715f3836fc18a73f6f02585
SHA25600f17ba649bc3e4e33f76f47c0cff9b59ba0794fee160c7e84767590bfc55dad
SHA512e18d89259a70a284157283d0926e56a60e9cb691e8a3aac02c2e4b6c6911d5f62f7cbd5adb3d4bf4bd41c125b8dabf34863300e67cba7e50e048053c6dfd84c1
-
Filesize
32KB
MD585ffc36ad8667b955e418302c806161b
SHA1c9deeb4704134cc888d30c26d966f7980225cef6
SHA256a5e8c059bb1f2cabeeab33f435ffc726d250afb9386a67519bf84ec0393290e7
SHA512b6a4fa99b7df0137c20eeb691aac424a2db1bf12981d82a2ad3a715580de499dd45494ca2aab901ceae6666d295e0481ac2b2995c5a5a841664d9921ddf7ca87
-
Filesize
8KB
MD594a71b1b9498e4fa8952a6d37ff24a1b
SHA19e349c78a1893a3d5dbde7e1394d04b01ed8253f
SHA256c35a5d4e3fbd17114eab1abc717c8b3865574e1debc30a2d93b7f8a90f08964c
SHA5121c12288580947d12fc1a6661183c598d751a636ffa026c6aba7b7eae54f878ce2eb1d7c7905c478ea74b26d93659c1feb3533684e890e452e21aa7f5d6059500
-
Filesize
8KB
MD520126044d6424c3369362708fe686a4b
SHA15067546588b873e8b3c93b6a3732577be7df5c8f
SHA256d91b92b390b0b8bcc2ed528c617c96fe6767a188ab45db018426feb5046bc5db
SHA51207939a00472ef6da44391031efb5a2aa8d3d364d18a7347a127bed0c5422c1ac349bccc93958732f074d6dfc503af1a5a96350d7a982e8bf00d8ec31f15a08b4
-
Filesize
8KB
MD5d540f98c45a0fdfb477725476117d0dc
SHA1525ea8094677059330f8bd4da528777e99c0dbb2
SHA256eb5591c2836f9d0b145a64186bf60602e03c54d5e3a34680486695a9e698f789
SHA512c51b401a23f2a7561f9a5c495b4fb620b2bc7f87ce7c2d2336b5d2451bc66327547f1e318b38bee74d9d0d8361609b096e66b46255804761cccd94e8ddd0aa9a
-
Filesize
3.8MB
MD5ac8aa8b2c51df621404d4a947d521399
SHA16060c3cb17552ad9ca126e0eed34665df6f1f296
SHA2562ea34f4b0a777d01c90e8a0040ccb62a210444a189d127065411fc156844bdf5
SHA51235006e582f51264e2071e4e695bd8b02b6057bccb1ce16086f55f5b9f9ae9c1c9e41fbb0d5d02df69941c9cf168ecbb965ce00c185be8a60cefea19c5c4d5ab1
-
Filesize
3.9MB
MD554c5a8e2736df861c1f2a42c91a750eb
SHA113cdf8d99809e9d1b131b2cb15e55f3fa6f4274a
SHA256aab36846492a032ea9332529e3f1bb69c941fe177a3d309e580dba32810c56f3
SHA512d0a02804293539d528370086a64064901be0929d557e23141cf6aec1ffeb4f258061afb78d93f999b63328de5f13d613ddbca88295886e2566c2ff9f8b0af4c7
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
908B
MD521c262bbe100f90b89a6a9685295f8ac
SHA1f5c28d2866216122a49c07ee8e60f982d42d8266
SHA2569a271bf47ac31d9862b31eb95eebe1366a914c07319d7e2cd19d9f4617d21a90
SHA5127403af0c9b1a2f9ea0a06cb74bd16e65f567e573b2023112d4bdf9571eeae8f7807d2a958ba262532ed634d5746fa1534f25288ad238678d85832e950ee66171
-
Filesize
148KB
MD5075f5909df8260245814f0c0b0afe448
SHA1206bf8ea9f10b1907378bcf5413a5d3565f3c5f5
SHA256210cdb9e99f514168c2408ba437f240bd812b3b0162f26ed29ac383c71f603fa
SHA512a0ba6cd4f02f4ddfe341135d86965cf8b8c28421f29532e50f352963f7eda68ba4c464416cafc1a27dc14bb38b7ff2a7da85aec1cc00b735d3cc31aeea9b947f
-
Filesize
20KB
MD584e05be42d118d2e10887a16c9535b0a
SHA1a5349a6f02dd79035a3bfa397875b4bc3bcb106f
SHA25668207d184cf0b3f4abf91fc18d7917463ae20cc1cc45235e741f25752d99ad09
SHA512ea5b483674583ff14421d310f8b50a179d5ef2172fc343dd682c747559c55173fa57d61c751327914a2946e0ed097034b3c38f8f06a7024efd8c0bfb597244c1
-
Filesize
20KB
MD5349107fd9a3bbdc234b93457918ac3d5
SHA17be656bff77d8719dadf3aa30482ce1dd53b2d0b
SHA256e0ef9ce55f6ee38c04eba6f0d22affd616828152ee1c9cf86dae4e88ebba22da
SHA512aca60def1df40c0792758deffbcfa35f684c250210225c9ee5ccfa8039e38a2e7a01b25d982300895225c688abdd6ad524c15d872b31f607e40b3c40f69ffda1
-
Filesize
32KB
MD5880011fa7df8bb90a5adfab8364e2e49
SHA18640c23913dc2b771465a63c5f9417bf5327522f
SHA256b9b37a47c3aa2e7b718df97281ea8885b70c12c9456918127987552ab36098d7
SHA512e32127b9e15767334e13903462b81df74cbb3bd894f35d64aac97e08260ecf3245a3574234f13021e6ad3cc8cbdcaa6824179442e06e2a18c28c44a22515a5c3
-
Filesize
56KB
MD54e71a46117c1c7a5f1bba42dc39305e1
SHA19c68cd69b984c87a7be52fff7c80bb11b57f2728
SHA256bfda4d86896dc945153d1385c1989a3c830a89a1d40bba6a4284337bd11e8e71
SHA5124b9f14cf8184b20226bb235450473a95f247b4df9a130fbde0c2a44f7f00830db24a160cb94620ef9ae37637be2b4fd1f4f39382397c8a9b36691805ff58e7fa
-
Filesize
8KB
MD516e4b797c3119b3c6294ec7d47c081af
SHA14732948a5fc7358858247931b29a6b6eb5f47d94
SHA25696bef75945e0cc2cb30c1195eb5d2c1bb248a6e3a3e970cc20df3b57111d2713
SHA5128a99a0116e1363b0327bd293aad3a020dc1df334e724d3c753b05721d75aa0a58a2434fe36a2ed927013dbc537a7d70f614d0e9b5c63e222fcc1e065f46eb757
-
Filesize
32KB
MD506750ae79edaf1dfcecd4f9c5a7ecb52
SHA1ff5f75779be715fecf6c9d0cb9af3aa0eacb25af
SHA2565072a3b3bc87fd56ca767142d1f6f7b138e395364c1c92941f3bb714b4f93b91
SHA5120bc5df7ac082d35964cdeee73ca59b38fc5dd0cc2c9f672add5b84aeffa3750f877d0847535a43b2dc6bcad7e9f5379604ac9e45d13f3435f95a2f959c309bb1
-
Filesize
8KB
MD59e2ba21a5eb766367d074bcabb127744
SHA167a9bd1162294abd7cf3a58b5fb3a8b9a6d5c5a4
SHA256c528ff6203073c2c1e6a0d12b76134ea6850ca2c4c02087b33582d22ad38503d
SHA51260e507ae1452665a808dbc7306cbfd5f39d46e5b61102ddaa0ec3fc2dd9404234ec93625e70bfffdfa5b81834f6a047a86939f2c6aeab1f8c01d43fbe330e8e1
-
Filesize
32KB
MD5bffca3f2e64368f3a6f62f822488c434
SHA1213eac53f4416f10f137c14a70e0457e598cfe6c
SHA256db104fa17b70da458ab0e1bdc99f082e43ea6e2526e06fc5b14a794eca309573
SHA512f500854880bf88a1239aa0933159427337d9afc7fb91b28a2a837e70e2326bbc70d46fff50e3487608fc473d48099804ee0786ff7e3465f962b1d7ae4d33ff31
-
Filesize
144KB
MD5f1f8d421164dc7737e2ebeed7fb913b4
SHA1e073b2d6e37eb05147cf4f76bded3d4ead1b8e81
SHA256ebf256945eb8ef1d21e3f3c801ca3e890a217e9a0651a252a6e028d1d0bb219a
SHA512d7c55d79e3e6d8a1eda703b0eb5e8a5fb276dde16a651e24d5a7ca1d2c507473e4da585059d36ceac08044acb9f675fef9ddc7dbc7dd5d577885a1e73964eab8