Analysis
-
max time kernel
25s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 03:18
Static task
static1
Behavioral task
behavioral1
Sample
a7d28f24ea1248438c34c999414f254c_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a7d28f24ea1248438c34c999414f254c_JaffaCakes118.apk
-
Size
2.6MB
-
MD5
a7d28f24ea1248438c34c999414f254c
-
SHA1
12b62534b6d6304b37560d87b56070fba47957ed
-
SHA256
d94e1f614f1d0dbdab1232e5b78cc798271067aa533ec7ad2574aef48b40825f
-
SHA512
75a4d493773bcc285bde1490e6ff2d2d1a8ce0b0b343c7f68fbdb986af28b3b81369932f8c46e0b321a1e79c880a0bb61d99f4ea69c6009f6c53d0eb27817e68
-
SSDEEP
49152:ORtg8H2sdVLg8H2sdVFuVMEZ/KGbHdb5OIKNivz4pqVTeBXJZoX8gkV:ORtgo2sXLgo2sXFu6kNwvNZ/19V
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
cn.nyxdtdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses cn.nyxdt -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
cn.nyxdtdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.nyxdt -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
cn.nyxdtdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone cn.nyxdt -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
cn.nyxdtdescription ioc process Framework service call android.app.IActivityManager.registerReceiver cn.nyxdt -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
cn.nyxdt1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information