Analysis

  • max time kernel
    25s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 03:18

General

  • Target

    a7d28f24ea1248438c34c999414f254c_JaffaCakes118.apk

  • Size

    2.6MB

  • MD5

    a7d28f24ea1248438c34c999414f254c

  • SHA1

    12b62534b6d6304b37560d87b56070fba47957ed

  • SHA256

    d94e1f614f1d0dbdab1232e5b78cc798271067aa533ec7ad2574aef48b40825f

  • SHA512

    75a4d493773bcc285bde1490e6ff2d2d1a8ce0b0b343c7f68fbdb986af28b3b81369932f8c46e0b321a1e79c880a0bb61d99f4ea69c6009f6c53d0eb27817e68

  • SSDEEP

    49152:ORtg8H2sdVLg8H2sdVFuVMEZ/KGbHdb5OIKNivz4pqVTeBXJZoX8gkV:ORtgo2sXLgo2sXFu6kNwvNZ/19V

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • cn.nyxdt
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4287

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads