Analysis
-
max time kernel
178s -
max time network
190s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
15-06-2024 06:01
Static task
static1
Behavioral task
behavioral1
Sample
ad1890f8dfabdf3fef20df166b1a603a_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ad1890f8dfabdf3fef20df166b1a603a_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
ad1890f8dfabdf3fef20df166b1a603a_JaffaCakes118.apk
-
Size
31.2MB
-
MD5
ad1890f8dfabdf3fef20df166b1a603a
-
SHA1
45171c88207204fc914c9c0552ccb593bf560b7b
-
SHA256
8c50209773553b7096dec94ac6d62caa752b32282ecfea201a9c1cd0f9b1cfe2
-
SHA512
fdac590c8e4b8ad1c4a02931986ac8ec39b4db6d8be02062678e6b36068b8932af925e2eccc92a307e67bc8da4994dc4eed4483579d62991aff97be4b1ed6a35
-
SSDEEP
786432:u75ucrOSIWH9gIVnmZkxCFTi0kYkh+K6kuNSs:yfrOLq9tVnmZdTbC6BSs
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.smilingmobile.seeklivingioc process /system/app/Superuser.apk com.smilingmobile.seekliving -
Queries information about running processes on the device 1 TTPs 5 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.smilingmobile.seekliving:channelcom.smilingmobile.seeklivingcom.smilingmobile.seekliving:corecom.smilingmobile.seekliving:channelcom.smilingmobile.seekliving:channeldescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.smilingmobile.seekliving:channel Framework service call android.app.IActivityManager.getRunningAppProcesses com.smilingmobile.seekliving Framework service call android.app.IActivityManager.getRunningAppProcesses com.smilingmobile.seekliving:core Framework service call android.app.IActivityManager.getRunningAppProcesses com.smilingmobile.seekliving:channel Framework service call android.app.IActivityManager.getRunningAppProcesses com.smilingmobile.seekliving:channel -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.smilingmobile.seeklivingdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.smilingmobile.seekliving -
Queries information about active data network 1 TTPs 5 IoCs
Processes:
com.smilingmobile.seeklivingcom.smilingmobile.seekliving:corecom.smilingmobile.seekliving:channelcom.smilingmobile.seekliving:channelcom.smilingmobile.seekliving:channeldescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.smilingmobile.seekliving Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.smilingmobile.seekliving:core Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.smilingmobile.seekliving:channel Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.smilingmobile.seekliving:channel Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.smilingmobile.seekliving:channel -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.smilingmobile.seeklivingdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.smilingmobile.seekliving -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 5 IoCs
Processes:
com.smilingmobile.seeklivingcom.smilingmobile.seekliving:corecom.smilingmobile.seekliving:channelcom.smilingmobile.seekliving:channelcom.smilingmobile.seekliving:channeldescription ioc process Framework API call android.hardware.SensorManager.registerListener com.smilingmobile.seekliving Framework API call android.hardware.SensorManager.registerListener com.smilingmobile.seekliving:core Framework API call android.hardware.SensorManager.registerListener com.smilingmobile.seekliving:channel Framework API call android.hardware.SensorManager.registerListener com.smilingmobile.seekliving:channel Framework API call android.hardware.SensorManager.registerListener com.smilingmobile.seekliving:channel -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 5 IoCs
Processes:
com.smilingmobile.seekliving:channelcom.smilingmobile.seekliving:channelcom.smilingmobile.seekliving:channelcom.smilingmobile.seeklivingcom.smilingmobile.seekliving:coredescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.smilingmobile.seekliving:channel Framework service call android.app.IActivityManager.registerReceiver com.smilingmobile.seekliving:channel Framework service call android.app.IActivityManager.registerReceiver com.smilingmobile.seekliving:channel Framework service call android.app.IActivityManager.registerReceiver com.smilingmobile.seekliving Framework service call android.app.IActivityManager.registerReceiver com.smilingmobile.seekliving:core -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.smilingmobile.seekliving:channeldescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.smilingmobile.seekliving:channel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 5 IoCs
Processes:
com.smilingmobile.seeklivingcom.smilingmobile.seekliving:corecom.smilingmobile.seekliving:channelcom.smilingmobile.seekliving:channelcom.smilingmobile.seekliving:channeldescription ioc process Framework API call javax.crypto.Cipher.doFinal com.smilingmobile.seekliving Framework API call javax.crypto.Cipher.doFinal com.smilingmobile.seekliving:core Framework API call javax.crypto.Cipher.doFinal com.smilingmobile.seekliving:channel Framework API call javax.crypto.Cipher.doFinal com.smilingmobile.seekliving:channel Framework API call javax.crypto.Cipher.doFinal com.smilingmobile.seekliving:channel -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.smilingmobile.seeklivingdescription ioc process File opened for read /proc/cpuinfo com.smilingmobile.seekliving
Processes
-
com.smilingmobile.seekliving1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4203
-
com.smilingmobile.seekliving:core1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4283 -
getprop ro.product.cpu.abi2⤵PID:4436
-
com.smilingmobile.seekliving:channel1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4491
-
com.smilingmobile.seekliving:channel1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4659
-
com.smilingmobile.seekliving:channel1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4761
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56B
MD5326fdf1aa6627737ff150a7fc1af295c
SHA1d986db4e5dccd3bf4a07e9a4a8d5d6f7e5ba1150
SHA256f53df2cfa840b247cd75820081d5ed571ce01bc860bc3099eb1fa7ef306f9571
SHA51286e2a258e761c092fbbe40712773da8132ef58500f1bb783a94e20a84821304e1d38c29d470bd46b46d9ecfe17e0569e12f8a2e035781a16fae1273742d8e5ba
-
Filesize
4KB
MD5f1485162e89e7d7f71960c359eb2b9f1
SHA1fdd1aa12c36624f9993028fcd75fbec7f41796d6
SHA2562118882cd04cd45a269b6c5b66c9d7a132eddb73725c829686d3d1c71729862d
SHA5122b96abe9988c911ff02b4a999a96971f435d48deae0149eee95bc06291b4dcd75bb0b572dfc8b132f9a0560edc697b64d30f5253daec76f1e19719d0fa039a4c
-
Filesize
512B
MD599223e7f19cbdbce39219a3ade2eb20b
SHA186d8e16b4a4cfcacc60f871a19312963bf445168
SHA256f5f222415d2caeb0f49574dc4d915d08ecd1645788dd198d4fc4e2fe4c4c9135
SHA512a74dc144843cd2bb8b01882607c75854a014e4de8b1c21c7bb4dbf29a1456c0494b9a147298c80dd383473fb6c4f71788abd8d1779898528c4d44e650853ede7
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
56KB
MD5de5bf6b025f195379c8de1fae5a411a6
SHA1299acca4491b386b1b3201b99b642a355f8c172e
SHA25601c0ae4cb219af5607d7f6af482f718d80164744f2e37b543d3cbb90980ecb8e
SHA51285ac7e4e93c79f12754c67637ff21ce7d1ca8b0472c731275a43ffff2fb3033040ed7651d7aedeceac6980fa40e3303846ffbcb2090d4ad6c6f47516a24d681f
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
32KB
MD5974057c0c545319fc635d9e37846bec5
SHA1504eecd58843f40dae164e3053fd9d0fb1b7ef22
SHA2562b78d5a540fb6c85f958ea840398206e7bf523c5c6de858af0c97b7598888210
SHA512cedda924262bc3e91619616f99c6dd01688dc9ee56a9b867c324023ba04934f2046d68db227ec08be83ed027cfc557adabc855d17db478ce2008e85941153960
-
Filesize
28KB
MD5aa201d926bdeeb15a713f03003406ce5
SHA11a113664582c9d34b19f7d14224c79e2ff609636
SHA25697460c563aeb8dc77a22729c9988780fbbce58ac7c68069b5dc00009dd34fd82
SHA512ed8e09900164ba5734a0407f1958196cec7d74d4a0670ae83e4ae87f8e744749057d9a2315e4cc5b3ca190b1bfc2da93173ca7750b501cfaafa67bb1b393bae9
-
Filesize
68KB
MD5340e34fd70a8852577e4eb9c0a91f5d3
SHA1be59ecfb62f8f0d4d2893bb01652c4da47a6fd03
SHA25641af21080bd87b085e0ea904b8c01823ef74eaab2305800ca0db987e0b0bf999
SHA5129b904828b05005869192ffa3e67322772575a3b14c3a166ceca9798f3761b1c0bfe5d4740a4da43018dd8a7bfde7ce45f8760ea922ca6c4b8c374de4a6f8fc95
-
Filesize
36KB
MD5486e2bac2b3e9e1cb411d2838a4854bd
SHA181dd0a7537f4af319b830ae834908986be85da8b
SHA2565644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681
-
Filesize
512B
MD52d899ddaea5f6b00a97bec17dd1aa211
SHA18e810056a51aa38d17face6fa57461cfa005691c
SHA25675fd87dc12c9c6f9450a4131d1da7a27e3dce5de1513ade2ddd34a4f3fe022eb
SHA512a1fb5ef0ec19e640b7861e6e01eb5917a6bfa5f14223fd189e5b103f21d54c714aa4f33936ea8252ec5e19beffea902e0bcc84b94db848c20bae225c24f66075
-
Filesize
28KB
MD52172314f95d76a0469428111a8b6d68d
SHA1ae751d3172fc55ca393c6ee48041b32acc1193c8
SHA2563d8821c9634ec2fbf4b2ec431cb7dd19c2299549679aeb7e6d992c76d16d8f9d
SHA5123f4022984049ef071d981f6903ec6dd309012ce81ab49010d8d2b67c98b294d69a0fbbda44b8b09ef183628450f8c812e8f201456c3f8ad7f1bdae6018598773
-
Filesize
32KB
MD5308363025e6c5a99448eb31c5b6612e5
SHA1b3f291277f826967e25e5a66eea8e8c9b6f84998
SHA256456980ee76538ddff252524fa06e8c6da3189686459501e6f2d9a8966ec39ef6
SHA5123316e06fa91b6331183731bc94625cd246686d3877ff77b9378a72a4d088a51e41232fe6db468a78307a3103cdffa4014f21b75c2ba312262266e6719ba967de
-
Filesize
84B
MD5629f5701b04d714222262f6e6fffca98
SHA1698e9a4705be5c8d44c87a79358ceea73ba3ccb4
SHA2562de088b8ad2f60bcc7cf7e4dd101bbf9ba44ce4f3f649b07cacde1c65fac27c1
SHA512a16d9e34dc3f49088442a92aa1093a00b65c688df25e83d04858131d496e97c86ddb144cc6bad2f540339d73dbd8b765a76c5ab09318d09f15d3cf6500728668
-
Filesize
175B
MD558a8cdba8f230c835bfb08deb5817105
SHA1e2bb2bb9e26ed9f0057b60d9974cf2191b053f72
SHA256d71db8d18dd978bb8b8abc2511a6944feb5a7a2c1a5935d6fcb1eb3a8e0a4365
SHA5126d7152a525a9a41b305947c92dc993b5d75fe838c56f908eb52ff4f771a4c31923a285e2dbff7be2b5ebac493e7b53d77acc72e8896b3fa16b9d6ca2289d0617
-
Filesize
111B
MD5fae093a2bdc35f2e52c75603b7f48986
SHA1eaf2c98bedc70a8c4a0699fb8785446f9e5b0abe
SHA2561539d5da41c025e5a2918e8f7dab5f0670ec31f051347268a2a3471edc874656
SHA512545b04c28add8e42f69be7254af42cba8e5bea337471ccf7712b166bde7f024523f23ec385dbb67be840d9fdccc741c8a5aa26994c943fe024adabff276925e1
-
Filesize
167B
MD54dea9b1658d82375673a4166e5166fbe
SHA166a5dbf5eb03552e393c389a564d06342b63edfc
SHA256b6b61a79f526ed28bafe2a8de4baf652c58bbbfc52ff2506dfe6880a88ad92a1
SHA5127f15505651913848c4ae37c0736a45b4610456e40566d71995e9b325e5dc1956bc29e631d7652c2b78e7fee41b680bca52b89a0641b42424da6cf8b853d02e3e
-
Filesize
84B
MD5221bcca912f7e385bb14e4c284c8c9a6
SHA11e1aad65f08c7717b43653c55c1c62edec1efb8e
SHA256edbce38f3c423f4ef067a6f8e25b95802bf7354ca2f4bbed6246d80ce97ac81e
SHA51264234d4d4f44be5be07edaca722cd45a84bf0579e3b106060209378140ba214fc68689a1e713e80b924f06abfd72b938fa492f08c07abd404fa180e887928ce6
-
Filesize
512B
MD5e82111dd2317a2e4a28b69ec4e7dea5c
SHA1574aa32663259cfa3aebb267b969cdd2742fef0f
SHA2566972f1d6be06614815e2fc8b69e1d49cd877d86be5ff89c833067aa19682890f
SHA5127a1bf7e23dc1adb0884a019f4ab34c844f7995a3057eeb53e42b3890674ab6e21827b24669691eb436040fdbf3ead60330956199217dd3d61626c407b511b954
-
Filesize
32KB
MD5d8001224f373b21dc6ab9ce87e27041f
SHA1c42b2ec0bfab26242f4cacf9c5e25944d52a8749
SHA2568b0b2f42130a42d3d934a7272ff82617f9126b7e81b86b4d48c34c435570b161
SHA512e9fedcea2c95d4fa746f09264361bf7fc03f75a3f0112b39c80e7c6abad1182b10d61ad6ae60de72167b701539948675b5194117c6b440aee014c916634c69a7
-
Filesize
220B
MD56e04d986b97d2bc869f9cfb472a23145
SHA198c6856215bd172135ceedf8cf606485b1709a95
SHA256ab2b2893c40505f136967929f45dc4add8e7dedc960748d15e97215bc56c8640
SHA5129577f6970e0cf2dd09299aa34e10518ccd267fceea4d0fccf5df08a3a662b935101043a1f5d0cba5dc80190132209a6a66cd97f33c859f353a536d41ee8e5bb7
-
Filesize
96B
MD57acf7502312acf4db1766f7e64f1cad7
SHA1332a1fb0f979836567890a56ca65c6efaf01f6e5
SHA2564ee3424fdf71e8c5c8c6e39b8cc39b559e8cd786bd3d2df0adf2e2b0bc930a4c
SHA51241817fd45f4126493d4fdcbe9b757237d3854b1f68be053c8b3878e567bcff0b84c0328f37ca0322788adaf57d5f9af1ce9e0819d4cbbb95552e9288aebe2e75
-
Filesize
94B
MD5ba447416f841c2a3f6dfb465db4d325f
SHA184026ab7a31a0b637f99b0d0cf012dd1ccd69be0
SHA256d432d3d0e6d7592e8dfdd2d2d92c826f07005df04c8fa87411b3afca7d8fd4df
SHA512a10a54aacf8db65368ccc221ab997b0bab4cfabd8b11fe7c45459acc5f7197735a63aa6839e0ba2f99836eff241d085bf2558ea789262ae1ca1c080dbd4e0b4e
-
Filesize
94B
MD5ca6cb567ec714e4f55bb65b1ded703df
SHA1e33e50dc59c6790e15a04a99ffdd90466c2578ec
SHA256197721051b57dd20f5a6793222ffa64a8702b8dd3fa3ff902a5a31939b87367e
SHA512a4cdea8832f3a940c481dd7ade3889fb30ac546cabc11e876d713080dccf93b63ac58d4d19be2e43643c955b977d753eb90f7f9e20114e817839e303b462d628
-
Filesize
79B
MD566579b0435d8f3ec691a0a62bd0a7d18
SHA101016c8e996ac84c307cdd67adb3abbb9d874333
SHA2565d59b8b2081c071ba91319043bf6efe86b6551e95cef6525313708204b8e0b94
SHA5127625584e4048428f08413fa7acf8a7397e5748ffa59fc5b6e794775e7bf744df815baf5f8ab335a6ae9c26cd5d84479c79119cce08e2b9a0a4ee28141af27b0c
-
Filesize
163B
MD5859e02675e4ebefef6070559f5cc92d9
SHA1c2b4b2a1b00ac55407f67ebbb10eea9bf6418595
SHA2569d6d8678026c16255553bd9e0cd694fbf83e650c81ffb32bad21d3099ffec355
SHA512b03c0c48dd18706e5c0c1bef12585140b21d1fdaa74376e2e1f79a88bd79c12c70f759ed6c3997cb267bd30c8980b82acc69e3de9d2c2681cd0657a45313e5fe
-
Filesize
48KB
MD534d7b11df0908b64ca79dba2c8866acc
SHA19e12ff88896094e34366d25594b4963cb093a5aa
SHA2569697b8bc25a527210f83f264a60a38e1769f4873267ae791ab9b1ce6c4688cae
SHA512584880e5af118493a63fb40badb959997e7a638f65b028e792bc41cc2b14d9125e8f6565417da44fb6d48bb9faf19cee4fa008016f37e72a2f4cad516e29b750
-
Filesize
112B
MD51bdea594e115b11a545872a68061ab5b
SHA10ae305d4aba9b4c8e2fc159aa66f10521e4f31be
SHA256c6686ca92caa2eb11d6a95cc5305c721bb63863559ea8a333f821d4a63618e0c
SHA5127efbe97f61bd816d430481dec09410ada3e672aa935d802f2525cf49b903978036dc60ab0de318143d2026b364429c2b1e361115927e50ce71fdf954102be086
-
Filesize
45B
MD5bea3be64393f37aca73644af4858ed29
SHA1e3f6f974c7e35f61510157a81341986b5bff3081
SHA2568ab869b18f2bde6ce4cd72ea3bfacc78df5444dc6b4b54d49d810101889f4f23
SHA5128b75be96843858320c6daa14c514b4ac7f41f40a38c9214334b6f3d1ea151e66467ceec4196fab9f353676e2c81e108e5c720366903acf5032c1647114849f6e