Analysis
-
max time kernel
179s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
16/06/2024, 04:59
Static task
static1
Behavioral task
behavioral1
Sample
b1d528b002124a7a24bf26f3fe678cdc_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
b1d528b002124a7a24bf26f3fe678cdc_JaffaCakes118.apk
-
Size
3.3MB
-
MD5
b1d528b002124a7a24bf26f3fe678cdc
-
SHA1
3ba6f71cd08f585614b6b2a2917fd46cec389e83
-
SHA256
68b9ffd0fc69e900672199f26b108812c6f145a2e8b8bf732506d4b94e1a32d9
-
SHA512
06979c7cb4b17c8bf64fa1e37bf4ef659fe99cf0227e703525cea6966cadce173b0c3421ad37e353a51b303280ab506e6fd00b04c63bac3330fed071a4592343
-
SSDEEP
98304:+mC9c74JNHb6j+v3vJ+4x+SOCKk3GkJ2aqxVDueo2lMtmD1lpf3Iv9rs:U16jQWVDbUmD
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
ioc Process /system/xbin/su com.chunfen.brand5 /system/app/Superuser.apk com.chunfen.brand5 /system/app/Superuser.apk com.chunfen.brand5:pushservice_getui /system/bin/su com.chunfen.brand5 -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.chunfen.brand5 Framework service call android.app.IActivityManager.getRunningAppProcesses com.chunfen.brand5:pushservice_getui -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.chunfen.brand5 -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.chunfen.brand5:pushservice_getui -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.chunfen.brand5 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.chunfen.brand5:pushservice_getui -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.chunfen.brand5:pushservice_getui Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.chunfen.brand5 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.chunfen.brand5 Framework service call android.app.IActivityManager.registerReceiver com.chunfen.brand5:pushservice_getui -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.chunfen.brand5 Framework API call javax.crypto.Cipher.doFinal com.chunfen.brand5:pushservice_getui -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.chunfen.brand5 -
Checks memory information 2 TTPs 2 IoCs
description ioc Process File opened for read /proc/meminfo com.chunfen.brand5 File opened for read /proc/meminfo com.chunfen.brand5:pushservice_getui
Processes
-
com.chunfen.brand51⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4172 -
/system/bin/sh -c getprop ro.board.platform2⤵PID:4247
-
-
getprop ro.board.platform2⤵PID:4247
-
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq2⤵PID:4377
-
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq2⤵PID:4396
-
-
com.chunfen.brand5:pushservice_getui1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4208 -
/system/bin/sh -c getprop ro.board.platform2⤵PID:4290
-
-
getprop ro.board.platform2⤵PID:4290
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5658f8f5446308683687824e27275b374
SHA1ac6b49ac173ccb70bec1b85c4d08a8e88c5020ab
SHA2569de7884a8599a3c996cd398d2c15e72a544171b36dc2e50292b948451a08b243
SHA512ef63d494996566a0bf26af9537005460216f3daa1e319d5f582f9c7bf4caf3ce0cbc45a7b102b569be0e4f4b3ed3c7cda8fb46cd40bc384d78933431d9660db0
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
80KB
MD55b9d70fe85964ffb38823512c47d09c1
SHA12c0bf06dbeaac28d111896265d43e17e5a884e93
SHA256094cfae72aeed1ce0eceabfcb5774587b797c11f1e4cb2f5898ddb9e6536aabf
SHA512f17ce760582133913aa7dfa13efffdc90938174b27da85e144c1243ccd3ed888d75a54c8338244ee4bf435a2bd386e95a7fd5926544eef73247fb3318cc00c95
-
Filesize
512B
MD5b31e7299e9c978ab38e1839a011fe7a5
SHA11ec5a206076e6e8e4e18f5bc0e5b3af1eef96dbb
SHA25607d38f5b4cf05beab117acdd7c67d2ca4fc36d99a5d97c4c49c4f80b74473ade
SHA5121d2435bd7a02640dd02b541721f3f6155c8bc41a2f366b64d9752398568e568e62f7a05e36078af53e5a57615980a342b40d76d297aa6d02a2e7d23d1a6a878f
-
Filesize
100KB
MD508464642d1082829c0f3785ae855bc18
SHA12287bcf9a7f514325d7e73280935e50f72195dba
SHA256665effd8d7e76f21124d43fa542b0fe46cc636c055db0a4b3e1e14ac33d3ac21
SHA512644d838329d557ff2273e6fe8d3bf7ab5cdc4990861424f9ca04ef292291daccdf562f490a98bb08e07d0670f644b96dfde4e8f7e7a92ea4073074c27dec100c
-
Filesize
512B
MD5894f235033346c389fae2d4fbdae51a6
SHA1c57aff5aef3df5d29fe46d2b754a9d25f5448102
SHA2567d17545fc11bb5e891a705e554ebbc8e2229465d0bd939bd9f750f899b339b40
SHA5128b3fe828f31dc5d6b6ad129e769d335326edefc8fc7fa271b1f8057a71513515f847c2a91bae48baa482778736970c9be4b86e0fa4185ef8e05a95d2a41a9330
-
Filesize
40KB
MD5a6d2698fb5166bd1ef2dd8cd970af500
SHA1467279e9d1404e8761bd09ade604c8109c514e8d
SHA256df4827f806568f367c01f8bb6a07ffc23bd4daeea69a175c77584a6c5eeafd46
SHA512b2edd7d117a64b3f16e22840278952d56c08daddcc2a9bbadb33b2e21e7b5a09786f33c293aaa667ed02c85f59f20aae5df042a7959bedb1f4bc61d80ab8ed37
-
Filesize
512B
MD5f89763b852292eb4515da9b9f392c310
SHA1194a37966722321826b79f69407ceccd9f5066b1
SHA2569e23fbd8768cc2a75c14ddeb21a8e8b1cb940cc72bfa01334f10bc22187b4162
SHA512e72178d7746a62b3e20f53858d6ef912dd43fc475a7627d39f60af16d67ec373d16d9b35f9228779d96d4558113588ed0f4240b584d7dbeb8abe4a4a9467dd56
-
Filesize
56KB
MD5998775748678b8d66cb4db402a4bdd5b
SHA1daef651aff727f1e46191525f732703f310a6ed1
SHA2567e72ea93b4dee74513d74d9e4671baa01b6812d035d3dcc4ea81a1a5abdc529a
SHA512378bd7d7992f2a82dcffa1bc6c46bce042b8e02020f57656f5da1ee0c361d76841626e4102daa2921a453a53c3e25b13a0d701ba79fd354e5315ac284147ccd0
-
Filesize
168KB
MD5c747398ea600b625e4f86fa459f63fca
SHA1cd1e59040dc9cde2b104fb7e97b1de0141962b46
SHA2560730d2c3d4e97bfe23e481476e2534176e0b61e7bc4e9ee5f44ef227201e5fab
SHA5124de256808cffcb9b1839cf0f1a20f16f79f9c2409bbb625c6d8571f2733967c2f334ddf3d27c0cd1641c96a7b2ef5b55a74fa2b5b49492c5473bfa3d68f04947
-
Filesize
512B
MD5953f355fbf2d9be6a1e8903629a2db56
SHA1ea118f7996691e4d6692e2d5c5f4201459a72673
SHA256ceff1b1224c53e83220a4544cc31a7693e4846412307695c55a31459a4a6ccdc
SHA512a3c3ae4c0c315dc6d05ebc1013f3f28dbc2a356cc045ffb11d80d576aa0f4e140e1bf53e44102c9f898198d67c160fb499dc29ba4ce89c25727c7b520b4fdc22
-
Filesize
402KB
MD5bfa27f34850a3b8ebc71dd85062558c1
SHA134d2717807055130bbf0444a2390c5a5f187fa33
SHA2565d4c789a040a7ca8b852a63445e0fbe6c2c3e1bf76200eaa0d7c3c9513435045
SHA5129e4ed37c553bdd78f800f4c8bbd2b1f0685d4083fcd16284270a01c5d109742cd3dfa205a83d1f2e485d098bdb1063116524b8683a79681a2490f236c885f6ed
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56