Analysis
-
max time kernel
104s -
max time network
148s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
16-06-2024 20:27
Static task
static1
Behavioral task
behavioral1
Sample
b50ca2f4459545b009cba052dc7bbc9b_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
b50ca2f4459545b009cba052dc7bbc9b_JaffaCakes118.apk
-
Size
30.6MB
-
MD5
b50ca2f4459545b009cba052dc7bbc9b
-
SHA1
8a8c0ce5ef37fca2f5f82a4c74682047ff26523a
-
SHA256
6423976bcb2e13f356558fa01c864001746aeca873916ec4dfe83c8399f05f0a
-
SHA512
9914cb452883957dc129752279f21d997b257e242eedca781073b96bcb87df9744694866dda58fd249bd4e7255846b37ff7ac77030ac39e627c85fa3038a2104
-
SSDEEP
786432:aI4veYSbs+X0szrCX1nR8OnqMXYpfQ2xCxRO7op/:aYYZAQR8OnqMXYpoz
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.centurysoft.threekingdom.offlinechs2/files/egame_temp.jar 4170 com.centurysoft.threekingdom.offlinechs2 -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.centurysoft.threekingdom.offlinechs2 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.centurysoft.threekingdom.offlinechs2 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.centurysoft.threekingdom.offlinechs2 -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.centurysoft.threekingdom.offlinechs2 -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.centurysoft.threekingdom.offlinechs2
Processes
-
com.centurysoft.threekingdom.offlinechs21⤵
- Loads dropped Dex/Jar
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4170
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
108KB
MD56cc0bff28d139d635c3567536ca09ccc
SHA11364ad6ea85da6767ad29e17275088c8570d2042
SHA25631f5e8689e871354dd788afb909fbc01abfa4988cd862b47e64311be4164658a
SHA512d078975b5c67459b0eed3ce3f52d1547f48dc20b61ccbc713968bf657f6387e1c1ea05498f18f387589b1cbaa1994fdc86885488e69b7f9737a33afa30b826c8
-
Filesize
108KB
MD527a61b63db430421f61121aeb541c85e
SHA1a5c736e8ac5e3ec0401e9ca52dbfcc716e46261a
SHA25673736a10de784bbf1e2d71b8af67dc8f872bb6ae745f51edaec4b14987c64bc0
SHA5125cff91bc9f264bacfe10f45e98b49aee0bc41573c2a461250db3179e5bd26a837213dd31889b876b6ccb266bdf5e318abfa8e22045baeb66b97785e74d1d712f
-
Filesize
271KB
MD5d873492305de936dd25f6f062357f2db
SHA1941a740ab7bef317a3d7dbfb39e504dee529f13c
SHA2568aa6834c442eff6e6a7775c2910fe6093d2e5b60afcbb2a31c75b7149ce8e7c3
SHA5127eabfabbd105dfeedb9f946b64fa07e63712ba93e143e6e73f9b9e38e70ee8c5bb19efd8b65b3ebbb45bb643baaa639b96615cd8b1c8b18f78264a1d8281bc3f
-
Filesize
371B
MD5ef84f6940883962da4a7338b8e1b0b76
SHA1b232d8c51c54f7d6dfebdb68698bccf5a88b50d8
SHA256546af5f26a9f89fc8e121fc734183db5fe772a02a9706a3be41162bee6f0f7c5
SHA5122912032134768a1dc43c57819976c6a5e150cf659c483afbd7ef6ba32576c55d158a6a453540aeb72b910f526c08e170341eefef3877b07e056fc9a4b3ece05a
-
Filesize
666B
MD5cc4e6b2ffa0e041cdc337b6699d5dbc1
SHA1f12c8cdcb344e68298e5ffaa7ca6d99c3ee20460
SHA2560dc7a87e029b4ac30d94bfe468ed57bcef440c55b5a2fe6a08389833a3394d0f
SHA5128866008affe84aade0914a5b7dffeb0bdfa9ec37905f3ba603b7b830e0dd13a09a348c408363a6600ee02be110829cd775cc4e67b7d67e827d8ed5c50097e240