Analysis
-
max time kernel
125s -
max time network
184s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
17-06-2024 20:49
Static task
static1
Behavioral task
behavioral1
Sample
b9fb792680a42cc975db16a84f7c159b_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
b9fb792680a42cc975db16a84f7c159b_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
b9fb792680a42cc975db16a84f7c159b_JaffaCakes118.apk
-
Size
30.6MB
-
MD5
b9fb792680a42cc975db16a84f7c159b
-
SHA1
d18ac3745fc702c3d6a47863fc376b23bc095b21
-
SHA256
3392dfc6855d3fb0fb4b0eb21605372fbb82dd2a6e0116037d819a8f46e0f24f
-
SHA512
806264c857e45dd9364d73d3f899afef5842c78f8a7dc2db6a159ceb56826cf422032015d72c89258bb59120e7b4fca8885782bbb68424f41834b9429d44eadd
-
SSDEEP
786432:xDX352H4s68Mtjio9kWfIcstSEeefEC8DAaiKtVo2AZ:Z352H4sjMtjiqBwcsUEVfECghAZ
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 5 IoCs
Processes:
connect.app.sunseaioc process /sbin/su connect.app.sunsea /data/local/xbin/su connect.app.sunsea /data/local/bin/su connect.app.sunsea /data/local/su connect.app.sunsea /system/xbin/su connect.app.sunsea -
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
Processes:
connect.app.sunseaioc process /system/lib/libc_malloc_debug_qemu.so connect.app.sunsea /sys/qemu_trace connect.app.sunsea /system/bin/qemu-props connect.app.sunsea -
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
Processes:
connect.app.sunseaioc process /dev/qemu_pipe connect.app.sunsea /dev/socket/qemud connect.app.sunsea -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
connect.app.sunseadescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener connect.app.sunsea -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
connect.app.sunseadescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses connect.app.sunsea -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
connect.app.sunseadescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo connect.app.sunsea -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
connect.app.sunseadescription ioc process Framework API call javax.crypto.Cipher.doFinal connect.app.sunsea -
Checks memory information 2 TTPs 1 IoCs
Processes:
connect.app.sunseadescription ioc process File opened for read /proc/meminfo connect.app.sunsea
Processes
-
connect.app.sunsea1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4678
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
227B
MD5695545aac82dc2fc6b3d1c8cb0349f9f
SHA18d6d0ba257da64f6bd1dc2b11b7f03a7da410691
SHA25602a5911a70c8d022a718b9410c07881e70af8cff7de046fddee9666092e1fd4b
SHA5129bd71bafcc892833c7f351d4a1a106b8ff4855b20a91c29129f8ce34b63cb6c36c5f95e4cea1d4f91cee415c54e7aa14648bf2dd82a382408cdbde48d8d231de
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
36KB
MD5f1abc67cc72bf5fe66779fa5dd1dfeac
SHA1660f6d1cffa2bf57ec29105e40d08ab103cf18ad
SHA256a953ef381606a6d98d98f3278e94fc1d5b58a0778f8ea3e305111586b759c14a
SHA512dfbe97f3c1f3a3ebd63fc5bcee1b1dd1b91dfe01ac95af8fe897f44079e852421fa0c4cf038da6e43264d50f3e612ddc2be9aa17bf47ef604ca428fafe0858de
-
Filesize
512B
MD5682b713c2ff3e2b6d17455d7005e075f
SHA16484a462416b01e894ec1bf42c91086941283929
SHA2567a1a72f52814f5af38525dc600abfe08ee1fb9f34de6d3790bc91f6ba165dc62
SHA5120e1911fa527c93b62d85926156f5106b5f39e16bcd093affee810fb8d4fae40cdd57580921c471ba9ad57ad42ed09c9fb61259479d54db69a5aab53523b6a3d3
-
Filesize
8KB
MD5d880d07b2b008b7e1b9305582cd31cf5
SHA1a54bf65e329c8b8633eedf56fe297f14eb72ac0c
SHA2563ddfd12b40a5920734bf54cedb4f8397e408d325ac9389f18fc2d6484fcf348c
SHA51243deab15a2f33a1f64624e2d49fb9a5a2c900ac59b42005ff9d183f90ebe10df8e5fe09de6b5572a8f99972c8471f1d889dcded2fbff28b0ba4a489457164983
-
Filesize
8KB
MD5e0e5d3c25779a982cf51ccd8a6ea43df
SHA182283d5f22f96c6c6fb87cc40285a2d17484bbe0
SHA2563cb05207c05954701157481878f58c7552078479792e28baf0e22ac51b5b85c8
SHA5120b1f9d4b91148fff2353a61043b8568cc48ab610fa3143fdfab6ac205863eaf77bf1d843de9c2c82151232d12d6ef812b29f778190ecdf82568317b0937d0f14
-
Filesize
56KB
MD5a860ba3e3a648f73fc11269ff9ea9c16
SHA17167faf1666bdb05633e945dddc3d6af6c35fd0b
SHA2564087524ad761d0669a39007849311b2b0a32c1a62d0a7ff04d4a77d702bfe27e
SHA512279991548672e18e99522e1402ab96a3b1887a6ccbfa350cab5c5f5096807beb647b9cef0a5668755798f8032e243aab9ea5f1cfcd934671153d54fce48ef8c0
-
Filesize
512B
MD5274dec737ba125527a5e0a24d8894af3
SHA1564bc4b39a919ef8064f6c9d93f15c4dc7cb5b20
SHA25675d9ff46f72e1182323c4315769dc82c0688f3a000ff277fe99958b7e583d02d
SHA512098047523f81976b4ad632acdc81fc95e6c0c4d33c1702ea2cbc8b8e64fb7fd16e03fc0db3e3d2011ff2e17d594e0168058f20040812db290bbb059f3a9770c1
-
Filesize
8KB
MD53024e7ef30379d18dd510385460dba7d
SHA1f11b54461737541d12ac2b9fb7a404c33d543bb7
SHA256d75338784160be6d15a7bc6132b00c8c57014970614990694c612849a09e26a8
SHA512b84bf8e68b90d4b7d483107dbad771d2c6cf8f60b917b61831b5109a7c02fc560a3acdd40a1064f65f46c7e2aea2faa02d1fcccb2a27aa0d422af9b261950a72
-
Filesize
8KB
MD5e3efe587e278873538cdc17a76104ed3
SHA13a51d113cba7eb48eccea6597d0613e7bc950c0b
SHA256dd3b26dbda89fdb32c8dc9464967c0709281cf7a5ad81cba2fbbb64a3371f114
SHA5122340619e97892bd25cfb26d033ea227bff9b0fd901ee5ed806a169c130e35bd6c1743a48583e14f2b1a383ddff52b21260c9ae3dcd4b7dff99184605da487d1f
-
Filesize
52KB
MD5e8be12df1989f2de302d22b5eb5b5362
SHA12b73e508aad320e5918aea4c9fc961e961be56c6
SHA25620a84c03cadf518fd2652e3aecabc9f2a16adf0a13b4ae89688fc8ea1d5f4afa
SHA51280458b87a0fa60f0d2e1ee6d55cc7967a4716593e5915cfb3743c5a7d0e6310883208966b239708c2add00c962ccfc21c3cb867ae9add22dad721b65e3cfdea5
-
Filesize
512B
MD5d602e3917a6f8f66f3e9150781cbc4c1
SHA10ed98daa6e6e817399c44bfed232e5ae8371d141
SHA256a4670d874ef380e0a896d8b05c05d3785625a92d413dbc6bc84e92cd510a12aa
SHA512caf6d32ae00253b49eba3e0b911564eb8c58a4408b5bffd373b78795501376d4a0c0af8843eefc910cb41290a5ad54252ff42ac492b2284a68702847c75b75f0
-
Filesize
8KB
MD5c3ba1a81b976b619ecf1250d83a38d0e
SHA125607596df5827b37d8a7d03dae18f67a7bbdfbe
SHA2560170fec74564378492794f4d5277d999b23550baea9c0420f93b92e2b10d1b4f
SHA5123c083bccd2173f7febe4ed4eefcd0cfd79cbcec787ec3e56379add891122328566e5675a20905e2c9a0ffa374ce7c3886539fc5bf0d64fdbec7be668c9f60f3c
-
Filesize
8KB
MD5f4a8d89d814cde786ac63e0aa52e4c64
SHA145765f68932881153a6daddd833931f095f177a4
SHA256a7fe7c0a53007364dcfdf60208c386a33249432a9ae21d01516bd87bc2cfb8fd
SHA51229c492bd23510e01776a0af4f531dcab456015c849f11cedaf683304cf275753dcf600331d6a70f2c60a313a331f9c98b79e8b019949892c400f588bda4f3f83
-
Filesize
8KB
MD5e3d03c0a6188ba1030ecccd0e303317c
SHA159a7442a500bb148d2322cc5dba7cc1a2c3b346e
SHA2566d3b5f1dd3574a214ca2dc2405856de796da576997899ea11862452125ae95e8
SHA512441d4f7b7b769b34fead1a2aba73a0fe95edc4271f87d3d13d0801b6809ad7348ac28bf5f6289a3147235a74c382e197eb21a76391d775b7fe1a49fa1d20748b
-
Filesize
8KB
MD5f7001b8bd9577e6aa7076a70ecb78f88
SHA1739c67e2855ab4454d234200c01b97c67b7ae3a4
SHA256f79c40a6228875a797352bb5e93ef4b986217dad5ddf5bc98380099a205c852f
SHA512388140ae58161935c527d2ffb44ad01a02bbf4df2ed76d705296af1e2140fb24ede20064adff794c4bdb68def97dfe56668ccb094699c8395dc7145c1181ca46
-
Filesize
8KB
MD5039c296d7871329ac3c7c4cd5ec169e2
SHA1154d602a86444195e37ac70a6b5fcf99013d104f
SHA2566b4d8d3dd8e56321da2f3f4766e25fa8af2be48bf3d8c5f28df8329ea9b6917b
SHA512e55c20f4b62420dc15eaee6a43f384b50b8d4b3a669af73683a9f68cfa3bd33edbec37454fbdb93177a432670222bdbe4807a1ddd81684c8939bd717ef7689ad
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56