Analysis
-
max time kernel
128s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
18-06-2024 07:47
Behavioral task
behavioral1
Sample
ba8a46aa790858a5bcc32aa246fe5779_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ba8a46aa790858a5bcc32aa246fe5779_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
ba8a46aa790858a5bcc32aa246fe5779_JaffaCakes118.apk
-
Size
31.7MB
-
MD5
ba8a46aa790858a5bcc32aa246fe5779
-
SHA1
9632d8d0912b695f049136ef9b76726bc08e87f9
-
SHA256
675a8cd1a46f585524f9ddd52b5be83fcc05de50a9e85ef50d802ad94177b770
-
SHA512
4526d43b7ded4f945500d89a1589e61da15a89b26baa922edc102faf5ee02deda4b9547c3c938f49344989fcca9e7efcf3d56ea479a57a362a92292c6ece042f
-
SSDEEP
786432:MOsy72TogXhkI/A5R+XYiJNZTKGelHpGv6T4P6Qh6TivT:MOZ2UgXhd/AHeYiJNZTKPlHgMO6Qj
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.suyu.planetio:localioc process /system/bin/su com.suyu.planetio:local /system/xbin/su com.suyu.planetio:local -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.suyu.planetiocom.suyu.planetio:localdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.suyu.planetio Framework service call android.app.IActivityManager.getRunningAppProcesses com.suyu.planetio:local -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.suyu.planetiocom.suyu.planetio:localdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.suyu.planetio Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.suyu.planetio:local -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.suyu.planetiocom.suyu.planetio:localdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.suyu.planetio Framework service call android.app.IActivityManager.registerReceiver com.suyu.planetio:local -
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.suyu.planetio:localcom.suyu.planetiodescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.suyu.planetio:local Framework service call android.app.job.IJobScheduler.schedule com.suyu.planetio -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.suyu.planetiocom.suyu.planetio:localdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.suyu.planetio Framework API call javax.crypto.Cipher.doFinal com.suyu.planetio:local -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.suyu.planetio:localdescription ioc process File opened for read /proc/meminfo com.suyu.planetio:local
Processes
-
com.suyu.planetio1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4294 -
/system/bin/cat /sys/block/mmcblk0/device/cid2⤵PID:4320
-
/system/bin/cat /sys/block/mmcblk1/device/cid2⤵PID:4340
-
/system/bin/cat /sys/block/mmcblk2/device/cid2⤵PID:4358
-
/system/bin/cat /sys/block/mmcblk3/device/cid2⤵PID:4377
-
com.suyu.planetio:local1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4422 -
top -n 12⤵PID:4520
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
512B
MD5d590a4dfffc6d4c561dc7df5b4a2e269
SHA133418332da4b337228cbbfe92b81ce3d0c5e49da
SHA256a078ee762c51acff7c9f795a0016ea2dbe6048c360a78ce8f13c87f9703df771
SHA5129081b713d65758e03773275422ae04a94028736459572b99a284c126c14b9fe41b913cf4b70a5ab80ebae0cef99130812478c19f1ab4b1ce7250fb489a6aea42
-
Filesize
56KB
MD5cec425a83d0d7dded2b0e5ddefeb65f5
SHA1488ceecb231713aa11d0518f61282f7f3607f6f4
SHA256fb94a5e5012d5743110d7c5a15d7b82633279c974d135d85054603c43b11b0d5
SHA51275e84638049143768a50b0b4d3b68a022d4723e673c64e327ec856531430cb1fc329d0d45801c785ef4736ca2d740147f35a9690827b626133a039176562d635
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD58c30437fa221b68df77472d5a3a7c73b
SHA1f8258c83582834d536f9e27d8573143f0238a82d
SHA25654d7686b4607fbd47586529a4e023209336d58081e194e1628bef09f8563826d
SHA51227665f9984730ca9db9a651354500db6d3629e920a2fcc39e19bd4f01e7e70420709aba4a449b0afd94ac927203418f70af527a512625428a479b88fb157ecd1
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
36KB
MD5e9d50ac8cfd658e8d9656bd3ebb418d7
SHA1d6579f69e3110561764671fdfdd403ac5a9c4844
SHA256ebd36c29d3af1262e00b7468a31681b84253d3b542335683b7fdf680727df690
SHA512e9ce0c5a41486de64e829c0b4883686e56085ad8731b9e9acfae69f3078de6b6a1441352c4035e15d8c7c89ec1dc55e912fb1d0779df3495425a6e06f34f021f
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56