Analysis
-
max time kernel
130s -
max time network
147s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
18-06-2024 07:47
Behavioral task
behavioral1
Sample
ba8a46aa790858a5bcc32aa246fe5779_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ba8a46aa790858a5bcc32aa246fe5779_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
ba8a46aa790858a5bcc32aa246fe5779_JaffaCakes118.apk
-
Size
31.7MB
-
MD5
ba8a46aa790858a5bcc32aa246fe5779
-
SHA1
9632d8d0912b695f049136ef9b76726bc08e87f9
-
SHA256
675a8cd1a46f585524f9ddd52b5be83fcc05de50a9e85ef50d802ad94177b770
-
SHA512
4526d43b7ded4f945500d89a1589e61da15a89b26baa922edc102faf5ee02deda4b9547c3c938f49344989fcca9e7efcf3d56ea479a57a362a92292c6ece042f
-
SSDEEP
786432:MOsy72TogXhkI/A5R+XYiJNZTKGelHpGv6T4P6Qh6TivT:MOZ2UgXhd/AHeYiJNZTKPlHgMO6Qj
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
Processes:
com.suyu.planetioioc process /system/app/Superuser.apk com.suyu.planetio /system/bin/su com.suyu.planetio /system/xbin/su com.suyu.planetio -
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
Processes:
com.suyu.planetiodescription ioc process Accessed system property key: ro.product.model com.suyu.planetio -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.suyu.planetioioc pid process /data/user/0/com.suyu.planetio/cache/1582435991586.jar 5054 com.suyu.planetio -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.suyu.planetiodescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.suyu.planetio -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.suyu.planetiocom.suyu.planetio:localdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.suyu.planetio Framework service call android.app.IActivityManager.getRunningAppProcesses com.suyu.planetio:local -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.suyu.planetiocom.suyu.planetio:localdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.suyu.planetio Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.suyu.planetio:local -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.suyu.planetiodescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.suyu.planetio -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.suyu.planetiodescription ioc process Framework API call android.hardware.SensorManager.registerListener com.suyu.planetio -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.suyu.planetiocom.suyu.planetio:localdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.suyu.planetio Framework service call android.app.IActivityManager.registerReceiver com.suyu.planetio:local -
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.suyu.planetiocom.suyu.planetio:localdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.suyu.planetio Framework service call android.app.job.IJobScheduler.schedule com.suyu.planetio:local -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.suyu.planetiodescription ioc process Framework API call javax.crypto.Cipher.doFinal com.suyu.planetio -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.suyu.planetiodescription ioc process File opened for read /proc/cpuinfo com.suyu.planetio -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.suyu.planetiodescription ioc process File opened for read /proc/meminfo com.suyu.planetio
Processes
-
com.suyu.planetio1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:5054
-
com.suyu.planetio:local1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5250
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
3System Checks
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
20KB
MD51bce37c0dd72e2999a1d637ac4179ea3
SHA168235eac7140556b54c5a79c493c2c8496d3398f
SHA2569aac4c5d36091c803633ae14681dcab951cefaa39e70c4d84b8e43462fed15b9
SHA512c70b30014f36317c9657709509bb76668247098a0b55550164730d13326b296ec7b36735df528908ab98b421982aa283d0350cc41df1002bfc6820ec459d6584
-
Filesize
8KB
MD53a00b229d1810502ef4350aecc3901a8
SHA17b7f3748e6c92065bfc67b1d0cb6809751896215
SHA256e1f113930ee547a2a3d1ba309e2d078c3b2c6c1e809bbf8d97700cf4f5e4e3c8
SHA51230a2d881b778d2b89c900444e3624567bf5e018bfee9cbedab606545d3ae65a5746cb7b099b55bc279f0ecc08c0a69f062010aec43e38c2bc5c56b2ce153367c
-
Filesize
8KB
MD5a0ae091521478689a57e9eb9f4d8fdf9
SHA1c5bcbcc720e345044e6d4ddac6a37600331d463d
SHA2566fbac34d40d453a0cf106ccd448b6b03128721d40698c73311a393e7ffcab844
SHA512ea8e47986897113c67ca9458c99b104a44268e96fe2686775ed1c3c43baffe3e3613378fb99f78b1e84cec63da43d68f8a38fc3a2525422c40f6abb56f1eeff2
-
Filesize
12KB
MD5b81c3d0fe4a0cb53957fc52bd2cf208c
SHA18f274334144efdd58bb0e9a9e3926c82eaffe662
SHA256b1537c7eea194a9cdd4e952a58197903e1c040e70c93da634dcc3fd65d9799a7
SHA51202e48bf44fc4e7b7b02f9e97cbe91100d8fc700d3e81daf75fb461795a716f797061b6f3b53aae3a8c70afe0ecac4c39f0b1ac0d5dcde88a1b35b1b962f36b20
-
Filesize
12KB
MD5155df72e80da5186efc9b84532f6aef0
SHA13b46fe2953c98d42dc0578ade8d37b088a78df23
SHA2569ae1182e071e4fc19afb4b5c822478f39d62025d100a027df8fbd0882d92b332
SHA51226397d28c24f5aee300679d73ecd91aac507f25f62ae1e3c5c61876419265938160cfa18d0745861e90e6e18438476990cf199ba60887edcddaef0359c75c4ba
-
Filesize
12KB
MD587547e7f5985be49626f0048d8dc2812
SHA135c78408d058735747b6f51d3c08d8e94d63ea14
SHA2567d4480c2b869da5a7eccf1e0f9db97ce7d981e43a0df04fc05381daa3f753c42
SHA51288caac6758dde327f7f160c86fe2838ef9b655810c2921bb7f5fd870fe8411e29faa67207c34048e43a2b7a44c2448ad622b822f6c6651006813417e94b82a70
-
Filesize
512B
MD57b008e36cd22b328935eeac1a94e5b6e
SHA142f98eb577531797462b09d732f571f5ca79c327
SHA2562f08e7cdef5949eaa7894698cde9b461f9e178bce096f0f283f404194e70e496
SHA512b9808312336e4680e72873c3bddc35c3a474b2d7ce6245dfef9aa16b2d2cd3e3ef5a7f0ed8909b4973a77185cd313464674696a8be83e6e94a61946592437922
-
Filesize
20KB
MD5aecfccd8e060084b828ad98f12551cdf
SHA183ec90e832abba23e9682622b614650f17551839
SHA256c6e389d753bcc632bfbe23437ae7e7dca04e5abb6b3c8ce74396fe956d321ba1
SHA512fa93302591d9dc84b07fdae01bf8791d6b0e33eaaca3ae81dc8ec616e8c38e0f669b35fdff68c7c71dfb8eb06fcf2a933e9aabed56bfece0de2e9a5b80de6c46
-
Filesize
512B
MD5b64f67d180b2bd5c5d3d071f97419b43
SHA1c07dfb0004b4ba1bbecec85a3f210fb359d7928e
SHA256359bce318a6195b0841e6a3ac4af50a7ccf2c0f8a5e99d804404d4a5bc017d50
SHA512270b861f40a50c37ca3724944eacac9f8b6bcc1589e912f7d5eceb771c404c2643e98e4de4cb61d46636757ab3f6eed73fd673287887ca865e3e30c43308ea89
-
Filesize
8KB
MD51c3bac706d99e499b2984558ecc1c746
SHA15c39a0cb99cb02409217870450396812a1c1ed0b
SHA256da1091c62018dd61bf03cff89ef77543dea8ee04199248a884a2fe8aa0f97acd
SHA51289eba9031b9a3e7dbb43df497cbd6e18f215efe2ee7be004bdeb36ef062b18fbcee6ad37c74f83b89a7127221c66e5a488cfe1f1a2607a92c949c5ddae85b4ba
-
Filesize
8KB
MD5fa19bf0eb57883412cc3aea498f46420
SHA1885baef0152d6d165e9b0014992155e3f766e78a
SHA25620932d90cd74a234084d07e1f3ff55eb87799320763e9f0c0327a9d664c47bae
SHA5129d28edf0570cb5f3912bd8c50a0f387e919186dd2dad3f6fe6fa665ae6a23e251e89b498efac2e5c941ae4ca2adce69966ffbb2c2c6024623d09ec14a37ee59c
-
Filesize
24KB
MD5b23fffcc2034716d52758db8b8abaf42
SHA14131f76bc279a6f72b120d12c264be4050f40857
SHA256127897ed1eb8ae9b73653d271cf4af991143e661bd38f632595b85ceeb10e320
SHA512c421ffa5d8cfe842ecc28202701c7534aca139fb6f4c65b7274f8350a705a0441297bd81962a3338b6e5206bca952b8c487bb066ae8eeb1cc8602d8375a8591c
-
Filesize
12KB
MD5e227d3d93fe5d4833e52c6e2148b67cf
SHA1c5966f7ed7873be8b4653890cd2db3d83f6a9696
SHA2566d08253dea3df96a42e42f0842a220f487e2fde677296516dc40896a55ed0f92
SHA5121c4610efeddd7344e20c693c034c805c9710a9fde4cef5a9941df1a3c0a5991a0c5ee3193797171ecf2c27c4ee5ea71345732350cb0d41cc000e085eeb783214
-
Filesize
512B
MD5db004e09d5111b2a6ee8cfa53aec58da
SHA113098d71d7615e6a61282c67e829cd35753988d7
SHA2568decf3462ebe9060795f20b83317ef8a0a33b543e24238f9d205cb8609f0ad20
SHA51209908aa66755b16a5377fddd126eacb848e3b7c850423eae358eabb3f29af0ea50a580a0d98be6c761df8aa893906a0b98c4b2cd3b2cabef57aeea81796f31f7
-
Filesize
12KB
MD557d4ca7ca3ad0d3a0f92e8d1926ea644
SHA1bd760bf51fabbb8b6f24aff12a653e16c19fc3dc
SHA256ef10ba6416c8e0286fa1948b51e8ceb458d9a4a7cfedcc2a8ea100463408742d
SHA512c0be398446083c08d5a66f30c58fd2ecf9ecc041f8558880ec24f219ab648ed94129c5edb6812236a84dbb41775a5f38315c76161dfc5e3483c077d9b67da9e6
-
Filesize
12KB
MD56296b1adb3c141ece5f4b154b58ae201
SHA1bc47b5af09aba5cddb8c79d1d4bef468873c0bca
SHA256e063d8cc0430a67b8109e482d7b7a11d5e0c0035d1d233d2dcd52a3e86a26c6a
SHA51202a452df30a0eaecc8c26a90c00a9e0a34acb0266695d6cd23431abe5302d2684e2b603c3b7d62cb3c0b69736df15b20f48b3a9aba3b3a6d22a14958ab401ba6
-
Filesize
8KB
MD51fe0207618c0f995ba5f4e0e1ce194eb
SHA1188d5e777f2dfafb500ed4f80d738b4ec9eb5825
SHA256935d8ed7a8ded0a96abc916b7c0f7d73f742b6609e13cfd8c729f4d9d3ad84e6
SHA5124619ed3fb40380527b21955de468cb4b23299634e4581e40f21fd1e24d786b0fa38b13d661f7f37c66b5d51e5f9ccb6071f8918c01fd395bfecae0ba098ccf31
-
Filesize
8KB
MD5af18f0519f4b3243af7ce277f28fae95
SHA17f82157eeabdd25c9c73546ceaa037f5161a3217
SHA2568be59252ab480e4bc0e4f3a8a900efbd7a8a0d2c1576058a63427aab5aedae7b
SHA51259b7503a6ba6c93ad1ddd7790afd5be38c749598de58c1c699270c54f5a7927f9f99516f0df6bcbf32e1bb1f17ab2904ed8093ff37e377c610914228fb254016
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56