Analysis
-
max time kernel
80s -
max time network
141s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
18-06-2024 08:34
Static task
static1
Behavioral task
behavioral1
Sample
bac57eb36e2751a82a20779085864f30_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
cha.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
cha.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral4
Sample
cha.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral5
Sample
com.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral6
Sample
com.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral7
Sample
com.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
bac57eb36e2751a82a20779085864f30_JaffaCakes118.apk
-
Size
30.2MB
-
MD5
bac57eb36e2751a82a20779085864f30
-
SHA1
2e5a84d6f45d41ccb74bfd9872eae377dc3af43b
-
SHA256
afbf5bc4fbe498d753767c18981c0a77f3a8c73601c840e3251d849670ea4964
-
SHA512
5539b2135705dac8c547f579b0bff5cabc4ac750099c3c8e2359dfa2ef0e09da8497f852f3661b84ff113667dc47a94371261e55c0a5df635e9b6e937b03f963
-
SSDEEP
786432:o1D4YkZg5w1UU8Ex2xH3FKgQLMm8Jez8al3DSgBRAjZawkYol:o1D+Zuw9iH3FVQCq8adS0RAlkY4
Malware Config
Signatures
-
Queries account information for other applications stored on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.exelweiss.stormgunnerpro Framework service call android.accounts.IAccountManager.getAccounts com.exelweiss.stormgunnerpro -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.exelweiss.stormgunnerpro -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.exelweiss.stormgunnerpro -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.exelweiss.stormgunnerpro -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.exelweiss.stormgunnerpro -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.exelweiss.stormgunnerpro -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.exelweiss.stormgunnerpro -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.exelweiss.stormgunnerpro -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.exelweiss.stormgunnerpro
Processes
-
com.exelweiss.stormgunnerpro1⤵
- Queries account information for other applications stored on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4293
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
728B
MD5ed7d418a112835a1927fd71a8c32083b
SHA18420ffe2c83c9342f58a295886edf22fe97fd70d
SHA2560fd0d2ff69825358396c9c9ceebcc05f283630c00019ee36e7df9c48a87403b9
SHA512ac03ce29dc2f8bc0aeb5c120d6e827261c12d65e56dd00bf3c631b2337a04d621d70808d157b9aeb83942af2254b04845f1fbecf524db0675095fcb00440ac66
-
Filesize
888B
MD5ecd513b5ad2991ba87ced1f7f9cc6ac1
SHA1e53cb701c9afe7892357c321090301035fa62c9a
SHA256f7f22e8d0faa5a58a3d91be54ff2f30fe89f87e073545a6efb9a1d5dc93220a3
SHA5120a34e9410cd1827687268b86c97984fedfc3f5862c7634574f1d02805725ebef828414eb630226391c192f829a89058d3d2c6ae50c86e3574ca4272296a2db3b
-
Filesize
65B
MD586d206dd6d67b444886600c988489af4
SHA162cea4575fbd602c081d86296b0a54bece447616
SHA256eb2d10b654a901b1af4f27fb67a889af95a3de99031de41d4f5be7ba714c6c3e
SHA5124ec4b307ed2b36bd7b7f3425f003376c5c55fb49b1056234253e90006984ec3b4cc9568c0accab0518f0a1e5ec1116d1e523201556535a51f8c759a983534127
-
Filesize
70B
MD5bcfedbef1d2b522290b699077c28002a
SHA1e432a6326a169e931c94a3359e5b8cdfdf3f610b
SHA25657bbad140f3f886b9d116d86cdc3972fa0de2907aaf7e4d465f212c7c5527e68
SHA51293b8daa54280022524b8497ee30128c20bb9736748307e09ab573596202f630db2ba2f58ffc9220b5d10a66ff3fd7c6383f4ba79c85efa25cd64a23e2f0996ca
-
Filesize
64B
MD50ba8638cda68980c71e2b90bc557ac59
SHA12266bf9bc7bc7ce7de98749846cd2fbdc096ce1c
SHA2569e859c83bae3a4effb40323fefc0d1b96018c0090f570f8a907fae49f7ffd01c
SHA512304765ccd8b12407bb63841b559fdd688e2b1177638a95f3dc3a66e0baede4fd540fa20b6c9b3ed49b6a1c1ed9996ad61d7155412bd6a797c5af11876e4e6baa
-
Filesize
63B
MD50c0720d70617937c3bcaebdfdda44126
SHA1ccc6de77b0c415fbe1768c4782a61755a5a14670
SHA25659fc2489ab3ee5ecbf5ecb4ac03844d1157c0cf3e496d385053d9731af615b03
SHA512f2fdb63ceea7d56fab007b836d978e0d2a866e5512d431d87e425578b744c31f70fb84e989fa12629b337b6242292082302974dec45b0fcaa9960168e135a98d
-
Filesize
66B
MD57502be5837e2b04929ef81478ecec7d8
SHA167e161e7436cbdf06c30af2450b23105cafa3384
SHA25600a9d6fc3d9a7c205da8f1c83f30523531d6aaf04f86ad5fe556a44f506b7de2
SHA512a21ef49efea0f158818f9369ddbe41a91d4f67c39a79cc1bd504115f3cc9cbee6028aef8060b870157cbc2569f7f7ac01653f1c171a409cd5c34873d18e25d55