Analysis
-
max time kernel
15s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
18-06-2024 08:48
Static task
static1
Behavioral task
behavioral1
Sample
bad861f273403532bff062f27e1da977_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
bad861f273403532bff062f27e1da977_JaffaCakes118.apk
-
Size
2.4MB
-
MD5
bad861f273403532bff062f27e1da977
-
SHA1
90f914fd09192840a5f122922cdcfb9ff72a42fa
-
SHA256
0b40b14c589ce7afb3e51b172f11ca46616c4dacc2e8260e985aa8b6a5095f06
-
SHA512
8fc7ea475e8068a849288449215b4a36a063abd4ce5b6c2da36e330cbb7a9b6672410555d2330fd5de8c3c123a7c0312400a6adab761b1dbd080fe73c922c2f0
-
SSDEEP
49152:3ll89PHJoBCwYB9w6FKJqyObe5sZw5nu8JuiU/MQx5o7iGLhFksJ7BD:1lcgYXw6FnyOauWId/pxOLcO7BD
Malware Config
Signatures
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.zerdsoft.haoxuesi:emulator -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.zerdsoft.haoxuesi:emulator -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.zerdsoft.haoxuesi:emulator -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.zerdsoft.haoxuesi:emulator -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.zerdsoft.haoxuesi:emulator -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.zerdsoft.haoxuesi:emulator
Processes
-
com.zerdsoft.haoxuesi:emulator1⤵
- Requests cell location
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4286
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
118B
MD589bbfe8bf4b315f65b1fb343654698ee
SHA12270719f67403e0bcb6e4f757b62f7869d6fd201
SHA2569d19a2653cebd98378faf6189712bba80d53af5a1699f47ac773398f479fc8be
SHA5125e43ef05c8122984b14265ed852d84c78ba457864e1970a16563a91443c85ff53ab7f456bbd51c01c7ca11c25140c3b53ebf215a1c6b6a0e594abc716e1f3ead
-
Filesize
118B
MD5444dcff94349a15fd51691d591f9fce8
SHA1eac521c472f9583ccf89d6dee19c73433a86f1f9
SHA2565e223e57598bc0fcd4853c53a9dfe68dd321875c88e3947737e48cd7af5fb783
SHA5120a9a8bd6f4b858ffade8dc7e722a688bf6af02ab0eaa4423d49a06c58ad29c0a40709a76e2597228f2d3d1595b963555eebe13047df95a11f474cc621af1566a
-
Filesize
2.5MB
MD529be29506a4c4974fd0b43292cef6cb0
SHA1ad218443a2ef87a7b10139912c60e97aafd8edf7
SHA2568e76342ffcffe00d122aa6d6d7223e7c44c33b17bbc1dde8af545b9cfe8b747d
SHA512326d7de2dc99bc8aa6450129a14f6e4597fbc2d137e0183641f577e23e294b1f0b43451fe836b395ec245a912187228d16224b75f98d50c71c144756a22d5f30