Analysis
-
max time kernel
170s -
max time network
189s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
18-06-2024 08:49
Static task
static1
Behavioral task
behavioral1
Sample
bad8ff787a9b045af8f1b077cdc780de_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bad8ff787a9b045af8f1b077cdc780de_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
bad8ff787a9b045af8f1b077cdc780de_JaffaCakes118.apk
-
Size
12.2MB
-
MD5
bad8ff787a9b045af8f1b077cdc780de
-
SHA1
af6be96f9b6802b1fbd891dbe3bf096bffb2c05f
-
SHA256
7fbea9dfecb8b9838d72c7fb94af516954884966db08b5d518a411e6be0f6508
-
SHA512
57bd81a5a3c49510c99285894d1c8ea7598c73b1426b623fc5d74ca757c83537fac858095f125a80b3471d19011b4e3921c250c108c76e192267a86595cefe01
-
SSDEEP
393216:vU+3GvvQzSUHQMQFwsC4OBpMdT0slITUT8uCH9:soGvVUHQMmpCjBmJ0GITRd
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 9 IoCs
ioc Process /sbin/su com.mobiletool.appstore /sbin/su com.mobiletool.appstore:push_service /system/app/Superuser.apk com.mobiletool.appstore:push_service /sbin/su /system/bin/sh -c type su /sbin/su com.mobiletool.appstore:channel /sbin/su com.mobiletool.appstore:channel /sbin/su com.mobiletool.appstore:remote_proxy /system/app/Superuser.apk com.mobiletool.appstore:remote_proxy /sbin/su /system/bin/sh -c type su -
Queries information about running processes on the device 1 TTPs 5 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore:remote_proxy Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore:push_service Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore:channel Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore:channel -
Requests cell location 2 TTPs 5 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore:push_service Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore:channel Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore:channel Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore:remote_proxy -
Queries information about active data network 1 TTPs 5 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore:push_service Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore:channel Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore:channel Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore:remote_proxy -
Queries information about the current Wi-Fi connection 1 TTPs 5 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore:channel Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore:remote_proxy Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore:push_service Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore:channel -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 5 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.mobiletool.appstore:channel Framework service call android.app.IActivityManager.registerReceiver com.mobiletool.appstore Framework service call android.app.IActivityManager.registerReceiver com.mobiletool.appstore:remote_proxy Framework service call android.app.IActivityManager.registerReceiver com.mobiletool.appstore:push_service Framework service call android.app.IActivityManager.registerReceiver com.mobiletool.appstore:channel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.mobiletool.appstore:remote_proxy Framework API call javax.crypto.Cipher.doFinal com.mobiletool.appstore:push_service -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.mobiletool.appstore -
Checks memory information 2 TTPs 3 IoCs
description ioc Process File opened for read /proc/meminfo com.mobiletool.appstore:push_service File opened for read /proc/meminfo com.mobiletool.appstore File opened for read /proc/meminfo com.mobiletool.appstore:remote_proxy
Processes
-
com.mobiletool.appstore1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4300 -
chmod 777 /data/user/0/com.mobiletool.appstore/cache2⤵PID:4331
-
-
chmod 777 /data/user/0/com.mobiletool.appstore/cache2⤵PID:4353
-
-
com.mobiletool.appstore:remote_proxy1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4570 -
/system/bin/sh -c getprop ro.board.platform2⤵PID:4931
-
-
getprop ro.board.platform2⤵PID:4931
-
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
PID:4956
-
-
com.mobiletool.appstore:push_service1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4778 -
chmod 777 /data/user/0/com.mobiletool.appstore/cache2⤵PID:4819
-
-
/system/bin/sh -c getprop ro.board.platform2⤵PID:4976
-
-
getprop ro.board.platform2⤵PID:4976
-
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
PID:5002
-
-
com.mobiletool.appstore:channel1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5037 -
chmod 777 /data/user/0/com.mobiletool.appstore/cache2⤵PID:5075
-
-
com.mobiletool.appstore:channel1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5144 -
chmod 777 /data/user/0/com.mobiletool.appstore/cache2⤵PID:5182
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
269KB
MD520f899c611404e18497df26c35a9df1b
SHA1e272316aa50c3d6d20499c38763e5af9f1a71541
SHA25645c7b880c48a96aa0c42ecb59809d760e260d716deb9ef8a058d53e1a0e36fe3
SHA5120d33d4c7eceaaf923e39ef4d5f4e9fa04c44b4709fd03b008d3653669d02a71734ce888eefdb793572bd7498cba86e55f27f3735d9a39559ae9578a90805e1de
-
Filesize
28KB
MD58e507783223e7bcac311ed120cffb9af
SHA167a2f17439b61432941a605dc896654e220914c0
SHA256ee5b8aae35ef96a8f28e64cfd02d67b7a47f5e567d91f52ad51a8e67cd08e241
SHA512580a6653aeeea1b917a08e65b8bbb47e94ec35508de739234551c9f7d3af5533ec3ce3c8ad13a655d96b990c83ea0acb8d60e9397716987cd11d815a5f87cdd7
-
Filesize
48KB
MD5b2aa91e8c79550399f27bc4649166fb7
SHA18bee8cdee9df682df7a15a1b7760286a6aac3e77
SHA25693eac2856f7de2667a1b9a7f49b8306db1fd4fe78b6d6a2eb1c4650c030a5ea3
SHA512e946dcf13edd2ad88abc7f18b45cba3d97d226fa68aeae1b28e2ed5c65e83961bae9ac795365bd672cb513d0badac9d978c2b4d54f844ffa703c569cf2aa28ab
-
Filesize
4KB
MD5c290bb5bcb294f4e866f2989065a351e
SHA13d4b4e88ca90f0acd94ba05770d76c71ab388970
SHA256a81397601e6adf81d3739ce02d6c25deef56af2c2a42bd5f3615dd925742e05b
SHA5123558aea13b7134c4fcfa42641e67a8f48e51b5c4ac9f5cd11338e531a11d58df339377347d5b8b65f35c334c265397026264ddd8347f51e100540455ebfad61f
-
Filesize
512B
MD5f42debc12bf808ef83d10c6efa6b4389
SHA16cbf7c4bc36c994447b33bf7189ce1cb0b3a9866
SHA25619864903a7a069a40229dc9971ff142996f3fcbfa2508d4dcd4766605c965e36
SHA512bfaf3f80799f74b69183366bd57c3c0f5c4d907bf365a51da8c4c4d0373bde2d1ded402f6418763406148adc695ceb7229afbe2fb127c48538dd770e9bc11c4f
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
68KB
MD5f44443f2194e0de7dd0354e427de4e6c
SHA12fa28af9fd23a6cc93ad30e581703f766d71534c
SHA256a851071e1ddbffde64ca4e873189b59597bc540d34cf779f373e3ac8b1279814
SHA5128a5977c45e2859dbfa9240e6766d06616c685bbccd2f4763d6a504e8854396feba5e46646006689c7a4c8cef57710e4a1d503e9b7fcb8acdf50f78f72b87ca9a
-
Filesize
4KB
MD57016fe8e052ebe53f565badec5ea448c
SHA1ed821c8262056a6b3e5edee41efb89b8d0b10b5f
SHA2565d53f1964068bbf066dea4b547ae0eec775535505d859d85fa487d02fdfa33a6
SHA51224852e37d79d59dbb55279562f5230a8f3b9193bacd404f41a2f9c4acd9035c5a16246a71ecd3464695c2e679113a45f01c462b43983dc9a185682a5651cd3a4
-
Filesize
512B
MD5cd17b6240adbacc706b6103ca4ee54b3
SHA1645846945f2e5fcc2b6a821b1ff417f30048fe16
SHA256a9425f90e559f20b5445773e6bd2a7271ec07211b86fb3c48502584b39339771
SHA5122f616177fbd6df217b56da49f411cead9e58f65e74a3d9a29fc038ed1d79c05fdc683a51a73d3d146e620423d8fcc521f9f66bbed81cf9083c4359c5abccefa0
-
Filesize
96KB
MD56bee664cb73924d59c35692e6b8cbf2a
SHA1ca278ce990285ce035075e948141be816ce0d6cc
SHA256f6e2aeea40502c93fe081d5db34d212fcdb8c541e64ab334d8b1a8b1911972ba
SHA5124d10ff737be6a1e7cc36a62e5c1ded43e3076174498d5cc1d9e0849d93fc2a0a9db074ab9b5497de0fe4e6cbe7b108f08cc404eca7016391483cb16fe056c3ec
-
Filesize
512B
MD5420b9e66f808d66ad2c3125c9e9e4595
SHA14a1b46d0dd12433c5992c11c61cc7333a255d578
SHA2565b32b41cd2ac7592fd0669b84add1d6fa68b11a07d1a711edbf2cea2d4689523
SHA5129fe8e0a23d8f840193c942e2a7c75b7d64571155770266c7be77470ec30960f00d10662feb15cab1dc7c6f4c198ec6e0b750cf8a55bb28b306c28d4f350b0733
-
Filesize
28KB
MD5ac0f031be91b366d61c14f7ad8fd0598
SHA1327f69ba933dfa6f1e6a8851e8fc16f93a6b754f
SHA256027dfe0d6d316e13cb6a350bebad2d1a783d169e74765d94e2e5eb1f1ee35db2
SHA512fc7147265075fb1c5445644a5f5a1bc7fb11af9670e59b22a53c30c956a0398818551c323a34b0da8f8c3176bb60e0e0da41d02766d0c3b0d00f5a34c04033ca
-
Filesize
40KB
MD592743f198ece8b18c33f5d75379c1dda
SHA1f11b9779c9a4c025defabd4482b1502937086196
SHA2569f0a120ee8c29342c4a591cd70cd65155ea4fd6f22a02e537cd0a2a3828e7416
SHA5121647c427c7b11f63700ff158edaa1d0e5fbcc4d53e795d3a58e8d41b7407cedb9f3bf6c868d0237dadd79bace5e6399a43bfe8068c3839b768eb7e2c8bd3d9e2