Analysis
-
max time kernel
175s -
max time network
174s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
18-06-2024 11:36
Static task
static1
Behavioral task
behavioral1
Sample
bbb8a7bd3e3a2e95bebd3f2eff3dbfc5_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bbb8a7bd3e3a2e95bebd3f2eff3dbfc5_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral3
Sample
res.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
res.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral5
Sample
res.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
bbb8a7bd3e3a2e95bebd3f2eff3dbfc5_JaffaCakes118.apk
-
Size
4.8MB
-
MD5
bbb8a7bd3e3a2e95bebd3f2eff3dbfc5
-
SHA1
073d263d52454bd8ba8f37db608776a31f8ba101
-
SHA256
655fc59ddaaf991fa6eccc1b2ade197a19eb5fc449d3be93ef6e7d3a5810ac63
-
SHA512
9dcac9ee70d3f860ad087e90f722f652e0f153f3cff63120d8ce4b48f54980152996f12d3b12efc1224276ce46f69218b31569b158e1216a03a1bcda7305b625
-
SSDEEP
98304:GEa4kgEmlKQaRYSieg4I3Usb8Q7JofxcKBJD+DL6APu17A:79kOraseg46QQClK3KA
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.snowfish.a.a.bgioc process /system/bin/su com.snowfish.a.a.bg -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.game.songpoetry.yunyingshangno1com.snowfish.a.a.bgioc pid process /storage/emulated/0/Sonnenblume/res.apk 4448 com.game.songpoetry.yunyingshangno1 /storage/emulated/0/Sonnenblume/res.apk 4495 com.snowfish.a.a.bg -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.game.songpoetry.yunyingshangno1description ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.game.songpoetry.yunyingshangno1 -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.game.songpoetry.yunyingshangno1com.snowfish.a.a.bgdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.game.songpoetry.yunyingshangno1 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.snowfish.a.a.bg -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.snowfish.a.a.bgdescription ioc process File opened for read /proc/cpuinfo com.snowfish.a.a.bg -
Checks memory information 2 TTPs 2 IoCs
Processes:
com.game.songpoetry.yunyingshangno1com.snowfish.a.a.bgdescription ioc process File opened for read /proc/meminfo com.game.songpoetry.yunyingshangno1 File opened for read /proc/meminfo com.snowfish.a.a.bg
Processes
-
com.game.songpoetry.yunyingshangno11⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Checks memory information
PID:4448
-
com.snowfish.a.a.bg1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about active data network
- Checks CPU information
- Checks memory information
PID:4495
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12B
MD5b5577bcc598ddeb862f94ef76a015b1d
SHA15342a51244981a9e164ad38825030a9e8912126d
SHA256862d8403758dc3937224838cf3e6208b0cdbbe38d0a720269ef9dbb4ffa862ae
SHA512cefb840b3fc3f4b3edd280319869c9f2157581cd465e952529e6eeda386191e2fb0234a83c092b42da65a5113b86dab0f37c61a6ecd760c77c8858b8b682e097
-
Filesize
12B
MD5b7b955f5fc9a03c8666b4cfe658e4574
SHA16b1181055c50ab2147448e0d163aaa52e135eecb
SHA256f4d17f7ac12948c9253006999ba5b9459bdd5b0ddd4e3459114cfb95c9165c10
SHA512ad44db1f97e16f3dd2d5773c4e6530aad273f18d124aad518142343d0931b42cad84502bcb4b0e1f5809393ad3efcdeca5e0b122c9ea608475c7c84a7c121e4d
-
Filesize
12B
MD58adc4ffe0867ff4e548d68dabfee2986
SHA1d06b452627b527c883530224e91290c64606a7c3
SHA2562c36e28c769b04a43ebf807dc84e9b8a032030c35add1ba9a23faca158f730cb
SHA512fc08d6ce1861a71554ef8e9030852f4fc1a3684446a11aef317c194918313bf4ece5eaa5a807360d1c95634d82e6fa4f94712e6eb119ea12413ea5b0bb6f6d7f
-
Filesize
353B
MD52c89da2a7a6b496b86282368e75ea087
SHA11ad72281b86f8bae521abc7a5c1babb522dd9ad8
SHA256bb550782dd082cca1dc649ece70305dde9dbd7077decf262b1bc7b5a7ef48e67
SHA5122228c61fc41109d22f007d6d91c4bf0a115872b0c3a915548a0a5ab23029736a9c0db9590076625dbc951d2ae2e954f271bd7d9c3dcba251461dae264687971a
-
Filesize
12B
MD524839bc7ed56803834d62ea969645ab9
SHA1a797ff62d862af127fb6571f6388ec8f54957a7b
SHA256a0740746089254e4a73b5ead4803e3388982f4239c138fc5f81ecde3a6c79d7e
SHA51201480697ac10e788f87846127c2f578f9b3cc4764f46440cbf38ae4e7c3a3d445b3828d5d871ba2f8e1d12053e5c00272837baf784f33b7c5f2730ae40c50cc0
-
Filesize
28KB
MD52c0dfab1905fd494344a096f32b96916
SHA147a1da1c249a299897201b3d63ff9bda8770eb4b
SHA256784525780b605980095a6e66cb4ba7bd6c2acfa5d315043180ff7f2992686b9c
SHA512ee1aa1bd8894de044d5446f2660741e3e7612b16f026c2c1160bb4f348db09acb3e86e814cfac948035d7050ce668a1bdd42b627a19b9203883b9564f4068d05
-
Filesize
512B
MD58b6e845ed368b60475b03f4259e6b848
SHA12ff44f94f9e92471cd490f0237d3b6daf8faf6a7
SHA2560ac8c693184dae36e98f41d2eb7c4c33d1eabc9a609e3b3c80610160fc66aaa2
SHA5124764cf54bff4b0e87a9eabd387eb120bd30462fe2d9144a06fabea79cc7e34afc25f886f94c498e2517c33ceaf73615ee61845bb4cb85e16302f2f93e416051d
-
Filesize
8KB
MD56585fa8cd2a57c11cadd06eefed62534
SHA1cf4810ac36268236a411c67aadeca499e06e3e3b
SHA2569f6426fb5a538135622607fc02f09c3b2b3dfe88759e1a38c824cfaeecad0eea
SHA512b2faf42f15a0e7d017e1f623ec25dc2dbd217bc2c0b5593a5f57b89bf22655dd68087f03256f7a979d4bfe73987d851cfb03ad3e30b7522b1e778ef20876f051
-
Filesize
8KB
MD524235d0928869eba79120d08b404cba8
SHA15dc2c5698a968c62a591d50f0934c8ffc2d46fd0
SHA2567ba15e3803f25956c4c4906e31fa6ade32b62690853b132ab5743412b7e88e78
SHA51224edde38cf891b55c4aee221137788ebfb133a137e955a1e6344f9447c379f8add6de1ec912bf74221e33ce42b90bbb2a5d9087e8ecd875d101355988a085bd1
-
Filesize
12KB
MD53c233439c5bd98b4255a5ba67d6a5a08
SHA14f8caf38e63c5461d36d5ad147d2e121de22416f
SHA256772af99098eb6e19df02ce59cc47166769d22477196dad5e7947f7e20da79bbf
SHA51249fe3783e7e2db4a5279931ee130766a00bf99fde2d852f1aec7c500db434607abc99954d4e04ee608e611f997cd3e3d2a257006308c8244f3eedd1353d33d76
-
Filesize
353B
MD5d98b9cbb4cc77f0d3ef5386da25a956a
SHA1a7b773ad40ae0e3d56c5021e70700f8f6dc9c24d
SHA2568fac61c6c2725c3c061f5c0fda1c0073efa1aab2dee30bcdc89eb06bb8667d71
SHA5122087ae6f44188b1362637046362ed4c6a707aceef2d75dfaad124857894c45d25d1d393aeb06c2ed5df66e2e5e9eda946b311d673461b532534541b6a8120fd3
-
Filesize
406KB
MD568ad8c1d196d7881c9a34b9471ca095c
SHA1be8fbb09720d561d291b373ecfe745d957baffb5
SHA25683c41cf9c785593471c1fe06b5a313064b2b354e9a7045fb6af90bab01351ef7
SHA5125981982fa2762dc341f636bcc0e7f2c1ad0995f9fe936c6d6045196b961e93a23d8a5f8665b8c089febd94cae219f9af0a9752c229a07a13012ab57a7d218ffe
-
Filesize
190KB
MD5b75811db3edc2e3e3191b01645afc456
SHA159f18af5a3f21d671de89fc43cdd2444ce04afa1
SHA25604aadaf04c65c156d76ab6fbd3b51299291da5014401996f5017fb0b6b323216
SHA5126a45476fe620c0dc3c21292069cc03ff9300e4bb6c59ecea57c5f4be8c7f35cf57c89a2f25f6f6ea58d00a7e22d8e4d3b50cda47b4c17a3ef5a9973c7dcb6880