General
-
Target
bc37155b3e7e9a3d43042d2fb4957f5b_JaffaCakes118
-
Size
31.2MB
-
Sample
240618-qwslrazekn
-
MD5
bc37155b3e7e9a3d43042d2fb4957f5b
-
SHA1
100605627037c460d73cf7598c2949d99fe9e9e9
-
SHA256
81e8627cd0514513e9b9b944ae33a8e4c20c89903f738c35bf12c50752db39c4
-
SHA512
6a26519cfeb1f5b6f471448aa5b54bcaa63a31ecb265b0fdac0ea98be3081810ef4fda21bf9578246b7133d652038c8adc50d2a7a7df67b9cb103aa90b99f420
-
SSDEEP
786432:iCzm7pfiwe4jGVOFrhQtoAudKc5tpU6DhfAyWfwGmhfAyWe:Z/4jGVOFr3AwKc5E6DlMmlp
Static task
static1
Behavioral task
behavioral1
Sample
bc37155b3e7e9a3d43042d2fb4957f5b_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
com.anzogame.yys.plug.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
com.anzogame.yys.plug.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
imread.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral5
Sample
imread.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral6
Sample
imread.apk
Resource
android-x64-arm64-20240611.1-en
Malware Config
Targets
-
-
Target
bc37155b3e7e9a3d43042d2fb4957f5b_JaffaCakes118
-
Size
31.2MB
-
MD5
bc37155b3e7e9a3d43042d2fb4957f5b
-
SHA1
100605627037c460d73cf7598c2949d99fe9e9e9
-
SHA256
81e8627cd0514513e9b9b944ae33a8e4c20c89903f738c35bf12c50752db39c4
-
SHA512
6a26519cfeb1f5b6f471448aa5b54bcaa63a31ecb265b0fdac0ea98be3081810ef4fda21bf9578246b7133d652038c8adc50d2a7a7df67b9cb103aa90b99f420
-
SSDEEP
786432:iCzm7pfiwe4jGVOFrhQtoAudKc5tpU6DhfAyWfwGmhfAyWe:Z/4jGVOFr3AwKc5E6DlMmlp
Score8/10-
Checks if the Android device is rooted.
-
Checks Android system properties for emulator presence.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator.
-
-
-
Target
com.anzogame.yys.plug.pkg
-
Size
9.7MB
-
MD5
1f7a6288cbfe7a3a8f6b2f7f280e81ce
-
SHA1
193eee975ebbe3f606ce922170378846b25f3b45
-
SHA256
1e205d246ae3df4a9f784195381db6ea9e41ce6a2ce5075d60feffa2a1d7afd9
-
SHA512
f38f39858630eb8562b38d090a798826cddccd5e21f74a518582f54d28bdc168511baa976f24fd28e1998ee10a6047893c53267a458ba187d5182fbcb5ad2129
-
SSDEEP
196608:x+IA2rVEtBiy8/ZTdabRB6IqTFmfjSIdutWdQssyawYwe4J6tX9aXiA1:IIA2q6x0bvpfSsyFwem6na91
Score1/10 -
-
-
Target
com.anzogame.yys.plug.pkg
-
Size
4.9MB
-
MD5
23a3b474cc7c3d28dae10ec5e0d390c5
-
SHA1
0ccf3b85d448870bae27352d23b30c29033506d3
-
SHA256
dd2ccf65b2789ebc97451be1d18a087028030b05aa443743f9410e9267a89536
-
SHA512
e4679d27d3391ecd99aad246960201202705e2df622275637d0e34cd4aca33412ec4ec4036d43a1d6af77587cd8767cf1d316fbbec12d82deee5d4c48c13dbf8
-
SSDEEP
98304:g+ExGn8jqKSIN7BSlDpIzBLA3NS0KgGqxAWMY/oakbD:g+EsnrON7EDpI634079xJ/ga2
Score1/10 -
-
-
Target
imread.src
-
Size
1.3MB
-
MD5
df2ae6129a8f0eedddcf8d8157d45c25
-
SHA1
3a36f636f2324d98a90aaa2bc78dd769026dc4b1
-
SHA256
0a7fdec3cada01027ddb25e33832374d94a8a1bdf3b634901640d1d12c995348
-
SHA512
199110ce7650b86688fcc32504224780a4709d01ad37d307e3939d9f7bb48d74fcf47d92e4deec41e595ecf76d7ae22cd48de33d16dfbcd0b29b54c2877f3134
-
SSDEEP
24576:NfryxzHpeNa9qLimWewmThX2ijMmA+0ZzaJjOSIkZWgBmF4/A:xCen7Bw02NmAHZzaJjOSIkcgEOA
Score1/10 -
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Execution Guardrails
1Geofencing
1Foreground Persistence
1Virtualization/Sandbox Evasion
2System Checks
2