Analysis
-
max time kernel
24s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
25-08-2024 19:35
Static task
static1
Behavioral task
behavioral1
Sample
c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk
-
Size
6.1MB
-
MD5
c16db227fb29787cd2158fbd7a812248
-
SHA1
5bff97136838756b6090a2af44fd43a3eff523b1
-
SHA256
b34c00722df5d523e7197690aeb8fb36b38af563793aa22acd14567553f04241
-
SHA512
a988e527e5d8cf18cad465176b7164144441c287b6addabe31ec17d5f498c008eb387344c68a1e474faf9a8f1c326cb4f8ced9b441118b41e96cbd127e88e9c7
-
SSDEEP
196608:fxhozeKrsCDmZSMwAvRYvPvXb11+Igf0Kl:fMjshAMTRkvXSIgf5l
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
ioc Process /data/local/su com.Saapart.SW.hack /data/local/bin/su com.Saapart.SW.hack /data/local/xbin/su com.Saapart.SW.hack /sbin/su com.Saapart.SW.hack -
pid Process 4246 com.Saapart.SW.hack -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.Saapart.SW.hack -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.Saapart.SW.hack -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.Saapart.SW.hack -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.Saapart.SW.hack -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.Saapart.SW.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.Saapart.SW.hack -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.Saapart.SW.hack -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.Saapart.SW.hack
Processes
-
com.Saapart.SW.hack1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4246
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD5aacba895901558d575a5687c20f46d74
SHA1bacd9a6f2f61b580b384c3a325e97195ac39c3e3
SHA25638b048844222278033c9ebf58af7486db1e8723705700d3d568670dcd7800567
SHA51240a0a1bc655d06de510913a10d7344930cd9e89ffeb5aacca07a12033dfc54e871c6d94aed16024c393626570e12b634320cdac5ba0ab25c024409889c9dd3da
-
Filesize
52KB
MD5aee1686f3f6854c4db36ff066acb1c40
SHA1e6697bedcb50c55036d71beecadbe5c7ff6b1d03
SHA256b0a55a70117b68378ec1b0933de2d5509eb77e45dbc82e779aef828c79f8c992
SHA512a68ae7d2f5f0937c1e63f422ca621f43616e6b5003c6f4acfc73fadbca16f11302d59b83e228c119be9413b6e1404941717924defa9cffe8fb83ab92fae05842
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD59ffc93153c71bb12a448f16c21602888
SHA1006c08be85c048924e3fdf270f4f36cb2ffaae62
SHA25633f6f00aa961c421e99a24f68c6c37cd81d96bbf9f40ba3dcaf94e7cb403f4d7
SHA512a2914329801c363245f98e5efbdc03898a6a8303b0368fdc5007bd51b91755348a0e41fdeb503301712faa4f4eaa46a45955aabb219d59c26ee92460af4ba39f
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD5a1f936d001711484749599c4464958c2
SHA19d05ad1a60abfb1d8d1f8b7af523ec60c53c821f
SHA2560f7c53cc85f679a95f9c19f44909f59688e4c959ebdef945a0e93174e3faf5dd
SHA512cf67291a55b0bc584aa25ea1221080c36960a2e5f30eebb5ae822d3e5792fe2d8210d7952f6b8d26d74d807d416b69cb2e0582ead765ef42c6ee4f1e7c6dbc41
-
Filesize
16KB
MD52c3b2349cded50bf6f9872ae4ffd742e
SHA15fde7376537759fe169bb8c83294f6318531c8c9
SHA256174848816c434c80ace52b69b0485cbf78977c6ca9af59b1bd530b3a852914fb
SHA51291fd28f2c021a7fe928cc358fd26c6a964851dd84a0f857eb3dba54c30a3a7d6edb48d93ac5f60405a8c6a9e8ee4770f95b71c8236d9e765fe25d0001949fe84
-
Filesize
16KB
MD505ad1da62cf22a07983101be3110361a
SHA10b024f5afaf13180174c5a716278cecf6aa96d3f
SHA256c83ed5221bba427b5599d4bc1323d47c080b845b3643409cc278f1031d32ddaf
SHA512ac1e8026c48bad62d76abe82827ff00ec612d3a0e37e1bbcf60ad93d566b43b8321dd4121c4ef6b83873923fd33501a57ce060765d9abd9f0bdcf3ed1266f56c
-
Filesize
16KB
MD500327b568adf862952234b8d28090a82
SHA1fd95b0831ff752522b72898d4724093311f02a0b
SHA25687db2e7eb574f906c1493bca10c18f55606881bfeb71f015a9687a2a899454a9
SHA51275696acc5df9977e0c77d0603da08311eacf79d5a137219cb5c2b8b6b71d1dc14b3817fe0641591fac4dfc777a49f28747a4c1dc82a6ca79151e016b6a54fec0
-
Filesize
16KB
MD5eb5bdbd72e40a27555c7c81aa7805d01
SHA1063f29ca3e207876f998f82b539da8da97c736a4
SHA256d71823968294cdacd773df7ec15aaaa5f8f7ffea8677377ff0c685cf3a58ef94
SHA5120f2077060c52093a443fd06896ce6e13d8cc25f8020413b402fc93044ab8c1153596b07623e9d689e1e688ab23fa750c8f651ef813a883a54d1e2f40a5ffd1af
-
Filesize
16KB
MD544693692da738db6eb133cf0e4cde91b
SHA1e6bda56494c325d8d37ad89552263ae85d9b0550
SHA2568fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4
SHA512b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
512B
MD547cc9995e14d8997eab2b3cc6017417b
SHA15beb74ef22edfe1a4dc470ce017e7b69955561fd
SHA256cb1f42ce3946e599b2d3f4557e20403d02c31eb89d12564b7cafbf4758db22a9
SHA5123eb36dcf7626c44effe52f1b630d717d0f34c1b002f15ef1fa0b75bb86d7116c23910709e6f89907b552883d0706eeeb70ad7fd7db97b02f66167586c01813b9
-
Filesize
36KB
MD5b1320ef658d030edd098e9ea9e030bd3
SHA180bfe7ec2cf08451e17681a7566cf3fb166fafd5
SHA256a12b718a29b3949c9b6608f94517915fa8646cea9fb8284b8ac08e7d95f283af
SHA5126078305579f515bd37f8dbd3689e84e0da168b59fbcff360fb7d281d8ea3afe25bae7cc45627afe5367e9686fabb5e9c85e5c90585a7b34ee4bef80a87ef40fd
-
Filesize
4KB
MD52a386f59891ae6270de125639e0c95b7
SHA113690dc87092badd1a5e4b2f5bca3468975596fd
SHA2566cac1f319fc6117bb6ad1c0d86f5288eee5fb1f3a1e166e928686d5945f74bc2
SHA512f54744581e8f93fdd650f48a0cbefb7cdff4daa71f0795d80fbaf5eaba9c7035de3fa0f1cec380f281406608ce551bb68b25265a3930bdfa750366eae798fce8
-
Filesize
4KB
MD55528a46e209f2d2871eb1e8e34cdf9da
SHA181c75fe7cce50e18ce2c4448ffd05f4f4dcb96e9
SHA256b971c674ae6a799c255da25f85c26043482388d1ab710f06c5f62758b7f8e243
SHA512a83e1395f0acd9cbd3eddbaf8c546a269b802582ad439797e79b2970d1c2156813fcb19eb8add3334e1787e2f486ac3852803db2a8c551b5dee5b2aca55ef083
-
Filesize
4KB
MD5e35580d9b7e26d164d9327f5b8d292b5
SHA1c3d5fc03a19197fb81078be2e8af5f0da1fcb421
SHA2561eb1a60546fee2a7206e2257d3fdce45ae17cebe31ca4e9c33dc9cd374a8e568
SHA512ccc22e3e035d23e88bbcb9facd3208d47b5fa8a26bb2ac54612bb9bc6822c071cf8cafdaba5ea103ccf948b43655c555d14a394bf657bc8dbb01a0c9af840c67
-
Filesize
4KB
MD598dbc860505f2c997b2a4f81c953ffd2
SHA1d21f934fb746c01dfd7e178464183754f3744305
SHA256960aa671de93a85a427ed7474d38d93715d6a27e8cc3362a9a476e5cb63f561a
SHA5120eb3715cebdd0d9f5d0597c50cda0f144e30b231d304cf74899a9cb92844dcffaf6215515b33daf4351c36b6b999a28e56022407f761557bce1d4f48f8eac01d
-
Filesize
4KB
MD54f8c10880a824aff2c8a479ee425c392
SHA199da4b4a5a80ce0108793cc83791c0de1dcbba2d
SHA256092c924e94c9598751069a2486f754957bf35a64d2616cfa65352ac1b590e859
SHA512107828d8770786d73beccec1dc2cafd07acd7d365cc976443a3b970d585bf5f810d9c898c80c0da777122b2de44619354bd10e95da8ebb533e7ccc87df7b0cf1
-
Filesize
2KB
MD58d7609411fd96794fec5521275de95ae
SHA1fac7f5df2c7970809f130d6ae2a4ec13721540f4
SHA256133ff17b544871d6a6b63fd57813bea28c7c6a174e33aa40a5473f659dc4967f
SHA5128fd1bcc3041c31dd68bb9f0d13639bcbabd2009dc22d03deb764de77f9259124075cff6eae1acbba00ac46dafb0b1fbc4257e67a256f993e23f054c825e980c9