Analysis
-
max time kernel
144s -
max time network
150s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
10-10-2024 14:28
General
-
Target
3057b4274b01c0910fe3d3e4918c1338_JaffaCakes118.apk
-
Size
28.5MB
-
MD5
3057b4274b01c0910fe3d3e4918c1338
-
SHA1
4f4c8e41d01a5f862f424e2583f609004b5435f9
-
SHA256
5449805f4a17352bdf8efcc7da5665fac8592a32e792b9158130c905dccabadd
-
SHA512
262433c5e79c4be0aaee343d78d47018d90324e3f3b0838c32a1ff9fb4b43ee8bc679c46789aad38680ba78bffa97b098fa199fc3e7b9e33844141d3785d4ccb
-
SSDEEP
786432:M4PNyyVto5fTqseUM4jzGT6ONueT+KV7q64V1UDt2D:M41yyrAOseXiwNDpW1UB2D
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 2 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Processes
-
net.taocy.www1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
-
net.taocy.www:pushcore1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD56cbd98669c47d77e7c91298933a09e14
SHA1778429bca3d47dd7a6e15e67c696e0a6ef00f957
SHA25625ce8b5d975962ce42df151e7e40519d52159e3233bd818b40a3f3f090f72834
SHA512d1413070636d4be602f2c086569e13790e7c1aa85d7258c8ffc85ffee6dbd34be402b28024cc6d12f461cb3ec6a545fde9567733f40ef3e493763f872379f3f7
-
Filesize
167B
MD5558361ec344778544e6838cba249e6ce
SHA1e512ec1d810f8216f00b7ae0d85db7422c724213
SHA256816c1cb616d1f68f1509a40f3a300c40efc31b44190bfd8b90314bd22460957d
SHA5127e753e8074ec440ba3556286a123aacd528c8cba81ef19d35969a98c210fde6b3e3707acec6874b46184b308a19126954832189e0e638c1d5c983ce8d8ccbacf
-
Filesize
213B
MD555cbd20caa6303034217963c29b4ae05
SHA15aa623a23f7e69c81f33c097681f1d49d508265b
SHA256aa0460a097b8c9011d3d8a35bbb38c8007388f4665e40eecc97afad809930695
SHA5127910e7fa0e02422a0c2831a6aa9dbccec478157de77c6dd6cb7fa097a8ad6bf0b9fb5cc340fc08f8fb4d15b3746f6f64665a3f60490c51489059ba9e6d373baa