Analysis
-
max time kernel
149s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
16/10/2024, 03:25
Static task
static1
Behavioral task
behavioral1
Sample
4b3558a7df4fd618b3dfb843f49d2a9f_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
alipay_msp-3.5.2-1000261.apk
Resource
android-x86-arm-20240624-en
General
-
Target
4b3558a7df4fd618b3dfb843f49d2a9f_JaffaCakes118.apk
-
Size
12.3MB
-
MD5
4b3558a7df4fd618b3dfb843f49d2a9f
-
SHA1
f88f6431b9ec4653875737f7127ae463a38f1592
-
SHA256
f67f6b9ae0caa88fa51171d0acafaeabc98855828a9b6978fe1bbfab53fc6818
-
SHA512
59814bd47c31edaabb9c6eb644f1008d89f0c6cd482408a7db8119b1cc84ab09a6170ff3a68a70e39a62ace4f5e7061d9db90d659a6dab07c491619fd2796548
-
SSDEEP
196608:hG6cgK39kSOjcTkY8tlXxKXXCXLNe1bvM+ZWD0mOaYWAvNE/qLfDv52n:BK3Clj0b8tzuy4bvM+ZU0mONE/qLfD0n
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.duomi.android -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.duomi.android -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.duomi.android -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.duomi.android -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.duomi.android
Processes
-
com.duomi.android1⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4242 -
cat /sys/class/net/wlan0/address2⤵PID:4423
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD54a5f67889cadcb187800208c08a09585
SHA1f8c09c6546f25dbf838181a14b29414c13392ace
SHA256394a598e48efd8fbc58e97a791eca6830651fae9978f10b086b15042cdbf4f96
SHA5124beb386935640d7a81000b42e8c6838509343be717d63e07f5cd02cff797617454bc9d67104c07f5aed5e3196232d9fb9586e54883d54257677175d7dcc3c2c7
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
64KB
MD56196a64f32c670fd2b1f843d9ebc49d4
SHA129c4b7b3cf843803c86a2befb057df300271d299
SHA256d01d1b4ff34b29798a81d1e845684d85db2e419fc189f58e835d0af265ccfefd
SHA512ba494fb52c1e103f0da2a8037cbc5daabeb21e4e464a6d2d0cf0c1eb30de52ee3902d7d56f8474aba60a3304d557835dcc7d4bb8a7b51a97cd8b6949a1f9fa5f
-
Filesize
7B
MD5dab5e7dd9aa3f42e12d33fe90ddc4ea3
SHA167e3fab5acd5c296ecb61f3d57f294c8ff63164e
SHA256263b57467ecb14e1edfe982e39aa1253d88e6763a071568beac717ead1b729b8
SHA512d0aa3c0162217b9eb5765e38196910aae2581ab152efd222ef59be495d5ec27ab4ed637d30b490d9492c983b62767155ba2e31a8906d4dc5dabd0ba4805412cd
-
Filesize
26B
MD5ca3b3b7a6a624037f3a665d09e3fa3f4
SHA16e95464ec529a27f42d713944c0215514427342f
SHA2561f584ea8bff3b311c742a133b75235945dcfa9a5fca0884d9e826e25e9ca4f89
SHA5124ac022feb32044f8c7f512fdfd6efb1f1495d3f4317ac7316f17aa95deba75cca5602fd6d9b5151a4cfecbed59e1a0c769dc0f671f963f2eab667c57842f179e
-
Filesize
673B
MD59a52f398ca8583b5217d4bc432264531
SHA15ec8370e55b344731b7faea3750099d02206b988
SHA256f720fcd587b2e60d97534cada8aa3b07bf8344bf6a9a496635c2f8982f887943
SHA512131103a03ad755407ae28627799e5ace3141708ae2be3c97a5b672a1f66d9bc2881168c15724e2085757b10dae5edc4ceb796b1e79a5f93411d408bb5bdf5618
-
Filesize
16B
MD530cac26d3a08ff195061078ca8b4ed4b
SHA1ea43602f8a9e803559c687ee5c14fe13ca0ede0d
SHA256515868e15d76248088bcd2b4cfd8b79450c304f079bd8592b248b58190c405fb
SHA5129682f1b1574c4eea9fc531b11c57a4049d26cbd0ee19e3fb43d140ae6995c4d2ccba577ac05edd19a46dcbd795cc266b45ba06cce04fbbbc9456ec6c5316c827
-
Filesize
277B
MD5dfd31ecd9c4a8b68825c92f3bc6e011b
SHA1a83edfc464ea038797f1468c7869b90a1d18d71f
SHA256176ce01db7238b60cc89dc7d7b1bcfc48dfacd6d041c659f144801b3009663a5
SHA512e8ddb46552bfa8bf5b1166b0ca1d2fbe15a4bd20b50086b3425800f2f59fec751927eff28a0524f45f3c2f0bfcf796f4beee0cae096b0280687e218f09ce1984
-
Filesize
249B
MD5185033afa4aba4eccf91d7fe5edc7f0b
SHA10be56591cdaa489e8079d0820fd4ed14066b2534
SHA256120e6f1ba6e71c67753a82a3ac82916c4ff0ae84e13c41c220613495ce7cbcfa
SHA5125df2d900906ccce77fbb974ef990cf43acb4ff9c042334bcccb8e4d33bc124ec673ad49c678901e5aa04b4ad664d72521e10254abbbf3671eb7b4e5042f10550
-
Filesize
509B
MD56aef1101f45adba6f81434298f1ffaea
SHA158b549daa05c64d5477419203d7083ab9b09c957
SHA2564f75e2983979f66e8cf473b8dd5ac2fa40dd6b19f8c806c73de4bd5ca06512d5
SHA512337919e21b7b0eda6f76d7cb7991b924d4b954938c0e9d1007448d2b52f52411f2836a900b875406e0748f0ba7632b6c0250f04e4572c966c86dd8bc608f6493
-
Filesize
735B
MD51bd4119880f6422ff03b2625d29a4a27
SHA1e4c10c59f242880dd1e446874262db396857912f
SHA2560fa5f023e279e28cab332a042adcc2abe5a1dc3fa9b713e281c30a94f26cc47a
SHA512ce7b8b3050a27dc121ca89b087afcb8bc5b3c13c727e3937be3c2a42fcace180ccccb1a37c138ac7eb645691d7cbf9d82120faa006c3f5de1a0cd0e13b8fdc69
-
Filesize
962B
MD5c67c7ad39b7a806b23d77e9a256e83e0
SHA1db466ee33603fdd8cac4a96686013919df796178
SHA256c80f55ead3f5fb4dffe1c2b2948f7604e00bc2a173fbf49aa9d24565b64a7781
SHA512a2510c992d6223d25b03acd8dc0828bb5573779cee776184ea5ec258d27cf810bcf81ce39baaf5b33419b6d7653d29706b0e110f11ef43bfeab193f83a268fed