Analysis
-
max time kernel
133s -
max time network
137s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
17/10/2024, 13:44
Static task
static1
Behavioral task
behavioral1
Sample
524201c0a1489e916d3ed2205acced95_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
524201c0a1489e916d3ed2205acced95_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
524201c0a1489e916d3ed2205acced95_JaffaCakes118.apk
-
Size
3.3MB
-
MD5
524201c0a1489e916d3ed2205acced95
-
SHA1
7f391e0b353c1b47dfd042209d64f7dec2b94a51
-
SHA256
b73ae25d0bfaf275a363a0ac19ab6d973beceb72517b1e5bc82e5c9e10760ff0
-
SHA512
120b2b63a22bb1a9009efe52d3d63ec38c645e0059f1c328b8620f1a3a0fb504dfebf07d696d86070a1f0628e8c058ec27bc1e7fe9ad4707245cea316f60190a
-
SSDEEP
49152:cjakYimaPUY5UTnBs50mWehmpK6iHQR1KP4zrX1fvpSMCB2Ru985COBtpwJBAoPs:xDimmUY5sBuDSdrF3YmUHEt+JBf2VJ
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo vn.adflex.process -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone vn.adflex.process -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.perracolabs.cpd -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver vn.adflex.process -
Checks CPU information 2 TTPs 2 IoCs
description ioc Process File opened for read /proc/cpuinfo vn.adflex.process File opened for read /proc/cpuinfo com.perracolabs.cpd -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo vn.adflex.process
Processes
-
vn.adflex.process1⤵
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4216
-
com.perracolabs.cpd1⤵
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
PID:4276
-
com.perracolabs.cpd:MediaHandlerServiceCP1⤵PID:4304
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
123B
MD5c7525193970d2036521f047aa3752787
SHA1074816f8bb1a16fbb8c5ab9715d04a36a5d88445
SHA25632d29b113ffa256da828daa5929efbacc8a7d4e9c18c3fee679cabc3d753346f
SHA5120971f60f74d15d586ff0a969f2991e6fe6b7a4c066e1ca27926087d0070f0eaf74e491c672096efc4f5fbb9e3febd09e8f66388bab8b58063c08e019e3b9af3a
-
Filesize
165B
MD52c5ad5585ccbe32c9e73eda9c8571744
SHA1ceae193b2961231cd57e205788ed5bd06bf9ca5c
SHA2567bc86a3a0ffc6dc201d5404a82527c01d95a7110ad27b349efed0c29d17302b4
SHA51278a9879501fce35f2e9fafe514be51b048989fdea24090df1606a0929a3173b302475f7049a1388d310647d2ed0f584ae1aa953a9945b7f1f8552a865c7ea9ff
-
Filesize
196B
MD57415739965b0801d81aac0955ebfb73c
SHA10e9439f43d63ec198210da3b0941bffe9f9fc105
SHA2569fefec63eb8becc8febbbd6c0ed0ad2fed4c6312545bdfda7ef35f04ab2ec6fa
SHA512677cf2127c8392d22bd0500e04698bb5b4577ff8f102ece2be7ec9b16417a41dbf568b43f326e1523b521b49936d2803890758d0824a3086c58d6684f4931770
-
Filesize
227B
MD5f8df29f7a30fc0669008b9a2b7d8aac4
SHA18d9109664b26745d11f64e3e8cc3c94dc1bda664
SHA2566e0feff45f308744c453f98d01008173edffc2f4c2557046495d2a70516390a8
SHA51297cd818f2817d8408bf428b74737fae7b519355445ba7d8e13dd90ed8bceac24b8eab12204d9571db9ff683474ba7bd54af96323de718950bc9066b7c31c7cf4