Overview
overview
8Static
static
652354a200c...18.apk
android-9-x86
852354a200c...18.apk
android-10-x64
8com.skymob...17.apk
android-9-x86
1com.skymob...17.apk
android-10-x64
1com.skymob...17.apk
android-11-x64
1com.skymob...11.apk
android-9-x86
1com.skymob...11.apk
android-10-x64
1com.skymob...11.apk
android-11-x64
1com.skymob...44.apk
android-9-x86
com.skymob...44.apk
android-10-x64
com.skymob...44.apk
android-11-x64
skymobi_pa...in.apk
android-9-x86
4skymobi_pa...in.apk
android-10-x64
4skymobi_pa...in.apk
android-11-x64
1unicom_resource.apk
android-9-x86
1unicom_resource.apk
android-10-x64
1unicom_resource.apk
android-11-x64
1Analysis
-
max time kernel
7s -
max time network
140s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
17/10/2024, 13:23
Static task
static1
Behavioral task
behavioral1
Sample
52354a200ce30fb3090681a62757be30_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
52354a200ce30fb3090681a62757be30_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
com.skymobi.pay.plugin.main_v10017.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral4
Sample
com.skymobi.pay.plugin.main_v10017.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral5
Sample
com.skymobi.pay.plugin.main_v10017.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral6
Sample
com.skymobi.pay.plugin.recordupload_v10011.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral7
Sample
com.skymobi.pay.plugin.recordupload_v10011.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral8
Sample
com.skymobi.pay.plugin.recordupload_v10011.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral9
Sample
com.skymobi.pay.plugin.smspay_v10044.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral10
Sample
com.skymobi.pay.plugin.smspay_v10044.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral11
Sample
com.skymobi.pay.plugin.smspay_v10044.apk
Resource
android-x64-arm64-20240910-en
Behavioral task
behavioral12
Sample
skymobi_pay_wxplugin.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral13
Sample
skymobi_pay_wxplugin.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral14
Sample
skymobi_pay_wxplugin.apk
Resource
android-x64-arm64-20240910-en
Behavioral task
behavioral15
Sample
unicom_resource.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral16
Sample
unicom_resource.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral17
Sample
unicom_resource.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
52354a200ce30fb3090681a62757be30_JaffaCakes118.apk
-
Size
3.1MB
-
MD5
52354a200ce30fb3090681a62757be30
-
SHA1
14c32b32947f5cb5ecaca09b7fb73fd45cb7274e
-
SHA256
0002604f9aa167ee58757e61d3cbbd1052c71e57d5258ed1f315f540a2feb3b5
-
SHA512
df687304d320fbe03eb7e218d532c8f5d75f2cfdd61513e88128da740aec31f50e24de0997bf84e8f852924ae5392df841e1a0d89f7777943a5d32009427b285
-
SSDEEP
98304:FWOhK2Th2h1bhWR2SandOODS8Bmmci6KT:p9u1bhbtTDzvEQ
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/bin/su uUcYa.MRSx.YaGiNfF /system/xbin/su uUcYa.MRSx.YaGiNfF -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar 4923 uUcYa.MRSx.YaGiNfF /data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip 4923 uUcYa.MRSx.YaGiNfF -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses uUcYa.MRSx.YaGiNfF -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo uUcYa.MRSx.YaGiNfF -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver uUcYa.MRSx.YaGiNfF
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
53KB
MD5e5c7a2493cfcc1b10a320783c64829ad
SHA15d5de62c4e6452edd09943657565f42dc8fc43c4
SHA256d89d8625402783e416ea5225d1cece21136ccbe725a639f33ff1778971be3202
SHA512c6dfee50d510bce6e413aaa2dc81849964ec80c90def49d993842c9cd0a8d2d53c90f348e21839402718ae971ed035ebfefcd0083973d850d44694a5897cb58a
-
Filesize
1.1MB
MD50c2e19956411d8713c5e5f6d48c5f61d
SHA10452c731f9998952213187a199e949dc110f34b4
SHA2564e1bccfbc5dced4cc24e4640573105b1d97e59b5fc23d5d8bbd1b136cedd22ec
SHA512d985afe4a06e274175461cfc3af73a4a0cac0632c9bd47e22057c7739a7aee20e6a2daaf292e635a6adeda7214fadc3a9c39615f99b3cf99340d376848f5c372
-
Filesize
122KB
MD54345f43f2fc52fbe20e12b82d8e31bf0
SHA1dcad5abd9cfc51d2f464fbb87785030502f9d6d5
SHA2567cf51ec8e9adddbb737bc9cf487a7d4fb3d9f0a274a9c5e7ca785289736cd302
SHA512c2b1ce1a623453eb35646daf1f794589974ed69510e1a8a0c956419217127290db1ca04a7cd1d0d338b4ab2156b2e9e4aa4f77d4d5a7e72be3b41c20e4a2e4f6
-
Filesize
3.1MB
MD5eccfaded8c2391e45d60188f4bf19d60
SHA1c3bfa41bc912ba9dd6f623d86e722d84fa46c17f
SHA256bed93afb93828d884106a47aa40971b879a5e63ecba267c9df53445dfcbe9d82
SHA512f95cbb22270e4ea54c080d2b86eaf648592f889cf06b0996889f351e1991c20c96f34ba22676550b447e678af85713547f30667aa73757382dcb9199f45e1485
-
Filesize
59KB
MD54fe57f0dbc1364a52f9616aca9623ee8
SHA1d3fbaaafd79ff09ec88ad343e46258cfbda4139b
SHA256c4a8a02e900f4fb066a0e8d4c9e2976c9a0f252729058b2915fdc93eae65af49
SHA512e08aec2c36ccddc5b16409bf2d62ed6aa5e2ef468025779b400997f86c0b0943fbe16012e21be8e99685e743b3ef77adfa74b4c7bc03d30f6a506520c0edf17d
-
Filesize
5B
MD584650374b6526aeab39b489f2622673a
SHA17f8e6a153c28f94d7bcdab583678fc097d3fb37d
SHA256b4e7329e133808103bcb5b336735976bc8548fef1e3f66f823733dcdf74df5bf
SHA51260f6ec3ea7b42df365b103417f95561812bbcebdfae135d57d1aaeccede2c0bcef9624dc36acc2dcd92ddcd01fc848ba34915882c44c6d4748f4a31c4d09b789