Analysis
-
max time kernel
24s -
max time network
136s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
18/10/2024, 13:56
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
57d0152dea0b558459813a7e4265cf99_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
9 signatures
150 seconds
General
-
Target
57d0152dea0b558459813a7e4265cf99_JaffaCakes118.apk
-
Size
1.6MB
-
MD5
57d0152dea0b558459813a7e4265cf99
-
SHA1
0454b270b44692718612b17de8eef13595a0f1ed
-
SHA256
4b2c6aa670f50e1c188780732769b4928c3af25ba34a038871f47c8fe047b9ec
-
SHA512
f0d6b43f281fad83f212719f7ffe8794cb9c779588fee9c464cac60fc9704b6916caf3fcef2e7a00c67e707aa2cb414eb02f9eb0270fc3b20e66e794a2977755
-
SSDEEP
49152:Je0nzd7SZcZo4RaqoMBPX3JVniiorvptNGlrA1:EyzUtu1BP/iThtNGlre
Score
8/10
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/bin/su com.n13501212731.vas /system/xbin/su com.n13501212731.vas -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.n13501212731.vas -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.n13501212731.vas -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.n13501212731.vas -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.n13501212731.vas -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.n13501212731.vas -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.n13501212731.vas
Processes
-
com.n13501212731.vas1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4262