Analysis
-
max time kernel
147s -
max time network
142s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system -
submitted
23-10-2024 16:30
Static task
static1
Behavioral task
behavioral1
Sample
6fdf34d17f3a3775b82c1dd5fdf01db7_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
6fdf34d17f3a3775b82c1dd5fdf01db7_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
6fdf34d17f3a3775b82c1dd5fdf01db7_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
polyvideo.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral5
Sample
polyvideo.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral6
Sample
polyvideo.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
polyvideo.apk
-
Size
417KB
-
MD5
8ace627ef94c52afb06eaae0acf85feb
-
SHA1
c26f6164eda37a3151be59274639a56e3a3671df
-
SHA256
a990fecd5e36f453b1195a7868a645e1de6b1bfffb54df139d26d037c32a3eb1
-
SHA512
39276089f005f446ce5883296069cbe286176912eed66128007454da7bf64ba5db498726598d7ac18c1ad404df0411515f8691018cfc32b8068cde8409a065d7
-
SSDEEP
12288:1PnDnkGKX3gAQWa0LBca09eT+u9iXLP0hcnxc:1PnD7Q3DQ50Bc34T+D8hqxc
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.gaga.hahaioc pid process /data/user/0/com.gaga.haha/app_ttmp/t.jar 5239 com.gaga.haha -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.gaga.hahadescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.gaga.haha -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.gaga.hahadescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.gaga.haha -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.gaga.hahadescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gaga.haha -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.gaga.hahadescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.gaga.haha -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.gaga.hahadescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.gaga.haha -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.gaga.hahadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.gaga.haha -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.gaga.hahadescription ioc process File opened for read /proc/cpuinfo com.gaga.haha -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.gaga.hahadescription ioc process File opened for read /proc/meminfo com.gaga.haha
Processes
-
com.gaga.haha1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:5239
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
632B
MD55dd621fd928153039437f22ed5cb0350
SHA1b7bdc03804276a7661a8a6831c15a98d1e00cd5c
SHA2568f6cad1f07090a6180fa1e86f0f300c8d52b8a9329e4d25a661bd3ee66bbb45e
SHA51278d2d0dbdc525339ab828201f096acd5cc9937dea04ec8075e3a52b36c8e339f443916b1297d63774f8912676750cae8d722c3112cdeb1ebea66c6c52a2066eb
-
Filesize
187KB
MD58b2fab499ed1ae4e6a65b81db8843644
SHA175e1d393281ff9b62af50bd2ad51a3bb01641517
SHA25617106cb4686d5eeac9246cb1d219b202f2b1f3958eac1551b205c599924a971a
SHA512ba3d57a0df75f9fe069994e755f8057dbd5895cdf157900390a9a7e2bf51f9f77b04a4a24a68186c9afd2af278158b9733d29e966cec82db447acf4db7be432c
-
Filesize
187KB
MD5205fe9ba67b46c4c369adc1e689f05bc
SHA18a6d40ee4e6fd890d6ba79e38a2265cbe3363ef2
SHA25676bf2a99ee9ffbd6d424ce55243e06ead91725832b543778215dd1e2dcaaecd6
SHA5123c5703da2be0c9d401c118e9a6576e8cf18cd05d726f8b5087ee1aebc9f234e1bcfd12bb3453a3b4cdc9de78f6a9be476e4bc32baa9591cad9492afc80619be5
-
Filesize
72KB
MD51056b7a94c15f05c21cba8fb65752c47
SHA1d9cd622bc83d68b219bee45bc9d7e480bb1872ee
SHA256da4c8a54b65c498268d6d7aed2a65ac4000b82f2db605b588456dc7e9deb1057
SHA512a3188c68226227ab6f61083a47833698f43ac852bc98fdd8b4f99d49f977c3d871478eb7866ac016055d709dc27a65f4323d416fb54086c1125f12772617bd91
-
Filesize
512B
MD5e675741d71cf3d379c76a6560c42a7ba
SHA1391410860eda891e89c9990d6356e89783ae4a4e
SHA256facf251150f28d73c830487d3f75bfd27e930a05bec793031435cd43523965de
SHA5126d8ecea67e6f61b3f5959cc0927c4bb334d620e0867b8dd0bb58626407f3058db6f8394e77574b6e4c4b18df32c3f7a46d019d523c9381aeca64f640845fbb48
-
Filesize
8KB
MD546cd8dc6100d3f9cde3dae726e4cc640
SHA110140363016039ba6008abaf83907feab5c0ff7c
SHA2565a74bac03eb559c38d2c33067c1c6a1812cea242ff6042a591c0c5cca5366bd5
SHA5126acf294d02a264c4489aa310836d5fa1d671adefdaaa3742e825b613e4b6e43472501ec4826b42e351b2ba2158c8a6b3705d39c9303991be072f4dabbf3e7a3d
-
Filesize
8KB
MD5175ea0c6c881fed34e1431678d6cc96b
SHA1467c1577f75044c2067c7ab539dead002edc0e27
SHA25644d93675b9b5291b38ba434916ca6a6dbabe709e5e041f8d0cb87f3d3ece0606
SHA5128c21f874a586042e31795203416f2b284918846fef4e0330eccc9dda51e344c3ab29eb2222215d15dd6dc5c517ddea98de808426c7b0b4506155f20221cfec01
-
Filesize
12KB
MD5029caf5d6e53249e1a8cded6c514f0f0
SHA149dd0108bb650dd02b6d109afc859eae58fb3dad
SHA256f5dd2d2501fd4164f3ec935e5ab7e0c0f4b861c57d16123b8b351e56d35ff254
SHA512c0873b393f52b7609d3c6be72364a5cfcfe159b9764d7b0b0379654da6a9860fb19459eea70aba8cd528b552cc4cfa1bc96f439c89d2bacd0ce546988c27a97f
-
Filesize
398KB
MD56433e446614644586fe9259d11acb08a
SHA1a456afdd1fa81c878d0d2b69ec609baa1f29265a
SHA2567b67244da231d8d026aeb4a877dbafa0915b6afc96ee36d1d1f2da49007360f8
SHA5123362ffcc1838d7b3d282473abee63e653b6705901719cf03fba75f9e9f375d64895b7469dbc8928fd519febedf1b1a767515cbc474fdf2055c44ec63a41ff08c