Analysis
-
max time kernel
143s -
max time network
151s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
23-10-2024 17:57
Static task
static1
Behavioral task
behavioral1
Sample
70259b128faa91bbf8da935f4158ece8_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
70259b128faa91bbf8da935f4158ece8_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
com.hermes.superb.booster.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral4
Sample
com.hermes.superb.booster.apk
Resource
android-x64-20240624-en
General
-
Target
com.hermes.superb.booster.apk
-
Size
2.5MB
-
MD5
bb818155f8c88a2883d52a1b1dd78e81
-
SHA1
d21ddf05ee1ebdd4972f24759448bf890b0364f7
-
SHA256
fbd1f055d71e7de66e09e83deba4c33ba61c91ab096c0939a157123309a9c49a
-
SHA512
ffde8074ce8db61b04bba996addaa7647be7d0a5074719ecb0712784b48b20f792274aa4c72141cfe7a46345b3cc8889fe009a626de606a951eca3ef5cf3e0b5
-
SSDEEP
49152:5d8DY7ANnHx+7g+vKVJwyAnhCf3YtE2RRwLuix1FVFkiMj94pnmJoHP:4WANnHx/+RymhCsE205Y/9gnmJov
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 9 IoCs
Processes:
com.hermes.superb.booster.monitorcom.hermes.superb.booster.monitorcom.hermes.superb.booster.monitorioc process /system/xbin/su com.hermes.superb.booster.monitor /sbin/su com.hermes.superb.booster.monitor /sbin/su com.hermes.superb.booster.monitor /system/bin/su com.hermes.superb.booster.monitor /sbin/su com.hermes.superb.booster.monitor /system/bin/su com.hermes.superb.booster.monitor /system/xbin/su com.hermes.superb.booster.monitor /system/bin/su com.hermes.superb.booster.monitor /system/xbin/su com.hermes.superb.booster.monitor -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.hermes.superb.booster.monitordescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.hermes.superb.booster.monitor -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.hermes.superb.booster.monitorcom.hermes.superb.booster.monitorcom.hermes.superb.booster.monitordescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hermes.superb.booster.monitor Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hermes.superb.booster.monitor Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hermes.superb.booster.monitor -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.hermes.superb.booster.monitorcom.hermes.superb.booster.monitordescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hermes.superb.booster.monitor Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hermes.superb.booster.monitor -
Queries the mobile country code (MCC) 1 TTPs 4 IoCs
Processes:
com.hermes.superb.booster.monitorcom.hermes.superb.booster.monitorcom.hermes.superb.boostercom.hermes.superb.booster.monitordescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.hermes.superb.booster.monitor Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.hermes.superb.booster.monitor Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.hermes.superb.booster Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.hermes.superb.booster.monitor -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
Processes:
com.hermes.superb.booster.monitorcom.hermes.superb.booster.monitorcom.hermes.superb.booster.monitorcom.hermes.superb.boosterdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.hermes.superb.booster.monitor Framework service call android.app.IActivityManager.registerReceiver com.hermes.superb.booster.monitor Framework service call android.app.IActivityManager.registerReceiver com.hermes.superb.booster.monitor Framework service call android.app.IActivityManager.registerReceiver com.hermes.superb.booster -
Checks CPU information 2 TTPs 2 IoCs
Processes:
com.hermes.superb.booster.monitorcom.hermes.superb.booster.monitordescription ioc process File opened for read /proc/cpuinfo com.hermes.superb.booster.monitor File opened for read /proc/cpuinfo com.hermes.superb.booster.monitor -
Checks memory information 2 TTPs 4 IoCs
Processes:
com.hermes.superb.boostercom.hermes.superb.booster.monitorcom.hermes.superb.booster.monitorcom.hermes.superb.booster.monitordescription ioc process File opened for read /proc/meminfo com.hermes.superb.booster File opened for read /proc/meminfo com.hermes.superb.booster.monitor File opened for read /proc/meminfo com.hermes.superb.booster.monitor File opened for read /proc/meminfo com.hermes.superb.booster.monitor
Processes
-
com.hermes.superb.booster1⤵
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4298
-
com.hermes.superb.booster.monitor1⤵
- Checks if the Android device is rooted.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4334
-
com.hermes.superb.booster.monitor1⤵
- Checks if the Android device is rooted.
- Queries account information for other applications stored on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4618
-
com.hermes.superb.booster.monitor1⤵
- Checks if the Android device is rooted.
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4796
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD586ad3daea9aeb5aa04bc63b233bbba7c
SHA1bed20c545abdc8cf340b84d8be778c86d0c57fe0
SHA2560ed0b5821e7d0c8a45f48c95b7d90078ae6f47d7f3b69a53014b43bf32335e92
SHA512518af7b33d4f1febd799a8e9e54b1823ab216201dcfc6b3e8ba2b1ab96fe45298678ed5b0c02c7666bbd98381d52e03c27d85e9838245df794177c3257843eff
-
Filesize
4KB
MD58a0e4894aaf44d4ec251273550bf1f43
SHA17494093d3dfc5e91f1391677c8b1e33e0d06718b
SHA2568a8d61a2dfdb172c01e038d04c1c74864b35af9d363799c9f7eb490c11682815
SHA51239c87f8ccbf205b97a9b7693963a9a47ba9647e1fa3cdfa8d5d4bb2461f1eaf80891fb49d72fd73579b3f0484c1386e922c55d962599a9a9b8d978bcff1ac0b2
-
Filesize
164KB
MD5ada571d388ed5f5908be40cc89a273da
SHA11848dd50633948d579f6ab65c064d7cca0a93fa7
SHA256ade0cdf77b4f8e1ca6f2d809d682c734ef885919a25ca3df73e5adc294b66380
SHA51288c03cff1d39bedccd08a9d30075962c3e352d1f0900a49781094cc59761e4d7a9419659c291d36cadec0c93c4e8bd80f3d27455d1a2059ed030a11d02de2869
-
Filesize
48KB
MD5865e9d243993841ed0eba4a61dcf8c94
SHA1bd42aa4d2aa8220e07af6471e550784ee3ae32ac
SHA256f91f4cd7f98275b21e4e2d2a1644d51398b0175e99b3912fb567a1a2a730b224
SHA512aa3210db8e3f9833e2e73a95b47eaffc2895ba68747e2783cd7dba01a54d13eaade0f3ad7c9c0c11b640f7c78f7cecda9991491143d0c5057aa67fb280fe1937
-
Filesize
39KB
MD5e7ad849f886c82e29a06e2a1f227672f
SHA148d90ed98ff0d428ebcd179745bc704ce94816d7
SHA2564fe979a252a71660ce7abee34609aa320c9fe619413edb7ad40431610af08a4e
SHA512f13c6cbc8e30a87be7f900f2dc49f1a208532f58b4d492252d30ce4afee62b2c6b8da236b52e91da606d24a556b497baf7a57067feec5f3ff06a125965fe6289
-
Filesize
40B
MD50f5e41f58349464d7c009901e185b1e9
SHA12d106fe767a0b93c5fed4dd547800c53c2bc0a19
SHA256ba9da751e3ace08080edda7bd4a72d6e0922dd04235f0bb5b405caa5938e3edb
SHA5123556776928797de26f79834490a489d368ab2560cdae6f94c3bdd4d916bcf0abd1497b58f82b8a15b3118383e385d643020ddfa715eb3043bab1ee3005d84cbe