Analysis
-
max time kernel
47s -
max time network
154s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
02/11/2024, 10:36
Static task
static1
Behavioral task
behavioral1
Sample
8505a876e72583c293b3ecd45ebe5b46_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
8505a876e72583c293b3ecd45ebe5b46_JaffaCakes118.apk
-
Size
3.7MB
-
MD5
8505a876e72583c293b3ecd45ebe5b46
-
SHA1
8c59cbd19e02418c78b1c3013ad868e9b3363a96
-
SHA256
250f49d21cdd1ff15b8d818a34be9ed65fe55957234815d62614f1d063973650
-
SHA512
7b313e9bfe9a2bcdbb58f487f8fb2bda576373063e48c5ef6eb68e4de8c2ef757f09aac9dc147be8cd34e3f870f80e3ed33172dc0e0098e2203dbb9615cdaa1d
-
SSDEEP
98304:47qkkrC5e8P4/19HBDXVz7VI2VMaNnXMeH7HZhGgliEJs:47e8Q/XHBDXVz7zVMapXM0XliEG
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.bpbmla.feiy/app_sdk/FYAdvertLib_v1.0.0.dex 4292 .fyremote /data/user/0/com.bpbmla.feiy/app_sdk/FYAdvertLib_v1.0.0.dex 4354 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bpbmla.feiy/app_sdk/FYAdvertLib_v1.0.0.dex --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.bpbmla.feiy/app_sdk/oat/x86/FYAdvertLib_v1.0.0.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.bpbmla.feiy/app_sdk/FYAdvertLib_v1.0.0.dex 4292 .fyremote -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.bpbmla.feiy Framework service call android.net.wifi.IWifiManager.getScanResults .fyremote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of the SMS messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/ com.bpbmla.feiy -
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.bpbmla.feiy Framework service call com.android.internal.telephony.ITelephony.getCellLocation .fyremote -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.bpbmla.feiy Framework service call android.net.IConnectivityManager.getActiveNetworkInfo .fyremote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.bpbmla.feiy Framework service call android.net.wifi.IWifiManager.getConnectionInfo .fyremote -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.bpbmla.feiy Framework service call android.app.IActivityManager.registerReceiver .fyremote
Processes
-
com.bpbmla.feiy1⤵
- Queries information about the current nearby Wi-Fi networks
- Reads the content of the SMS messages.
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4215
-
.fyremote1⤵
- Loads dropped Dex/Jar
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4292 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bpbmla.feiy/app_sdk/FYAdvertLib_v1.0.0.dex --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.bpbmla.feiy/app_sdk/oat/x86/FYAdvertLib_v1.0.0.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4354
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
125KB
MD525fbfd5836ec2f714d2840de537a46ef
SHA1fa1b32b789b960be4337d49a124bee5382f3056e
SHA25695c738ae249830d1920e7738db24fb430884fb155e6dfa65ea10c50c8950b11e
SHA512547e6b93d82331cd7bb1bc326ebd3c682250b8a1830f09d38f254b3d0439a58ea5659d515921af885984c453f0f7b5968ace444ec38bb3edbcf632833826ef22
-
Filesize
32KB
MD5f0c980d4cbb1e74c7b5b4f2b908b2da7
SHA19f1313bf245db9e85049974eacec1675e64c2a90
SHA25666cfd2712e304ab4ddea1e2d6fd19f59af7d53aa20f71c766e0710a42c46ec7f
SHA5127f4d2f22aa68d87951df8050c6d5397b02d4007f10a56f83c6018d35fdda04ba55797609da856cd6b556050c648dc1e41ac0cf6a1b8cf7ab387a92977756bcf3
-
Filesize
32KB
MD5071a93206c196bed27d4d04f89c5921c
SHA14d03937a612c3e5b9ec2c7439fb8c78bc46dc73b
SHA256c096e7efd2bcc56172ae55585c8e24e3072b3c9adc59a6a05617ebb7c26e56c9
SHA512e1e3db08941527db4d16541a2638b6778211701c8e4dc5687144b56409e0db760bf5d1967332512accdc1c2847c0b604300a8e4642ebcaa0b7477c147d17481b
-
Filesize
32KB
MD59588fccc445bd1d71f3b712a1ab991f5
SHA10a37336db9b8a217c8478a8ff4dd84a8f470c515
SHA256917a4460f17958dc5fc5982be91c7785ef237aeb51e56ba40c19c0c806ce8447
SHA51252bcd899a2753e9f42aede7a0cebde786488d1800420e702508d064e7cd46eca77dca6ce0054908b946b83b9a994e16957b848f4e1f08e53346429928c303954
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5a131f715474f82947eb5c9069ee84978
SHA16e6f1c3a2bf1a2697ce4503b20a257a0c418ccb6
SHA256c91a6a0e40928e876e8676d4b96092aa4ca96e03156be010ac38edb35f1e592f
SHA512655c534761f7b2699bfe2b9fd07174b6ba09fbe3a8336a71083c41fae8a08bea6d18fb42c6f09d25e6fb09572ac5814c9ad331a42674046c71f2f268d4a4e9ef
-
Filesize
24KB
MD596ebe628a5d1e536c6f7ce95440839b7
SHA149f0bbc92dc299d5576c699ca56b39d5be7be097
SHA2561b60b2a9dc6122599e151caf36871dea1c7f74b5638bdb44d8ce623f5d6b0ea1
SHA512095c1c806fa9f7e6b680c945996f37f98d5a7554154f22828dae8409410f7bd018225b373a784f0d58ccc740e02003a8d9549bdbabf8d86d2d090d869c9c15c9
-
Filesize
512B
MD5da7e72bf4bdac1943623d3ded0c23b0c
SHA10fcd114f4cb702b3baf008168fc13d10a14c1415
SHA256e85977a672494487f5e9722bd5ee44642d9f9587e5c702fce137ab3432bdd9bf
SHA5123881604c3623e0639eba36ec9781b0da6e0c5a3ad05df4c248a0e80f3ddec45befa92e13bc956964bf8e3d46f1c737a3184a3557bf9a17f3ef89ab8d589ba033
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
36KB
MD50163482caa9fe26c2cda689fd83b8ded
SHA15739f15094cb64a4f580de8885331f5e8d693c30
SHA256bc21d927b803397b894f2f2b1211c497592d86522fbb2f07ceb6a44686072c6b
SHA5123744cbbd78039dfe869f9b9b8bbeb390b28e0861060ac1bdf2a2d120317b8e0429f1cae4f502d3e4977364b79e5a7518bf62366e7b0272d08d9fd76cf664a598
-
Filesize
125KB
MD5374b19d99955c398628f1facb2da4330
SHA145af3a06c73cf1387de6d145fb4de2569978bceb
SHA256beb9320323cdcf3dc6c1953f0673dc793201f86982b0191d3baf25a74868d02c
SHA512ca919e9fc7b916cadfbd2fb4eb2e67d9a34cde80a56d324ff610ccbae0aea5979273ef35a071bf69b68222aa9bd0d572077d29b676e8a976550f71b0be412d42
-
Filesize
21KB
MD5969e5c39493c4eb558cc2664b04da259
SHA18acab3e5f0bc7e469aa385af737099e1bd046b45
SHA256513fd0f190989445285e040d701372ee399bcd0a3c03dfa8c18f440a8897c8d2
SHA5123a4bb833aab71865494d7c0755fffab98c6ee15cfcf8856add1e077ed314fbb395ef2e011a2f68a9b5525427fe59662334dbe7116eb76763c230441acab7e021