Analysis
-
max time kernel
134s -
max time network
137s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
02/11/2024, 11:53
Static task
static1
Behavioral task
behavioral1
Sample
85515a664c2779f1cb088b36ec145d55_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
85515a664c2779f1cb088b36ec145d55_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
85515a664c2779f1cb088b36ec145d55_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
85515a664c2779f1cb088b36ec145d55_JaffaCakes118.apk
-
Size
11.8MB
-
MD5
85515a664c2779f1cb088b36ec145d55
-
SHA1
007a5d5b42e862af0b548a9e7333e465757c32ee
-
SHA256
208de1c185270d6b3ac1291d968baf5faa4387ed0a0d9b71bc42814ab6220fbf
-
SHA512
8459782e4515c067d197cde09ce6c3b6fc608551e4eef9776e5bf7f8712f8e8ee902bcdbab1ab4d2e556569f7cdf069ee3d67e73aa999c7270778f78780cf5b4
-
SSDEEP
196608:+yZ3dg45gePimlYIr8MlPGJ4q1oPFTNs3UaaJwlu8Ft8LasqrfDE/Di1U:XfjPimmO8MMJ2rs3/zlu8FKesqrfg+1U
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk apps.ignisamerica.cleaner /system/xbin/su apps.ignisamerica.cleaner -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser apps.ignisamerica.cleaner -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo apps.ignisamerica.cleaner -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone apps.ignisamerica.cleaner -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver apps.ignisamerica.cleaner -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal apps.ignisamerica.cleaner -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo apps.ignisamerica.cleaner
Processes
-
apps.ignisamerica.cleaner1⤵
- Checks if the Android device is rooted.
- Queries account information for other applications stored on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4249
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile
Filesize534B
MD5ee0e06d220bfaa643ee24a3dd9ed1859
SHA1b3e9b9dbb432789fd406970c6c6f18e6b2bb7775
SHA2565d01664da188643acb6e54f3dc504353b3bd73561db1a60014dd40397d34cd95
SHA51282ae48c5cc7a8900a57025985b00240aed53a54a3360d6acd7d9af22cf77f71e20fa42e8229ef4762b5417b38067955be356fa90a16c94b77db6158ac92aee9f
-
/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile
Filesize549B
MD533bcee05eaf236528faeefdfa74a8677
SHA1e0563ae96a8d7bfdc3d51c8a4219c9d3abcc27ae
SHA256e03e573feb06ce6591688533e23acda877ce9ed3e2d30b926ac5997868ef85aa
SHA51279d0013bb5d9fefdff9cb1f5b6d746018be49ade031c16765e3558c9c8ee475f25121e7da067e34309caeffbacedcc61c8c1712ecdd1ed79e73b71fea49f4300
-
/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile
Filesize535B
MD55f0caa5fa746a41e28ab53d008cdb142
SHA1b7c2215f07faebc18d2d3e1a83622c9b1ea728b9
SHA256a527a6a5d70f39e5d5e5fa00646b3ac0255e0fc6692b8b561fc6d24263e0ec16
SHA512b568d6f6ad42d503f57395c83c49476fa92e2ddf0129f8df2990593b3123dc3e16b32b25e3dedb88e8f64f8c239340a18c47793b947b13f8994dbc69cc76f8cb
-
/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile
Filesize550B
MD538ed789eb5be43e122ad79c32896c28d
SHA1827c61d319c988616e0a179324f7eb9af221e525
SHA25662bdf3d6105d67e0c5d9ee4103280a2c5c4b4a5fa1dfffe1f136a73665c0252c
SHA512e5e8239656b67087bd8d8bdf071aa1e0de8de2b18bc5a56d39c005571c3146ccdf5bbac2c488e6c6b0d1ae8ca9b940653d746ecc29230017865945a0d2365375
-
/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/events/eventsFile
Filesize538B
MD5bf390bd27a30e7ee77118da779fefcfb
SHA1a0aca5133fbb692718642a0d29762c1202c620db
SHA2569b02cd1d58c9356f6633f4c1943b1de833372656cd53afdbd1ad95f373afb8ff
SHA512b249bfd38401f3a0ba4d2e923c259f8a537a745ffb98471653a22db859325cccb1e44f23523f6ed980732b0b6217f7b7340da76ba923af3eacd50135e2652d0f
-
/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/sessions/sessionFile
Filesize205B
MD5609db791f0269bc5937e5d123345d2b8
SHA13f7a9da98d98e6f2e23d2218739f990ce6999c57
SHA256a56a32049afba89843aa8e413ef203331c78f60657f739f7db116b378206b9c7
SHA51251c4701ca8b5562753a66b3b183882c187ab53f1471714b3fa838726236be1341a8a189772792a638f5889309192080d68609fc7aa84949a3c71537831f916de
-
/data/data/apps.ignisamerica.cleaner/app_1c13a44aa1ec4fcd8e9d74cbbf47d678515d6767-01b7-49e5-8273-c8d11b0f331d/sessions/sessionFile
Filesize205B
MD569d22d1c79583f11962cb289b6feca35
SHA1776b7d14e17af9b880ff841ce518d431f1de58ce
SHA25670ae02bad700fa6062e801f934f6f02d14ecdd54cfbbb175ba5db335206d774f
SHA512bced1aee5d3ecc6f661c616560cd8911ab302a469fef3582ab9ad368ff7429f076e3b5d8faad547b839bfb580f356ebade49c9568f03e597ed7113bfcd5e31b3
-
Filesize
40KB
MD55a05fad907ea02df9d96f83c34e4fc10
SHA1aebe64b9062009dc5ad49e9c94c23a50258213e1
SHA2561ec9d130560b85af7406ba2283cd43dd723c6656a6643dd89f6aea104fe465d0
SHA5120df951a7a68742dafacbe3f5ad1da083dc08f620afa08cbd6482dc3d592facc269746fc68f6b6772285e03bc25fc17ae93dfe7ba2528153c4bf8a9471d3cd85d
-
Filesize
512B
MD5d7ccc0e9ba9f0860c5fcae80f7235a06
SHA15ff1b0deabd17ae5a55ff9bde250cab99f9fa709
SHA256051b2fb845e17251d5d14c0521bbe9dfc2f993ac26dd3282b476b9891bcbef29
SHA51232fb284b9437df870e2f5e614908897f4bd1ec4abed82219f6a913c03f6ba26c5a2191cf87c3f593af6e62b218835445dfa879702e50e880f007d24345ae2ebf
-
Filesize
406KB
MD516e327ede23c2a6946d3a1a78599ed8a
SHA114dda990a41c2dae3857e7c71ec7e50ce950fbd1
SHA256d8f04f27efca4cf95a41d6b46306897c578e0433f68319f0128dab281fe2b7b7
SHA51222b21c1250b4c37b4089f4c9b716c7e55619010fc3ff19fce9129ad7439dce9b0b85603850a0ac7349857cf7668885358d1ac0a3aadb3515f9a5120803bb3fda
-
Filesize
20KB
MD55f75cffa300bcfb208b39afe3806a6cb
SHA1a1c4b6cffaba7880bd068bd899618acb201b861e
SHA2560df8d3d9089f8632e71fa253ddf4c9a0ba9210193fe42855d01b27fdec3ce887
SHA512d9ff8b79e0e36c28b680566838fd222d0678deca9a8a7169836a80075ebef7430c69f4e85cfe17865fad0a086591f36d2f4c79e44ae7a990edbaa1750ba14ab7
-
Filesize
512B
MD5844c84b7074bec7409d0544388608bfd
SHA1fac1555fcb5c132a07320a9c8b9d5943dd700e10
SHA256cd3bd99ff4af72835f75a5791bce8042074e3e93d8004077e72d4a8484b130d3
SHA51281b0bee2ccbae8282d783933cd85dccc949fc74bb8eec876fa46f8df456107d710caa7e4e3cc0a06b629c1a2197fdbed4bd9a8a6869616a850f931803374eb4c
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
36KB
MD51ab270a8018b1904f572711c14a40a4c
SHA129fc6ded1f270fdfce12478ab35e552780c251a2
SHA256f6491c46db75f5039f84222a7fbde90436730b2d36703eac333633efb94bde4b
SHA5123fc43404612406a96b491efdb26ae23c2bf4189ab196123e1286e4cf2c7bf4efb21eeb4dcf2896fad6605148d18e2d56b17a3b9c24342fd22be6ab1eeaa4d981
-
Filesize
28KB
MD502dd569ab5784446b2246b7eadfb0b6d
SHA158d2bbca0aa54fdac426a8a3ed7570d45ac13d1a
SHA25695dd6f9241575cf0eaf0e024ab07937387e2d7c97b7937b2f964a6fbdd54666c
SHA51281d409536e9ba73c713f969efc7ecff656b3d9cede0b962f79c338ec6f4aa0d9814cbccdc1c2188deb32aa0d2370711f13aef9780c3e2076b5123786dfdc0c35
-
Filesize
512B
MD5a4b8adffdcc6bb506087f002311811be
SHA148cda8c50f6ea7d1fccf8ec1efc4a3ab71f43c33
SHA256eafad7c978bbe01ae0b3249bb745121de772f1abd29b47a311091926a1e7467e
SHA5122d836d865378d5caa3aedee69bc2e4f572c0fef2dac3051c1810bcd2809ee2e2797281bdf68da69d35e7ef66249e45f3e7e159a86560a34acae66112cae7618d
-
Filesize
60KB
MD5f80b998e9cbb1657a2c97529bad000f9
SHA195cd8223cc788e1a95982b291b229355e402810c
SHA2566551cc079ac21c5fe5051db91f83e14397a1d92b9d1e8e4b5fe1216fde6ab7f2
SHA51290e17f087aa1869268cce44ffddeec18e88337cdd963b6b2865aee707434f706cf21e7883be10ea8dfcbcda9f45cc0e5b5714cdb0294eaf855f5ae0d9dd2734e
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD53ef38c288bd817b760a9f534344917ed
SHA1e81331fb154ee35cbf74d70c8433a31bf70524aa
SHA2561e7d77ffef341c9427e574908c07d9efda348e8dbd95e61c6d57bac0c0a3886c
SHA512689be8864fccf5e98c17947dcabf7ae29e18d5f3f322617c72104ff6793607aed50db01f4c9bf9e6301867544352da72bd5b02e97c9a025954ef722f455c2c4a
-
Filesize
32KB
MD54732ec9fd633ce35b5c35ecaea846b7e
SHA1297e5483ad3d5944f5744692594caacfab7781ae
SHA256e5a41c6806f481c67ee72b1f7869128f616d06fc8352db2a152faa8b5cfcc8f2
SHA51246c6ff83613e8e54a104d8f20dbfcf8c21bf434829ae2e531cf9eea372efdab21aa58136685934044f22b131d5d3c11d562b1bef79c262bbc473ea28af53e1e7
-
/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC0296-0001-1099-B77D414E6401BeginSession.cls_temp
Filesize77B
MD546e9d0e5b0801e4203cd44f15c50362f
SHA1bbd78041addcd0f425cb077285791e9d277b1f58
SHA25605f47fed845a4c8645703385825e429c1378d3beab08e12054281cf4c5c23c48
SHA5123c48db10f3c09661e0eb452ed992d9bc7f70c89711d50541be7f2eb1a6125fd11f8f73527d70e39b4c95fe3010a7fbeffdb97dbb28ffe6754366dad6dc5070a7
-
/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC0296-0001-1099-B77D414E6401SessionApp.cls_temp
Filesize120B
MD5a521d1547371c04cc9c0fb6d1cc20d9a
SHA12b8f08dbbbca1a0cf31a6ca639d28ca9fd62e6f5
SHA256cfb2d3cda3c54f6c3f984e4a8dd65c24dd2bb9d38d8e9904cba643339c48f2ef
SHA5120bc28a2704555aa95bb1defe35fefbacfd52a193c67ba2c30d652ad0fcd35f3123cffc6969c8f993fad9ccac79ca472442c63454f313eaf508870a233a339c38
-
/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC0296-0001-1099-B77D414E6401SessionDevice.cls_temp
Filesize144B
MD5feaac65237f60388b6cfbe70b83605ed
SHA1f45b09228d85c2477a1a0e71fd606a3df117afcb
SHA2569b7e68e62cc9c773bf3d4c862b8d47a6068d3770a5e123e8bea6164e2e049ffc
SHA512ed2dc28259828d9c8d621525a5c7b7def419a68a06eccfea822809c0f9a902d086f39026617ea7217640e2641c0caaad9c6e3e1c0d19f15f17f62402bfb69687
-
/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC0296-0001-1099-B77D414E6401SessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC0296-0001-1099-B77D414E6401keys.meta
Filesize170B
MD547b5a1b8619f18bb88ebc8076db93edf
SHA16c94f4efb6993ba800e1c29501b831fcaef1cfe1
SHA2563e3f5bcde47bbf24fb540558136532461f433ee5a61d34c269294c53cbf0208a
SHA512686403d15d0e222c6edeeebf38f62a509dff875d38fb410e435929fb6e704fd9aa7904b141a7910670d0bae30472c53ed27ef94bc80114a1da339ac34b76e6fb
-
/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/672612DC0296-0001-1099-B77D414E6401keys.meta
Filesize170B
MD5c9775a3ece800592a75b17745c3a0f4c
SHA1772e2f8b840dd4111efd568f32de5ddff591a58e
SHA2564247ff5b4d4fed5be8e2c27d139e06170bf22692ab637dbc3e698872cb78310a
SHA512e06e9ef28b9b14b1097026e29d2ae7cd08f2abb806a4792a198c159e69d1c7c9e1025a6110be4b1377385cb1e8265017af3970afe7bc08be067b6dea0f9613f8
-
/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize542B
MD59d3d9bd65e5bc61abda1874b6dd7db2b
SHA100f0209465c682491887d14f98ae1a778e813ff5
SHA25603ec63115289a515fbc785eadf0f2b9bd526ccf4962cf460bf39f40949939c72
SHA5127429d95aada00bd377d69be5d1b6d3544747e1926557e084be9716e158ad67a3b94e6abc4920bfa61759f55a5078ab9565a8010fcbcdde6c844df1b4f5b2accd
-
/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize7KB
MD5c9d49da345051d92b31b0df37aa54676
SHA1be9d6f493b266dfd607cad306a4d648e5c79b8a4
SHA256d4f714cba93f089604bb58ce6e797013d9df4a41c4f9ed609abc119ccbb7a0c9
SHA5120d9bbec0f59db0a7d8eb6974b8c3092f9d621fa0754a371967b22c95646efad08a6ca5c9ff6d0d842eea2f4ae12a049245a5deb6cf57ff6ba03cb260d4ffb438
-
/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize1KB
MD5cd3c82f9a7463b625c23bce3c03bef05
SHA1e386240672f8659b47a6cd87a2d724fdb7c82cb6
SHA256147c4a6703a35d332ca32f70408aaea3b67694b6666fd32f3e9f5d2bc1d97e2a
SHA5127ae781c39b7c925dc829e42a4e19f657956d8182bee1dbeb43053d52c237bb7e37c86b254494a2e11d88ce76611bc354e9b0bda1eb595504ac00e50afe0f88a7
-
/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_32e5a332-03c2-488b-a36d-fceb9c961aa2_1730548449264.tap
Filesize608B
MD50f23eda6595eb6072fa1c34a61c3c477
SHA158ae099cb6362584af8cf6b8c7444be5479109ac
SHA25657316d4277a7f3e9fdf13b217af686dec9f1dd43aba57a900e8adbb7bbcb0b5e
SHA5125186cf9e8afd34f30c5268b00de450459450d62cfd8c312e92eb0a0b882317ac1f45e06354d3375ae443daa09e5932f9aff4b5f11ba37aa7eba69224d7f2e2c5
-
/data/data/apps.ignisamerica.cleaner/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_eda789db-c916-4cc2-8178-31823f8bfc7c_1730548447452.tap
Filesize411B
MD59401bfb009d945549465b29bdd79273b
SHA173a96fb2371cba1a01566e5852868c4b85cb674b
SHA256a34bc5961fb723b408d3e391db57d07e1050ffc5977f6e2d718dd59852565ae1
SHA512f782e6d6a6fd5800c633c1ccf1f11ac1206df98b6b04a7b40a300295b7d44373ed3a46a1849460e8927f1dc5fa5135205a6cfc958597a31b2e1a6574f352ea49
-
Filesize
36B
MD5e1e123bb9928db6521e9bb2cbab79cc7
SHA1d250aca5757afa25cbe86fe12eedba747ed5023b
SHA2569db4e8b2336b7e05dbb66ebefe166968b04d4aeb16c5e45132c400018fca4149
SHA5123fa79ba38313758533051620b185bd5a5104edfa0274efc6658f1a9be187d9da00a5f1464087b25e361cacae8a958e2245a8a1dabb953515c335c4bfcac6c712