Analysis
-
max time kernel
47s -
max time network
132s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
03/11/2024, 21:34
Static task
static1
Behavioral task
behavioral1
Sample
8d9c78499d2277796005b0cf6f392f42_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8d9c78499d2277796005b0cf6f392f42_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
8d9c78499d2277796005b0cf6f392f42_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8d9c78499d2277796005b0cf6f392f42_JaffaCakes118.apk
-
Size
187KB
-
MD5
8d9c78499d2277796005b0cf6f392f42
-
SHA1
1de975eaf9631971eefbe02c82350c4966ce9d0b
-
SHA256
2e38f52d536045ae46c828eb2f54e9289237de71d5243952afde4959b4ea5984
-
SHA512
ff5c20ded73026c5624e4acc96cc79681c6a339ca2928f9e584715370b33709d25c3679d293dce4a8e3ace020df103453359f6270b032624d114f43def360ad5
-
SSDEEP
3072:ugxda8wyyw+qWmK440T1Seax7zyxxhfMcmzVWOPdfOpbj6Z406OAR9C7tu8seXqO:VxdYyN+N440Qeax/y7h0cmzVTdfOpXs7
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /sbin/su stat /sbin/su /system/bin/su stat /system/bin/su /system/xbin/su stat /system/xbin/su -
Checks Android system properties for emulator presence. 1 TTPs 2 IoCs
description ioc Process Accessed system property key: ro.product.device com.lexa.fakegps Accessed system property key: ro.product.model com.lexa.fakegps -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccounts com.lexa.fakegps -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.lexa.fakegps -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.lexa.fakegps -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.lexa.fakegps
Processes
-
com.lexa.fakegps1⤵
- Checks Android system properties for emulator presence.
- Queries account information for other applications stored on the device
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4275 -
/system/bin/sh2⤵PID:4345
-
stat /sbin/su3⤵
- Checks if the Android device is rooted.
PID:4391
-
-
stat /system/sbin/su3⤵PID:4411
-
-
stat /system/bin/su3⤵
- Checks if the Android device is rooted.
PID:4431
-
-
stat /system/xbin/su3⤵
- Checks if the Android device is rooted.
PID:4451
-
-
stat /odm/bin/su3⤵PID:4471
-
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5ad73d8317b8f111273411cdabec10aca
SHA10b1357e4f248cafe34472f3fbfaa4816f4b637a9
SHA256e07b6c67ba455440e2dc9b8743c78000a0a8b647cc4bafe89ab411a8450df7b3
SHA5122d5c3173c1f75ab42094f1f54becb768a28315f4563416bc5bb22e8ff62af11ebfa60626b4a648749931d24cae240ee67f2b1d72df3ca6a9c35e075c9be85ee9
-
Filesize
512B
MD5776233b4b6baba83e6f7563f1f3e6649
SHA199062963eb8d50cfe0422ed1d37359a24f19f76b
SHA256052b186951f460bbdb88c3c38931157f3264c96234e94666abd88375f6888d15
SHA512de97095b17435ddaf66ab9a5746ab555458706e32213757e377f29edd5cdc7394bea2adc1d422beb05342bcc6e129372fbba3e53c0511b44187085a26ea35d73
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
36KB
MD590f94adf3e1cae989ebecbe7cb2d99d5
SHA188cbf05d3185cefd3c9a10b44e203ef334bdae39
SHA256c106807d4525daefec73b1e759b2bf5e693ce468951ff6a29040b6bdb8d250a3
SHA512c9b70aaa12795fc7b61b51e8a842bc21fab42b60e85a5e768a033f99b61a0e67497cdbb5428d0767ffb457c2acc5b1a85798ecfdf2f6f826a875f08bbe7033b7
-
Filesize
1KB
MD5cf40a1de3f93b4a025409b5efa5aa210
SHA1c66bf56ddabc2021b84d3ae2755d0ab05ff0c99e
SHA2562da42fb1d7bd8524e83d5a1e332bad697c8769ba430770a19bec630eb8ffcaa8
SHA512a4f042e43d4db61c4ed35d966210b12d9b0afabcff358f4d07691c948c0e308068a5a9a7ee52a7329d78c9d9bbf7e06133d79334e53c9bde3c011c954fabf144
-
Filesize
1KB
MD5a63fb3e802601bc3bc9437527304859a
SHA187b2aae49503bb1d8a6f2a1198dda99cd2255ffa
SHA2566d91a179751a207d7a668c605c4b846bc87dd0d097e61b2385019597dcc2001a
SHA5124ecb6f03143f5d2eae928fe6c68ea87ce51fad7174410b385fb822a2e02e248e2be183c4cc6637720dd5cf283f1da316ef75190c3e2583b47ae8b5afa1af246a
-
Filesize
47B
MD555291fa24e7b0760e63b98ce4fe45da4
SHA11656655b5809f9fb45dcd39530003fd2116e0031
SHA256b8a58f588c12c921f78b9393cab959a2c38f9dfd2649617d9ea047f54374c909
SHA512b213af2d196550026733fe0c4889584f657c0b4a4f6960608cfa04468c5e94ae6061727f297df62ad12454bc92a0195a9e843078f71fe31aae2c67c68149da46