Analysis
-
max time kernel
11s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
29-11-2024 12:52
General
-
Target
b15b11f438c8db93327bb679bc09a89c_JaffaCakes118.apk
-
Size
27.1MB
-
MD5
b15b11f438c8db93327bb679bc09a89c
-
SHA1
5a4f289422430a8bc68941e311bc50190f570ebe
-
SHA256
723cd3eb202c5f6ee70cda2ea84464d124216949f3d4bafa25e7a52bbafdeb94
-
SHA512
39c84eff8e1e689c05e6a7ad9f88a68d13030ab40c1430c8387be2b28e91832043a0c49a778defd93307b12132f89bfedd065dae4c6774924a366e4da42cb187
-
SSDEEP
786432:s9g5ZdpzPhkV1RArCY6hCeS7T+jaZLjkv8jyjZ:s27zJCva6hWHhjkv82F
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.redantz.game.za2p1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5717efe8da281f5277892d95f5bf3bae3
SHA1610890b1ca0f00dcfa572dc83b0527a1746d7618
SHA25647b4ec7898eb16a1111994a4fb121ec1cd1a9d709f92916adbded47dfe5145e7
SHA512ef3ee23427cdafde9bc9e304393409b3ce94d00bd25395dd30007c5f934eb87b6b2a27ec262e091e008f41fcdfb0a2babbe89965e9396fb7b0e9f387c1ad089a
-
Filesize
8KB
MD52280b91abd7ef09629c9c0a3748a0e8f
SHA1e59b78a7d698ec6f0c6a2f8a4e3a1f3de98d3d5d
SHA256a252e07f48de0dd5d5e27982449eacb869eaa777e9a4bfe015abc689ab22c32a
SHA512174fcf7455d7646d9df8dc1731949bb28bf6188989a16750dc64ec51e7a13d1551d5a4718e42136f50c35adae7bcad293c852c173baf01688ddb9b9e45f1ea56
-
Filesize
512B
MD54ffcdf1e966abc1d504eac9cbb1bd1fb
SHA1e9549c58df88f45060063e76abc4e6ac19704c41
SHA256869653221099eaaf2fb104e6529eeb4555d23752067fe026577132109867f3e8
SHA512b42d928aeef837375d495334893ed0f46863702dbcd63c8f619e1e7cf34f37eddb835003c146e946a7f2ecef4be1b50f167ead79d440832b8b807d85b5ee0d02
-
Filesize
8KB
MD5a67c501428bb5578abde5020d56edfc1
SHA1af20d02db39dc9b392d41d74e13140a842c6c2fe
SHA256796e427c6ec93753f0f1590451beba6ad61c836c8c7ec474da3b498dca7a262a
SHA512cc36c1d68e567dcfa25559c5a3cc1acdd994433da160d959b71429e4e86da2344ff0e891158913a3ee572fdc39b005697723a957c363df68a8f1be93acf28ccc
-
Filesize
8KB
MD5d14dc37cf9151194b4d30ad25572f541
SHA1cc72423215f337de7891d91d248ed8916ea732e8
SHA25622c3d2a4f056f5428d3162c0a2b4e3116956570d1acec629ffcbca8912bddf46
SHA5122928bcbfe1010862cbfa3d9805775125a2ca8b4995c3f4234ed947539cfa5255d1903a519178d5c46d5de9e9185e8b4596674b8a738f09c8295bb886a4191b89
-
Filesize
8KB
MD5c5e30c859ec70602d421512daa5604b8
SHA1a4130538dcb070de0009bf6ada925e3a1cd7d9d9
SHA256cdf1cbcda6da1e0aa6d232f6e851f3c06609b6168bfc265b678f113575492081
SHA512009de7d4c12a786e7a013d5d75c6948c0ad8e0803853e71c745075a32a152aa8cf61a4d1db91415ae78d752e378e635d052204da5dc19b30fa531ca0c8273ef1
-
Filesize
36B
MD5ad8a05a6bc7b3e3fb9c621b07474cf97
SHA151fde48cdf70bb2d794c90eeadcb38a4e41db4d8
SHA256df2a3cae303e200e0c9cd236a210b384e3cc234abac9088ed197698a7e8f9379
SHA512cec534e0fee783567c00ee9177bc1de2474e08e80cef597bcd38d1824a1b56e97df5b7f7e49870abe3286635357ab48f6432768e8ae6673598ddb2d5a9dfd8af
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
16KB
MD5600392ca31a98b653a8e610072dfd6b6
SHA14d0e0ea960ecae4b7d5f28b4174aa8b4ce7e30e8
SHA256f61e8eacff5e2e7aebb967448849b5bbd1cab934718253cbe413b2b131618765
SHA51260919211655c7de2991290ca897c089f6ac6a2399366cb6cecfbdb36a665be6fa7127616457d6632f646a922db1828f55d089747c5e0f3ec0d02ff2a763e8713
-
Filesize
6KB
MD590cd1eef95f6a13167c8e7a1a63c433a
SHA14a45f949347167326f29c78f445d3cf45e01c8f0
SHA256b069180b9e3524acaaf737a640cf42df6e25a982d88a79b039d06fa235278e0c
SHA5129a8e147368e893212dc66334bcfcc987194bbfd774ee823f6f75b3d69b3a493af5f437c540b68a544ccbeb9e6f5777ead4ed80dec8b30458f3af81715598ee29
-
Filesize
62KB
MD53f3135dc01e81303f1358e00524aa593
SHA16e3c601fc7ab84fc3a8683ef018ca9a90054f30b
SHA256b6421be392d0c9c474ced3e3f5424512f1d583274d7ff54d419ac16dee1cf479
SHA5121f23acf9fcda28843e27cafd7836cdbbc8ea4f5b5214f7c719dbfa3930e91bdf870e8d115321d019134eab10c4cf3fb20c02a3f219a30d72648c058da623bdb7
-
Filesize
16KB
MD5769de957da50b87d5a5fcce3fb3719b1
SHA137064c09138eddb60ac0f58bac9ccb2c358a9f53
SHA2569ea3b2b2cec707d4c07bd9c94d4a1089055012d079ca67acccbbdb8afa874068
SHA512f48352e833faff80d9ec8d4e7684e62cdc010f609ba1262c2e484de196a604f7f9880380f4857ebad108e38b23464bf471be555aa97e35af8a887e5dddff7e45
-
Filesize
4KB
MD5a5cb3d5e5ff689f75974c36301ec211a
SHA147150bb3814c9fa728c5cf038e4ec76b9a4eccfe
SHA2568389099ebe6dc67dacd482b20ffc150a15ddc34c4d99711c41dba00c888bbc2a
SHA512ac954de81a820edf5e1a19fb56cfc494756bfcbd1226bf15189a26af445bdb533fc350ff83b7a46f3a38bd72a9b5a0acd09de252179000f266c1a9e54633ee30
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
1.5MB
MD537982159fc58abe0c52fa11f5500f2ce
SHA10b93b94af7bf3a112e18f56bc43387d943c5043a
SHA25604c39dfc7f8613151eda03eea3f25a4c986dd07075fe2dcfcb71ae69b6162132
SHA51272ad23185f963336bfdbbd6415c9638f90fc0da848ea6f94f45b3d4f5c99abcc068a377ce8fbe0964f2c447256d8a389ddc16f6ba91fb376564696b72f00ed91
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
1.9MB
MD58a96664d5012df7b6a06c69ab4d16ff3
SHA1956168588a58ba328ea969ef3dba8f49ae8b6b90
SHA256cad36823da18e2a0c119b647b2c49afe9240aa6612e8ccc77e614c5c68877bfc
SHA5125b682542d2742ac9f12b94d974dccdbd5af24abdd6a459c20ea5fc6ce5a98eb4d6a96b3dcc513b97fd923e69448eaf8c1150002be90bfa276d3f46bc109c1bf1