Analysis
-
max time kernel
127s -
max time network
128s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
10/12/2024, 03:56
Behavioral task
behavioral1
Sample
dce72a5b6b22d686aa1347d7b395dd28_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
dce72a5b6b22d686aa1347d7b395dd28_JaffaCakes118.apk
-
Size
5.4MB
-
MD5
dce72a5b6b22d686aa1347d7b395dd28
-
SHA1
2f67ea2fd8fbec70b21bbf8132ff1ba34591e7e2
-
SHA256
f6225e0a907e27f523e22ca61fd4232cf772b95071aaaf66e3e015a92c437541
-
SHA512
2cc7326993a1dab72d643ab80347ad1f2166c8dd80f024dddd92d27592e3829b5c7b5e442934e841fc7436438b8f412928319118ec0c15f117c172d2ee77477f
-
SSDEEP
98304:qMXNaNFpSXUBj/tpClVSFqGU1qECPj474baaOCSINxGK140WH:XsBZjCwjlPs74uaHhXGx0WH
Malware Config
Signatures
-
BadMirror
BadMirror is an Android infostealer first seen in March 2016.
-
Badmirror family
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/bin/su com.kxxxlGame.kdb.zx1 /system/xbin/su com.kxxxlGame.kdb.zx1 -
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
description ioc Process Accessed system property key: ro.product.model com.kxxxlGame.kdb.zx1 -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.kxxxlGame.kdb.zx1 -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/inbox com.kxxxlGame.kdb.zx1 -
Reads the content of the SMS messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/ com.kxxxlGame.kdb.zx1 -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.kxxxlGame.kdb.zx1 -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 7 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kxxxlGame.kdb.zx1 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kxxxlGame.kdb.zx1 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kxxxlGame.kdb.zx1 -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.kxxxlGame.kdb.zx1 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.kxxxlGame.kdb.zx1 -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.kxxxlGame.kdb.zx1 -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.kxxxlGame.kdb.zx1
Processes
-
com.kxxxlGame.kdb.zx11⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Queries information about the current nearby Wi-Fi networks
- Reads the content of SMS inbox messages.
- Reads the content of the SMS messages.
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4241 -
ps2⤵PID:4427
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
3System Checks
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
146B
MD572aad3237e51201e664629fd2da1e0a4
SHA1d272fc84ebed5b45543a3df2e3e1d45246553d2e
SHA25652329a4f674a9440bcb712718e183c95448ffab1c3b958011dc6c9a8def632c1
SHA5128a5a313f44d6f83882b6afb15ee154b3d77ab1fdfed8d0ddb3b12122d729b644100117054f744e617e2b223f248374bf45b6561662463541289e4ca8189d406b
-
Filesize
147B
MD50bd0985fb88bab7489d97964255b1b57
SHA1a3aeceff775722e88094ed684edc36e6cfe47dbe
SHA256dff111fa98d24b852a953716cd449cd43b0dd277b27ba7a7b9d844ec992d5679
SHA512118327be9301d9dde1087990043088eaad2140bff4602714b29833dfaadb6dbb2709336bdd1ddc29b483cce86acdf6285080f8c84d269365b6f267a4f7d614c5
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD55f63982f06a197b5e3fc5c1d2cb13d64
SHA1888db70f9ae7f7c4beaaacc05d79139318f8e6f4
SHA25672c00d0d92cb2b39328e74127389de19e2e8fe2f2a4979ea1a458ccc4577b4a7
SHA512e354a95e19741f2f9b8c57be31a247c1a235b5d43a6b4f67954d2f2f3cd59cbba5683e6d9a1529937187e1b495f09e0dcae62c2f1e123e39ecba20df3eb12c08
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
56KB
MD5a184c852cd266f9b833277aa6ec19f83
SHA177d52d237283199768fc1d72656a90dfa63a85f4
SHA2562cf03247e26dbc828a7a966057c3fcf40e6ca7133673221879afd6db8e49cde9
SHA512318b296a3092baa6f9adf49da7fdd6e990da489927da2fe3bb2a97ff554b4f5b0c40f8bc934bf41c9fa649fe5e6fc4227d2d44a4c302929890606d6014c4881d
-
Filesize
613B
MD5a9bb654c965760b38233533e65b8fe5a
SHA1e1d989f628a6e2a9ec6110b9b0995b336c495cb1
SHA256e24d61d3714a83f282e3e052ac15773040eb79e7142584f333d68c76c97bcdb5
SHA51270248a79c5b1831fd1b1e66c586cad0ffbfbab2c2f07279ec3ce4be5db2e307865f3c70d3a8a3366c276e2d2f7bb00d65531b2ff27c6bd95462da34ef6eaa2ea
-
Filesize
732B
MD5ad7a987af855747e48aa8bedbb3b58ca
SHA15505f547c2b0ad36db286183b434598dbead2f9b
SHA25697aa5154d2e5e8c275aabb7b5d0a3bf616a5d5172cc2a9b6fda783c988632e10
SHA512ff087d74261f39550df0e3918542c1ac76baa2f1b9393a0de058429edbdbb4dc80302a6ba8e2d084b1af4119510454ba1978b2ecd833aed9065d4fdf0e4238db
-
Filesize
732B
MD5aa5f523bdab84945fb5131dab7d58f7f
SHA11563bfad35bb070c3d34a74d19fcae9f311190bb
SHA256ba5a965d6803f109e39b7648bb108641dd608fd498efe093dc6cc12814650ab4
SHA51201bd3426f21d0e9a0a9587c9151eb51e0bfa7597f1717faa29efa5eb4fe65b61246a075b35d215a83c83f86326b0a0b5958bd8bfef6af5a68e83e67d1cbd584a
-
Filesize
732B
MD563a9eac4933677b37deceadbd1a14d0f
SHA129bc3446572d1bb00a2a974b89a2869fa79c2846
SHA256379d3550bb136f825ba51c183da2717c0496b955d77fe4a77376a140b48df597
SHA512c1b6203ec0b9a16e14d64c0a316092aeffa630eceab3f0a508c212a360a14ab0ff5a5e57a7bf0bba2a294eb9acf6784127097ea6d2915b72b1f016ba8dc02c58
-
Filesize
732B
MD598a3036465ca3774ea7d9f1587c77ab7
SHA189ca524e19dcf14828669882917d959ca767abb6
SHA2566c048102619db93fbac3c3d2fbb1af2489b66e0f65fb1c8f30ef89b2075fc6f0
SHA512f042c8baceff08c7a2f3baa4d785669159bd98d032f539aacd77c5994e299a991928dbdd1d78ede9f98fdbb1209a7bf6e7108f5959ff47b15daf4bdf3dbf1cdd
-
Filesize
3KB
MD5cf1053496f75e142e5a31436cc5488b7
SHA1861426f6421377a675ea62d2f7ce912796c28160
SHA2563bb3c1a7c03094539be3646b686f82e29f49074c9d84a93fe4eb98a885d01980
SHA51232570d02978f4dbcd6d40f624e55f687cb7cb8a3def1528343a7dbc4622968b97750d842070cfbc10fdaa4096470b02b1d24385e8ce75476f9d00c890245eead
-
Filesize
9KB
MD54613c90a4f2786039bb6c77399d1efe4
SHA143f2d4a69d57929bad01baee1fa898ddbb47f491
SHA25644e4a370757679d71cceb4ad4fd5c632d1a63989aec87d594d198d627cdcef12
SHA5121c85cdb64d47af0a40d8b27faa3b50b1588e373fc723038a5e43eee9835f88d993e59392c191d408c4243c49d120b9c1cc11f49480e230de675b00f5aaf05a8b
-
Filesize
82B
MD5a00703235e004253b594e26199a29864
SHA1e6ea3f0a4f6b152ca91d6334c768cd9bb85c74f1
SHA256b1dc91a46b5589b66b7f2861b1f11a8e924515fa127299fa579442ca2806841f
SHA512340933c532b35f688dcccf1a1f9fba2f460ae703178c010fb5514a320bcbc9e39136d69f93f5b64df137f3fa1d2f065f951ac5a17ab08afe7b1f7f055f84b834
-
Filesize
462B
MD5a272cafaf28185c99d3bb1236d1b96f5
SHA1f5ad876eb13aaf5f1c347e5c0aef1aaa529fce97
SHA256c185fbe1ea6afa223c64d04f08c9d34c558bb544350bbddc3db5909af5802f2e
SHA5121fb786b26fac7875bd79a7e126d88de1a209149ee5d53fa9114557e8715adb6a6e7460ab2446eee03515e05ae963f2fa06e6e01569b901096aaea775f5fe20cb
-
Filesize
166B
MD52848664fdde56fcaa9d2881d3fda2036
SHA13b049ac37c82fa5481acf0b988e0ad74ea26a811
SHA25617de403201d783a9f1f6092da1d7fbc53692aadf5c785a62ca0812946fc719ea
SHA512a2b2a562cde6e81bd7953c02c35a60b815e510f4da1c8df523ad6fdc0dd8679da2cc67abe61f305b18d2fd67c4739ffdf3f9b1ae41b6de4d2c3d0ff7e48ea52e
-
Filesize
82B
MD5e934e331235ec3633648a8096ef0f831
SHA1818b2ecc05e2a5eda7f1b347f3b38039889c34be
SHA256525754bbd4e669b6b8811a7e36da134d1f3bd90c8a5801c5787898cfbe088eb0
SHA512294c18b55cfaad9132c39afb9d95d6c27068368575c6df2609eeb63a497e622c5c276acab37fa543379cece8915c65207ef0b3b9112e54ddd49e4687cb55151b
-
Filesize
310B
MD5c7189d62f6ec2ad2e5179b3de594c876
SHA14f77d528a94e70ed056df1e4bdda25de2aed9089
SHA256d7f7c730d5ec1ff1c7451b7c9c55daa47e87d814becb4e42a83df2119d28d86c
SHA5121fb069c750db9474f8c69f3b9460eda81b0235376a971f9768305f973e5de016bab7cbbfad71f4f20373655bbe707add313129299812321abddf91af1c4f82dc
-
Filesize
147B
MD54707918bb2a45aa44c22f3aaa723ac54
SHA1543014bd90b1bd339146d9b10853883c8ddcbb2e
SHA256e387e3f224a8c881bb4c129f6e7a9d97b77e7c271cec15177f2c30c59293cbdd
SHA5122a427965cf18ace5e21601faa490481e7aa8cf5c6c598b9bce544f4231dee1d24e89e40ce90a61e9d3bfc79cc3c70e488b9588816f1d4eabfd44983d59ff55b9
-
Filesize
85B
MD5b05a29e0f25e9cca01cac1e515b05aa0
SHA1d2c7f5849bc2aea0b2fd3e2122bb325a812721be
SHA2564837f4149280be591dff83660ce6918f3360379b08d88d1052e7e310abb806b0
SHA5127fb53ee8b96eb10a84e8b0d9a5bcd69adeda3087c55a4515f6986bb6c73bd703dc3f535e505c66470d7548dcb34d56d83194614a26a5f77fcbf4eff26f4a10c9