f8967c02f4067054d749ceb2e59c9c5ade9dcd66004770a802fb3b794075d46f

Analysis

max time kernel
5s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
09/04/2024, 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9d72a7568df3b0b9cf1c5215cf24b6e_JaffaCakes118.apk
Size

27.7MB
MD5

e9d72a7568df3b0b9cf1c5215cf24b6e
SHA1

88c72d6f62a371f2b3e22f86275a23911b006949
SHA256

f8967c02f4067054d749ceb2e59c9c5ade9dcd66004770a802fb3b794075d46f
SHA512

2a63c63d8268380d5bcf1c3ff18574d095306f5ae20075415cfb6179b042e4c3c2ae875ad4f40f058ef70a51d06eb88d6ac01f2ca4a5fb892515f7ee36714f11
SSDEEP

786432:HXGwfXArvPRcz1dV5MurMTDJ7GNwdcMDWvdA5yI:HWmXWvP+z1dVRgZ729Malc

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tomato.joy.jqrddmx.huawei

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.tomato.joy.jqrddmx.huawei

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.tomato.joy.jqrddmx.huawei/files/tj.cache/openadsdk-2.3.0.5-dex.jar	4191	com.tomato.joy.jqrddmx.huawei
/data/user/0/com.tomato.joy.jqrddmx.huawei/files/tj.cache/open_ad_sdk-2.3.0.5-dex.jar	4191	com.tomato.joy.jqrddmx.huawei
/data/user/0/com.tomato.joy.jqrddmx.huawei/files/tj.cache/tj.sdk.TTAd-2.3.0.5-dex.jar	4191	com.tomato.joy.jqrddmx.huawei

Queries information about running processes on the device. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tomato.joy.jqrddmx.huawei

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
7	ip-api.com
8	ip.seeip.org
11	ip.seeip.org

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.tomato.joy.jqrddmx.huawei

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tomato.joy.jqrddmx.huawei

com.tomato.joy.jqrddmx.huawei
1⤵
- Requests cell location
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4191
- ls /sys/class/thermal
  2⤵
  PID:4315

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tomato.joy.jqrddmx.huawei/databases/downloader.db-journal

Filesize
512B

MD5
05eb67013c4d6be55bb8aad906492b4f

SHA1
d9df8bd7fd03faff6d56854f6c42078737fcf449

SHA256
0f6d44224e3b8cd1875aea7e9a3c4505eccac088d8bc8424cb665a848d97b025

SHA512
1b6362d348361b2de8cb7c327282863e1f1ee8c60d5d2f34f28de552ad47505f2dd544639cee6b783daf5b58ad58b26d09e8d49bcb47f621fb6c5a3161b9f218

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/databases/downloader.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/databases/downloader.db-wal

Filesize
32KB

MD5
96246c68421af12118c81a7ce10c77dc

SHA1
5b46e8bb82669efa1bb46ca981f8e51c4c090d06

SHA256
9181a3eb11c749ea908ed6af62a0566a011f77f7c02983b0a61f4ec91d03e2a5

SHA512
f55f8f0b6bc7370bd9ca3d3692031da63ab890b8a04bcc32a7aeec24962bcd64d3b13fc90a16d7ecf3643a8cc202dc18ecd59a47ccde04f3ceabd33475c576dd

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/databases/ttopensdk.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/databases/ttopensdk.db-journal

Filesize
512B

MD5
d35993ea96a595fe03f97d83d1bbf7a6

SHA1
42e0aa17ef0856816e7fee0e5ff5355e86df1a5c

SHA256
c338c6826d2a5c44c6a163dc3af8071b15757890fc79a4d033fa27d65a0269ad

SHA512
7a39947c1966d315d1a841e82b00bbc2c6084885ac6c25db391d24c2cd8e179bb1ae5acb5ebec56a8c5ce634c9cf9de3f1ae28408d9da157cd238ef75ef23bac

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/databases/ttopensdk.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/databases/ttopensdk.db-wal

Filesize
60KB

MD5
347d848c76749d5ff556d3682b4e7578

SHA1
778cfac8fb3ef647d1449db9e1019f0014794dce

SHA256
3d42f379a3503e4eefa388c81ee0a4cd0482589459190332dec0a986a31046d9

SHA512
0805d5886a241892c168826fac975f19a96c025d7c2ceed2d277d700c4e68f7f53c7e86ecaca1db03d685766156f230a2b8ad8fe34e440d11160cc54562c357e

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/files/tj.cache/MagicDex.tj

Filesize
557KB

MD5
b433a707578134c727791489734f51dc

SHA1
e821291e2efed3903384a3c2dced49f2be9e24d7

SHA256
37207c29ecc350d27a1a5d223fb8fa0746cd514b2080f37cddabf2f5bf6aabf0

SHA512
269106773649ab3b6d14c7f4d5d55958009f089bd20ceaa987dcef3162a3c74510b7e9b5f54434dc7767f01322bad479ef8a7dcb72faaa9bf08a548ebf51bac2

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/files/tj.cache/MagicKey.tj

Filesize
3KB

MD5
aaf7271e1c6f5f2913d7b1982be48b0a

SHA1
2f7b9695bc2f15fb63f02a973db7848b17d14d75

SHA256
c2e23a955ab90d7d5747f27c84544cca74023aa5a15a8ce96b636564f6bb2017

SHA512
2c7baa2350987dc76ff956ed7aa1ed1e7c5855b30a711afac54ddc6288324b3409916b6ea145d4dded885b7a50456db0b5c8ebdb14410dc7e9ca5dd9b449c886

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/files/tj.cache/appInfo

Filesize
320B

MD5
df4a079a3f4b759112fed9057eedf9ff

SHA1
334a7daae647638cee943e212363d76951c8ddee

SHA256
80d810b708b4293d388860f918d35acccf3d989a80136da4e129d582d0af2373

SHA512
f1b8efa42e66b7c67f9fef4d6546ebb8be0c50941878f97ccbce4bcf86a416a18e9935b149c658a5af6c61d896f90ddbae32749588a47bfe9b56745cacc1d25a

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/files/tj.cache/components

Filesize
4KB

MD5
42a380ae8bdfe25d66a8822314a3d386

SHA1
81abd16b3bdbe4562f5faf0fb776be73f51717c5

SHA256
6fc10b9e14832fddec0a204ef262c013bb376c8145946ca2eb278cf0f10d5f7c

SHA512
6c23a1f7f3e3b30e43affa1cba2f6a2f343a2c0b32a5d88b8b7ca14ea56f8547928f74e51e0f1f8ba01ffbda52f167acad46daeb3f8dd2f4bc91ee3be750f01b

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/files/tj.cache/open_ad_sdk-2.3.0.5-dex.jar

Filesize
536KB

MD5
7b47438aa2e3e03495f16101b2ec5bc0

SHA1
31ffa0d34255ba6f2af71a0a9f4f9087a80565cc

SHA256
ec87103c04b97d5d0c3f4f38421f0f7607f31c6610b78450b4276794f2d6dc56

SHA512
bd853ea775e83b5b9146d935d84f23d5fc89bf5598a9929d90d6e4d0bace9752a0e993cc2887e1856fbf0783b547d6c5dab0e4233d4a99c850247f03a168bde2

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/files/tj.cache/openadsdk-2.3.0.5-dex.jar

Filesize
7KB

MD5
1d0dff5cdc16d6c5cf4dcae5ea3a3412

SHA1
e64f3e1e82b690ffd4a5be816ba334cba4837790

SHA256
6aa95a0c585f90bde8cb8d8fe1599b32173540b8be53d619f6ce9f539d7dc9ee

SHA512
f22685ebdcf097f9beea52a000de22bec8694cb5a0e009da7e3e32982a7b0deee3f701e29151d8130f29f0ad97a9e9c3f58f96417ea9aa6ef1c8eac324cf3406

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/files/tj.cache/splash

Filesize
16B

MD5
5018b9d905c3f4b4ac14a5c5bc720efa

SHA1
b12849fde32826ba0e85ded1e0586925c9deb46d

SHA256
5558753accbb83a1c05616d67d11588e3e5955d11bed2ba680af2968ef6d950f

SHA512
e5cf3015d486dea41a32490d4a9fa5178e4d46a4646a0a1924c4423144a63f478b6da3bb124c725a2cb40dc2b57c000fb73289144b524cdef91f8d3970e347cf

Download Submit
/data/data/com.tomato.joy.jqrddmx.huawei/files/tj.cache/tj.sdk.TTAd-2.3.0.5-dex.jar

Filesize
17KB

MD5
fd78c1a67efacae235fc779f56df5d4d

SHA1
a91f0e97d929f2ff4f617b10d117fecf55ff0ed1

SHA256
5a7ec093c4d4d3933d6feb09144173ff3e83f1d69ab2928bcc7d8cebf85cdc83

SHA512
9f816acb5c16b0081ddbc9d10007dac6f9ea389765e1d92f5e9dd939b36940e8e4cd84c9aade0de788b15508193dd0c7eee9601860917f0b11142e28cfdbb280

Download Submit
/data/user/0/com.tomato.joy.jqrddmx.huawei/files/tj.cache/open_ad_sdk-2.3.0.5-dex.jar

Filesize
1.2MB

MD5
59f2b3c5a5b02df298528c12311d073c

SHA1
0ed2f3e40e3d219200b058bbe0137341b9f1a5d6

SHA256
18dded6051efea3488c1d71c37350d4ae3d98492a93c8d4b82e0760b53b1c900

SHA512
ba960de72dccdbb1058dc0b2a61833c253a2ce82b4e53565ec7528b47fdc4b07b80dc86c19352e68d6e1d5664e453d64a06f8ae97ca109821428ffa9aab41731

Download Submit
/data/user/0/com.tomato.joy.jqrddmx.huawei/files/tj.cache/openadsdk-2.3.0.5-dex.jar

Filesize
15KB

MD5
e19209ffbc56bb607c886b4f1ccea007

SHA1
11647d43ec0acf493b290c77f74ac3a97fa2b4bf

SHA256
561e2056a6b1e4002cfd34012ac422440d0c96eb98464181550d035fd6d6a256

SHA512
ee59a5468516558f8e9cbc3a069d5529d19d7db1ea9d695dccdfa28347efafe46546ddcd85c69378cee9f5bb7a400d10eba407632edfe73f289a95ba21597862

Download Submit
/data/user/0/com.tomato.joy.jqrddmx.huawei/files/tj.cache/tj.sdk.TTAd-2.3.0.5-dex.jar

Filesize
41KB

MD5
abce473bed7d7a908c1655fd58debcdd

SHA1
e4689944be687c653a08a5ed1db07890d1f51ad4

SHA256
d6e6a9f5127c1eb66a596367ddbabb25154c3303ffc9609d0eb84667db2918f9

SHA512
cdcc22a106b62f7cd8f226771b48386b5b379359739181e39491cdbf4942101bf19ff67dea2930109aba836882527ab5ce1af25987b080315b9199f262a10db5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads