Analysis
-
max time kernel
145s -
max time network
128s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
27-04-2024 22:14
Static task
static1
Behavioral task
behavioral1
Sample
03bec9974278ea18202d597b9f2e5b79_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
03bec9974278ea18202d597b9f2e5b79_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240229-en
General
-
Target
03bec9974278ea18202d597b9f2e5b79_JaffaCakes118.apk
-
Size
6.9MB
-
MD5
03bec9974278ea18202d597b9f2e5b79
-
SHA1
3f011bd908212aedee0af319c5675c2335be0e6d
-
SHA256
7e5ea9a965f763f9274bb93aa5428bf9b81de0a5a479a7262253925c095b63e2
-
SHA512
ed0c18d9826c6d10db7720d1a48e1edffbe6da25abc8f4fde92f95128948f049e100404c8aa0b11d19601da9c72509a005d8189e830123ecb220e3679f11c47f
-
SSDEEP
98304:gwIUadB/z8fOwtgOzLwDM5b7RqYXJcbXPQ+QohND5nU0lOPY3jKNKD6O+NNyALLO:oUadWWqAQl7AasQR8nB8zO+vLO
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
igudi.com.ergushidescription ioc process File opened for read /proc/cpuinfo igudi.com.ergushi -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
igudi.com.ergushidescription ioc process File opened for read /proc/meminfo igudi.com.ergushi -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/igudi.com.ergushi/files/__pasys_remote_banner.jar --output-vdex-fd=89 --oat-fd=90 --oat-location=/data/user/0/igudi.com.ergushi/files/oat/x86/__pasys_remote_banner.odex --compiler-filter=quicken --class-loader-context=&igudi.com.ergushiioc pid process /data/user/0/igudi.com.ergushi/files/__pasys_remote_banner.jar 4418 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/igudi.com.ergushi/files/__pasys_remote_banner.jar --output-vdex-fd=89 --oat-fd=90 --oat-location=/data/user/0/igudi.com.ergushi/files/oat/x86/__pasys_remote_banner.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/igudi.com.ergushi/files/__pasys_remote_banner.jar 4307 igudi.com.ergushi -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
igudi.com.ergushidescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo igudi.com.ergushi -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
igudi.com.ergushidescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone igudi.com.ergushi -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
igudi.com.ergushidescription ioc process Framework service call android.app.IActivityManager.registerReceiver igudi.com.ergushi -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
igudi.com.ergushidescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo igudi.com.ergushi -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
igudi.com.ergushidescription ioc process Framework API call javax.crypto.Cipher.doFinal igudi.com.ergushi
Processes
-
igudi.com.ergushi1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4307 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/igudi.com.ergushi/files/__pasys_remote_banner.jar --output-vdex-fd=89 --oat-fd=90 --oat-location=/data/user/0/igudi.com.ergushi/files/oat/x86/__pasys_remote_banner.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4418
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/igudi.com.ergushi/files/__pasys_remote_banner.tmp.jarFilesize
286KB
MD55be82952660053836998015bd86e661d
SHA12a03d5e076d51a6965b9801fc7885542b84c88be
SHA256ce6663136f5644815ffb8b1f512e443a009aacf28e12d9923101d2fb75314e5a
SHA512cc133482b664265a0f808731385a76cc92c7a8f3a90d0e93125bbbb99bbe1c80876c51db13a895a3fa684b5af99ee1aff15c7bf1a6b9bc8c7324f88e064c5b7f
-
/data/data/igudi.com.ergushi/files/mobclick_agent_sealed_igudi.com.ergushiFilesize
547B
MD527c9308107b8b1680f0933cffacf3c4d
SHA1fccd3750d6903c914cf01bdbf1ad86e5218916a5
SHA256eee2de3b9ca4a1cbefc91e56e05eb6a5cb3b5078805e56aabfa999a3da5168f5
SHA512da0bc4bfb1bbcc18b4ca7b2c5341aa6743334597238829ce6392571f88fd58432f490f5298e16db5db41425be5d72cf6452b58cd2deb751583e46aa45d6b8887
-
/data/data/igudi.com.ergushi/files/oat/__pasys_remote_banner.jar.cur.profFilesize
353B
MD5dfc4f0f41f033f883fc2ae446b3982e0
SHA1ec4d38e5919c5f65490c56953fa925aa6a2d20b7
SHA256711f95b9736cb3951583e32f47bbfbc1f98337928216004fae80f8d9b58d50a4
SHA512985efce6e8117b2bb341f3e2589a171b091c4c3db49a20e20acd39b542599dfdaf1862162413d7440b362f247e4c1dc62e2df9447d90536aa476268a24839a43
-
/data/data/igudi.com.ergushi/files/umeng_it.cacheFilesize
211B
MD535658d03fd5f867881278ecc6f65a0b5
SHA1c2cf9b28de4c0b8a7031a15c4bd61801cea21ebc
SHA25646dd1cdd1966b5bafd1f3b4d207f13b04ff5861f4fc1038c1f8e88f8ec1c4eb5
SHA512c227c9789b6f1c24c49ad3bd8eb8cdd1ebeb9c9a0662c3a29160381693e665a33c5e1cee89d73d67c3622e093286bb5e19a18c7fcfd60fc185bdd5c85cbf678a
-
/data/user/0/igudi.com.ergushi/files/__pasys_remote_banner.jarFilesize
413KB
MD5825c13a8fa013b3354d89454b9b8e9a3
SHA152f9e947bfe0a4417a1057fcd712d941b315cda3
SHA256699bd0739cd43638ff845df3ad9d4a8aa56c7c1ceeecfe78ad20c22f3d2816ab
SHA5123b36d136de00540bf95a6a0cb318e23daa8725ceab1e575ad62a01efc1cd3655da328beb67c3237ffa36fc9d8255a8ec809851625bad764de6740c750fcc987e
-
/data/user/0/igudi.com.ergushi/files/__pasys_remote_banner.jarFilesize
413KB
MD5e033a50c5aeec2a9d5e53e80453a98b2
SHA163a71bdb3bf588279079dbef063c753b2f218ab3
SHA256baf439f899582c1faf3c5407f5e30dbad4bfa72019bd57e3408473e30b155197
SHA5125eb15d08192dd023cd55474fc86a750fb55018d5fdc9af081092b8948abe6310e882e37a696b1a27da7a4d87a3f05a3278f747de537edb3047e6d7179faf5e84
-
/storage/emulated/0/Android/data/.class/androidFilesize
33B
MD53d01a0cc7abc4fc30bb3e60da34f59ef
SHA1a77628ffc105519271a9bdfc24bc0ada1aadd20d
SHA256687bd1f19832d515445c688a6acdaf9212540c0b08796179b9a1b27497f45e29
SHA5126d3fffcd24d6a65a48a89313861896434f7dcf4dee695dc84f3b55d6c19e457a7a68dd6f5e464acb007d16922b44192f994e24064d69062c36481f2cf80636fc
-
/storage/emulated/0/Android/data/cache/AppPackage.datFilesize
18B
MD5861fd379029b39591ce8cf5b366d0319
SHA1d70d9345157f9b8aac17566c0207cd4dde5758d2
SHA256ce597cb7b4d82125c827f16833bd3fe57192f8f7a66ce43b18aa4e11ede109c9
SHA5129249a97e0b679ed1788d7508f696a883584d7b9c196479fdeaa9712d54e63b13196aa4aa430bf4dfd20ee3a5242ef9a317aa30e6e87dc42a274cd4141b864a72
-
/storage/emulated/0/Android/data/cache/CacheTime.datFilesize
13B
MD59b61d7013ac48b5f6366bc04835748af
SHA13023ef28438f998f336d3b47b5941169f4ec9217
SHA25666a6a87d90bf8a777768b787144749e562f411985a23d22fd0f7f154e4cb3e62
SHA5129d6571c3d3f69cb86c31ba735f1459eb8a9942cf032dfd439edd43c778484a682be88bcaad1c629806ce6fa50ec1f06d10250f91592d3841890a11a6b41ee81d