Analysis

  • max time kernel
    18s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    28-04-2024 00:09

General

  • Target

    03f138980d666f1c8a915978c1432497_JaffaCakes118.apk

  • Size

    455KB

  • MD5

    03f138980d666f1c8a915978c1432497

  • SHA1

    6303b9ea8f7cdab5d99d631aee585e39db0e6661

  • SHA256

    48b2f3b117cad1ba76ee0d8cb04db6418e84c20be1ec3411dc01633c0e360fed

  • SHA512

    b4d86c55fd22d1939d22f2ea15d2b92a372aba600e186be8114997162d8ea0a2de60276ac3c3578bca87e6368d552dd1b6c9e18ada8b05e726034c8cba3ea532

  • SSDEEP

    6144:8KxjvU5o4muUy+NII+d9FxnL9GvWqaMx+/sYCi0qvfH/0bQOg0aU9u27X6kC9Yt2:9Ph6Fu9L8pN/Gg+9u2AKMzN

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Tries to add a device administrator. 2 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.yxhoandw.rtkwext
    1⤵
    • Loads dropped Dex/Jar
    • Tries to add a device administrator.
    PID:4291
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.yxhoandw.rtkwext/app_khgegsx/oat/x86/eywvxam.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar
    Filesize

    379KB

    MD5

    0cf390161e48fbd7f179aec30d5f458f

    SHA1

    1e3e40a4c903e0261d216b4847565666eb823f85

    SHA256

    e9c140f302cae2ae048bb751cb8b3d624d9b1921e165822bbdc79a3521f270af

    SHA512

    130a74a5ebe02596ec37dc30759fe35b83edcae426b264c11be83ca23e87da47887a29463f648b1c100de3a6794a2959a6d9b83cb2454766e4dc105e65731920

  • /data/data/com.yxhoandw.rtkwext/databases/a
    Filesize

    24KB

    MD5

    56c3b883b89768a572d72d5e24f6037b

    SHA1

    eb6296d234fbe5bb3958bdcca8d1d21cbf6798b9

    SHA256

    fe7f7123a850794ea84998f7e6142199110607005384120c337577517c664501

    SHA512

    0c3f233673b2156194623d3326291337d9c108badc29edee2ac1d4faa4bf6f6d7a73ab8659f676092c144fd510195f663e6dd1ab1edcd04a7b35332da6bdfa9f

  • /data/data/com.yxhoandw.rtkwext/databases/a-journal
    Filesize

    512B

    MD5

    ffe27a5f5cacb4810d3dcce090c1f7b2

    SHA1

    9db4963ea8b79390a22fa3daffada97d35ad2958

    SHA256

    c6ff09928a95ff7a86b1a288eb7b50a7974aaedb4f1b0c4d72c1cd5aef32fcce

    SHA512

    15af05b08442ec5f0500ffc368a02e59504e6835d662dc8acafab16eeef1e56434cb4a9e35d6bcd46b10322ca627f6590bbc369caa53aea9358f66ceca28c3b4

  • /data/data/com.yxhoandw.rtkwext/databases/a-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.yxhoandw.rtkwext/databases/a-wal
    Filesize

    36KB

    MD5

    5e84a49fc09ddbe675321400f196bed0

    SHA1

    6a02a69a86cea77386349f18b25629a36ce11c07

    SHA256

    3451c71d009786e6a065a172acd59f4add2bf7efb9987c55ea2cf2ed0f217cd8

    SHA512

    89daefbb16561070a3ce980ef6fea7d684d71302ef73b1dc7eb6ded9849655bba35b577ee813630ade598fa97e04b4b9beae220ca76aa1efefd10d875769ee24

  • /data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd
    Filesize

    16KB

    MD5

    ecdbb0ead41cdc5ded3a2c649bc89f4f

    SHA1

    9aade2f16c640b0941de330b745db9b8a971b72a

    SHA256

    31c51d9ca8d74e3b0b4448b8fb6a58324db9be40e71616a35179009a819b2547

    SHA512

    64d14a269e8d9afd2b49720dd15d5c9926c1157cab6937af3c88a6bf2a84df29bef552f97c8cb3788dc68f811f07c6321d2079b6ab02973161b2df0211cb46ce

  • /data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd
    Filesize

    16KB

    MD5

    68c6a6a3d071676ce6db3391ecb54310

    SHA1

    2ad4857fdd58fb39cbf74f140cc6a247ecaa7992

    SHA256

    31416d30bf37f7f82816707a1db9b54b9cc6d2862e39a1f11c8e24a2125c4443

    SHA512

    1884ff33ed08c257f169662600021a92d8fe86bedf3e0f4cfe7a69a62ca903346aeeca4281436fa1f36f166dc6a4c0db015e2bed0907b3b11638c20257bc5f41

  • /data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-journal
    Filesize

    512B

    MD5

    e68ae89b857e3596c81057f6561c4ecb

    SHA1

    b87a18a2281d71d9fc9cea6c926d17f397796ef1

    SHA256

    cf0e48c3a3483efb66f42709552bb3651783c0bba3b3a23e942e594da0d3d9eb

    SHA512

    e89b2857d57cb2e4c132aae8d31406180c30b817ca97eeec6b3c373b5d89274b914acd6aeb68707aa1ad6da82a57ac96fd90b1ab7440133cb4e76fc6751823e8

  • /data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-wal
    Filesize

    28KB

    MD5

    0474b27ac894f8916c91810210328cff

    SHA1

    68cedd5acae57175a1d8a7ae3f97fd8ea6415e0f

    SHA256

    6375f3ba7c647092038e0b1dd27d7646147ea2b0659d86071d6eec7d3108e257

    SHA512

    cefd0e4ad2589ff31f4c9e7a8eafe12af367e597cb5f831c5f323972870ada0a39b46d6b388036f04cc86b34e702a963d3b58f12b52669401f270844fea8b9d8

  • /data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-wal
    Filesize

    4KB

    MD5

    0d4f89dde76c70b03d59c0e3322fc499

    SHA1

    d9fd75ea8876526c7c12ffe6378ac1f679f6dc7a

    SHA256

    1fd7af6faf92c2260dad39831503ab913eb9c068a50f9a407794bea801bca814

    SHA512

    0e534d3a3f10dbcb39847cdb2583f2e5ad1e2a4c05918972b80ee21f5e326d87c8eed4597c17b95dca999f7204c74bb7fc0ca7ac602fa1003d5a755122c8fbee

  • /data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar
    Filesize

    906KB

    MD5

    6f7e4b16b4d0a304eaa64bc6daa822e4

    SHA1

    42a5f12341e315cad1b445545b26d147ae5435b7

    SHA256

    13240dbb94c43824882e51db3b9a4f0e1a1ca989cd203a720df909785e0a1343

    SHA512

    6d605c7e6c8c4ce780392fb41ac2d2fa61567d6f9c5028aa9b7ed52abd8bfc1606fd8284f176a4de49b33806362282a6f7c1f3975caa9c0035e68294a1b26e29

  • /data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar
    Filesize

    906KB

    MD5

    dcffe5ea86d188e5b54b29b5516c3ced

    SHA1

    58ceae1e00da5803f01eb76657e0f6017c65aeb9

    SHA256

    5fcadb0f007273beb6fdbd28668b076441cbf12a4630b6fb4ff7daf0160fcece

    SHA512

    4c8b35386f8ad401db49914b3bf2c12be9d6ccdc31223e736dbceea3b3b01a169f770fa051f15f40e7e8410d1bd936481f42b62ad2ad10541a2e77bdaa54b5eb