Analysis
-
max time kernel
18s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
28-04-2024 00:09
Static task
static1
Behavioral task
behavioral1
Sample
03f138980d666f1c8a915978c1432497_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
03f138980d666f1c8a915978c1432497_JaffaCakes118.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
03f138980d666f1c8a915978c1432497_JaffaCakes118.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
03f138980d666f1c8a915978c1432497_JaffaCakes118.apk
-
Size
455KB
-
MD5
03f138980d666f1c8a915978c1432497
-
SHA1
6303b9ea8f7cdab5d99d631aee585e39db0e6661
-
SHA256
48b2f3b117cad1ba76ee0d8cb04db6418e84c20be1ec3411dc01633c0e360fed
-
SHA512
b4d86c55fd22d1939d22f2ea15d2b92a372aba600e186be8114997162d8ea0a2de60276ac3c3578bca87e6368d552dd1b6c9e18ada8b05e726034c8cba3ea532
-
SSDEEP
6144:8KxjvU5o4muUy+NII+d9FxnL9GvWqaMx+/sYCi0qvfH/0bQOg0aU9u27X6kC9Yt2:9Ph6Fu9L8pN/Gg+9u2AKMzN
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.yxhoandw.rtkwext/app_khgegsx/oat/x86/eywvxam.odex --compiler-filter=quicken --class-loader-context=&com.yxhoandw.rtkwextioc pid process /data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar 4352 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.yxhoandw.rtkwext/app_khgegsx/oat/x86/eywvxam.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar 4291 com.yxhoandw.rtkwext -
Tries to add a device administrator. 2 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.yxhoandw.rtkwext1⤵
- Loads dropped Dex/Jar
- Tries to add a device administrator.
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.yxhoandw.rtkwext/app_khgegsx/oat/x86/eywvxam.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jarFilesize
379KB
MD50cf390161e48fbd7f179aec30d5f458f
SHA11e3e40a4c903e0261d216b4847565666eb823f85
SHA256e9c140f302cae2ae048bb751cb8b3d624d9b1921e165822bbdc79a3521f270af
SHA512130a74a5ebe02596ec37dc30759fe35b83edcae426b264c11be83ca23e87da47887a29463f648b1c100de3a6794a2959a6d9b83cb2454766e4dc105e65731920
-
/data/data/com.yxhoandw.rtkwext/databases/aFilesize
24KB
MD556c3b883b89768a572d72d5e24f6037b
SHA1eb6296d234fbe5bb3958bdcca8d1d21cbf6798b9
SHA256fe7f7123a850794ea84998f7e6142199110607005384120c337577517c664501
SHA5120c3f233673b2156194623d3326291337d9c108badc29edee2ac1d4faa4bf6f6d7a73ab8659f676092c144fd510195f663e6dd1ab1edcd04a7b35332da6bdfa9f
-
/data/data/com.yxhoandw.rtkwext/databases/a-journalFilesize
512B
MD5ffe27a5f5cacb4810d3dcce090c1f7b2
SHA19db4963ea8b79390a22fa3daffada97d35ad2958
SHA256c6ff09928a95ff7a86b1a288eb7b50a7974aaedb4f1b0c4d72c1cd5aef32fcce
SHA51215af05b08442ec5f0500ffc368a02e59504e6835d662dc8acafab16eeef1e56434cb4a9e35d6bcd46b10322ca627f6590bbc369caa53aea9358f66ceca28c3b4
-
/data/data/com.yxhoandw.rtkwext/databases/a-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.yxhoandw.rtkwext/databases/a-walFilesize
36KB
MD55e84a49fc09ddbe675321400f196bed0
SHA16a02a69a86cea77386349f18b25629a36ce11c07
SHA2563451c71d009786e6a065a172acd59f4add2bf7efb9987c55ea2cf2ed0f217cd8
SHA51289daefbb16561070a3ce980ef6fea7d684d71302ef73b1dc7eb6ded9849655bba35b577ee813630ade598fa97e04b4b9beae220ca76aa1efefd10d875769ee24
-
/data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsdFilesize
16KB
MD5ecdbb0ead41cdc5ded3a2c649bc89f4f
SHA19aade2f16c640b0941de330b745db9b8a971b72a
SHA25631c51d9ca8d74e3b0b4448b8fb6a58324db9be40e71616a35179009a819b2547
SHA51264d14a269e8d9afd2b49720dd15d5c9926c1157cab6937af3c88a6bf2a84df29bef552f97c8cb3788dc68f811f07c6321d2079b6ab02973161b2df0211cb46ce
-
/data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsdFilesize
16KB
MD568c6a6a3d071676ce6db3391ecb54310
SHA12ad4857fdd58fb39cbf74f140cc6a247ecaa7992
SHA25631416d30bf37f7f82816707a1db9b54b9cc6d2862e39a1f11c8e24a2125c4443
SHA5121884ff33ed08c257f169662600021a92d8fe86bedf3e0f4cfe7a69a62ca903346aeeca4281436fa1f36f166dc6a4c0db015e2bed0907b3b11638c20257bc5f41
-
/data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-journalFilesize
512B
MD5e68ae89b857e3596c81057f6561c4ecb
SHA1b87a18a2281d71d9fc9cea6c926d17f397796ef1
SHA256cf0e48c3a3483efb66f42709552bb3651783c0bba3b3a23e942e594da0d3d9eb
SHA512e89b2857d57cb2e4c132aae8d31406180c30b817ca97eeec6b3c373b5d89274b914acd6aeb68707aa1ad6da82a57ac96fd90b1ab7440133cb4e76fc6751823e8
-
/data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-walFilesize
28KB
MD50474b27ac894f8916c91810210328cff
SHA168cedd5acae57175a1d8a7ae3f97fd8ea6415e0f
SHA2566375f3ba7c647092038e0b1dd27d7646147ea2b0659d86071d6eec7d3108e257
SHA512cefd0e4ad2589ff31f4c9e7a8eafe12af367e597cb5f831c5f323972870ada0a39b46d6b388036f04cc86b34e702a963d3b58f12b52669401f270844fea8b9d8
-
/data/data/com.yxhoandw.rtkwext/databases/sdffsfdsfdsfsd-walFilesize
4KB
MD50d4f89dde76c70b03d59c0e3322fc499
SHA1d9fd75ea8876526c7c12ffe6378ac1f679f6dc7a
SHA2561fd7af6faf92c2260dad39831503ab913eb9c068a50f9a407794bea801bca814
SHA5120e534d3a3f10dbcb39847cdb2583f2e5ad1e2a4c05918972b80ee21f5e326d87c8eed4597c17b95dca999f7204c74bb7fc0ca7ac602fa1003d5a755122c8fbee
-
/data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jarFilesize
906KB
MD56f7e4b16b4d0a304eaa64bc6daa822e4
SHA142a5f12341e315cad1b445545b26d147ae5435b7
SHA25613240dbb94c43824882e51db3b9a4f0e1a1ca989cd203a720df909785e0a1343
SHA5126d605c7e6c8c4ce780392fb41ac2d2fa61567d6f9c5028aa9b7ed52abd8bfc1606fd8284f176a4de49b33806362282a6f7c1f3975caa9c0035e68294a1b26e29
-
/data/user/0/com.yxhoandw.rtkwext/app_khgegsx/eywvxam.jarFilesize
906KB
MD5dcffe5ea86d188e5b54b29b5516c3ced
SHA158ceae1e00da5803f01eb76657e0f6017c65aeb9
SHA2565fcadb0f007273beb6fdbd28668b076441cbf12a4630b6fb4ff7daf0160fcece
SHA5124c8b35386f8ad401db49914b3bf2c12be9d6ccdc31223e736dbceea3b3b01a169f770fa051f15f40e7e8410d1bd936481f42b62ad2ad10541a2e77bdaa54b5eb