Analysis
-
max time kernel
141s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
30-04-2024 23:03
Static task
static1
Behavioral task
behavioral1
Sample
0a9c2b27370ca332513f9630a1a5847a_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
0a9c2b27370ca332513f9630a1a5847a_JaffaCakes118.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
0a9c2b27370ca332513f9630a1a5847a_JaffaCakes118.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
0a9c2b27370ca332513f9630a1a5847a_JaffaCakes118.apk
-
Size
463KB
-
MD5
0a9c2b27370ca332513f9630a1a5847a
-
SHA1
9a034bbe00b7a7e57c3ad719f3a539f8cee20dfe
-
SHA256
4a7e8cf62827d7212eb5dca53de54680e93a5e8394e5ae6c3f33a502d90f9c6a
-
SHA512
caaaac81dd0de48116a9900a2832b1b98178ac5aad17ceea717772c18304b9265ded69a4d481369121412ac14d1a4ad3905f87a7f6038d3f4d635f5420b3db87
-
SSDEEP
12288:hWSnB65djQU5AO51rF4kOJyqkTNNIt4eFUm3RVns:9BOQN0rF4TyqqvaHUmBJs
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.googleplay.service.provider.v5617/files/200/1001/240430230404376.apk --output-vdex-fd=47 --oat-fd=50 --oat-location=/data/user/0/com.googleplay.service.provider.v5617/files/200/1001/oat/x86/240430230404376.odex --compiler-filter=quicken --class-loader-context=&com.googleplay.service.provider.v5617/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.googleplay.service.provider.v5617/files/100/1001/240430230413242.apk --output-vdex-fd=94 --oat-fd=95 --oat-location=/data/user/0/com.googleplay.service.provider.v5617/files/100/1001/oat/x86/240430230413242.odex --compiler-filter=quicken --class-loader-context=&ioc pid process /data/user/0/com.googleplay.service.provider.v5617/files/200/1001/240430230404376.apk 4530 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.googleplay.service.provider.v5617/files/200/1001/240430230404376.apk --output-vdex-fd=47 --oat-fd=50 --oat-location=/data/user/0/com.googleplay.service.provider.v5617/files/200/1001/oat/x86/240430230404376.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.googleplay.service.provider.v5617/files/200/1001/240430230404376.apk 4475 com.googleplay.service.provider.v5617 /data/user/0/com.googleplay.service.provider.v5617/files/100/1001/240430230413242.apk 4756 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.googleplay.service.provider.v5617/files/100/1001/240430230413242.apk --output-vdex-fd=94 --oat-fd=95 --oat-location=/data/user/0/com.googleplay.service.provider.v5617/files/100/1001/oat/x86/240430230413242.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.googleplay.service.provider.v5617/files/100/1001/240430230413242.apk 4475 com.googleplay.service.provider.v5617 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.googleplay.service.provider.v5617description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.googleplay.service.provider.v5617 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.googleplay.service.provider.v5617description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.googleplay.service.provider.v5617 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.googleplay.service.provider.v5617description ioc process Framework service call android.app.IActivityManager.registerReceiver com.googleplay.service.provider.v5617 -
Tries to add a device administrator. 2 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.googleplay.service.provider.v5617description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.googleplay.service.provider.v5617 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.googleplay.service.provider.v5617description ioc process Framework API call javax.crypto.Cipher.doFinal com.googleplay.service.provider.v5617
Processes
-
com.googleplay.service.provider.v56171⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Tries to add a device administrator.
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/sh -c getprop ro.board.platform2⤵
-
getprop ro.board.platform2⤵
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.googleplay.service.provider.v5617/files/200/1001/240430230404376.apk --output-vdex-fd=47 --oat-fd=50 --oat-location=/data/user/0/com.googleplay.service.provider.v5617/files/200/1001/oat/x86/240430230404376.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
/system/bin/sh -c type su2⤵
-
sh2⤵
-
chmod 777 /data/user/0/com.googleplay.service.provider.v5617/files/native_service3⤵
-
/system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/com.googleplay.service.provider.v5617/files/native_service /data/user/0/com.googleplay.service.provider.v5617/files/native_service -p com.googleplay.service.provider.v5617 -s com.googleplay.service.provider.v5617/com.play.service.CoreService -u 03⤵
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.googleplay.service.provider.v5617/files/100/1001/240430230413242.apk --output-vdex-fd=94 --oat-fd=95 --oat-location=/data/user/0/com.googleplay.service.provider.v5617/files/100/1001/oat/x86/240430230413242.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
logcat -d -v time2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.googleplay.service.provider.v5617/databases/bdownloaders.db-journalFilesize
512B
MD579c230820e0064a0b02cefae130c5a4d
SHA1771d8bee676db632bc046980d4cc43a87d2af651
SHA256033494bacd924fc995b1ea1b71dbcb97a95f0651917bd77be14179652217872b
SHA512ea0db72b4af455a50f7cac14df874271f3014c0471aa82bcd209a26888d703eb4d2b813205abea481cc0c2af7b5a5cbe73e2a71861c020261c354dd368042c12
-
/data/data/com.googleplay.service.provider.v5617/databases/bdownloaders.db-walFilesize
28KB
MD5d27c5f9dffb9fa6fa3fa118781102dd6
SHA16bf0e40dcd5383a8816d64309b1d70a5c6652f4c
SHA25673853b489171a0b506363d9803d0fc3fa636a331a258e1f7a9e8cf7b68c93483
SHA5120e6b2ca801bb128b968120b9d28dc5a6aeb1ee093aae52bedd1fa2c21ea49e7288a563fb4c025177d8c4eb858cb9b84d275e63f88e04c89d1f81ee1586ec982e
-
/data/data/com.googleplay.service.provider.v5617/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.googleplay.service.provider.v5617/databases/bugly_db_-journalFilesize
512B
MD5c1a9e98962b4da158f40c961d0d5f2fe
SHA15a1d4e4099014f1238dc45956acced68b33e508d
SHA2563bfbdb4d324d1db76b69030aaede28c39c32e4eb7200f2743a0d8501e0305cd2
SHA5125f8373e2badee44ee4fd65f82e866e289f55a530b2987bf7a6c44cda1d23cbcd6d065defde40d4b55f09d4b484b8f12f442bd44990d30318407d9622fdd598c5
-
/data/data/com.googleplay.service.provider.v5617/databases/bugly_db_-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.googleplay.service.provider.v5617/databases/bugly_db_-walFilesize
48KB
MD501d98af1b683b629ed53d7e83fea748e
SHA19c751264297b8c0f00546591338f3fdcd086efb7
SHA2569f53b47cea53084d519bbbf6082edcf95f410b1a9cec46d557c643bf16755ad1
SHA5120a853bc5e9d4d6c613b4dd0b8ff5aec9555fccd5521ad9a3aec47444f8c93afc5d717483cb80108d52fcd57c399418dadeb79617301e28fe036dfbe513845995
-
/data/data/com.googleplay.service.provider.v5617/files/100/1001/10011.dataFilesize
86KB
MD55d271452f9ff2bc45c9ac44af38288fb
SHA141c53f59cb54f6f4c0dc7ef2795445c26c927e62
SHA256dc387923937652e43657287d58e9ffe5af00ba6e180d51e9de4ecc88088e2737
SHA51209e86673ae1da7fd9690b54cfb0827bad88f4baa57d81bbea320ff42e471ecef707e81510a5a7117ebe53c3b4849f1c129a39b8e3f07a948509934313b3ba020
-
/data/data/com.googleplay.service.provider.v5617/files/200/1001/110011.dataFilesize
183KB
MD582fda9202d4d4f8ba6ce9d9b0fb1f480
SHA13e82fcf3407e58c5af4c4ca5a3ba8e2b1d54d410
SHA25684632e252fea8efd281c1c36c465081f65e9dd5c2b81cabbf66e9a4aa0c2b20c
SHA512b58ad0cb08487eff87edc2020ee377fab44c738360a36a370127244218b34330197e3983cae17895d6d2d6fcabf6b063f90471cde9fd8bd02904e3feb1290279
-
/data/data/com.googleplay.service.provider.v5617/files/native_serviceFilesize
13KB
MD503558622c30d827bb46680bd559e6c9a
SHA14a17de061b4235e9c17ecd75296a501373957d04
SHA256472abf6c6e704203b79189945e922d24f393a387f5809d151aeef91c90585345
SHA512b2a238ddc0806254f2a4aab0485006e7d623e22a54e8ca9e7f2bb7036b14b9b4d99b119fba812b9545f10a1047bae87379bab8ffd3aa6eed970ea0f018e8d632
-
/data/user/0/com.googleplay.service.provider.v5617/files/100/1001/240430230413242.apkFilesize
186KB
MD5b7fcd57459a46fe31ccb66f61f9e2686
SHA1aeeb0c5aedabe9d62bb48ffdea693f10541809e4
SHA25669e65a6e21560aba171b6e3ccadf3db339471f5b4d975d6e7d5d3a4ba63f308b
SHA512300fb7a3b0ff4a37773dea439d9c88ab59b9c251c8e9d6530df79209550e6fa55df7497db09cffc920a8e83c7cbf55c1c7b95f6ea78956aa824fdde5f8290376
-
/data/user/0/com.googleplay.service.provider.v5617/files/100/1001/240430230413242.apkFilesize
186KB
MD52f79b55c3cdbc5339793d9699bd910ee
SHA1f587b0b624c1b4f35c837293b1c42d6f30264f1b
SHA2561b6f1d63fb7973958ee65de2b8d03d7ef475db5a5bcc1eb92ae9dba740e09904
SHA512f81356f61f690ff059251f079a124737731c6812892b3d14179a0476557660379a33715d014e8324a8a210db919590ffebb21b48fc32a38ff3f84adb6c9c62c0
-
/data/user/0/com.googleplay.service.provider.v5617/files/200/1001/240430230404376.apkFilesize
374KB
MD5e3ebeecbbdd193e979487fe0886363ba
SHA179ce226c41b7e4e6934da98c36f1850f5304fe83
SHA2569185cedd5f454440af43c41ab1bf07e6578094166b01107294eaebc1fc2280e3
SHA5128649f33e7d102b769837464d0791cb7f71c6bf5ced4594c226904b3b2df595acd7332364b5cc2207d2016161d56d1b0a7764ad3ac9b115c502ac76aa085af9f1
-
/data/user/0/com.googleplay.service.provider.v5617/files/200/1001/240430230404376.apkFilesize
374KB
MD52bf5d41f909ae3c95ff91ebc16f5b07d
SHA1a909d8572c64dc4cb25be92b619098ad364032a3
SHA2568cbe5d5e95c878c67f445f950c5f7270e6fd81a8b930c05803ea11e38a2e86f9
SHA51229a3abda3d4b242f80d9881efa7f8a6993a8e5e527633b1c007aac18fc1d866295a13812e27321a81905ae1744b0feed1f8a77b07f5704f8b456ecd69c98e31a