2e812b6b5ef4b43cc457c609aa625924fcb9bae76175e4f5d355ee864c219198

Analysis

max time kernel
25s
max time network
133s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
02-05-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ef1812b12b096aeea49493db5f8e144_JaffaCakes118.apk
Size

9.7MB
MD5

0ef1812b12b096aeea49493db5f8e144
SHA1

c6019aa08f1158110c2738d7df0d63685660b5d8
SHA256

2e812b6b5ef4b43cc457c609aa625924fcb9bae76175e4f5d355ee864c219198
SHA512

cf9b75cca98f755b6d196ad198b6170288ca934006ef794e4d3168cfca70e27402294866d7f245de24784031e7253bfc138457514401570a3ca4a6a2cce9dcb6
SSDEEP

196608:Dr21hKhjNcwKWfKr2CJgwW1UaxIDoRXKriz60rv6BsizddiU49q+P1:DrYQBxKfr2eZaxIDoRE/pdcfP1

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.lemon.play.supertractor

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.lemon.play.supertractor

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/FrameworkPlugin-3.4.apk	4266	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/FrameworkPlugin-3.4.apk --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/oat/x86/FrameworkPlugin-3.4.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/FrameworkPlugin-3.4.apk	4225	com.lemon.play.supertractor
/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/CommonPlugin-4.6.apk	4289	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/CommonPlugin-4.6.apk --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/oat/x86/CommonPlugin-4.6.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/CommonPlugin-4.6.apk	4225	com.lemon.play.supertractor
/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/BannerPlugin-3.0.apk	4311	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/BannerPlugin-3.0.apk --output-vdex-fd=48 --oat-fd=51 --oat-location=/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/oat/x86/BannerPlugin-3.0.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/BannerPlugin-3.0.apk	4225	com.lemon.play.supertractor

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lemon.play.supertractor

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.lemon.play.supertractor

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.lemon.play.supertractor

Requests dangerous framework permissions 7 IoCs

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE

com.lemon.play.supertractor
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4225
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/FrameworkPlugin-3.4.apk --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/oat/x86/FrameworkPlugin-3.4.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4266
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/CommonPlugin-4.6.apk --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/oat/x86/CommonPlugin-4.6.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4289
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/BannerPlugin-3.0.apk --output-vdex-fd=48 --oat-fd=51 --oat-location=/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/oat/x86/BannerPlugin-3.0.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4311

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lemon.play.supertractor/files/mmplugins/plugins/BannerPlugin-3.0.apk

Filesize
44KB

MD5
5bbd555eeb5d930e8bd99ef13a350e62

SHA1
93d2af67b527059e0d90588875c88e9c9ccfb50c

SHA256
dd28222be3e000f397f2285cfc71d883b624ebdec5bad905066dadc95e49557b

SHA512
3fd89211f9e4e2ddc301c7025d9ec922281a5ac4a488a01d36d5d168ac36d6dc2a6f7221b46aa16b441aba6b12630bdfd68fa52fc537d6333651379bd50fc4d4

Download Submit
/data/data/com.lemon.play.supertractor/files/mmplugins/plugins/CommonPlugin-4.6.apk

Filesize
505KB

MD5
ac4168f38642684606f6566567a2c2a0

SHA1
b7e0563ca9793db5860c24fa4c853a1e7eac9a06

SHA256
45ceacb3b5c716224e0e71acc4bef8af48a0e435669d5db8c53bbf4ef19b8f34

SHA512
d88d343eb2f27c2ebabdd244bddf09723e325f925f5f2d1c32ca086cf497f6ff5be5b8feeaecdfd4c8cc0b1e38c096393f9b346b0a2c9967ac7231763a0bce2d

Download Submit
/data/data/com.lemon.play.supertractor/files/mmplugins/plugins/FrameworkPlugin-3.4.apk

Filesize
18KB

MD5
367dad014f883598f13b649225e4218f

SHA1
5b59279d2e243d0ea0d95bd3ff13a98207effa51

SHA256
4a99f0fdec8d646f96ee4ee70fa021a978e8b1068b123923e0c1bf2192c8ecef

SHA512
61bea143afdcaf10511779fbf3d5cc71c2ea4174c519fdf00069f4253663da084eff6b8c0faba151dd183f6a0fc90af98324b257f85f5fcbf58066f103ad9745

Download Submit
/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/BannerPlugin-3.0.apk

Filesize
72KB

MD5
ee1516ae7655ccf7c4ef760c2c43b13f

SHA1
288c8c80311cd6fa158aff8af81a155ec616517d

SHA256
cc7482e6700cd591350ffee933bf5235de2b867d36087b247c0d816a42965239

SHA512
20a81187a940ff6dfc76572fc13f18b0893f6f6523f8efd77dd1e1ea170ae6a1643dd5ad3f0baedbc15b1f93733d3582a8f2c025bc63959241460e3c9613151e

Download Submit
/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/BannerPlugin-3.0.apk

Filesize
72KB

MD5
53dc6398a80d149eb8f11a38f89babfe

SHA1
35a2e827e6d43f0ef8cbf0098e7a8bbb859a0efa

SHA256
0c4ad43369e1a81f462fe2462c04581a3baad37f09c25046af5d0b15a416097a

SHA512
ad5ecf0eff028512ee75a0269c49619abf3a37554575d87869684a8edbca9a23c495375d25c8fd94a1100993add4d5526c51ae62997a6dfffa3b3f31f96b5d20

Download Submit
/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/CommonPlugin-4.6.apk

Filesize
899KB

MD5
765391feb8629c0d1fc74290af9d5662

SHA1
2abe94964da055288d2a5ec7dc0399a7316120df

SHA256
8fb2f89665e9bd6b4e69252a9ee111777fb5d25832555958c9d4901c9d03a9b5

SHA512
9b82ca0fb0b9cb3bdadf46b1ab23ffa2ab24760a8d68c1178b73ee2e0bf18b696e6b127a4cce849b005182ca122cc655e65c5552f8855c52b11ae2145a889590

Download Submit
/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/CommonPlugin-4.6.apk

Filesize
899KB

MD5
8fb032450fc57b55717b7ecb4748b207

SHA1
4a12d77b907f17d86ce58a17910b329a00d73a3e

SHA256
70ea43ca80e203e195747b4670dad2291a5bb15e18e71357d990f95ac239c9a9

SHA512
1e9ac786c42c76bae738429a2c18193ad41c9e840c9769d328598ead56cae1f56c483d50ee506371c8cffc854a0f74b033a6044d6d7f817f5abdb36ba17a12a3

Download Submit
/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/FrameworkPlugin-3.4.apk

Filesize
31KB

MD5
d059c96673c457787ba175b755629329

SHA1
339aeaf5bf15fb1b6633ece163c3d174d4c89034

SHA256
6d4c8f4b1118bb3312847db0c372a7a86f26abc5cf6958f3164be03ca3569de6

SHA512
070b53e391264e63496d3ecb87372d7297372b461e927b21aa58e80120db8b8d39d5e5b64d19d299721db031b159492f111987bad6da89e1ee9570e150fc7b91

Download Submit
/data/user/0/com.lemon.play.supertractor/files/mmplugins/plugins/FrameworkPlugin-3.4.apk

Filesize
31KB

MD5
1615ac69f728333fea18b0b826cefa83

SHA1
e0c875aa97ec4e91920e8614927ca082bfe5fb54

SHA256
3df48e0ecd009c7e030005b53f99e27bf68fa7f966635a2e0a1d834e08f381dd

SHA512
768b49c08fe24e91d46dcadda38cefa96e82177410ec72a1a0ab5396d3a9620ec04fe2256906200766998d7fec5b4f618e7db812dd12c6a90123be967d035f8a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads