Analysis
-
max time kernel
147s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
-
submitted
09/05/2024, 13:50
General
-
Target
2a41793f7fd54659432a9e3120252a7c_JaffaCakes118.apk
-
Size
26.6MB
-
MD5
2a41793f7fd54659432a9e3120252a7c
-
SHA1
44f13d84278aacb3ed853f33b6e1a1c5eeca7bde
-
SHA256
fbeca7979fda386f24c91de84102facfc3a8ddea0580b9d6858407b781accc70
-
SHA512
fe20ff1ef6f71bafe427fde67ad34879291422b7e3392cd563e6aef72ea9a87563ac685b7a6a11bd7dbe6f157c88ed9d99caf94e88e0119851969584bedccdbc
-
SSDEEP
786432:46KwbZKicGMQ2v9zUMxLE814KAUjdOAUKdGlWw:4bwlbNMvmuE048jdiZT
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 9 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.jxkj.kdvedio1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jxkj.kdvedio/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.jxkj.kdvedio/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
sh -c ps -ef2⤵
-
-
ps -ef2⤵
-
-
com.jxkj.kdvedio:pushcore1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.2MB
MD58789d443589cccd6b3c70c1af1d9fdd5
SHA1ca1221653a863b87d295dfc2bebad07540a50e9a
SHA256e8c56c42fa3eb87b85ea9d55574825d30eeb33fca95318334eea7fada6d97297
SHA512309ad2a765927f96a2d678e830da144172d47f9e1ecd459726b3984f29b910c9ca77d3ff342f33e2921238f0080b153270927d35ebdc80601d3c307122daf23a
-
Filesize
3.7MB
MD510a2215bbda60a8cb5a0374426668749
SHA11f389c95b409922640d5ecfea55498aa7ef0c275
SHA2569a7e89ee872a19b2585bf2b82dde19067ee64a3785c4ff37a8c62bcb68fd5136
SHA51285b6e0c53e8bd537da62c01640595066379f6844baa2424bbd74f1ba8d8641b3d27efbe6667853bc74364fe04a34596f293e9eff8377f69e7a548e9460cde48d
-
Filesize
475KB
MD55aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1522db1748608e9173547b29b7aa82ddc3542c534
SHA2565a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA5125c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
36B
MD537e8e716e0e2f4a0b05cd9571d95b84d
SHA1f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA2567080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6
-
Filesize
32B
MD566bd6470dc0b78fb7fd6cc51d806b582
SHA1f089b1e40bf4566113149273941a575022554bb9
SHA2561a950589dda05055009f688f1eeee4db26dc840c25d8e2c067d49480f7654e50
SHA512e232f7ba3b228a7749e1a856585b8898bd382adb534b869bbc7796ea48e5272211b9495c730ef291c21e9272f9b8886a1c8ff6f3a3c23376c2ed8b6be7e4bc3c
-
Filesize
32B
MD5c532c1eb035e8c966a0707a05c022cfd
SHA1c9bc28547ac25462782ad43ce27d26b2d38cbbc6
SHA256d45ea61232a7a09f530982af1ebcf9d7707c55244eb93d21529c07153ed3150a
SHA512da7a1825e5a5b72531979d26da2ed48bbe15792b468b70f0d88b4d5e024f8cdfd221431da77a6ddfb88af33eef455b77282cd9f5ec3619e1e8cf6bd08d695517
-
Filesize
73B
MD5d946eebfbd91bce457fc823481b3a472
SHA1146b66822389f590e2aba646b4c83f4f4a6718e3
SHA256b69921162ee709148d838d5c862ef272703b7a432280e79aaf639effec76d612
SHA5128b7ed602f72adbf15e8c40617ca49885f57ff46c11ff840980bde4334b505901700a586a1ec95a447bc28ec000c5279a8b5aa320f3aa603bb7a1f5cc14a52897
-
Filesize
307B
MD526c5a2a97dc0c1897b420cb1e685371b
SHA1ed98bc52d74d632300a4756765e9e33a2fbab7d2
SHA25672756a72054f4f7cfa2256e12b7eae834a0996c05ce7e15b5234f86518b40056
SHA5127b5c52a8e45bd2542ae5243c74c6b24d8151f244d45527a96fddd6a9a80579063e2b4705d174d490997aabb73434169b084cb68f4a8ded85401bacd027d606b8
-
Filesize
314B
MD56de05306571c89e84b95f855c94f10c0
SHA18ce00da18c051c0498d2219b33662278d1f31d29
SHA256b9ba3ba66e641e55ea64abf18900ab4a3d7441b86429d8ec086246e002f36825
SHA51241adaf20a03715e5b0fe5c046cf47b510a8d3d41e8c31851e20fb6052b4c7fd2c508efdacf9f779c32359e754f57736867a402b138ffc869cd0ea9a9fe67baa6
-
Filesize
32B
MD5b97b2a31028b13d54296046c10c64f64
SHA1bfcd9937d69d8113df1fd470394849640de2778d
SHA256e64d54b45e398730fa89ce9b1d062e67e2edb94b64f62b5510ab132e98793d19
SHA512f360ceb904f4cd79c22ab58d6e90d9001d403184d25cb72ed5e8876f890e59bd6bae376b15e5b2aab99056dc50ff7a8b99f0331b6341877ec8a62c83a28e6cda
-
Filesize
27B
MD56876278b4c5ea6c565dc745d44874bb6
SHA164ca64ca1fb9c8c82288fce692d9aefe623ba7f7
SHA25614012282b36884d47d6c1c4b4aba3f2eb53f5a60e0e7667347618c4be2b2b432
SHA5122c5dad1d21b33de740826ece2389e3f3cb1540ba21a97645c49130a0c37a4047905e06de08d264a036a6ea4d9071527e67a8cb5e535fa00d3b8225f46effa1c0
-
Filesize
119B
MD55fc949974ad6947e54d16a2bfe4effb9
SHA1b2b89f88a000c89670e05da114ad5fe5df27c765
SHA256e1c8f67cc58726605ec9d9fdd7344ab19b6a04de9796715a738757e15881b9d3
SHA5120cdb04d92d6b5fbf1181e94ee6fbb584dfb0965294e2a0c97be4164cb8afc6de432c9a247035e22f149ee500c33420cfe48bfaeb3c09d57b02fbbd59a4f51eab
-
Filesize
159B
MD5b8a48401a3e55d72abd73a61a90a2ade
SHA15f15fa9ecdcba0af11d33d16d59b87b1f5842abc
SHA256e6a5cc73d76bf36018ec4de3e5267439f2188cc84a042505379c10c300fdd751
SHA512d5b9a8a72cdeb6e1194d945a4b9394a62127b5f3f9967396c22bdefdc0e5e05b236723df3aa244439c5e70c9f597c07767b467718dfb160d481ba411790bdc97
-
Filesize
32B
MD5cab210b732acae7aa2d4bd350b464431
SHA1fd052d5777cfddff41f763ac3514f1ca71dc106c
SHA2561425d3477175cc243812ac2fc18a5dd2416da8bb4486e6889068bd269db1c00a
SHA5123ea3a50d4ffd5dd679294ff26c2d295b9c9343866532ffe7c7650133d60f616d4f2a24cdc6fc8f526a93c4a68629a789e28e4a4e8cf6bc0f992ab7c824e97d8b