Analysis
-
max time kernel
13s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
11-05-2024 17:34
Static task
static1
Behavioral task
behavioral1
Sample
35c0cfd7b03df2e69c6723dadee76533_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
35c0cfd7b03df2e69c6723dadee76533_JaffaCakes118.apk
Resource
android-x64-20240506-en
General
-
Target
35c0cfd7b03df2e69c6723dadee76533_JaffaCakes118.apk
-
Size
475KB
-
MD5
35c0cfd7b03df2e69c6723dadee76533
-
SHA1
1a781a7218aa659d8472bb05cdc7cfae39ba2975
-
SHA256
6850afd3cdbd8caf46dba92f9e3451ef6bb276effe669b603ccd0ffe5b0a0da2
-
SHA512
bede89c8192003621d2e2b6d3c3eab1dbb16d5eace10393f3620b2439098df1c93d38adf67fe8d0a78aee5a38317338f10d46707160410a7768d63a9890fef6d
-
SSDEEP
12288:Ib3Eixua+5zD+Z3r2jq8zFPXsBZ1S2QMpsSE0q3N7B9:MEiYKZKW0VcBjxPENl9
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/oat/x86/ihegqkjuv.odex --compiler-filter=quicken --class-loader-context=&com.ozrgqa.kvhghtioc pid process /data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jar 4299 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/oat/x86/ihegqkjuv.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jar 4238 com.ozrgqa.kvhght -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
Processes
-
com.ozrgqa.kvhght1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Tries to add a device administrator.
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/oat/x86/ihegqkjuv.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jarFilesize
372KB
MD56f9dbb861c1b2b1d284b4562376c2813
SHA1114e263aad5fbb0da3e7b59777702b2012637e62
SHA2564ca7c3a729b472f8354850eb2aee5447b51e6d1cac791332f75b6b9861b9c03b
SHA51207fbd739cec5747644894a20923c3d20668e514451ba11fd764d01a2ae937cb1af8fdf329c60d863f284a3f5e0c60d6a3e1a83102c5f0bced06a8bb87eae8a2d
-
/data/data/com.ozrgqa.kvhght/databases/aFilesize
24KB
MD5d0017d12f9fc771e4752f1f43c3d6284
SHA1766d2cce53d16e58837f9e874c5d7dd2aada7db6
SHA256ed79a324c11f732ee0225fbe4f1a0d7cd15771e6fb5907c116aee78a73713844
SHA512ab9ef3ddca8b3bdd9f6a63d37962b8856032ccc892c8c3613de6628862baa87ff94124728c236be30c2adf392ef80a39b858350511421242ae10a611da941b6c
-
/data/data/com.ozrgqa.kvhght/databases/a-journalFilesize
512B
MD52b28eb56036df2435107296eb536522a
SHA12251a380af931ba0078e4caed3a49d388ef7e508
SHA2565d51f7efb20849b3755f6313babf5857821c09d29ef9b7d7ed4645a3ffcc0c04
SHA512c41986baf281a0972e0d23a7457e274217438a4eb1fbdfffcd53674cac598802baa8c56d7717bdb7e6a1d56be530f816d77f6c1b3e3ec06e551a5b96f84f40a9
-
/data/data/com.ozrgqa.kvhght/databases/a-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.ozrgqa.kvhght/databases/a-walFilesize
36KB
MD57221a1a47f06051283ef4f1a401b7746
SHA111fb0479cd5963178d92dee39907ad4af60a09c6
SHA2561e613525b3b9a8596a0ebc1d60490b9fc4df7cea80613d4d7f434a91a4c08ef0
SHA51206b6889ded2b5cd79a34ab312a180cdd7c1a76ad95ee4ed69e7a77f082032f6aefb4fc7c1d1e3a34812808255b47b6785e8c40eaccc8e10fcf94ddc4d4c213ed
-
/data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsdFilesize
16KB
MD512583fc78b8fd047c968be626a1b94cd
SHA174d7ed51272ff1103615de9d0cbc3aec613af187
SHA256cf313d316f96f11ccce27500cb86199e5f7358667a2b6a2e6325463903f642ea
SHA51268c6dbac888b850909c26c05eced411e4518625bf324451baf884ddc5d54fb9713d0914c15b2ed6ad6462140cda4f7da40b0ea46522801c0f8f2d5c34f985bf8
-
/data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsdFilesize
16KB
MD5d930ebadba13c7f085510dec471d2d26
SHA1e2027d56785d25510a801c9ae5638100388dee06
SHA256993e58589071734658e7704684504019197c7759ac2934abda7bb10d9a0fe8a4
SHA512bb23c6b983b09a7c4af9b04c867b9bcbc382fddf6b172efa73fdf2f2f26a7a29878f8f68c7f3193d4c0cb64cb2adccc496cae7e645c1a2c84f9eb6c9a1d84cc6
-
/data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd-journalFilesize
512B
MD5ef96d3c807b45595bdd4b811365f48ee
SHA1b23fe3cb2f6b39cfb69c8952d5c1fa7020b20ef8
SHA2560a4fe521433ca94fd53bb7549f4596ea83d1d4aba1ff46c11a5ffd4e842443f5
SHA512bcd9e5daf8e920aa43c08aa024b134098f6318d1d4ad34eafaf3ffaa62e0c6182218a398f968f05e91df158a0f4f64e625cbf66203961af20418789a8fb78b59
-
/data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd-walFilesize
28KB
MD54f69a1d04268f84c7073ac5ac363f30d
SHA1aaed47089410c36a5b65e453dbbe1bf14a43894a
SHA256db35d27d8e517d4d97b9d12ca8b52086aa9a8078afdbc39699e4a8c0e9315696
SHA5128df5cbd1724c128fa8db9b7d53fe44b2c65b767d05bf65b0c7c2bf2dacbce9bc960250e711f805d3b27d6565d3de4cd21d28e2d50a547a8694dc711d753be816
-
/data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd-walFilesize
4KB
MD5423e38f916cd4d409d3c1b292f3ad19e
SHA1a17507ffc077228dd8f2cb070ad17639b8ad8f51
SHA256f7895da3d390bf5d870ac368a23fc29367a36713de119f632f318017e4d0a753
SHA51218c65dc6cc3d722a5652f5f28e6b6a5e4e4b47824c9d42d753568d120a61076b3512510d398a73dc56579eab358b377c7ef90a3d32c7a1c408bb824b0aecf0e5
-
/data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jarFilesize
894KB
MD5a5b99d1ccc89c4cbc5052c9c156da7e9
SHA130de7ca7f69eeeb74525a3ebec395846c9a3e080
SHA256b1f90bc0d1124bf441a7d37749f034b4a1254ac7e896b3a7fe04a8bb55ba4ff2
SHA5129b89273b90ac4c22b3fce98476b6132aa7aa8acf05f42337b6fb4352e04b88a98f9678ac244da92106126c09f09bd7f984c2e9e02880f2045d5e37e42ac024bd
-
/data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jarFilesize
894KB
MD518334e3e1d663738b4d0f552fdc61014
SHA16ad97f3ddcb658a4def3359797167388d4d0c126
SHA256df23c4cf0d10a7e8c5c3d83b20976626fa12288db8e57126171a90221c8f24b2
SHA5123eb785672deff89bf475df68810543d6ad742ed68cbe39845788dc87ccfd06ca83a6dc71c1f315b31ead743e4c8855a07ee8428ccf89b2178f09e0f09e841f27