Analysis

  • max time kernel
    13s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    11-05-2024 17:34

General

  • Target

    35c0cfd7b03df2e69c6723dadee76533_JaffaCakes118.apk

  • Size

    475KB

  • MD5

    35c0cfd7b03df2e69c6723dadee76533

  • SHA1

    1a781a7218aa659d8472bb05cdc7cfae39ba2975

  • SHA256

    6850afd3cdbd8caf46dba92f9e3451ef6bb276effe669b603ccd0ffe5b0a0da2

  • SHA512

    bede89c8192003621d2e2b6d3c3eab1dbb16d5eace10393f3620b2439098df1c93d38adf67fe8d0a78aee5a38317338f10d46707160410a7768d63a9890fef6d

  • SSDEEP

    12288:Ib3Eixua+5zD+Z3r2jq8zFPXsBZ1S2QMpsSE0q3N7B9:MEiYKZKW0VcBjxPENl9

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Tries to add a device administrator. 2 TTPs 1 IoCs

Processes

  • com.ozrgqa.kvhght
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Tries to add a device administrator.
    PID:4238
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/oat/x86/ihegqkjuv.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4299

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jar
    Filesize

    372KB

    MD5

    6f9dbb861c1b2b1d284b4562376c2813

    SHA1

    114e263aad5fbb0da3e7b59777702b2012637e62

    SHA256

    4ca7c3a729b472f8354850eb2aee5447b51e6d1cac791332f75b6b9861b9c03b

    SHA512

    07fbd739cec5747644894a20923c3d20668e514451ba11fd764d01a2ae937cb1af8fdf329c60d863f284a3f5e0c60d6a3e1a83102c5f0bced06a8bb87eae8a2d

  • /data/data/com.ozrgqa.kvhght/databases/a
    Filesize

    24KB

    MD5

    d0017d12f9fc771e4752f1f43c3d6284

    SHA1

    766d2cce53d16e58837f9e874c5d7dd2aada7db6

    SHA256

    ed79a324c11f732ee0225fbe4f1a0d7cd15771e6fb5907c116aee78a73713844

    SHA512

    ab9ef3ddca8b3bdd9f6a63d37962b8856032ccc892c8c3613de6628862baa87ff94124728c236be30c2adf392ef80a39b858350511421242ae10a611da941b6c

  • /data/data/com.ozrgqa.kvhght/databases/a-journal
    Filesize

    512B

    MD5

    2b28eb56036df2435107296eb536522a

    SHA1

    2251a380af931ba0078e4caed3a49d388ef7e508

    SHA256

    5d51f7efb20849b3755f6313babf5857821c09d29ef9b7d7ed4645a3ffcc0c04

    SHA512

    c41986baf281a0972e0d23a7457e274217438a4eb1fbdfffcd53674cac598802baa8c56d7717bdb7e6a1d56be530f816d77f6c1b3e3ec06e551a5b96f84f40a9

  • /data/data/com.ozrgqa.kvhght/databases/a-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.ozrgqa.kvhght/databases/a-wal
    Filesize

    36KB

    MD5

    7221a1a47f06051283ef4f1a401b7746

    SHA1

    11fb0479cd5963178d92dee39907ad4af60a09c6

    SHA256

    1e613525b3b9a8596a0ebc1d60490b9fc4df7cea80613d4d7f434a91a4c08ef0

    SHA512

    06b6889ded2b5cd79a34ab312a180cdd7c1a76ad95ee4ed69e7a77f082032f6aefb4fc7c1d1e3a34812808255b47b6785e8c40eaccc8e10fcf94ddc4d4c213ed

  • /data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd
    Filesize

    16KB

    MD5

    12583fc78b8fd047c968be626a1b94cd

    SHA1

    74d7ed51272ff1103615de9d0cbc3aec613af187

    SHA256

    cf313d316f96f11ccce27500cb86199e5f7358667a2b6a2e6325463903f642ea

    SHA512

    68c6dbac888b850909c26c05eced411e4518625bf324451baf884ddc5d54fb9713d0914c15b2ed6ad6462140cda4f7da40b0ea46522801c0f8f2d5c34f985bf8

  • /data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd
    Filesize

    16KB

    MD5

    d930ebadba13c7f085510dec471d2d26

    SHA1

    e2027d56785d25510a801c9ae5638100388dee06

    SHA256

    993e58589071734658e7704684504019197c7759ac2934abda7bb10d9a0fe8a4

    SHA512

    bb23c6b983b09a7c4af9b04c867b9bcbc382fddf6b172efa73fdf2f2f26a7a29878f8f68c7f3193d4c0cb64cb2adccc496cae7e645c1a2c84f9eb6c9a1d84cc6

  • /data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd-journal
    Filesize

    512B

    MD5

    ef96d3c807b45595bdd4b811365f48ee

    SHA1

    b23fe3cb2f6b39cfb69c8952d5c1fa7020b20ef8

    SHA256

    0a4fe521433ca94fd53bb7549f4596ea83d1d4aba1ff46c11a5ffd4e842443f5

    SHA512

    bcd9e5daf8e920aa43c08aa024b134098f6318d1d4ad34eafaf3ffaa62e0c6182218a398f968f05e91df158a0f4f64e625cbf66203961af20418789a8fb78b59

  • /data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd-wal
    Filesize

    28KB

    MD5

    4f69a1d04268f84c7073ac5ac363f30d

    SHA1

    aaed47089410c36a5b65e453dbbe1bf14a43894a

    SHA256

    db35d27d8e517d4d97b9d12ca8b52086aa9a8078afdbc39699e4a8c0e9315696

    SHA512

    8df5cbd1724c128fa8db9b7d53fe44b2c65b767d05bf65b0c7c2bf2dacbce9bc960250e711f805d3b27d6565d3de4cd21d28e2d50a547a8694dc711d753be816

  • /data/data/com.ozrgqa.kvhght/databases/sdffsfdsfdsfsd-wal
    Filesize

    4KB

    MD5

    423e38f916cd4d409d3c1b292f3ad19e

    SHA1

    a17507ffc077228dd8f2cb070ad17639b8ad8f51

    SHA256

    f7895da3d390bf5d870ac368a23fc29367a36713de119f632f318017e4d0a753

    SHA512

    18c65dc6cc3d722a5652f5f28e6b6a5e4e4b47824c9d42d753568d120a61076b3512510d398a73dc56579eab358b377c7ef90a3d32c7a1c408bb824b0aecf0e5

  • /data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jar
    Filesize

    894KB

    MD5

    a5b99d1ccc89c4cbc5052c9c156da7e9

    SHA1

    30de7ca7f69eeeb74525a3ebec395846c9a3e080

    SHA256

    b1f90bc0d1124bf441a7d37749f034b4a1254ac7e896b3a7fe04a8bb55ba4ff2

    SHA512

    9b89273b90ac4c22b3fce98476b6132aa7aa8acf05f42337b6fb4352e04b88a98f9678ac244da92106126c09f09bd7f984c2e9e02880f2045d5e37e42ac024bd

  • /data/user/0/com.ozrgqa.kvhght/app_fadwzxvb/ihegqkjuv.jar
    Filesize

    894KB

    MD5

    18334e3e1d663738b4d0f552fdc61014

    SHA1

    6ad97f3ddcb658a4def3359797167388d4d0c126

    SHA256

    df23c4cf0d10a7e8c5c3d83b20976626fa12288db8e57126171a90221c8f24b2

    SHA512

    3eb785672deff89bf475df68810543d6ad742ed68cbe39845788dc87ccfd06ca83a6dc71c1f315b31ead743e4c8855a07ee8428ccf89b2178f09e0f09e841f27