Analysis
-
max time kernel
139s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
13/05/2024, 06:45
Static task
static1
Behavioral task
behavioral1
Sample
3e356eec96d1fdf44bb7deffd8537d48_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
3e356eec96d1fdf44bb7deffd8537d48_JaffaCakes118.apk
Resource
android-x64-20240506-en
General
-
Target
3e356eec96d1fdf44bb7deffd8537d48_JaffaCakes118.apk
-
Size
15.7MB
-
MD5
3e356eec96d1fdf44bb7deffd8537d48
-
SHA1
e299e2e54a4f5e3250f42a55d41ef969e9ffcffe
-
SHA256
74f9afc54ef47525abc388d47e25978ba84d8ded8b8382430252e9eb4a57fd31
-
SHA512
9f1221837be6cfe15c5f9874722b5e588638c582c691723d9c50cfb40ab27119ce74d1940202bbba57332a43af5126f50f9dca6b4c86090ae45ae07cd3b3117e
-
SSDEEP
393216:4fgJ2dL0jbECjHuJGIhMIWxCrwR5JXMUSuWPemuLzW2zfqpWHQBu+:4A2dIvECjHuIVxTJ5S7GmaW2bqpWHQQ+
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.cloudywood.ip -
Checks known Qemu files. 1 TTPs 1 IoCs
Checks for known Qemu files that exist on Android virtual device images.
ioc Process /sys/qemu_trace com.cloudywood.ip -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.cloudywood.ip -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.cloudywood.ip/.jiagu/classes.dex 4272 com.cloudywood.ip /data/data/com.cloudywood.ip/.jiagu/classes.dex!classes2.dex 4272 com.cloudywood.ip /data/data/com.cloudywood.ip/.jiagu/classes.dex!classes3.dex 4272 com.cloudywood.ip -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.cloudywood.ip -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cloudywood.ip -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.cloudywood.ip -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cloudywood.ip -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.cloudywood.ip
Processes
-
com.cloudywood.ip1⤵
- Checks CPU information
- Checks known Qemu files.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4272 -
chmod 755 /data/user/0/com.cloudywood.ip/.jiagu/libjiagu.so2⤵PID:4298
-
-
sh -c ps2⤵PID:4410
-
-
ps2⤵PID:4410
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.1MB
MD55c554467252c53c7389b8d96bd7c3372
SHA1e63de9fbfa8f1e4a8f3c628459c8e1261c42badb
SHA2567d5d64cc636d9e06120254ade478294905faa7f936b31189c6b038f8c30f283d
SHA5124b38d146e3a038f35449b2fb57f444c69a4c56d408f957030b01dd49c0999f97d96f7585a385e17249f9b5724c5ed1c201c0574cb7c293a6f564716605fc5b8a
-
Filesize
7.5MB
MD5d2345b6b061f723c6a5cb4c3ed89e1b5
SHA11cd88839dc1417d548476af09f3196588c01d952
SHA256087be3526c55211477540818ae404f48f5407a5252e7d606843539f3562aad60
SHA512d7229054ab515667cd291d941470e1fe968144aec02d6a4cebbc865bc1e53261b0adef19454e380e49a5b5de3e554ad13ba38d610b2e38c60b9c4211622e7d78
-
Filesize
4.4MB
MD5d44a708ae7f551643253c378cc139e6c
SHA1655bd823214bdfa630440d264be75c33e496ed77
SHA2564122328d9b125dab5a6e3268e69cb058cfb00f88f16ed7cafd71db66fab67ce3
SHA512977822257440d17d05178dc59b19df1d5a396c8f2a9dfdd9e30408bcaa970aac2fc0337e64795efa25ec0e27a302437321630037e03a23ca5433e898ce4ae33c
-
Filesize
63KB
MD5474b32d4c0e89a526d09888ad01024de
SHA1029bdad358148f4191eabc923ae4487191d11d05
SHA25664849e15813bb028bcaef90294e5ac6505c5a9e95a2e02fc548f9c8fb53ee8d8
SHA512fb9b6363d0efd217b3ac636a6874fa9cdf16375e15d2942c7df0ec5262cce6348f31c659492cb2d2b988284fa723b115143dfd97669b05fc2365c037b5f06e48
-
Filesize
363KB
MD5f7f5e960db0c8a6f3b5b8d1a0427a042
SHA1a8b623f9f87a6e785508befe07314da2fa903bfa
SHA25617ac5b03f2a51ebdf2cce66314bc8e3e1547bfa0dde61357fcc07768aaaecb3c
SHA512ec889d1d9428cdbac082d0b5ab81cf33ac417874a416daf27b02af3d207b1b02ed794fc0b3f0ea266c8edaf3bfeb8f3cef7c631af689405fa629fee948ae8cba
-
Filesize
981B
MD5b34956a9f66ef072cc601849b4780ea1
SHA198401207423b2ebc899897ecfb11bb511a5c3f96
SHA2566d972a5bf08607883c0de2318dea6f544253e51a2bf2d144c702104f58de7dbf
SHA512bc04d7279437c670d92f4c0bf13f17c76136c0398e4185b3897e67e0a10e50b9e44419185330e542799dd18fb8c122949c96ba112d67c814567cff2da27bf947
-
Filesize
20KB
MD585725769907352d7d6430cbbf214947c
SHA18f8469edeb89e057718385f6515aafbd904826a7
SHA25653a83a947cf18086ccb9d8864ad0044e5f423f07b640ffc438d86deb92d06890
SHA512c10756da3330084a9d34cde4e1e081caefdd08a03a6fd176b989b8618cff56bf9639c560bffc235b60fdf18e7d889f1999d7668a49d81830463610cf3ea62860
-
Filesize
20KB
MD5d592dd5e346abcf1d2693597b10ac3da
SHA14d4a5f2aa127d6fab4ff9e29fcc6ec42107be24e
SHA256cb29bb4674ac5201fcb480464d40e8ca00aa381397dc3e4e15d4209681aa484d
SHA5123b938fdd773ea13b097515402cc7fe18d09daf5e7430a93ce48665310bcfd571a9e5c16cd81fab28a7ffeb619f1f92a789e141b6903f0e3bf1337cff9d05e85e
-
Filesize
512B
MD5031030caafa50b59adffb31ba09edaa1
SHA159a86a5ed913906db4314d4b818641629ea4fc05
SHA25663b6d46335ffd5be528cfd572cd489a365fa12f68309b36c826827d76c6fad21
SHA512c81b98a9cc2fc2147c6c3b701ad1fa1c54afa06be15f1f5e30dcfc2b8e7d36e375366b1693306951591906fe79c26ed550a80a8d7631b0db5ab2f2fb330bccfc
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
40KB
MD5ed40368818c0abc0e93fb83850f389f7
SHA1988e5b838ad5c8e8f2975fe196c3cf35a8218a7b
SHA256b63c11807b46dfd8e2ed39f5c6218342ab1be6010153e0c065f15b1c96a1896e
SHA5120d6ab2d37af831384bedcf0b96283f0610e56c20a288e6e051d131805bd766a3debad8e57a9dfdc8ba47656cd6cce62b3fd69ce5681063f6a4dc6870e0ebd21b
-
Filesize
8KB
MD512e34d2335c75beb579fb9d4eb950456
SHA1c3538dfdbeed3886959ebcd560ce2a5deeca6dbf
SHA2566edddcc8594154330eb5ee64aed9540b4d931c41b28fc82d876ba9ff9549f2a2
SHA51292edcc2ddf9683c6e56ce1d178a75939a6605baedc01f85b6fe0dea2476fd11daad560efccc4281642ae59eed231e12e4f937114971bd3ce200c2e633503ee1a
-
Filesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
Filesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
Filesize
512B
MD566ce4e9ba15e71bc68b1de84c4c7ed51
SHA1c1e1e67e43c6d7cf8d11c1334560a4733a3a81cb
SHA2565d647047c69411f86db0de0e98b9fd2fcff5a2feda898c5257d065be8370f628
SHA5127e7499d93540d82140f1a949120217c6de54b767b8c80e91c97b8552be6da83e4c193086975dcb0aefb696531e77344e5008540e8bf994217e01a516bbe69872
-
Filesize
48KB
MD588d429043e05a86c222644632be7a07e
SHA169443dde29a952614d913f56a2d6407af952d349
SHA256140500aa048eaee8b982e47b0c7ccdd5e6d9373af1185c32082875dc70f43633
SHA51214c71cc0d9b42edcdaf2a2fda38f1f3399576f9b9e165eb9aed546e83b13077b11501eae8dcf00ff048b043616921a55f4a6b35912e50dbaae37349abb52c96a
-
Filesize
16KB
MD56b073dd0cf1d4a38e770f8f47033efbf
SHA1680f7dafdfd158aee18930bdbe96d7a73d893172
SHA256afe8713fcaaa1cc0c3fb73c0ed6e7c3493ef76145cdb6b3671a78c30925185bf
SHA51208f7558778d841996d37c1124567b557f28ffdb137a918e40f283b9e4ec6c59cee3d2c49518a911732cb224b2133c6ecd1602ada5aab3a09964395f2ab0ba031
-
Filesize
32KB
MD50acea2a3f03bd79a2fbdcd928be20232
SHA1a013e1838cbe7fc9bb7599d2d32ced2e1205db34
SHA2566fd7dc57a0621acb57171f9536cc84554c52e3c2123f82931cea99bf636e2fe9
SHA512a66a4e02f1858d7e84c7d8e389125703c57608a9a2640b3c1e0675ba144a096b931ccb280781b7780f65b002b6655895e0ca48f74e80d0eb134fbf292c9c1469
-
Filesize
16KB
MD5c92ad76b29ce00c935a8588d79b5a114
SHA1e92c6434be2090f6cfd098f8183bd4586026a011
SHA256c33e025da11b3cd7abb90a1f649d8259cb0d69625cfdf5b4736894e55204c2bb
SHA512582a948013cd8d2cbf4e8cc309e4c58beee274e607456efe616258dadd990c2c0a628adf546f1e94a7ad4da7f3d57d84b5682cf90fa8b2a89db0996c52fcdfe0
-
Filesize
16KB
MD5b3e3d3429e3756009b0ea817c49680f3
SHA152fc5ad5e579f6cad504c47a39f20dafcafd071e
SHA2564a8f796b6497cc1c5dd5366b6dac76d76ee4576b1592cff34ef5f409990fe301
SHA512544581dccbefa1d7314cc6c63e26e47fc8fb0352b9875e9296aca6582bc0c006ab9e0dac2860726ec52c9e1cc3dcdc1ba03ec8f047dbbb3cea2dd404fa70dbe9
-
Filesize
32KB
MD5d604a3bf1f8d992cc320ea5b1f7609bd
SHA1247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA51267e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab
-
Filesize
512B
MD5777380b4c111a6badbaa01aee54eed68
SHA1dcb1130d5b5cfb46a93d02ab084cb8eb4e5d7fc5
SHA2560b0deb4e44a316cbaefe779549a8229c4d0b5df0bba4f08a6b06cde7fdd5fa63
SHA5123049cf5ce3c7ac4a724a16c370f2308f6d47ca1afd47c6da2f817243a00c4a3c4f7f291ea14b9cb2ef45b8bea4f53d8eb4d5d21846177a2acf72b750f3671c29
-
Filesize
56KB
MD55e3c224148b61a67a68f34585f35782f
SHA1fdb264fe90dbcaa84e567f33dd5444ca14f2701d
SHA2567437968af00ed5192d81ba72ac3528acb3cea45b4a9d13218999b86ab69ad46e
SHA512bef2a72e2cd6ed2d83f4e22376f3159a85d67e0e4357031cbb1fec756d34730dc8e48c53b378d87387fc051a1151a161acbe1fe1b7ca135a8aa5cb0cbc3fa39f
-
Filesize
4KB
MD51b6dfe23044e8150dd4b4561c3952ae1
SHA1bb13a2f15433f7648f2d52938c00b380646f8cdd
SHA256299687889890a80d227e81f4849454f839f402099418d2b19295bced2ea40ced
SHA512bbb7190b0815208424fe44c9e97f9fce0a82375dd72c0340094770f4b99e77e435249af8618bfe930d03a1050e642eaa713fcbec271266ee056465d31ccf9a65
-
Filesize
4KB
MD5e082c04465024476ea327718d4924047
SHA16ac2c1bc93c28194efdea23d6588ab6e4a474746
SHA2562cd0802c4f9146421934692700994d4f5069e0867ed75975fe1e2692922812f6
SHA51263dc5d54c770f5c9016950ebce7ca7f7da6ec00c735c8bfd4e3857826d5a678b97f691fbf8270660b72c134fb1b90c59303c049d746470679a771ad646c3a564
-
Filesize
8KB
MD5d0917273f4988cbf85731421748496f7
SHA12914eb5fdd6470bb348ea21c84b5a42fb506a74e
SHA2563e46fc6e7419b1850bd3dd90d351e16f44f3687e434cedaec92a3ee5f086dae2
SHA5128a1c8912c1b7b9384336084d191d43405890c95a1babfc8455c4ef87106660ab7613c0ceb5321563e8e2d252a49562b85c86b3c6ae355f265f15a97b69bdceda
-
Filesize
40B
MD53a74b1f95e18f51409db962115b61b95
SHA1d47fa96c3e6d07c863193cc2721e658c86e160dd
SHA2566faf40bb46cb584687a1341ab5bcc83ddf89b0cae95513015e5a51b42fbee5a6
SHA512706a1e4c935f99833e482479a4f8ff6fdd5b4a466da1fe984c6a11d554ad06b790b23c6acc83ed97c078e090c29d18a5f0571fbe02f2cd47da45c71ffbe26b65
-
Filesize
40B
MD53bbf1c4a9069018d9d4d7db6c37d666c
SHA14e230325f94b2daa9d18c54952a243cee3770bf6
SHA256694cde99ca6f1b661ba99ef3af22e84049c240ff60b8dc4ce6c78aef89602272
SHA512d2dc06af12088412561f73a9a4d172f8d07a2e81601e794291464b1ef456e738fea8f6f2ac0997e9525201e4344ea7ceaadfcb3197b4bdaa3ba9ab6617f22b9c
-
Filesize
340B
MD5c2288d279c498e1367e1afb6ed88de12
SHA1385fa9d430666f63a7ca9de33d43a4a0809b8b07
SHA256403ba38e158479879baf5daf72176ea1252d2b3aa614ca240c5ead29846d3ee9
SHA512165a6de1292e9e35a7517a4c2b0a48f179325dd3d83fc245dd79e5156ed54572c5de1d41a991b4da1ea4b881b2e0f2b4227bc9ced631f4f4c492f90930d2f35d
-
Filesize
340B
MD50e6010302a5dbe2dc5d9cf8b9622e812
SHA1ea28d6795dddb5bfff8a41dbf9af10b2349d617f
SHA256d007ad8519350d0242f8e8783e0d23127dad559af9b687dbca95f43145d0375d
SHA5125cece30b34d3faf6573bdd531608faaa579fce1ec4c0d6daa9d804a3260e08af48453b793016bce052be21e796a1253f1ef91935a5c1df41a89d5dc1c9a9406e
-
Filesize
40B
MD503d6b583cf5e6a425a610d3e1db3b12b
SHA1adecb908ba24a328313829c68beefdde24bce2eb
SHA2567df2e05ab58f95df15d1f1d444d896a19af52adb4ad8a88e348a7e8770bbab99
SHA512404b97b3b7f34c70201759a31b79ea3803a2495dce43ee76a568147771d139e3fccad2171f7eca406b87711912810ad73324b9e972f2b19fbd91c4b56216a6e2
-
Filesize
314B
MD5b0cb625325b49ee4d2b5ad42eb3d5781
SHA13273ab17235ab57dfd8bdf61206509956a95c2db
SHA256e7240ee2d2fba892387694cf3409fab378748830d7c16c5c59320c246f601e41
SHA512dd398c729035c1e5b6be4c150acee34bd2635a9696e020646871c534a9ec8d905377a186ed3e8fcb8a127703c1befec694c6b526d672f53c41939087ac91f7eb
-
Filesize
27B
MD51dce86e19089d8fd244d6782b2093f79
SHA189238aafc0fbf1bc6a1c6f772aabbef87fe1c9a1
SHA2562ea9de806ba7a9dbb7bd6dd412dc6e16da649eae0068f3f6c94c7840a9d509a2
SHA51272607e9f89aaf0e01f73786f16970f8a3f40a02cf445169df482e405a74ffbed374001f6e5ee2693a400d3da3ba244e7a237080ff86d80d323135059de2cebf6
-
Filesize
1KB
MD56900dd2b20da04b6c4d2d4ee74d96166
SHA11e7e65163b87396daa37b77d41d54f157638178a
SHA25664799f4e188427ab6f3ad789670300c4824ff5c900c3c499747b8b22e024901d
SHA51233f98d7a7e362683f94aaaabd4f6a4777a1440d3e56e7106ed72817b3b1ad014638bf012571f09ecf207d86423a07f56aef0bd21ab0c83f0d2b5d97317f8428d
-
Filesize
162B
MD5f016c54f8b4bd5cbc72c391d3c92f810
SHA19daa8f44a0da19273ffa8731fc0e9cfdf2acaaf9
SHA2566b539450eeb61d47ccb5e430ee0d0e9ec015acbe1a28cfe42332808ef77bbcf9
SHA512497687bbe608ba0df4810572478f3fb2b0391c7143a2ba26e195c4d05091c12a05cde7d1c0a494fe535a2a3f73925223f07a8d7903249a0b7ebc1761bc86414f
-
Filesize
58B
MD5b9d1ddad50269db917841a43e7e0b74d
SHA1eeba71f9d1f1a9c2bc241f9eed52a64fdbd9eda0
SHA2568c9160aa4a08f36e03f4e32ede7a5755bf933f9ef294f8d57f4eeb753c17f7d4
SHA51288e7c2d1a708cb7b4d6c091439af3a32b5867ce6ad02d7d3214f8e645226847d63cd4c6fed57dc7d55a19c79998f33367730c105b8dc8aaf8e92e4d99d6233ed
-
Filesize
488B
MD57519168465d0658c49f2684dafc5bde9
SHA1a2d20656c68c36694bc8564bca992e3dbd7271c7
SHA2561e0765c0bb8911541da20be2b1e8d43bcbfa3bf701c61626c5927195ce8c07aa
SHA5126f508644081260d42fd238f7682293909bc466f81df6e25eb32b0ee48640b11a2db378e42c0c19b6960fb10648dfb9b2190c8716c4dce48e8085736576a286f6
-
Filesize
413B
MD500fe0b7669870d2d317d8ff9e6ca9285
SHA1677e2a35c64135591db456183a6427d83724b757
SHA256d4721738efc637b8eebbf62e9f67aea2131785e1a69cb17ba6c06a64f9928ca4
SHA512f0860719efc9b57a827c798bb93d4f7bae2ca42c0cc79f86d27b505c261679b6495507772dcb5c2b58a07d4df72be0270503d0ced58e58f3a4288f06dcc23d7e
-
Filesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
Filesize
32B
MD5b7200542b71fdf3444fb3827226b3c2a
SHA108a0c00a40d4d672291438cca7ffa45d1e23fee5
SHA25673490931688f0cf8ec6290c7eaf044dd561751e72abb40ec5083b1afac09cf7d
SHA5128c727f1273d4ba17b88ad34b85cfa5a3db14a9d7de008bc41a12bafe9b396491bd79b158efb0014c44d903c3a151b5f1a029fab9d96795c90954934b5d647f39
-
Filesize
28B
MD5ade407ccbb3cdb14fcf092c7825b94ca
SHA1e19f9714ace14a039b9d95c24b4a786597005a5e
SHA256eeb0813677b622312f63cc88e63dfa44748a9db72fde0ea452b859ca1cc04ff8
SHA512e4f56ac070196e36358a6a6f5b5bd7caea45b5b974782050501135ef2734a9a79cbfe14e2b699b86ea253f5909aa23d819d6791e1811e592b01591c7e829d4f3