Analysis
-
max time kernel
147s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
13/05/2024, 06:54
Static task
static1
Behavioral task
behavioral1
Sample
3e3e2c2c75d08cab987a5c831abf9d8c_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
3e3e2c2c75d08cab987a5c831abf9d8c_JaffaCakes118.apk
Resource
android-x64-20240506-en
General
-
Target
3e3e2c2c75d08cab987a5c831abf9d8c_JaffaCakes118.apk
-
Size
11.6MB
-
MD5
3e3e2c2c75d08cab987a5c831abf9d8c
-
SHA1
88d61fc2cc27b3f16aeeee4a65657d8fa8e20d50
-
SHA256
9e17c1c4d08118d82ad6e9b5b03ffb55cd81ad27d4b318fab8bae0b456bdbd21
-
SHA512
c51c47fd3088dfeeea1b5733df5178776164b7f93263b9c4fafd0fe7f2598ada5c1be2021fcd0677d8e690688805df5a02641644951a1718617c73ad964be3f6
-
SSDEEP
196608:0YVVL+gtICSe0joD635oka4E78r7BGhvsc6oOeHULPrWfcSJxcdrNf37AZic5nKh:0kJBIOookq78AhkwHULDKvJ2Nf0Kxl75
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.sy.zjjy -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.sy.zjjy -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.sy.zjjy/mix.dex 4238 com.sy.zjjy /data/data/com.sy.zjjy/mix.dex 4339 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.sy.zjjy/mix.dex --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/data/com.sy.zjjy/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.sy.zjjy/mix.dex 4238 com.sy.zjjy -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.sy.zjjy -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sy.zjjy -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.sy.zjjy -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.sy.zjjy Framework service call android.app.IActivityManager.registerReceiver com.sy.zjjy:mult -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sy.zjjy -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.sy.zjjy
Processes
-
com.sy.zjjy1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4238 -
sh -c getprop ro.yunos.version2⤵PID:4314
-
-
getprop ro.yunos.version2⤵PID:4314
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.sy.zjjy/mix.dex --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/data/com.sy.zjjy/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4339
-
-
logcat -d -v threadtime2⤵PID:4500
-
-
com.sy.zjjy:mult1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4370
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
116KB
MD5304ba9c5d3509b76aca54b5e31526d37
SHA164bc0e9d8b03fa9804fc99606297524856c93354
SHA256a233dce7feb95e65da133f4fd44c43ee5964a09e1af16b9d9f1402279210cf90
SHA512e387bec8128c5841e5098da104a649016e6cf6f688c1413f4d751a35ddc20062c95f8056d57c345d7392e23c3050124908970fe89d496a382a05e0d360899177
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
92KB
MD5c8e4e8c4cf5094b78e6c64db3b877bb5
SHA13844069c2adce5b6493f8b7aa2e04489bd5298cc
SHA2566b39f880e137dec13215cea5cd534ede84d5b3bfc13658983feccad762a7e0ad
SHA5126dd35f6a7ea35cac6e4a15306d58f5c16d843fd15317f1494f02c277337603ccccc2730ce3ce2dfe56e0fe07dbea5b1a9f4984af421bfe6a048ab3d4c9f59856
-
Filesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
Filesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
Filesize
512B
MD5313694f6a9ba742809613f1cd4a849b6
SHA1d6dae706a96473f8457681eb86431ec13fa15080
SHA2566492e8ad73f95dca5cd3e5058bf473479a0224570a5fa6e308d8919edef0e5f5
SHA51264a61fe3872726040fb33b0dff8b25b28b2f873e597cc7c66234ca2be30f90000bfdb1dbfcd77f29767a70bd5ead1b2b002c522fd2329c76a88c04a92827acc5
-
Filesize
48KB
MD5f42a22353c780ac8920dfab711cf4298
SHA1c91c04af22c57df5f62600c7d89c2c63a67f487e
SHA2563ade5bc2f4b44617878cf9cab5fa1744c897f2b4b2a77048549e550c7a6a11e2
SHA5121888cca6e21efe0f2a65ff6ee39b64c54d29e3d56978e1ff0667c06ff4fe9ffc41458b8a1d0b3d68abd970eccc6207b5a78a5e38d3f13febbd200a4529061a8f
-
Filesize
16KB
MD5f4400791f4783d3083e5d5b6fecadf8b
SHA175ecdf1d0e8d187cda4440df224d61680847ba1d
SHA256ae45267025eb581b29b97e7822a154320b274abdc71919b1a3c093c5f570f19a
SHA5121b036a4960da136978621cc25db4eb968bc35b8976546776f62cb09919a86df6f2b42af1f5dba867741022767f78914f09203e33a361c3b7d52090078bbcb7d5
-
Filesize
32KB
MD50ec4a395d8bd975ebc9223680c654555
SHA19f9fc8da6b6fc84e86fea5be80b78642fbc4346e
SHA256ebe78c7f1d07db970d7425fc245310afcdb5d2f6412e1dcde6567efe7c83d442
SHA5126a13b31e9a8f958e06dce6e9b6e1e4b84b9d6f259bd9ab103d3320c90b8763f30baf2ef653bc0e187283976b02b3209c391b953739e2a1dcce244db8663d62d4
-
Filesize
32KB
MD5d604a3bf1f8d992cc320ea5b1f7609bd
SHA1247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA51267e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab
-
Filesize
16KB
MD5f7753d386a17335e9cd56625b8b4e264
SHA1d271b99f1b097e1b5782c444e1c2b05458bbfb1a
SHA256fdfd4cfc0aec86a800a8b75344f5da8ad2072bbdba3cb4cfdae318324046f7f4
SHA51268a5958a119ed6c6aae6dfa63a37280d20bc341ee7dffcf51be81d06dc98558c93cd55bd5d31a00ac93db83f0ad9f2640b5456d36ff2c02fc30f985bd6d4eb2d
-
Filesize
512B
MD5c49d686df18db8e253d4a0b37286bbf6
SHA1c2aaeaf48a545f907c4f39f5837179c7d7e42e28
SHA256cbe81c5ed09e2579462fe9bc356100a90f47c3bd21b9c0025bf3280bfedef61f
SHA51214bf4ae7fb18df0ea7d884e47139aae73a55e19f3624898045c475de2080521834f1ce8695a7997f34faf3e850aa679e2f3db8e281c00512e73059b6e307d038
-
Filesize
56KB
MD56406329b0ddd206541c99bd06c76c760
SHA18d662472728d1355e80c5ae4875faf7152b7a85f
SHA256f0c6217ba26d0102a3bfbc01310461fb457f940fedeced8d02db94eaed7941a9
SHA5127583bdc1f1f0fb0866a48d5b8e39fb71bcbfd52e08ef710036846389a048d2b91a99f493514999ed8cc957ded6ca79aa8a2d0cc34749fee896b9c0d382cd13ba
-
Filesize
8KB
MD581d0448863ae9d339b19c2c29fcd51b7
SHA10fcdb85f5cf1008f82efd39e202ecf7ce80a8e3b
SHA2560855cfeefa6daed031330946e949ccb5a8ce2dc548b2ca11026f4d5c65b21598
SHA512125efab565a0c1afc62fb6bc0ef519b3adcea81932fdff086e2f0f0a1719212debdb3a54c0be754b686480b2c839995315c4907cbfbcc307a3492f7e6f039646
-
Filesize
4KB
MD5466254a7e6c1c1594b36bcbd77bc1ab1
SHA15ea6d99677cf8e77c277834a64c426e63e3950af
SHA256b3a8b6aa2a2489403a17b2f8d67959368a200e8cfecfea97bb068e2c62f6979e
SHA5122529e23f312cb6d355964ec7424d902c4606acb2fecff7afc9d35616f6c580c7df19d7a18cde5f3196ee0b3b01a1457bd1e8575f645f95e42b8e171699a63c38
-
Filesize
1KB
MD5c69a02df3231a9e118a6079d89c76ab9
SHA170782f681bf2967975cc7ce3c6d71b82a34cd7a6
SHA25697e876fed5283eb8e0f5bc80e5e0901bb91dec5e1e9d0d9595fe27442a156aba
SHA5120251f342f579b855def9a34531fe26db07af478e371530741a2b71522e4ed6a53bbda5f92d6275286fd1d4ceeb4dfac4a7c3cfa3e6dc47accb747e7ae0c0a68e
-
Filesize
162B
MD57c6713f16b1658b539dda3d357fcb72f
SHA1a198698da3d834f8281e62cbe444978219010048
SHA256ea51f9a4eb9455874eb4cbd6182342ce9a6c30f5e3bec9d05276604fa797247d
SHA5125c23128be02454a4728fdddcc83296ea8aa48afa4c7a40df108b355b8ffb88f2c7a9234b342cc97efcaee2fc5d25c2a9ae008fe6ba7038443d6c0ac6191b668f
-
Filesize
57B
MD51ab74d2a700c604ec05d5452fa0362fe
SHA1d704a71a7f4864da762951723be02595bae7c125
SHA256bb75f506664d22e241baffa5e61091e94e43994c9c85afe6e30a215f776d7e48
SHA512c2c518310964a69077f6ec95aa562d79da9d7e95af971813b8f5be60d9dc3181fae7123ef2383a21d7f6be4256869a76c985ca4fe927d707af88130f8233fc52
-
Filesize
182B
MD5363d970c1e588da6515316144f1fea09
SHA1ed8f8668cda7d1e57765303305b8ea3b62a6dad3
SHA25697c333504f131f6849426a7b1cc4a167098e8c8e5cdb309d1674ba9f75b81743
SHA51241767e18909c401d9d253811e2311805167fb7da1f7126410ce7cd94b90c2f1a318f4b1393b7eb580f79c63599aa96024b56c45a6cdf0a2b48ea8c4de0dc3584
-
Filesize
174B
MD5fc3acb207a663eb38bc84d547d7d7b31
SHA1d94a21e1c6aeca6e7cfd5a72354b8c8a18b0128b
SHA2569743879ad08baed4f9a5dcfe8d2f8437aa1602c1944a900f9daf48cb9080502e
SHA512109f6b47cacabcc360a2f25861bb2716674ac23fa770ef229b9b63dd5f2e8b4a545a68bc1aeadbd480e92654ee4b2047e06e5ca4a4183f935dcdd91520a68837
-
Filesize
413B
MD5e0cab9bebef8a72d03e2a167475aae7f
SHA14af2881b0f4e4bee0a322a4acf481d48f8fddc4f
SHA25601690ca843b75ae7af4feadd41130e525f3ee1275f8dbf6e3447c25696a65380
SHA5121b67d8fe4302fc0d177d226c0e40f1658f54423177979af3cbdf0d9a116333da3b1425d0c902e14c78eb03fc5acc51c3ecfdfa372865c5a388e68f0c4a4c292d
-
Filesize
292B
MD563f77f99bd2c2b772a479923bde11974
SHA1c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA2564c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA5123aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c
-
Filesize
32B
MD50e01b8b3c0fff869fdbf2ee924dc36cc
SHA163b4ea057e3097ecbdc5428c3f6fef58588a9ddc
SHA256ac8b191af0275d09eaa7a5a4e60b89d3049f976ec1dd93e60be53b71d1142d86
SHA512438a9190095a356307a4be7ca6aeafb1aabad20b958c8b49543a1af711054bc40030c4154e58d4daeacd04e24aa951bc1e59f5a749eb1ad64c9f2cc03ab99998