Analysis
-
max time kernel
8s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
13/05/2024, 06:58
Static task
static1
Behavioral task
behavioral1
Sample
3e41a3189f5816e580e7a5e653c771a4_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
3e41a3189f5816e580e7a5e653c771a4_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240508.1-en
Behavioral task
behavioral3
Sample
gdtadv2.apk
Resource
android-x86-arm-20240506-en
General
-
Target
3e41a3189f5816e580e7a5e653c771a4_JaffaCakes118.apk
-
Size
14.8MB
-
MD5
3e41a3189f5816e580e7a5e653c771a4
-
SHA1
ee83fb61fdac08cb55a24ca584ee7c9ebb611f55
-
SHA256
6c083c3489fd114b31f6ee890e38803e5ecb5c63b57d81016942929053e1f533
-
SHA512
fdca84a0b6df78c83d2735782ac85f217772bb69318441cb6c1c459675787ac78bcf2aba060c8ab807cc597bf9573a93e02b69aee7a9e8e384224e1347393e38
-
SSDEEP
196608:G643nJBOAmDjd9BaXJ3N0DzjsTIurChbKDbYBVveNyDbc8rCsfRnK0d6zdtfBjNt:h43n7nmF94cDz4rnQdDA8rpRnAfhNPU6
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.dada.syn/.jiagu/classes.dex 4461 com.dada.syn /data/data/com.dada.syn/.jiagu/classes.dex!classes2.dex 4461 com.dada.syn /data/data/com.dada.syn/.jiagu/tmp.dex 4461 com.dada.syn /data/data/com.dada.syn/.jiagu/tmp.dex 4523 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.dada.syn/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.dada.syn/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.dada.syn/.jiagu/tmp.dex 4461 com.dada.syn -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.dada.syn -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dada.syn -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.dada.syn -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dada.syn
Processes
-
com.dada.syn1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4461 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.dada.syn/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.dada.syn/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4523
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.6MB
MD58aa4ebf070d44b83919fbc31a9714dd6
SHA13580a4071c27f476f720cea1d5ebc8f139700929
SHA25671599b1a14c7d9904416b515867ec6abe17c563ed038e34d2693991471780d6d
SHA512cc7b56437220762921b2707820a8b89c542355e0a924786541dc296a1f80f7a4368326c81dc8f0782f16f07cffcc6b186aae7c4e3dd7e0c49ea305c0394a58b3
-
Filesize
3.4MB
MD5cb43eafa46bc4a4ec3f5f829b2e003d3
SHA18026adf7ae582182c36c723deda5d736c48ac666
SHA256dafa5b33ecbba11bc44bc1f9cbdaa22ca13a295b84be7fe3f47e4c33671f6ecc
SHA5128386eda944b8edbe7dd0a3a6f07c29aebccfad5ca448d7a9c270075c606d3580104fd80af11b96b0c1c51536e43e19ad70bd7b9d1d4f0d9451572ee235997b8c
-
Filesize
475KB
MD55aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1522db1748608e9173547b29b7aa82ddc3542c534
SHA2565a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA5125c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5692857f27ce9d2fc3a174ec0f344bc66
SHA1a710c7f086a97b6868aff606a60bc37912a911c7
SHA2568c0ef0e268b9c9ab2a62c5dbd37aac14f631b6c3817f413f2defe08bedbf56ac
SHA5129a181495ff3bf8bb37e9b771e3441d35c36628e353c58b704c23f347dfd3a322c00df880e975c3be976b25bab76880b9b7f7addb69cfa272c8589fc8c3f542f5
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
48KB
MD5718ca63db4b6a00b19e02107177610b4
SHA1ae91b454734dd388158dff3df1d020fb872962aa
SHA256f8108a2c04d9925ba11e622b8e40a76252e6c2d9754c5a502fac771bf2505a0c
SHA512339139a8f7c81479dc84b34bd519eac9e0f9bd76b717584aa1df35cd554f2f7a28eeca68aaac969dee48081d83116b0bbe3cbcffe888897cc1ed23287a12c92e
-
Filesize
512B
MD59bb2fd0fc8715b0dbab187516954f82a
SHA11251582775a47c93e5e1e3ddb198b77f1acbbf7e
SHA25677da1b66789578df8ee534c65f422e9a3fb46228eca4fac4b419f3668162327f
SHA512290f4991dd4cf0eba2af8955d4521a77fd11dd5b76a9f0e5f60dfdd010dee2ef1fdf974db92315424d281c548c5e3547975d7f3f3359a84c6aaf527be2de0fae
-
Filesize
68KB
MD53e88559492011bdc84db401ac78414f0
SHA1625e958b0021f539f857b4f23c69cbb948847943
SHA2565767784d99cbab15a8ffc9f2ba2792a1216f66a0efce6fe771e25d2db2a6cc3c
SHA5129b4d3d3aba0fc625012088083ebc2dbdfa1340cde1b79a3cffec698accd2dbedabdce99b7fc125576c40fa48fe8f69ac280624451a25af72483450be7394d2ae
-
Filesize
32B
MD58ecca02eca0f8032a08aaf6736ac7595
SHA1227abcc8f86104bb4bdf004de6180382837a6c5f
SHA256c5c18797bc6aff2f83278e067a3a37c05dfe681e82961b949eb2e88bcb61df34
SHA5127c7d75a684c86471a270d51f54d4b50155da6dc74e815394bae6601816dba0563457ea69932d03209b8a75ddb50cbb879c4f6738251a71a0edaaf820cfa517b9
-
Filesize
32B
MD511e95665c13c5dd65af52e4eeeca28aa
SHA1a9f9f3775d35a77b1f9a73c7c4068166f48279ef
SHA2560af0e02aacac44b0b0afa7f34df74bc1752b06e98acc4fb149bbd8a21d99c04c
SHA512665159275cd39b104e77b54cc4b6be4a782fa91ab693bf9086fb619e446fb46d4269f8afe5104a97d90aa16be1eecab4055d51d84b1b93419333fed574078e6e
-
Filesize
73B
MD5a6d25161c4c7fa07c5776d3f78afecc8
SHA1bc7be30764295be3c5973fa4a48fd1934ea14e05
SHA256ed7bae0ab6d9168d492f06f65d4ed6f4921cb7c835d0ac5861373b79fd549b15
SHA512a601f780547417ed0dffe612458d35114af6ef2597a986aa61b230627d1accb7f16dd2c791e77f4be102bb6df1090fbda672072b1321776751c6b613be5519f9
-
Filesize
307B
MD544f0b226a79c5d7944cc0909d4dda035
SHA13da2c09bf6ca248a5c157c422dc73fb7e8bf1df7
SHA256a5f568321c343635bae0725640ad4b3f59244f37958e6d8f37a286ec0c68fd8b
SHA512c0be6c91ab663ff99f3405968b7e941931faaa5c6f9a1c65d016690ee1e40c541bcabc1b1bda2b5143f03c08946a16b64bee19088f2115f6c9601d73a6f2cd85
-
Filesize
307B
MD56c3a367f978c65496af315340d15cb05
SHA10b0d25adfacd34ac3b4d44cf07b2a556b431d526
SHA256ba214d7de6191ebb136e61434bb5e7fdcc9009e362745b7a58129c2588e370f5
SHA512830eb7402936e013292ddf12dcb34dd080f328b17fa85844cb30303dd2ae075f71e4ee87cb746c08254cc70c4edbe8980445769732f20a23ae84e2416ac2efcc
-
Filesize
32B
MD551982a65863cc095368f242f7c75043d
SHA15e29109513c55faf5fa1a64f2331642048c4b380
SHA2564c73877910e868879f5d52d1f7a49c3568241e0d3472ebe7ef874ea2d069f41b
SHA512dc6424d4bad5b706d55170ba819ddacc2d7f9a03eff7e3b3a0fadc5bbe27613acd1ddca1f00085bbc74b2d1ba36474d937f4887a4e65f1a00c5fe9289e0c06d9
-
Filesize
27B
MD56e882efb9933ce4e049ef04929c839a7
SHA1791a6a3b0f1433a912a120384374ba0749d38377
SHA25668ee430927c60d5818f1dd52e615e16c3dfcec7edddc738773f95ace3b98a9c8
SHA512beebc790b543b5170c3dc1812acedacd83feea9bc5137945e76884283d659247b3280f9adbb2d1224174e559050f75c72361218e1c8b6905f8739140bd45d470