Analysis
-
max time kernel
10s -
max time network
153s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
13/05/2024, 10:32
Static task
static1
Behavioral task
behavioral1
Sample
3f0cd476ceac1deac45c501f4699c9e7_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
3f0cd476ceac1deac45c501f4699c9e7_JaffaCakes118.apk
Resource
android-x64-20240506-en
General
-
Target
3f0cd476ceac1deac45c501f4699c9e7_JaffaCakes118.apk
-
Size
20.8MB
-
MD5
3f0cd476ceac1deac45c501f4699c9e7
-
SHA1
7a2ee8875e12dcd1b28735f1bf04f986757ed7e9
-
SHA256
287fdf681e87f03813cb570c808d2fb0e0a5d448d7f875a68eeae409473098f8
-
SHA512
29aff59d2060dfc2d606c5d7bfe1dc21ff75d7d8baa9b7afc91d1dd466bac63e62fcd505584b71f9564d0cc491b9d57122bd5a4598edb254fd407299afc357a1
-
SSDEEP
393216:xOjvXRcXcgI0SWw0/iA6IoBFeUCeUGdfdl/LDdOT2RGUetDdOTRt++nWYY:cjvXRmIcUTemDAT2glDAT2T
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.manyufun.myfapp -
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.manyufun.myfapp/.jiagu/classes.dex 4240 com.manyufun.myfapp /data/data/com.manyufun.myfapp/.jiagu/classes.dex!classes2.dex 4240 com.manyufun.myfapp /data/data/com.manyufun.myfapp/.jiagu/tmp.dex 4240 com.manyufun.myfapp /data/data/com.manyufun.myfapp/.jiagu/tmp.dex 4322 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.manyufun.myfapp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.manyufun.myfapp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.manyufun.myfapp/.jiagu/tmp.dex 4240 com.manyufun.myfapp -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.manyufun.myfapp -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.manyufun.myfapp -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.manyufun.myfapp -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.manyufun.myfapp -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.manyufun.myfapp -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.manyufun.myfapp
Processes
-
com.manyufun.myfapp1⤵
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4240 -
chmod 755 /data/data/com.manyufun.myfapp/.jiagu/libjiagu.so2⤵PID:4264
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.manyufun.myfapp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.manyufun.myfapp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4322
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.4MB
MD5a36d039c45f644cc8fdf771e030b3f00
SHA1f06bbf4710393ab5babb44a6cc1196468d636bdf
SHA2560f7e6911b3ec1736fb6e07900758c9d3de2ce9275b2f6f190c5bc6f4c122a9ac
SHA512e9859c5a3598506307d39ae433505f3d01e6828130044fda10728f236f50f4641fe2e35cf7c10a665c20a8b2df404e44706e6c51fa783554782193b5fa099af7
-
Filesize
6.3MB
MD550384487fd4b2de45cc8115af25d57a2
SHA1cf1c3e996ef6a048d3143947e4f10c34d05fb081
SHA2560060b45004c29da4e78760eb45b7715a0001128426f1cebf94ce919d6938f2a6
SHA51224953696e7908aaffe371238bec7ab7388b77a7478aa66c4edc5b3b56ec453df137c1a897c6979881266637046cb177b0bcfe7c08047d69e06373f7fad49ed96
-
Filesize
4.7MB
MD5b958f4c48c270808ebe3f9b3d12336cb
SHA1a5d863271e4332c80258fe3005acbd51b21905a4
SHA25625dbd9a6aefa63b615411f1c330898febd33d6800ff81a698afa1ba56e8da175
SHA5121ad217f2d11f930dfb73e615e7c7e414deed5bce4af0c4f144a13d50088db23bbd20d8f30f785c6dd6b47db872ec41e45a2d486e1c6fff4379dca383abe6d26b
-
Filesize
455KB
MD5e5a53000766ebc433b27d6a66ec4f555
SHA12c8f53f1c03aec2005bcad67d731f07261dabde0
SHA25678e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD53cecafcd280558b8006c09d8fafd6f41
SHA1c3fe47c15c9560339305bb69e968c7dd674563c5
SHA25625745abca552095649317496e8923d4dc82a907f4baa991c57a8ec37ee1b22fe
SHA512791dd66724703982f474e838a3fdfdca99cc67059598b8f29829e5510e06ea7a04c8b0c8e50e0617a4d8b03ef3b4d18b7dc180673fce50b20f9033747b6df69f
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
64KB
MD5bf12928786fa322c48f336a845357a68
SHA1ec9d7b8449a722c4f722affc6e9d9c1f9dfc96a2
SHA2562b81e0492aa5dc3b271d0cae58be47bc0619104ffadd6949244019c9123f6126
SHA5123bc0ee7c38eb0cacc9f54309bbd3a91c886f1a7d2a913eb35776acb65c075a44f5289544da644ffc6d9cfe9ca86a6eb13acf433b44cb8f8f1cb70083434a23f9
-
Filesize
512B
MD5e9115c660f21a0d15e1cf7a29a5f4a13
SHA187af9f201357a0415b482ff9def51b5141f02110
SHA256774d46a192960cd6ec0bba4f9caa76f2188b52c7ca45b451e9c2ce1d33eab6ed
SHA512d7b0623afaf3f848f444c2ecccecf15c9419b0cdaee33ce0fe588d4eb09c225ab73e4dd34ebcdc699f5a9bd6d91ef48406397284f576afbde5c008f0856b5877
-
Filesize
68KB
MD5a2e57dcb3da78b32950e19e2ff6b80e7
SHA1d93e5b29f225a9475ade0b2cf37b0e90e33bb284
SHA25680d6b996c080964e619d7ec172a1ec6b86075ce28c8afcbd9bc91cd115d375dc
SHA51274aeb114311fc03624d1bb99889fe633ec3abed83dca2792682f42f1df70daeb777fa2519c107ba20026f3e6dd70b6a3a99078f2171edbfe44e76a94ce11bedc
-
Filesize
512B
MD535b61a2b6f51281950e141b9ccdf2c2f
SHA1b9b3a856e22df2e7d772fa07472d88d4b3e38176
SHA256970352723fc546927b7eba3cba789b51332b19050fdddb991b730dd23149cb72
SHA512cf0b3eed55e7e050452ea5e48bb4a11a6c34285a3f85560e00f195cdf890d1d6296bf0bedf587456183cac3703ed420f3a36a64ea29a8a31feddac97f05670ec
-
Filesize
16KB
MD5042d1ceae570ad403ae4d30f60d0cdac
SHA1e21f46e9579626762fe6bd2a3d8200bc274fcdda
SHA2560acaf622621cfe1e0673b5896f7776c30fbedacf5875a52ee3e6ba054f629255
SHA5126967a0f40bd7b99bb6ae4aa9c15f22320e6495dfbbc24878c06d4059df7f0145bcfff32ee46c6e9b79f457d6151db00b3477fa8e169b14e94d177c477ae6b19f
-
Filesize
32B
MD5fd83696a7d14d40193c4605a32f8372e
SHA141b4d928a0a3614232609009edb2dbe67280027c
SHA2563e2af0ff4f12739495f3eb222c3281e4d1b1806c88daedc393f1570cc35c3e13
SHA51202d26273a5c0db3afd68a44cac2a64e18e7985dc958f0b8856640af3545d20b6f19c9e78a5406333cdaf91560a3e32dbab7bc5d93b5392025e6a8b485e70e95f
-
Filesize
340B
MD507fdd0b849a9bb93e8f0d355bcdd86d5
SHA116d42d7653ac8252bc2cf2de505cbe80d966b0fa
SHA25644bab825ece78d1a194fb104bbd4e55c967fa604cae0bfac14f7445ad1fa4066
SHA512f71b9c1b701993645d918b68a3912ff06f04ea24de88308a107ba4622807f46f5736c190b253fe10f8315a2b7300359cc9053986d1a791e25fa35e8eaa010476
-
Filesize
32B
MD5796a7b29b040f2bfac9b01fc82201e08
SHA14188ad7a74d2d3268246dfb4bd51b7ee64ca2a62
SHA256e510f98ea44ed3f51f9fd1b5b1be52fd72ba1f9a8c51ce72fa2a908f30dbde6d
SHA512192fb273d449eb07aa749300aa468469b4a058170dce54199b9c87d1e1f4e96e02626311d3eb52998278f3656f56f857641ec9fd9432487ce59813f5de1a1638
-
Filesize
314B
MD54c9e6a5fd5dbb9f483b5ca572f05769c
SHA19af222c7d505afe1690f87be60e9df061cec28bb
SHA256cce412d8faef71f47b53ab28cb1922a271fee4ef0727c338a8ddee074f9d72e5
SHA512572d8d76efb93c6caf9ec07c8b74037a45e36c7727c82ce3ce2999d86f8f7c47d84708b3e57b353ac0bb4bb414bee1279a816c90ce2adac4308f01e5be488914
-
Filesize
27B
MD54406d746387d655a1fcea7909e47cd53
SHA1ee25b9a67d882564282a190ef74088ad23009def
SHA25670634cc4338d4ba2ffe5f0653d6a75963a3ee4e9ea98ff1acc12ab6262c679bc
SHA5123d7f579382c288e2b5deaeedd1f46152e38ff235b0b54dcefa40efbf8aa23a5d0bba6adf77eaee810225cc285b0ba0b152e8ed3dae37549ff624bc37cea8408d
-
Filesize
144B
MD59a3914bb0b012b584410a6935c72b49f
SHA1f6b4e00fd1ebcfcd1fee84547cd00453b133ccfc
SHA256f8bff2dcc54c6d82c14dd923780ce2db49d0987cf60ea44ac1780a07d9893931
SHA512363d9dd47ba24b57e6a3599891ddc504353e3b1e13233e47eb39389824885841ece1dc6edcb2742e3b4f01eed26d4d9b1ffd23757288136ce7bcfc8b22eb5ce9
-
Filesize
5B
MD5c06857e9ea338f3f3a24bb78f8fbdf6f
SHA1c5a0a2529d2deb60fec041b4fbd722a2ebe31702
SHA256957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027
SHA51229f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1
-
Filesize
1B
MD593b885adfe0da089cdf634904fd59f71
SHA15ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA2566e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SHA512b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee
-
Filesize
1B
MD555a54008ad1ba589aa210d2629c1df41
SHA1bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA2564bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA5127b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339
-
Filesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
Filesize
32B
MD5fb0404e1898af1a9c1094edd50b23f62
SHA1d7c00e89ff9f91a697b1a8847f80ec21a9533973
SHA2568752117f6e050eb035de9a2e52ed049013aea2d1d3d2bfc35be2f239fe4957ae
SHA5122cde42995499d40277025663b083f2776b680142abc2949f622b67f34b135ffde627b49ba1147da27d258b47c549589e1e894f2f2f5c2cd2cc88eceb47ff628c