Analysis
-
max time kernel
16s -
max time network
148s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
13/05/2024, 10:45
Static task
static1
Behavioral task
behavioral1
Sample
3f19ee89ec89b348c4170cdded2308ca_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
3f19ee89ec89b348c4170cdded2308ca_JaffaCakes118.apk
Resource
android-x64-20240506-en
General
-
Target
3f19ee89ec89b348c4170cdded2308ca_JaffaCakes118.apk
-
Size
16.9MB
-
MD5
3f19ee89ec89b348c4170cdded2308ca
-
SHA1
ec6254f50eb64272729ed6356684c34c72a1c2a0
-
SHA256
1744de2c38bdb5b4f93b4b33d17c95af63f765593c3daaf3f3453cfabf2d027a
-
SHA512
c9dcd5cb215dae24017459cfe210673d65e7958e890a115d346628b3110564931759b27bf3232aa63c70bc3a3c2a2bfcfc4963c21eb23613dd5410ad99eb0ef4
-
SSDEEP
393216:YCoHucFxo6FIDXYSUBiR7zNVDgw98LDbzY:YCGucF/IDvUCPNVDgw6Y
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 9 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.jdtz666.taoke/.jiagu/classes.dex 4262 com.jdtz666.taoke /data/data/com.jdtz666.taoke/.jiagu/classes.dex!classes2.dex 4262 com.jdtz666.taoke /data/data/com.jdtz666.taoke/.jiagu/tmp.dex 4262 com.jdtz666.taoke /data/data/com.jdtz666.taoke/.jiagu/tmp.dex 4293 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jdtz666.taoke/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.jdtz666.taoke/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.jdtz666.taoke/.jiagu/tmp.dex 4262 com.jdtz666.taoke /data/data/com.jdtz666.taoke/.jiagu/classes.dex 4331 com.jdtz666.taoke:pushservice /data/data/com.jdtz666.taoke/.jiagu/classes.dex!classes2.dex 4331 com.jdtz666.taoke:pushservice /data/data/com.jdtz666.taoke/.jiagu/tmp.dex 4331 com.jdtz666.taoke:pushservice /data/data/com.jdtz666.taoke/.jiagu/tmp.dex 4331 com.jdtz666.taoke:pushservice -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.jdtz666.taoke Framework service call android.app.IActivityManager.getRunningAppProcesses com.jdtz666.taoke:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.jdtz666.taoke Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.jdtz666.taoke:pushservice -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.jdtz666.taoke:pushservice Framework service call android.app.IActivityManager.registerReceiver com.jdtz666.taoke -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jdtz666.taoke Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jdtz666.taoke:pushservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.jdtz666.taoke:pushservice
Processes
-
com.jdtz666.taoke1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4262 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jdtz666.taoke/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.jdtz666.taoke/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4293
-
-
com.jdtz666.taoke:pushservice1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4331
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.7MB
MD5733c5237b78da7f7cb6469b2372c771e
SHA139bda131c900dc8b68e0e8ffad84bf74a0a6eaf1
SHA256d7c97a16dc1eaaa1256a5e68eb2d788c285284a4c9ce5b05f136dc44c52a03a5
SHA51243dafc5e62e3a3b604686ab78c129672bd49be750825c50d7ce54884fc095624786fa306e1be9cc53eade695ee865ff8d11b69b042f032fa3c8327ff615ba4e5
-
Filesize
5.3MB
MD50a678d9009cc5a4b1dc6024b3933bfe7
SHA1a3efe031bda5e4148e4e9f2dfa44c2602c7388eb
SHA2565e82c13a3d82ef5b5c6dc90232e78b5f342715c4babef3c3df8ca9639e5813cd
SHA5125af5c6225e7a739bc0012bb2180882ff1fbb0ebedb260d251366d0fc91e98b3cfa3459f430f0ccc13ba3e722a2c4df03c56e273d95561f5967fa29965cfeaffc
-
Filesize
480KB
MD5d280346c134f75655acd484c75745d6b
SHA17d1ea0d71824ce214d4769981ed68b0ef86f1b0b
SHA256344f4d98accbf8ad8a3ab052a649231f9ff1c9e7324374a6ec79d9de89dd9b55
SHA51211ce3fc3f1a52900f140813a5362cc9bf4b9954139c3447a61fbc6c35c8eb75e454feaffdc043e999a167fb21bfe0ffeedb6b71359a5fe0867dcc44c7e14d16b
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
40KB
MD56bfeb758277a744ad671d013eefa8572
SHA1e5a9eede9079860b63d71f80db72c8f74e4259c6
SHA256e0251f3c5dda03535638ddb761286dd8a86700d094168e3aea24c3f4705c3a14
SHA512a2d4fde4a3903920ee7397d42a7a7fb6f7f6a763bc49619d432b48179406b082eb676bba3c87c6b4ed0bfd51cf199da85e57afc72ffbcf857c4cad158c481768
-
Filesize
32KB
MD509e60f639d7bf09d9bf2d4c334fca02c
SHA1574b84fbc4b5f9f4dd1ad684fe32ca7e79bc2810
SHA2567ece96500bfca8fe7f3833b67aca418b1b3bbe7a14b2797f807fb674b61490ef
SHA51208027451292e19979a768dd6039137f664c3b75b8c85f37eb8c47d9a07fa784ae3b8b51e164d86951d4f5f7a2dd7eba8cd316a8d0745ccc6f3205fb6e7648c59
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
20KB
MD5986b353ad629b177d5a0be66d9712153
SHA1562f957c0ecbd452df60f70e58d1c9d1c14ec74b
SHA256e6ad624a93a041a6b2d36e4f1abac3c4e53ae650ac71c8b9cc7c7215a211819a
SHA5125b1e0cd27d2210c516fef241982ddad81dcefd44fd348fa14e085cc43b9fd3db700f719cd4a3af7993af1f4fbe1e085ca54ea51853617efb6e7db2630899294b
-
Filesize
32B
MD5af5dd0718f287246fabba00a5765f4c1
SHA10f32d9d4a820cc593ecd33c4b102ab10b268c096
SHA256b1a32b5b4f42125cca581ee104320803a4405197664467e489c5423168797158
SHA5120df03c9017fd80b780e43f79a4268b879f8490951879c7190b71c5bbd70b75b8deaafa10c65dec3f91be999ad89f295ec067f89b2ad8718acbb4c6a4e5efc00c
-
Filesize
32B
MD5090afa7aa165a780d54829a7fcc52ff3
SHA194f6e2ed6da0fe24e31bf5e18be3a5d86d3b5901
SHA2569a1e7b2964cb632030a46567a7593fa052019f92ae26564e306f7cd403f8b940
SHA512fcead93d457f784c05d39999e4ffed5ea8e584dca26fd1d089a008df3b1ffea4a45a16b963d2d08a1d35fdcf99af5d3e20fd6b456925cc6197b81b8faeef5266
-
Filesize
73B
MD572f603141a5a1129905d9e6dd8a8315b
SHA191d7d7bab760d7833786ff394021884e3110ad4e
SHA2568041a6e2c5a0fc5372201a2fc569527f7beeb8fdbbee7a730978ef6e72861086
SHA5126badb0f8ff86208c63de9406ea41ca1b513dbe6a956bcf68d5110b26c9ecab49282f64074231ab2a61c248dff644f376528188eba39079949932517fb35e45d6
-
Filesize
314B
MD5956c018ed3f42fb2feaf52baede905eb
SHA1f5a3d9160108b131a4dd059b18c66c160f4285ab
SHA256ae10a0cd4bf2f9ded0d1f9724d57c8b44ad40d166a621ff2cffc0ac5e42b7c16
SHA512dbdef375d7313f0095a69691278eb5c6b330c56b1f3fc3ac6ef23b94cf2d067692c6ccb62fad730a2e7c2a19e09efdfd5630e9519847e136afe3b16d1f831378
-
Filesize
307B
MD59d71a72018c10bc99db9f380de18f315
SHA114478d04d45bfbabdf3831874e5d5b73facc0e15
SHA256776fbbc038f0ff87fcb0b8eb83e10d34d8dcb81a5efb08d5205696093dc4f4a4
SHA512a50b581203930d9b04043ed7612d95e31500bfe7f90b3eee221db75def91086418d244cb1c9db18a44dc8e7611a9b08f74546ef63a9d41b9dfb8c716bcab9b8b
-
Filesize
54B
MD558b23c83e46055e3b9e40255ef2a6173
SHA11973f11d9c96abfd2c64d569101dbec0ae632e90
SHA256a01b8cef326a94936dc5df140f57865d185df5b9ab8d52175b05e7eb7696fd48
SHA512a4b2e362397b2b5f2103725659009ff4172cfefe28d29e074db854101c249ac074a60049676130262f28584a2c0ac0cdfa42170d29d5c582e465493817304b52
-
Filesize
28KB
MD51deb6b895a2280f63ea2f3783f0a5ebd
SHA1c01eee51a200d2007d3972b551e2515fc8f96d95
SHA256c14b81f1de9ea7414f9ab576df19d63c1d4f22750ab37f0800a7a0ee6a15a70d
SHA512269affd56d83a323141c44f786128a60d501d4e0ede0c4b7d9b5757a2e40851872c801dc1355c62c0607b95b1e42e2bf0b824d0230e1455655d1bb020c6a45e4
-
Filesize
54B
MD530c68ff29af8ff834aed49b3bc31ab88
SHA12075242f6297e7062d4c5cdc77ea04eeba738280
SHA256bf8ff8296cd9b5c6f440bc8da167627b31bc633c6f3f7cbb5b49dbd6186e775e
SHA5122c39555c9069d146adb9b0b15702f71d48687730a9664af8e704c40aa4b79f4067578cffb0c81eff6b3b8fbdddf11194c8b509f0898a3d69806cfa06f34f959f
-
Filesize
512B
MD50e5aa38b9d1e87801609c0987e584e13
SHA198442a3e1deafe472be4fb3ebd166d06afba31a2
SHA256daa1420495f69e6d64b68ec04db62fcfdb80b176e87e24b0bdb409cbfd7af4ce
SHA51290762b6e1f81bd6df0286334afed2b6394f189d9532be5ef0627f0daa7e6397d303844e7fe575b71d06ee1fa172b068c1246cb813727ebe6123eb18187d08a4d
-
Filesize
27B
MD53729a704647aed292b49ddeee824b1f5
SHA1ab67ccb28cf5b6d604f4868c3013e3529e9f25dc
SHA256ac96445a7064fba360b3f0bcf6a4d931e06df060d32b939549c3d9b9905e90e8
SHA512b9420774bf90e426b3d4ef5a82af3b586c8b4a3434ad7877b4acdd1468aa6660fffb67dc1770062be79221ab68820877eb3ae8534eb1e99e74645b9589c30ecb