Analysis

  • max time kernel
    16s
  • max time network
    148s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    13/05/2024, 10:45

General

  • Target

    3f19ee89ec89b348c4170cdded2308ca_JaffaCakes118.apk

  • Size

    16.9MB

  • MD5

    3f19ee89ec89b348c4170cdded2308ca

  • SHA1

    ec6254f50eb64272729ed6356684c34c72a1c2a0

  • SHA256

    1744de2c38bdb5b4f93b4b33d17c95af63f765593c3daaf3f3453cfabf2d027a

  • SHA512

    c9dcd5cb215dae24017459cfe210673d65e7958e890a115d346628b3110564931759b27bf3232aa63c70bc3a3c2a2bfcfc4963c21eb23613dd5410ad99eb0ef4

  • SSDEEP

    393216:YCoHucFxo6FIDXYSUBiR7zNVDgw98LDbzY:YCGucF/IDvUCPNVDgw6Y

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 9 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.jdtz666.taoke
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4262
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jdtz666.taoke/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.jdtz666.taoke/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4293
  • com.jdtz666.taoke:pushservice
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4331

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.jdtz666.taoke/.jiagu/classes.dex

          Filesize

          5.7MB

          MD5

          733c5237b78da7f7cb6469b2372c771e

          SHA1

          39bda131c900dc8b68e0e8ffad84bf74a0a6eaf1

          SHA256

          d7c97a16dc1eaaa1256a5e68eb2d788c285284a4c9ce5b05f136dc44c52a03a5

          SHA512

          43dafc5e62e3a3b604686ab78c129672bd49be750825c50d7ce54884fc095624786fa306e1be9cc53eade695ee865ff8d11b69b042f032fa3c8327ff615ba4e5

        • /data/data/com.jdtz666.taoke/.jiagu/classes.dex!classes2.dex

          Filesize

          5.3MB

          MD5

          0a678d9009cc5a4b1dc6024b3933bfe7

          SHA1

          a3efe031bda5e4148e4e9f2dfa44c2602c7388eb

          SHA256

          5e82c13a3d82ef5b5c6dc90232e78b5f342715c4babef3c3df8ca9639e5813cd

          SHA512

          5af5c6225e7a739bc0012bb2180882ff1fbb0ebedb260d251366d0fc91e98b3cfa3459f430f0ccc13ba3e722a2c4df03c56e273d95561f5967fa29965cfeaffc

        • /data/data/com.jdtz666.taoke/.jiagu/libjiagu.so

          Filesize

          480KB

          MD5

          d280346c134f75655acd484c75745d6b

          SHA1

          7d1ea0d71824ce214d4769981ed68b0ef86f1b0b

          SHA256

          344f4d98accbf8ad8a3ab052a649231f9ff1c9e7324374a6ec79d9de89dd9b55

          SHA512

          11ce3fc3f1a52900f140813a5362cc9bf4b9954139c3447a61fbc6c35c8eb75e454feaffdc043e999a167fb21bfe0ffeedb6b71359a5fe0867dcc44c7e14d16b

        • /data/data/com.jdtz666.taoke/.jiagu/tmp.dex

          Filesize

          284B

          MD5

          f1771b68f5f9b168b79ff59ae2daabe4

          SHA1

          0df6a835559f5c99670214a12700e7d8c28e5a42

          SHA256

          9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

          SHA512

          dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

        • /data/data/com.jdtz666.taoke/databases/xUtils.db

          Filesize

          40KB

          MD5

          6bfeb758277a744ad671d013eefa8572

          SHA1

          e5a9eede9079860b63d71f80db72c8f74e4259c6

          SHA256

          e0251f3c5dda03535638ddb761286dd8a86700d094168e3aea24c3f4705c3a14

          SHA512

          a2d4fde4a3903920ee7397d42a7a7fb6f7f6a763bc49619d432b48179406b082eb676bba3c87c6b4ed0bfd51cf199da85e57afc72ffbcf857c4cad158c481768

        • /data/data/com.jdtz666.taoke/databases/xUtils.db-journal

          Filesize

          32KB

          MD5

          09e60f639d7bf09d9bf2d4c334fca02c

          SHA1

          574b84fbc4b5f9f4dd1ad684fe32ca7e79bc2810

          SHA256

          7ece96500bfca8fe7f3833b67aca418b1b3bbe7a14b2797f807fb674b61490ef

          SHA512

          08027451292e19979a768dd6039137f664c3b75b8c85f37eb8c47d9a07fa784ae3b8b51e164d86951d4f5f7a2dd7eba8cd316a8d0745ccc6f3205fb6e7648c59

        • /data/data/com.jdtz666.taoke/databases/xUtils.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/com.jdtz666.taoke/databases/xUtils.db-wal

          Filesize

          20KB

          MD5

          986b353ad629b177d5a0be66d9712153

          SHA1

          562f957c0ecbd452df60f70e58d1c9d1c14ec74b

          SHA256

          e6ad624a93a041a6b2d36e4f1abac3c4e53ae650ac71c8b9cc7c7215a211819a

          SHA512

          5b1e0cd27d2210c516fef241982ddad81dcefd44fd348fa14e085cc43b9fd3db700f719cd4a3af7993af1f4fbe1e085ca54ea51853617efb6e7db2630899294b

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.ac

          Filesize

          32B

          MD5

          af5dd0718f287246fabba00a5765f4c1

          SHA1

          0f32d9d4a820cc593ecd33c4b102ab10b268c096

          SHA256

          b1a32b5b4f42125cca581ee104320803a4405197664467e489c5423168797158

          SHA512

          0df03c9017fd80b780e43f79a4268b879f8490951879c7190b71c5bbd70b75b8deaafa10c65dec3f91be999ad89f295ec067f89b2ad8718acbb4c6a4e5efc00c

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.ic

          Filesize

          32B

          MD5

          090afa7aa165a780d54829a7fcc52ff3

          SHA1

          94f6e2ed6da0fe24e31bf5e18be3a5d86d3b5901

          SHA256

          9a1e7b2964cb632030a46567a7593fa052019f92ae26564e306f7cd403f8b940

          SHA512

          fcead93d457f784c05d39999e4ffed5ea8e584dca26fd1d089a008df3b1ffea4a45a16b963d2d08a1d35fdcf99af5d3e20fd6b456925cc6197b81b8faeef5266

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.rd

          Filesize

          73B

          MD5

          72f603141a5a1129905d9e6dd8a8315b

          SHA1

          91d7d7bab760d7833786ff394021884e3110ad4e

          SHA256

          8041a6e2c5a0fc5372201a2fc569527f7beeb8fdbbee7a730978ef6e72861086

          SHA512

          6badb0f8ff86208c63de9406ea41ca1b513dbe6a956bcf68d5110b26c9ecab49282f64074231ab2a61c248dff644f376528188eba39079949932517fb35e45d6

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.ri

          Filesize

          314B

          MD5

          956c018ed3f42fb2feaf52baede905eb

          SHA1

          f5a3d9160108b131a4dd059b18c66c160f4285ab

          SHA256

          ae10a0cd4bf2f9ded0d1f9724d57c8b44ad40d166a621ff2cffc0ac5e42b7c16

          SHA512

          dbdef375d7313f0095a69691278eb5c6b330c56b1f3fc3ac6ef23b94cf2d067692c6ccb62fad730a2e7c2a19e09efdfd5630e9519847e136afe3b16d1f831378

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.ri

          Filesize

          307B

          MD5

          9d71a72018c10bc99db9f380de18f315

          SHA1

          14478d04d45bfbabdf3831874e5d5b73facc0e15

          SHA256

          776fbbc038f0ff87fcb0b8eb83e10d34d8dcb81a5efb08d5205696093dc4f4a4

          SHA512

          a50b581203930d9b04043ed7612d95e31500bfe7f90b3eee221db75def91086418d244cb1c9db18a44dc8e7611a9b08f74546ef63a9d41b9dfb8c716bcab9b8b

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_cf

          Filesize

          54B

          MD5

          58b23c83e46055e3b9e40255ef2a6173

          SHA1

          1973f11d9c96abfd2c64d569101dbec0ae632e90

          SHA256

          a01b8cef326a94936dc5df140f57865d185df5b9ab8d52175b05e7eb7696fd48

          SHA512

          a4b2e362397b2b5f2103725659009ff4172cfefe28d29e074db854101c249ac074a60049676130262f28584a2c0ac0cdfa42170d29d5c582e465493817304b52

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_cf

          Filesize

          28KB

          MD5

          1deb6b895a2280f63ea2f3783f0a5ebd

          SHA1

          c01eee51a200d2007d3972b551e2515fc8f96d95

          SHA256

          c14b81f1de9ea7414f9ab576df19d63c1d4f22750ab37f0800a7a0ee6a15a70d

          SHA512

          269affd56d83a323141c44f786128a60d501d4e0ede0c4b7d9b5757a2e40851872c801dc1355c62c0607b95b1e42e2bf0b824d0230e1455655d1bb020c6a45e4

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_pid

          Filesize

          54B

          MD5

          30c68ff29af8ff834aed49b3bc31ab88

          SHA1

          2075242f6297e7062d4c5cdc77ea04eeba738280

          SHA256

          bf8ff8296cd9b5c6f440bc8da167627b31bc633c6f3f7cbb5b49dbd6186e775e

          SHA512

          2c39555c9069d146adb9b0b15702f71d48687730a9664af8e704c40aa4b79f4067578cffb0c81eff6b3b8fbdddf11194c8b509f0898a3d69806cfa06f34f959f

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_pid

          Filesize

          512B

          MD5

          0e5aa38b9d1e87801609c0987e584e13

          SHA1

          98442a3e1deafe472be4fb3ebd166d06afba31a2

          SHA256

          daa1420495f69e6d64b68ec04db62fcfdb80b176e87e24b0bdb409cbfd7af4ce

          SHA512

          90762b6e1f81bd6df0286334afed2b6394f189d9532be5ef0627f0daa7e6397d303844e7fe575b71d06ee1fa172b068c1246cb813727ebe6123eb18187d08a4d

        • /data/data/com.jdtz666.taoke/files/.jiagu.lock

          Filesize

          27B

          MD5

          3729a704647aed292b49ddeee824b1f5

          SHA1

          ab67ccb28cf5b6d604f4868c3013e3529e9f25dc

          SHA256

          ac96445a7064fba360b3f0bcf6a4d931e06df060d32b939549c3d9b9905e90e8

          SHA512

          b9420774bf90e426b3d4ef5a82af3b586c8b4a3434ad7877b4acdd1468aa6660fffb67dc1770062be79221ab68820877eb3ae8534eb1e99e74645b9589c30ecb