Analysis

  • max time kernel
    51s
  • max time network
    162s
  • platform
    android_x64
  • resource
    android-x64-20240506-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
  • submitted
    13/05/2024, 10:45

General

  • Target

    3f19ee89ec89b348c4170cdded2308ca_JaffaCakes118.apk

  • Size

    16.9MB

  • MD5

    3f19ee89ec89b348c4170cdded2308ca

  • SHA1

    ec6254f50eb64272729ed6356684c34c72a1c2a0

  • SHA256

    1744de2c38bdb5b4f93b4b33d17c95af63f765593c3daaf3f3453cfabf2d027a

  • SHA512

    c9dcd5cb215dae24017459cfe210673d65e7958e890a115d346628b3110564931759b27bf3232aa63c70bc3a3c2a2bfcfc4963c21eb23613dd5410ad99eb0ef4

  • SSDEEP

    393216:YCoHucFxo6FIDXYSUBiR7zNVDgw98LDbzY:YCGucF/IDvUCPNVDgw6Y

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.jdtz666.taoke
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5049
  • com.jdtz666.taoke:pushservice
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5114

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.jdtz666.taoke/.jiagu/classes.dex

          Filesize

          5.7MB

          MD5

          733c5237b78da7f7cb6469b2372c771e

          SHA1

          39bda131c900dc8b68e0e8ffad84bf74a0a6eaf1

          SHA256

          d7c97a16dc1eaaa1256a5e68eb2d788c285284a4c9ce5b05f136dc44c52a03a5

          SHA512

          43dafc5e62e3a3b604686ab78c129672bd49be750825c50d7ce54884fc095624786fa306e1be9cc53eade695ee865ff8d11b69b042f032fa3c8327ff615ba4e5

        • /data/data/com.jdtz666.taoke/.jiagu/classes.dex!classes2.dex

          Filesize

          5.3MB

          MD5

          0a678d9009cc5a4b1dc6024b3933bfe7

          SHA1

          a3efe031bda5e4148e4e9f2dfa44c2602c7388eb

          SHA256

          5e82c13a3d82ef5b5c6dc90232e78b5f342715c4babef3c3df8ca9639e5813cd

          SHA512

          5af5c6225e7a739bc0012bb2180882ff1fbb0ebedb260d251366d0fc91e98b3cfa3459f430f0ccc13ba3e722a2c4df03c56e273d95561f5967fa29965cfeaffc

        • /data/data/com.jdtz666.taoke/.jiagu/libjiagu.so

          Filesize

          480KB

          MD5

          d280346c134f75655acd484c75745d6b

          SHA1

          7d1ea0d71824ce214d4769981ed68b0ef86f1b0b

          SHA256

          344f4d98accbf8ad8a3ab052a649231f9ff1c9e7324374a6ec79d9de89dd9b55

          SHA512

          11ce3fc3f1a52900f140813a5362cc9bf4b9954139c3447a61fbc6c35c8eb75e454feaffdc043e999a167fb21bfe0ffeedb6b71359a5fe0867dcc44c7e14d16b

        • /data/data/com.jdtz666.taoke/databases/ua.db

          Filesize

          36KB

          MD5

          b7036131b84bdf2b66c67fde18d62308

          SHA1

          18b1e5a358d68c846495cab5cfef7c6679659093

          SHA256

          c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295

          SHA512

          256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

        • /data/data/com.jdtz666.taoke/databases/ua.db

          Filesize

          24KB

          MD5

          8933ae9d7c0c8e0d5943de1c777c168d

          SHA1

          276a491c2d33d7933e2beef2a705be2de107f409

          SHA256

          7d2b56821ba8d64f6e7a26a5cafbc1463ca295a64725f3752da509d85c7f1fdf

          SHA512

          64b572fabed505da541547c62061a9eb0dc4570b5fee0a2375f94993f45f8b4d94f9e4e0d77d3e0c313b37c113adc5a839f8f3cd605c221978d736019397dd30

        • /data/data/com.jdtz666.taoke/databases/ua.db-journal

          Filesize

          512B

          MD5

          e003327a027c45723bd9af51eb186039

          SHA1

          0cdabf8468597049a9ff77ed1c34ede423771867

          SHA256

          82c45e1cb498b5dd0fd7e8dadc29a8245aeabef33b8345bf1b29c316aed65d88

          SHA512

          20c0336f7ef60c4a5ec0b1f771e4516f3941fc6c3ab1c60d92ddcdff21efdb8527367359beb3c250d48f40e266817f42d455a146025fed43cdea10e2af248485

        • /data/data/com.jdtz666.taoke/databases/ua.db-journal

          Filesize

          8KB

          MD5

          8e36bde0ad9bf4e4d46eb01cdd435047

          SHA1

          bbbe1a2d1af96af3a930246e66085ae5cde5987e

          SHA256

          3177fa0010982d0f55d12705d0e5aab01f0a4c49411b9fcb9db2dac514a3646f

          SHA512

          db9d7a7943367686fd5b16242916566017a7a2a9f319c847c5a99ab40238bdb770bc0a75cf7852863a83532b6e00fb622238987a218a75189cb41c56d260b277

        • /data/data/com.jdtz666.taoke/databases/ua.db-journal

          Filesize

          8KB

          MD5

          292e59da2067db4717d961d89436c6f6

          SHA1

          1eae82121c6615cfab066ceb0363500e2783c11f

          SHA256

          d03202b00485609696f122a60b52832bc73e3e52257f3513bde1096bde8f3443

          SHA512

          240953f7085a80826d9cacd6236e4a9821f79a57bfe65876f574e2e283edcc231f4e26091056ffb96c6988f941b2fb418c1afd0d636d1f358348a8a817d9130b

        • /data/data/com.jdtz666.taoke/databases/ua.db-journal

          Filesize

          16KB

          MD5

          19c46f57d50eb4d7d8db51b1a2266dfa

          SHA1

          3cc9d1ad68355bd5731efcf606d28fc733b73aa5

          SHA256

          1afc74adc7f83b8d367b3d1af84e234fb5dd33c1556f71a8b44349d371ab1b2d

          SHA512

          82e480c154c29f46f8d0e9f618baf60edbfed8004a3ef9bf24c27980ea7f35d270f8a7a4eec5361a2d39921983db1f21bf6cb71abc7a76a962c41bdfa2d1dd91

        • /data/data/com.jdtz666.taoke/databases/xUtils.db

          Filesize

          12KB

          MD5

          23361699380c337bacd078593caf2f13

          SHA1

          d97be8fdb49efd79514111ba48762218e0311504

          SHA256

          8cb1e74c80f6350f47204947dc2316a4ea193a14944ea404fe83bbe71132712c

          SHA512

          eaa313c60cf07b5c15e3cf8eddf3dfb24885465a3d0add7b31b8ef389e4995c91e6f180b3843d4d16b0eded02102adcf2405e9c828a009dd915d4a194784002b

        • /data/data/com.jdtz666.taoke/databases/xUtils.db-journal

          Filesize

          8KB

          MD5

          3b1b33652791516f4eb66944d9b29d75

          SHA1

          b558fe414edd66fd59d3da7c3376cad51b4dd3eb

          SHA256

          c13c7b2d84108a993dc5217bdf19ac8322b8b2c61fbce11227e9f4545830b990

          SHA512

          2f1cbbbab8cc28614dafcca954f48c53ff061b921fba5c7c9d0837837c9d7c6ef8e2c476bf98a71d1f67fabd962e53607e49f5c7b6ef778ec28b06db7cdfc60c

        • /data/data/com.jdtz666.taoke/databases/xUtils.db-journal

          Filesize

          8KB

          MD5

          97304c1c87f8f22a5efaa3cb0849d33f

          SHA1

          f1dfd43325880556b53d0956d868475254e2f286

          SHA256

          5598f314a91897f417187c4bf8c361445f009ad0570af0cffef5685e0a8c48e9

          SHA512

          9ee31089edf283b861632644b0b0b240fa983cb4839e942ac0ee89a19aedb2257a45ddaceb679e567032e231928351a2a19d404d3573d94972eb0022d66dd0f0

        • /data/data/com.jdtz666.taoke/databases/xUtils.db-journal

          Filesize

          4KB

          MD5

          c911ea4fed10eea1cc6ee37c464e59d6

          SHA1

          975b2cbca9150f958212d4c44134b09314a2600a

          SHA256

          d1261bc8b858e1f618b985cec5d39195c7bb0131e63abeb85a5f8c1a830568c9

          SHA512

          822cd35fdc85a2ee5ae9a598751e41ec864aff5edf4cf85ab7a95869176cbeeab44793aa93c3490ce808f1a92f5b33c46d295e4937db6a74aa9a997345542f50

        • /data/data/com.jdtz666.taoke/files/.envelope/a==7.5.0&&1.0.0_1715597172121_envelope.log

          Filesize

          1KB

          MD5

          5be72e11c8108507e62cf93c81181b56

          SHA1

          efcba0f6f1dd8c64aa335b6aff0221de8915973e

          SHA256

          9007d8116f828740a475680ee73b841517980b0ee55b2524397e94a39ffb6c92

          SHA512

          1a588d711bd28d1a10f244f3686c75307ef4b62383d80392669c0a12bdc1bec7698f0b58e77fd8799ea7498c27a91ee39d90d3bccb7c2c28f483d858093b546d

        • /data/data/com.jdtz666.taoke/files/.envelope/i==1.2.0&&1.0.0_1715597168606_envelope.log

          Filesize

          2KB

          MD5

          0a5dfc230d7c1d3f59c58854c1a0aaed

          SHA1

          875133303ad30c5e46c7e02095b91c8146490c6d

          SHA256

          b7287dee1cfb884b95cb588ee001b60975e0d056211851c9258f329183abdbfe

          SHA512

          8b7f69d277c1f9920d74a05e1b390d5b75fc661a4cc2205d899deee7473df710dc533391326296270971fa09153106754f37441284cb328a9a8819833d612a3a

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.ac

          Filesize

          32B

          MD5

          af5dd0718f287246fabba00a5765f4c1

          SHA1

          0f32d9d4a820cc593ecd33c4b102ab10b268c096

          SHA256

          b1a32b5b4f42125cca581ee104320803a4405197664467e489c5423168797158

          SHA512

          0df03c9017fd80b780e43f79a4268b879f8490951879c7190b71c5bbd70b75b8deaafa10c65dec3f91be999ad89f295ec067f89b2ad8718acbb4c6a4e5efc00c

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.ic

          Filesize

          32B

          MD5

          090afa7aa165a780d54829a7fcc52ff3

          SHA1

          94f6e2ed6da0fe24e31bf5e18be3a5d86d3b5901

          SHA256

          9a1e7b2964cb632030a46567a7593fa052019f92ae26564e306f7cd403f8b940

          SHA512

          fcead93d457f784c05d39999e4ffed5ea8e584dca26fd1d089a008df3b1ffea4a45a16b963d2d08a1d35fdcf99af5d3e20fd6b456925cc6197b81b8faeef5266

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.pk

          Filesize

          32B

          MD5

          78763a63f2eb8efbbcb02cd794264aa9

          SHA1

          d6aff6386722ab06e929bb2302ef6ab56f90ba33

          SHA256

          b2759e4afe58beea338af5a75c209b92b32d76e81dde3883aafc2de964af1486

          SHA512

          f1ed41ecae486d22f0170bd7389918d85638bec59b7a1ed0e44f3c50f8a40e3dfafed6163c69fb665ad0e628ba02237e356a7042fdcccc20262326442860841c

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.pk.h

          Filesize

          64B

          MD5

          7285ae4099c70eafa86aa6cedf0b231b

          SHA1

          fbd5ad7d744795018341c17789134730c7948306

          SHA256

          021a27a63a6ffdca53c69464069098069752d681fbea912ab8fa7a7e115e9aa1

          SHA512

          8697c06095dba9e969b01f0c5caad3952723b3ec4514f06bce134f6dd61b8a2a8d4aafa7284c5ae0ac9539c53ae4018b89016993642dff8ec33b57fb1e02bf15

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.rd

          Filesize

          32B

          MD5

          4dde756f71c3a6d93e7439063a492b7c

          SHA1

          252d062c6ee2326f16d8a7b6ba40f4c48544b7f5

          SHA256

          207d513472b8181d9e3634006b26fda292cd05ab0b8ae89e351842076cc3f851

          SHA512

          8514fb2afd1fe4c696e3bb23d83c6b6d45557889d9abef94ab9566f6220ea1fefdb3f10f43e437cf46a87e4479908887d7c025f972e15b10e0989b4006a0e51e

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.ri

          Filesize

          314B

          MD5

          c90455132937a52c2b29f94feb89df80

          SHA1

          983bb8493ffdda2c0f48173525f11a3fc65932e3

          SHA256

          29644cb6b4b00e0cfa5391e0b89a9a4719c175d381fc31739bf94321a6fc1384

          SHA512

          0f5c3fef313187f0a9119a8100cdbc42905ffe7c8d32b3287acc1d61d92f644f2e7a7e07c5fbe985d874a1d083c7276a83c6255681490b166eb138f98b8a9e57

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.ri

          Filesize

          307B

          MD5

          46818bb9731e2fe506af9372212d1a7d

          SHA1

          fbf248e26aa1c9be8f57e500ecd331d782f47d29

          SHA256

          107e24f561d7be9937fddfe70cbfe1a651a0ff6141ea1240965cacb54fe24159

          SHA512

          dfe1e0294a7c0c8abea79378f0403a87021153c8ed7e38841d9c8a3700aac2388b643fade8141fc6d106229863d3e74c5f04a8205306c823c9d788d9da9a1334

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_cf

          Filesize

          196B

          MD5

          9c46e6657bb393e213e236925a9c4974

          SHA1

          9f7c02df06135ef05f9871660a142b8d9d5d2b5f

          SHA256

          f74084334e902fafaf3de70f03c6a8243888d25c9b4c22210bd2b3bce78f91e7

          SHA512

          29b0a7cb03848ee971eb2a3b301eed6b7b37312872b97f1f7a35dec06d4e4999038694f8a8324a3e2059a75617080bc623828cf937b46495dae5feaabf618a28

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_cf

          Filesize

          54B

          MD5

          58b23c83e46055e3b9e40255ef2a6173

          SHA1

          1973f11d9c96abfd2c64d569101dbec0ae632e90

          SHA256

          a01b8cef326a94936dc5df140f57865d185df5b9ab8d52175b05e7eb7696fd48

          SHA512

          a4b2e362397b2b5f2103725659009ff4172cfefe28d29e074db854101c249ac074a60049676130262f28584a2c0ac0cdfa42170d29d5c582e465493817304b52

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_pid

          Filesize

          54B

          MD5

          30c68ff29af8ff834aed49b3bc31ab88

          SHA1

          2075242f6297e7062d4c5cdc77ea04eeba738280

          SHA256

          bf8ff8296cd9b5c6f440bc8da167627b31bc633c6f3f7cbb5b49dbd6186e775e

          SHA512

          2c39555c9069d146adb9b0b15702f71d48687730a9664af8e704c40aa4b79f4067578cffb0c81eff6b3b8fbdddf11194c8b509f0898a3d69806cfa06f34f959f

        • /data/data/com.jdtz666.taoke/files/.jglogs/.jg.store.report_pid

          Filesize

          28KB

          MD5

          cfab1313b6bc4be5c38f024fba1d7195

          SHA1

          bd3988e3c05d66889d311e06cd577c05a88a4cb6

          SHA256

          bb849c39f9a2c72b4b34520ff09d1eef151a053e7c9b3874ca80e8d378a12b9c

          SHA512

          60394e4bb665c2c629bd5ba938858e896355de7850f958b9d9a1bb9beae3b17b281e937cf8868ae252f6dcc46d10985ffe00d2b7bd3adc8a3c30c2052db52099

        • /data/data/com.jdtz666.taoke/files/.jiagu.lock

          Filesize

          27B

          MD5

          1f386d8e1c468f782a29809700099726

          SHA1

          346bbf2c9a4eb8d7ebdb3d5d170cc9a71fd84baa

          SHA256

          16c2282d581970d204a57351a68bdb8fbaa313e6ce5d3e13a33b805bbe21c0f0

          SHA512

          fe4ae9cbef1f3a4e5575870079b3155f877e99a8362a3f43d1c06dcb1d7307df3a7009241103ded6178fdc32092ad0ec1a32479697c4a8b116897a14cbaa483b

        • /data/data/com.jdtz666.taoke/files/.umeng/exchangeIdentity.json

          Filesize

          162B

          MD5

          8944564ee3f8f7d64fb774950796874a

          SHA1

          efc3650e6ff177cd22f7db26319f6da10f76a12d

          SHA256

          c452d55a5fb8f17f148cc5b32d932509eb0e3342933043cb36d65726e4fec535

          SHA512

          1dd678d17a45ebf7b14f9dfddc45b5190a68f6d904fce01edd491166da1b8356e40e24e119e7848fab4a05c4b48894c4d58b475fa5bbd5094d5c64c3c9f7fd9d

        • /data/data/com.jdtz666.taoke/files/exid.dat

          Filesize

          55B

          MD5

          d40448b076f2659fb6316ecf44bdcbeb

          SHA1

          545ae8b651ad38e82e5718c966b4b9073e05ec5f

          SHA256

          2ce112aa14c3607e59c88826c8b0bd59cf7b31e6707468a887270ae7b88feb6a

          SHA512

          05e2e532b47bd0d1a48d95056f82b11b8fa529677ca02fe9125ab2f573ee9228e4ac04163c17324b738643547a15783420772c787ef4e9b1bb953423df4c9c03

        • /data/data/com.jdtz666.taoke/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1NTk3MTY0MjY4

          Filesize

          1KB

          MD5

          90c8e3e6083b3f65ae7b360c63672b52

          SHA1

          c72a657b7709581e716e869cef62409abe3d70d0

          SHA256

          20d40ccf2efc6787a6048d43cde4a086fd10eeae387796b2010f2814bdc49b59

          SHA512

          61c1010026f282d577dc8a7fd38b4d2091a1f121e680b5cea8b88e6f63d9e023c51dd9848b55ed3371c0a530d9a0144535ec517ca4de19b7f5c2d5fd0711b9ab

        • /data/data/com.jdtz666.taoke/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1NTk3MTk1MDQ4

          Filesize

          1KB

          MD5

          4746c9ade4fbd4c3b00e384fcf76a42b

          SHA1

          fa3a6262248b24ba32136c62c0029e5d718a8ea8

          SHA256

          83d3ade822cbd6f8bdaac65f90353aaaecfc4cd4e8c81a3cc85fcbb3f22f0b03

          SHA512

          95783f1ef12245b7a3142fcc7d45fb5ccc16d5611558d8d96108f2965b372a2f8cbd43fdf11feab5f2aa601a1f1749ab93adc90197a8e7ad821d523c883cce0a

        • /data/data/com.jdtz666.taoke/files/umeng_it.cache

          Filesize

          350B

          MD5

          7cbe98385b85b54da04bf3acab25cbf1

          SHA1

          94dfc6cace78c431f31bdd389478b226fe0d668f

          SHA256

          5004723677ab8b5ec59540d4bd9d2f002f1f6eb5117504e37ce520fbf5ee2b90

          SHA512

          b7c8e5c3f648e51162be6318ac58606a53511618b74c35af96e38dec585192af1a4bc07b7bf122d5aa5da5023a35b5fc9ff4b49c9bcd67d0fb80c624e884fb96

        • /storage/emulated/0/mipush/lcfp

          Filesize

          35B

          MD5

          3f221fa745f536bfeff8527efe801775

          SHA1

          73a040fa221fbcd7c818be0fa893c0a9f8c36637

          SHA256

          0f7a1c6ff6263afbc6e151d94c2a064df63326bf1d33337aa162f47d41a121c4

          SHA512

          c1f1f75277f83daaf79e5dd50fb71d1d913ac024b0a354ad71e26314d5c3d6ea2afa4d6d8f1a96d17e1af8c8441668e1379f70018b1f79426cbf0c745e67a5f5

        • /storage/emulated/0/mipush/lcfp

          Filesize

          35B

          MD5

          167060e72de30e3653195d6db55a9fa9

          SHA1

          3f80aaaf3150472fa7cc72ff68b3ca3588e66caf

          SHA256

          3548845870322913af5d83fc2bc60918dcd309496df4eb5c69d86477fa04f7b3

          SHA512

          4ef8f31317cf1fb8ed1250d483d2ca1eb971c90ed6903df85a209f9e5688689974dd4cd51714b4f56baea06903cb99a2444c40545d7dc23b9d733ce77af87683