Analysis
-
max time kernel
51s -
max time network
162s -
platform
android_x64 -
resource
android-x64-20240506-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system -
submitted
13/05/2024, 10:45
Static task
static1
Behavioral task
behavioral1
Sample
3f19ee89ec89b348c4170cdded2308ca_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
3f19ee89ec89b348c4170cdded2308ca_JaffaCakes118.apk
Resource
android-x64-20240506-en
General
-
Target
3f19ee89ec89b348c4170cdded2308ca_JaffaCakes118.apk
-
Size
16.9MB
-
MD5
3f19ee89ec89b348c4170cdded2308ca
-
SHA1
ec6254f50eb64272729ed6356684c34c72a1c2a0
-
SHA256
1744de2c38bdb5b4f93b4b33d17c95af63f765593c3daaf3f3453cfabf2d027a
-
SHA512
c9dcd5cb215dae24017459cfe210673d65e7958e890a115d346628b3110564931759b27bf3232aa63c70bc3a3c2a2bfcfc4963c21eb23613dd5410ad99eb0ef4
-
SSDEEP
393216:YCoHucFxo6FIDXYSUBiR7zNVDgw98LDbzY:YCGucF/IDvUCPNVDgw6Y
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.jdtz666.taoke -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.jdtz666.taoke -
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.jdtz666.taoke/.jiagu/classes.dex 5049 com.jdtz666.taoke /data/data/com.jdtz666.taoke/.jiagu/classes.dex!classes2.dex 5049 com.jdtz666.taoke /data/data/com.jdtz666.taoke/.jiagu/classes.dex 5114 com.jdtz666.taoke:pushservice /data/data/com.jdtz666.taoke/.jiagu/classes.dex!classes2.dex 5114 com.jdtz666.taoke:pushservice -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.jdtz666.taoke -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccounts com.jdtz666.taoke -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.jdtz666.taoke Framework service call android.app.IActivityManager.getRunningAppProcesses com.jdtz666.taoke:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.jdtz666.taoke Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.jdtz666.taoke:pushservice -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.jdtz666.taoke -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.jdtz666.taoke Framework service call android.app.IActivityManager.registerReceiver com.jdtz666.taoke:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jdtz666.taoke Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jdtz666.taoke:pushservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.jdtz666.taoke -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.jdtz666.taoke Framework API call javax.crypto.Cipher.doFinal com.jdtz666.taoke:pushservice
Processes
-
com.jdtz666.taoke1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5049
-
com.jdtz666.taoke:pushservice1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5114
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.7MB
MD5733c5237b78da7f7cb6469b2372c771e
SHA139bda131c900dc8b68e0e8ffad84bf74a0a6eaf1
SHA256d7c97a16dc1eaaa1256a5e68eb2d788c285284a4c9ce5b05f136dc44c52a03a5
SHA51243dafc5e62e3a3b604686ab78c129672bd49be750825c50d7ce54884fc095624786fa306e1be9cc53eade695ee865ff8d11b69b042f032fa3c8327ff615ba4e5
-
Filesize
5.3MB
MD50a678d9009cc5a4b1dc6024b3933bfe7
SHA1a3efe031bda5e4148e4e9f2dfa44c2602c7388eb
SHA2565e82c13a3d82ef5b5c6dc90232e78b5f342715c4babef3c3df8ca9639e5813cd
SHA5125af5c6225e7a739bc0012bb2180882ff1fbb0ebedb260d251366d0fc91e98b3cfa3459f430f0ccc13ba3e722a2c4df03c56e273d95561f5967fa29965cfeaffc
-
Filesize
480KB
MD5d280346c134f75655acd484c75745d6b
SHA17d1ea0d71824ce214d4769981ed68b0ef86f1b0b
SHA256344f4d98accbf8ad8a3ab052a649231f9ff1c9e7324374a6ec79d9de89dd9b55
SHA51211ce3fc3f1a52900f140813a5362cc9bf4b9954139c3447a61fbc6c35c8eb75e454feaffdc043e999a167fb21bfe0ffeedb6b71359a5fe0867dcc44c7e14d16b
-
Filesize
36KB
MD5b7036131b84bdf2b66c67fde18d62308
SHA118b1e5a358d68c846495cab5cfef7c6679659093
SHA256c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295
SHA512256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067
-
Filesize
24KB
MD58933ae9d7c0c8e0d5943de1c777c168d
SHA1276a491c2d33d7933e2beef2a705be2de107f409
SHA2567d2b56821ba8d64f6e7a26a5cafbc1463ca295a64725f3752da509d85c7f1fdf
SHA51264b572fabed505da541547c62061a9eb0dc4570b5fee0a2375f94993f45f8b4d94f9e4e0d77d3e0c313b37c113adc5a839f8f3cd605c221978d736019397dd30
-
Filesize
512B
MD5e003327a027c45723bd9af51eb186039
SHA10cdabf8468597049a9ff77ed1c34ede423771867
SHA25682c45e1cb498b5dd0fd7e8dadc29a8245aeabef33b8345bf1b29c316aed65d88
SHA51220c0336f7ef60c4a5ec0b1f771e4516f3941fc6c3ab1c60d92ddcdff21efdb8527367359beb3c250d48f40e266817f42d455a146025fed43cdea10e2af248485
-
Filesize
8KB
MD58e36bde0ad9bf4e4d46eb01cdd435047
SHA1bbbe1a2d1af96af3a930246e66085ae5cde5987e
SHA2563177fa0010982d0f55d12705d0e5aab01f0a4c49411b9fcb9db2dac514a3646f
SHA512db9d7a7943367686fd5b16242916566017a7a2a9f319c847c5a99ab40238bdb770bc0a75cf7852863a83532b6e00fb622238987a218a75189cb41c56d260b277
-
Filesize
8KB
MD5292e59da2067db4717d961d89436c6f6
SHA11eae82121c6615cfab066ceb0363500e2783c11f
SHA256d03202b00485609696f122a60b52832bc73e3e52257f3513bde1096bde8f3443
SHA512240953f7085a80826d9cacd6236e4a9821f79a57bfe65876f574e2e283edcc231f4e26091056ffb96c6988f941b2fb418c1afd0d636d1f358348a8a817d9130b
-
Filesize
16KB
MD519c46f57d50eb4d7d8db51b1a2266dfa
SHA13cc9d1ad68355bd5731efcf606d28fc733b73aa5
SHA2561afc74adc7f83b8d367b3d1af84e234fb5dd33c1556f71a8b44349d371ab1b2d
SHA51282e480c154c29f46f8d0e9f618baf60edbfed8004a3ef9bf24c27980ea7f35d270f8a7a4eec5361a2d39921983db1f21bf6cb71abc7a76a962c41bdfa2d1dd91
-
Filesize
12KB
MD523361699380c337bacd078593caf2f13
SHA1d97be8fdb49efd79514111ba48762218e0311504
SHA2568cb1e74c80f6350f47204947dc2316a4ea193a14944ea404fe83bbe71132712c
SHA512eaa313c60cf07b5c15e3cf8eddf3dfb24885465a3d0add7b31b8ef389e4995c91e6f180b3843d4d16b0eded02102adcf2405e9c828a009dd915d4a194784002b
-
Filesize
8KB
MD53b1b33652791516f4eb66944d9b29d75
SHA1b558fe414edd66fd59d3da7c3376cad51b4dd3eb
SHA256c13c7b2d84108a993dc5217bdf19ac8322b8b2c61fbce11227e9f4545830b990
SHA5122f1cbbbab8cc28614dafcca954f48c53ff061b921fba5c7c9d0837837c9d7c6ef8e2c476bf98a71d1f67fabd962e53607e49f5c7b6ef778ec28b06db7cdfc60c
-
Filesize
8KB
MD597304c1c87f8f22a5efaa3cb0849d33f
SHA1f1dfd43325880556b53d0956d868475254e2f286
SHA2565598f314a91897f417187c4bf8c361445f009ad0570af0cffef5685e0a8c48e9
SHA5129ee31089edf283b861632644b0b0b240fa983cb4839e942ac0ee89a19aedb2257a45ddaceb679e567032e231928351a2a19d404d3573d94972eb0022d66dd0f0
-
Filesize
4KB
MD5c911ea4fed10eea1cc6ee37c464e59d6
SHA1975b2cbca9150f958212d4c44134b09314a2600a
SHA256d1261bc8b858e1f618b985cec5d39195c7bb0131e63abeb85a5f8c1a830568c9
SHA512822cd35fdc85a2ee5ae9a598751e41ec864aff5edf4cf85ab7a95869176cbeeab44793aa93c3490ce808f1a92f5b33c46d295e4937db6a74aa9a997345542f50
-
Filesize
1KB
MD55be72e11c8108507e62cf93c81181b56
SHA1efcba0f6f1dd8c64aa335b6aff0221de8915973e
SHA2569007d8116f828740a475680ee73b841517980b0ee55b2524397e94a39ffb6c92
SHA5121a588d711bd28d1a10f244f3686c75307ef4b62383d80392669c0a12bdc1bec7698f0b58e77fd8799ea7498c27a91ee39d90d3bccb7c2c28f483d858093b546d
-
Filesize
2KB
MD50a5dfc230d7c1d3f59c58854c1a0aaed
SHA1875133303ad30c5e46c7e02095b91c8146490c6d
SHA256b7287dee1cfb884b95cb588ee001b60975e0d056211851c9258f329183abdbfe
SHA5128b7f69d277c1f9920d74a05e1b390d5b75fc661a4cc2205d899deee7473df710dc533391326296270971fa09153106754f37441284cb328a9a8819833d612a3a
-
Filesize
32B
MD5af5dd0718f287246fabba00a5765f4c1
SHA10f32d9d4a820cc593ecd33c4b102ab10b268c096
SHA256b1a32b5b4f42125cca581ee104320803a4405197664467e489c5423168797158
SHA5120df03c9017fd80b780e43f79a4268b879f8490951879c7190b71c5bbd70b75b8deaafa10c65dec3f91be999ad89f295ec067f89b2ad8718acbb4c6a4e5efc00c
-
Filesize
32B
MD5090afa7aa165a780d54829a7fcc52ff3
SHA194f6e2ed6da0fe24e31bf5e18be3a5d86d3b5901
SHA2569a1e7b2964cb632030a46567a7593fa052019f92ae26564e306f7cd403f8b940
SHA512fcead93d457f784c05d39999e4ffed5ea8e584dca26fd1d089a008df3b1ffea4a45a16b963d2d08a1d35fdcf99af5d3e20fd6b456925cc6197b81b8faeef5266
-
Filesize
32B
MD578763a63f2eb8efbbcb02cd794264aa9
SHA1d6aff6386722ab06e929bb2302ef6ab56f90ba33
SHA256b2759e4afe58beea338af5a75c209b92b32d76e81dde3883aafc2de964af1486
SHA512f1ed41ecae486d22f0170bd7389918d85638bec59b7a1ed0e44f3c50f8a40e3dfafed6163c69fb665ad0e628ba02237e356a7042fdcccc20262326442860841c
-
Filesize
64B
MD57285ae4099c70eafa86aa6cedf0b231b
SHA1fbd5ad7d744795018341c17789134730c7948306
SHA256021a27a63a6ffdca53c69464069098069752d681fbea912ab8fa7a7e115e9aa1
SHA5128697c06095dba9e969b01f0c5caad3952723b3ec4514f06bce134f6dd61b8a2a8d4aafa7284c5ae0ac9539c53ae4018b89016993642dff8ec33b57fb1e02bf15
-
Filesize
32B
MD54dde756f71c3a6d93e7439063a492b7c
SHA1252d062c6ee2326f16d8a7b6ba40f4c48544b7f5
SHA256207d513472b8181d9e3634006b26fda292cd05ab0b8ae89e351842076cc3f851
SHA5128514fb2afd1fe4c696e3bb23d83c6b6d45557889d9abef94ab9566f6220ea1fefdb3f10f43e437cf46a87e4479908887d7c025f972e15b10e0989b4006a0e51e
-
Filesize
314B
MD5c90455132937a52c2b29f94feb89df80
SHA1983bb8493ffdda2c0f48173525f11a3fc65932e3
SHA25629644cb6b4b00e0cfa5391e0b89a9a4719c175d381fc31739bf94321a6fc1384
SHA5120f5c3fef313187f0a9119a8100cdbc42905ffe7c8d32b3287acc1d61d92f644f2e7a7e07c5fbe985d874a1d083c7276a83c6255681490b166eb138f98b8a9e57
-
Filesize
307B
MD546818bb9731e2fe506af9372212d1a7d
SHA1fbf248e26aa1c9be8f57e500ecd331d782f47d29
SHA256107e24f561d7be9937fddfe70cbfe1a651a0ff6141ea1240965cacb54fe24159
SHA512dfe1e0294a7c0c8abea79378f0403a87021153c8ed7e38841d9c8a3700aac2388b643fade8141fc6d106229863d3e74c5f04a8205306c823c9d788d9da9a1334
-
Filesize
196B
MD59c46e6657bb393e213e236925a9c4974
SHA19f7c02df06135ef05f9871660a142b8d9d5d2b5f
SHA256f74084334e902fafaf3de70f03c6a8243888d25c9b4c22210bd2b3bce78f91e7
SHA51229b0a7cb03848ee971eb2a3b301eed6b7b37312872b97f1f7a35dec06d4e4999038694f8a8324a3e2059a75617080bc623828cf937b46495dae5feaabf618a28
-
Filesize
54B
MD558b23c83e46055e3b9e40255ef2a6173
SHA11973f11d9c96abfd2c64d569101dbec0ae632e90
SHA256a01b8cef326a94936dc5df140f57865d185df5b9ab8d52175b05e7eb7696fd48
SHA512a4b2e362397b2b5f2103725659009ff4172cfefe28d29e074db854101c249ac074a60049676130262f28584a2c0ac0cdfa42170d29d5c582e465493817304b52
-
Filesize
54B
MD530c68ff29af8ff834aed49b3bc31ab88
SHA12075242f6297e7062d4c5cdc77ea04eeba738280
SHA256bf8ff8296cd9b5c6f440bc8da167627b31bc633c6f3f7cbb5b49dbd6186e775e
SHA5122c39555c9069d146adb9b0b15702f71d48687730a9664af8e704c40aa4b79f4067578cffb0c81eff6b3b8fbdddf11194c8b509f0898a3d69806cfa06f34f959f
-
Filesize
28KB
MD5cfab1313b6bc4be5c38f024fba1d7195
SHA1bd3988e3c05d66889d311e06cd577c05a88a4cb6
SHA256bb849c39f9a2c72b4b34520ff09d1eef151a053e7c9b3874ca80e8d378a12b9c
SHA51260394e4bb665c2c629bd5ba938858e896355de7850f958b9d9a1bb9beae3b17b281e937cf8868ae252f6dcc46d10985ffe00d2b7bd3adc8a3c30c2052db52099
-
Filesize
27B
MD51f386d8e1c468f782a29809700099726
SHA1346bbf2c9a4eb8d7ebdb3d5d170cc9a71fd84baa
SHA25616c2282d581970d204a57351a68bdb8fbaa313e6ce5d3e13a33b805bbe21c0f0
SHA512fe4ae9cbef1f3a4e5575870079b3155f877e99a8362a3f43d1c06dcb1d7307df3a7009241103ded6178fdc32092ad0ec1a32479697c4a8b116897a14cbaa483b
-
Filesize
162B
MD58944564ee3f8f7d64fb774950796874a
SHA1efc3650e6ff177cd22f7db26319f6da10f76a12d
SHA256c452d55a5fb8f17f148cc5b32d932509eb0e3342933043cb36d65726e4fec535
SHA5121dd678d17a45ebf7b14f9dfddc45b5190a68f6d904fce01edd491166da1b8356e40e24e119e7848fab4a05c4b48894c4d58b475fa5bbd5094d5c64c3c9f7fd9d
-
Filesize
55B
MD5d40448b076f2659fb6316ecf44bdcbeb
SHA1545ae8b651ad38e82e5718c966b4b9073e05ec5f
SHA2562ce112aa14c3607e59c88826c8b0bd59cf7b31e6707468a887270ae7b88feb6a
SHA51205e2e532b47bd0d1a48d95056f82b11b8fa529677ca02fe9125ab2f573ee9228e4ac04163c17324b738643547a15783420772c787ef4e9b1bb953423df4c9c03
-
/data/data/com.jdtz666.taoke/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1NTk3MTY0MjY4
Filesize1KB
MD590c8e3e6083b3f65ae7b360c63672b52
SHA1c72a657b7709581e716e869cef62409abe3d70d0
SHA25620d40ccf2efc6787a6048d43cde4a086fd10eeae387796b2010f2814bdc49b59
SHA51261c1010026f282d577dc8a7fd38b4d2091a1f121e680b5cea8b88e6f63d9e023c51dd9848b55ed3371c0a530d9a0144535ec517ca4de19b7f5c2d5fd0711b9ab
-
/data/data/com.jdtz666.taoke/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1NTk3MTk1MDQ4
Filesize1KB
MD54746c9ade4fbd4c3b00e384fcf76a42b
SHA1fa3a6262248b24ba32136c62c0029e5d718a8ea8
SHA25683d3ade822cbd6f8bdaac65f90353aaaecfc4cd4e8c81a3cc85fcbb3f22f0b03
SHA51295783f1ef12245b7a3142fcc7d45fb5ccc16d5611558d8d96108f2965b372a2f8cbd43fdf11feab5f2aa601a1f1749ab93adc90197a8e7ad821d523c883cce0a
-
Filesize
350B
MD57cbe98385b85b54da04bf3acab25cbf1
SHA194dfc6cace78c431f31bdd389478b226fe0d668f
SHA2565004723677ab8b5ec59540d4bd9d2f002f1f6eb5117504e37ce520fbf5ee2b90
SHA512b7c8e5c3f648e51162be6318ac58606a53511618b74c35af96e38dec585192af1a4bc07b7bf122d5aa5da5023a35b5fc9ff4b49c9bcd67d0fb80c624e884fb96
-
Filesize
35B
MD53f221fa745f536bfeff8527efe801775
SHA173a040fa221fbcd7c818be0fa893c0a9f8c36637
SHA2560f7a1c6ff6263afbc6e151d94c2a064df63326bf1d33337aa162f47d41a121c4
SHA512c1f1f75277f83daaf79e5dd50fb71d1d913ac024b0a354ad71e26314d5c3d6ea2afa4d6d8f1a96d17e1af8c8441668e1379f70018b1f79426cbf0c745e67a5f5
-
Filesize
35B
MD5167060e72de30e3653195d6db55a9fa9
SHA13f80aaaf3150472fa7cc72ff68b3ca3588e66caf
SHA2563548845870322913af5d83fc2bc60918dcd309496df4eb5c69d86477fa04f7b3
SHA5124ef8f31317cf1fb8ed1250d483d2ca1eb971c90ed6903df85a209f9e5688689974dd4cd51714b4f56baea06903cb99a2444c40545d7dc23b9d733ce77af87683