Analysis
-
max time kernel
5s -
max time network
161s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
16/05/2024, 06:27
Static task
static1
Behavioral task
behavioral1
Sample
49ca8b1798d95912cc6ede6ef5218162_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
49ca8b1798d95912cc6ede6ef5218162_JaffaCakes118.apk
-
Size
25.9MB
-
MD5
49ca8b1798d95912cc6ede6ef5218162
-
SHA1
529f4a217891ab05ac0b2fd8cce101bee00eb510
-
SHA256
c98789945c739109b1069fb3a4f9c1b5a654ab6918401b216e5c9160cc1b675a
-
SHA512
d34d70b359b63388f30a2627f713a57482ecfeea386f6bf37b21edde7652f4112544de67e3a0ab0644d54c6fbbce5875245ea7758f6775cc092b5238558903eb
-
SSDEEP
786432:91PW7LzLmKdLkSnRL36HJiaL6gHl81spsb1p4XFLBCxusj1pVBHueLL/9J9Lt:bEfmChKYm6gHU10ox9j1jVuyrX
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.maco.dinosaur.racing3/app_hok/classes.jar 4243 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.maco.dinosaur.racing3/app_hok/classes.jar --output-vdex-fd=44 --oat-fd=46 --oat-location=/data/user/0/com.maco.dinosaur.racing3/app_hok/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.maco.dinosaur.racing3/app_hok/classes.jar 4209 com.maco.dinosaur.racing3 /data/user/0/com.maco.dinosaur.racing3/app_hok/classes.jar 4209 com.maco.dinosaur.racing3 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.maco.dinosaur.racing3 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.maco.dinosaur.racing3 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.maco.dinosaur.racing3
Processes
-
com.maco.dinosaur.racing31⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4209 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.maco.dinosaur.racing3/app_hok/classes.jar --output-vdex-fd=44 --oat-fd=46 --oat-location=/data/user/0/com.maco.dinosaur.racing3/app_hok/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4243
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD55c04e428b1cab5b4e3f92d3d814a8973
SHA18c757d13f81fd918bac3f2c7f3369fa243e200f1
SHA25661659981aacc2e8ffbec700b16f2830c096e02a60df6cd8242bc4e57682ce86f
SHA512010e8f68c656d37d11af552a59705465da1371e5fad6f75255df419792b1919de7af6a1cc2f82747ff2830ac72000d9c7a34e9ae7f7eab721a92dedb937ed9cb
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5543b98a62b7e206031472197ba10d36e
SHA165fb51305dc0d75cc0bde1750308a1f3df88a39b
SHA2563fdd8c74d77a9100d4ab15cd36207804e2da5d4fffa40bd45c7e72841c276eca
SHA5127355f4eb4c4efa5970bc5a63078b239159699f79f4eb98615f701157cc0f8de9b6575ef235ed8a964e69c0ca723a3710abbf616b9a0bab4df1d13f3fcb233a8c
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
160KB
MD5982097eef67dea92faa391a2b499057a
SHA135f9e9f07290cacc10d409c3efd91f229cba7904
SHA2563407a0e7f68a76b2255e81b0ba19a4412da18af2bebdd51d9459d39973f551df
SHA512c86124572b24ad8e3e9894a47733f4ce8cef6d8b7df335c18750990df43d4f929e6e0737e2e025c6b9bf80be539231fe88a553f4d50addf59c8988353ef18c83
-
Filesize
167KB
MD5b8d31fd1afa290b5d9b78dca6e0f2dec
SHA1956b317b513f32c73a51856a52a2161f765ed4f7
SHA256454b0872f221d5f8670958cb08561007b668dd2d19f5ddc9aac9312a0218b58c
SHA512265b7dceb018e635ddb2efcba2be284d719bc29211d9daca09436d6991c28e63e3348c34784261826c1fa772add05ab9a3964f9c7fb8f4cf9efb903f06bf206c
-
Filesize
167KB
MD504d5619e0826d90e876039772b359207
SHA12583d16ee29577f20ff7e4a5b89f5e9f591f25a2
SHA256a067264675ee239900ada698b51595a13c0fad8f501ef6d4c9d8c3a187fa5319
SHA5128cd5911ead52fcc6d3449b5df6b19fe5e7a0efeabf4ea7a9ce7df8cbcc5437c1df4ac6565ce05bad9a483000da51248466b076b13a2305876a3983cd5ce0ddfb