Analysis
-
max time kernel
177s -
max time network
163s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
18/05/2024, 07:16
Static task
static1
Behavioral task
behavioral1
Sample
538a7dd8b999182f2e3a216ba7986d53_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
538a7dd8b999182f2e3a216ba7986d53_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
mimo_asset.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
mimo_asset.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
mimo_asset.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
538a7dd8b999182f2e3a216ba7986d53_JaffaCakes118.apk
-
Size
21.2MB
-
MD5
538a7dd8b999182f2e3a216ba7986d53
-
SHA1
2ff5ad5744cfb9c23576abc405440a11e49f60ba
-
SHA256
d67e3a7439656841d1720af95f3faf360553c3d0938cf7390280e6a3d47e3d63
-
SHA512
5f885ab3c0387353341f8ea31113a70af159acc42e5bc7f57121a5afafbc1717be631bc2676b6ce22d2a1dde5005ec759e36f7eaf7f5756372b60ab9abbba25c
-
SSDEEP
393216:Hce5m6AbuViFLRLamoq1V/8sQ7wXvDdsKkrq3X2Md6dYlAXFcxo9XOfVVHSeTWG/:ybDRLamoqbmOD6g3X/duQAGxok/HSeSw
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.pombingsoft.clumsyman.gtx -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.pombingsoft.clumsyman.gtx -
Loads dropped Dex/Jar 1 TTPs 6 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.pombingsoft.clumsyman.gtx/.jiagu/classes.dex 4266 com.pombingsoft.clumsyman.gtx /data/data/com.pombingsoft.clumsyman.gtx/.jiagu/classes.dex!classes2.dex 4266 com.pombingsoft.clumsyman.gtx /data/data/com.pombingsoft.clumsyman.gtx/.jiagu/tmp.dex 4266 com.pombingsoft.clumsyman.gtx /data/data/com.pombingsoft.clumsyman.gtx/.jiagu/tmp.dex 4304 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.pombingsoft.clumsyman.gtx/.jiagu/tmp.dex 4266 com.pombingsoft.clumsyman.gtx /data/user/0/com.pombingsoft.clumsyman.gtx/files/ebody/res/37673/vva.jar 4266 com.pombingsoft.clumsyman.gtx -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.pombingsoft.clumsyman.gtx -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.pombingsoft.clumsyman.gtx -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.pombingsoft.clumsyman.gtx -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.pombingsoft.clumsyman.gtx -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.pombingsoft.clumsyman.gtx -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.pombingsoft.clumsyman.gtx
Processes
-
com.pombingsoft.clumsyman.gtx1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4266 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.pombingsoft.clumsyman.gtx/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4304
-
-
cat /sys/class/net/wlan0/address2⤵PID:4422
-
-
sh -c ps -ef2⤵PID:4444
-
-
ps -ef2⤵PID:4444
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.8MB
MD51e38cae7edb80121ae6aa34afd61ed81
SHA1f0252d2aa050345c2a238d5d633203fbc438375f
SHA256a480a7d7e626b00fc85ebdada35b85f3a79fac9f66bc98bc13ddc52b19ae901a
SHA512b44dfd3c38cdefbbb899358ea706979edf15725b753891b2cbac3ccca59bb11a1cf7dd875daee09f06079420fbd063d21bd06648f1e54ad4e321ce34f808942f
-
Filesize
4.0MB
MD519f1dbbdd8c2a9e81a0dad975b2f4190
SHA101dbbf6faef8e9aeaed60c315d04516089bb58b2
SHA25618da70de72e35e3bcc7af8f42f3939429d1e24b9178692a6c998a22feecd6386
SHA5128ba77c29424314d53673dd39657648e388131bf4e8228cabcafd69fb00d1f1863b6b7f152660e8d04a4f4ae876f351d607999e2ae3a4f8737fcb8271a2e6f0ca
-
Filesize
475KB
MD55aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1522db1748608e9173547b29b7aa82ddc3542c534
SHA2565a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA5125c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
2.6MB
MD5a4be05e15ad132090b309f396e91ff58
SHA18c8b8354188d80d9abf60f4f63883d2b92a553f2
SHA256e2c35ba3e0b82ced9693b57da9c9c57a1e9914d272a8f94f9f39b40ec3451016
SHA5121db29d80bdec4939d19566a9714cb400fcf7baf17b306b6b65ec92f573aa1910262cd4b51d9791af38b5951ef39bbb499a9003b9e0c528c31a2a21e45f09f341
-
Filesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
Filesize
512B
MD5838312cee4983d1385bf837fc45d9d7b
SHA14e05e1bfe0be54109d5dd1d004b6edbbf03695c9
SHA256adc693660c4c54f03748c73c63fbef0c3520ecfd1bf6ca5b847ea549e562f3dd
SHA512818d71ce38a04426c60662ac338992372e63dd8c92f00956c371aa1a05ed688998d5bc5f1cf8a97d2354beda8602f892c37dc98c4e9522c705069a6d0299dcc6
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
48KB
MD5d06c547df7f0ab95b0b80b41152dc850
SHA1d8579ae6e5bd03dd936df4e32e4780bb5965f46d
SHA2567218c17b7a2af7779d7a4b39590435f4de5f97b1799edbc6970bfeb8debbd66a
SHA512969d8506677d7456a244966052f5ac2b043cd7ed6cada326edd0fa231e134378608120b05e26e3d0ed399f4f291fd02b0fc1010ecf1d140fce41087da30f2a8c
-
Filesize
32B
MD5598c39ec5628009a581772339fc90b31
SHA19bd77127cda6a8380aef45df5293a1331a52c5a2
SHA256e1960be5d6233f422aae668f890ba71b87d711781c274ca8f26e51d3d3dbff98
SHA5127e0c121c26eb56137c511cd17ea8b462945a0cfecfce8231344514dad782b8df57698fc119d80eff6fbd1d9f461bf6bdec49a8a89bbe9787c687eda9926ad6f1
-
Filesize
40B
MD51e251ba80230daa026f82280c1f9e67d
SHA1216e535e7768bc945bcca4a8422583a82b463abe
SHA256e727f351ef9d6e4a8049f360be3f9dacbc2c4b69f28c7ffb6e6db6a9c66342ce
SHA5122e4d1212c1264f434bd207ca6bc12421b7cc7a4a4033ec9d12aed6f7e08ea69418744865857f37c3bb362c06ea34ab82166d9dda0f8e58ca6af43787750ee8be
-
Filesize
32B
MD5d681e68c04eeef10693b497b64266a68
SHA11e12fe8463fb6555f342e6d634cef27c3e287103
SHA256cc8e7fe6e436fe3f015f53b601cc9dae24ada526689dc5c3f8be353edc139f98
SHA51288e35222451b375a3b16505b8356425480ce82f3da86c52aa021902b02c4bddc043ca31a624093381e607104e402acaa885a8ff2f07d10f72b414d35d065841a
-
Filesize
73B
MD5d733713b9451e67ab5b42696e37cb00a
SHA14211f6293fcdb26659fd27797e236081af42ba28
SHA256f53e9ccb2826358dddd7f843ddb4b0b1da7a1f442aaca273b831a58cefdc07e6
SHA512d0669c5b2cd12c6ffca899d7d74956826fdef497f84fcc21c8349c95700648d24222d85ef378801a7f54e30b9cca14545cab48fdcbceeb4ac53dc13abf771227
-
Filesize
307B
MD505a11301911ce68ff072c3fd18c04ce8
SHA174f32c54c335863493651240dd8c03ba100236ab
SHA256dfbb5c079ca6e867ca362803efea9dd73c0a0146a7876c5fe588ffdba0168b21
SHA51255b417fdc37cc765224ea695390d7e9e8e5bbacbea4e4a338386841f2784c49db9fc54937bb53bd703d78fc8eb5cab5aacb9678cdaba04666943930687401bbf
-
Filesize
314B
MD5536b6910b5b281e79b05d281a4e77359
SHA1b10abb84b2a38a2f3d0633563599013dd776906e
SHA2561cf5b3f88ead49517f6042839278e75bf3833e0dcd460708fb9c5201882a4401
SHA5127cc1a36e481b55538211ecec6b29761bfd2cb98e7e23c50e94411b47a584d7e7d8d93411f63027862a440688098406dd29694d4508237537b633341f3b6d6753
-
Filesize
32B
MD5d6255e6c286e6468695858280af749d4
SHA1a77e7874cc2134ef52f9a4d079c0b31c0e3a0b35
SHA256d8d869c579f909277f599903e50d9e9cc9fee16741339419b88ea2bf53675eba
SHA512055ed7141604fea9c75a62b47a508fb68c18b4188a4139587cf9459dfaceff10525b83eefdb2f3955d0fd5c2e1d1988ae075251cfcfd90bdb57d0bc93ff9eb85
-
Filesize
27B
MD50e60ae281f9b40166957b93180150e4f
SHA10457fc9d57c9e4e4800acd302fd50ffc97ff0c17
SHA256268bbeee0421e4caebea1dea2ee30dc4b631ed20dfe54bc73b2585fc32318831
SHA51263f32ea3fd22a6db6ab62061a0e1b303a7bedf8fd76c953a3a26bfc07472f28414e7a9680985553146613516bf00b93b3797bd49a7019740245ba44879b188a4
-
Filesize
8B
MD5959b6b1736444a0c8199f4962878212b
SHA1fc8ecc1e5fb7243fa5d4856ce19ea037408fc384
SHA2566bebbf0e7366e29cc6d3dd90528ae9ee091f311c6da3602ed5248c3a2b7ab745
SHA512ed3c9a782d7c9db5ae2a2acb24ffa93dc8d68023610077cf0df72689576c412e98fa7a00e49c2940b0d9432c00f98bf968526da70705da84f0ecf0685707a5dc
-
Filesize
2.6MB
MD5c7464d7ac75c59a56ff2f6a0f9374094
SHA1e18fb726a5a36039aa18c383b265e79a343479e4
SHA256c22c33159bbba233c5747086b13a5ee067c44bc7726267e4d02b8993fde1f344
SHA51293fd8ca48d0febfc386b9cfb4eb01e5aaf72ff0f9e1abd4720884fa0c93d422728f61da7edebabc1267a8aa2c4f6aa831c8d5a596d08f6b64ef696e19188a9f9
-
Filesize
342KB
MD5c575a286b11bbafcf8e4905d27f30977
SHA192f75a7425564f8e5ced10e4ef098c378a0748bd
SHA256185c4ce6748aecf146255ae05828bb01d88b523d7c930e058c851ea5d329beba
SHA512f71571ee69dbb5fea7ac72572b1e50bfac1c7b0a577a5163631410d9f002ce38ebc1e3da4b43000a3575b68b30c70609269c48d165e1cd326474d3e46e19087e
-
Filesize
32B
MD5f22d1c9d8805a03089a14cb8f0a077f0
SHA1fbf44eea9680293a31ffaefdf4a51fe76b661b96
SHA256c799bb41ae4a0e972aa7f51fa42bddcb39740813d1549c792a1bfd1cb159be49
SHA5129c14964bf702554b46136efa6238920b25cdba7f228d72eb66de2efeed0e7f6a785770fc97bbd53819538c23add5ec41ed99933809c30ff8a95311728b044ae3
-
Filesize
5B
MD51c4ec9002d8f6c1ddae5c151e48cf718
SHA12425cc273831d722bee4906c14c03fe497b99c08
SHA256f6c857ed9fb74036aad1662f0450a84601f9eaf5f9eb0e6943136fa6ffab21b0
SHA5126371c3db3d1dd610f1d22a8a5c5ba3efb8e4d0fd8df158f0dcc001238072717bb1d385152e4b8f67d7283eaf41d0582f6381e859f83f673e8b4ec48ce59d76ac
-
Filesize
1.0MB
MD57eb039aa7728169a015707a82e1b41a4
SHA1adeae37340af1ce383c908cdc4d375b270b30a60
SHA2569e4e34e3db9a85d0e2f937c85255f2c924df7465284c9f8d91f9ab4ed8f2c49c
SHA512c60f5c867ff34eed8186741ed2947e21ea7f3264114347ff64c90d9e04381238f0a3fbae18ef4ddc3c4b390935a21ebcfa311815384615574e9c9f90a825f7ca