Analysis
-
max time kernel
170s -
max time network
158s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
18/05/2024, 16:20
Static task
static1
Behavioral task
behavioral1
Sample
55a72fb1b8a8e144012840d0d3e63d82_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
55a72fb1b8a8e144012840d0d3e63d82_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
55a72fb1b8a8e144012840d0d3e63d82_JaffaCakes118.apk
-
Size
31.4MB
-
MD5
55a72fb1b8a8e144012840d0d3e63d82
-
SHA1
c29b6b5e8d7a1923f96748dde39c71a1b9b6b608
-
SHA256
b229e10a82ac52b760c069f94754df2850e21fcd92a5652b9ee9feb5740f298f
-
SHA512
0a521b6e763ece91d93fb1f407110d0c943734cc19614e6646e394a5effbea2107ddb6595e0dcf53149ff34418a6031a343a5f5bbcb6a80352a67c60800ce4dd
-
SSDEEP
786432:oEji8Jh5luwOR5rMPxQ1FYwGq/FHF5DxRgxzBLG1dRU8NPXZv:32Qh5lXOTExQTYwRbZxRgNwPK8Nxv
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/bin/su com.tuokio.soccersumos.kyx.m /system/xbin/su com.tuokio.soccersumos.kyx.m -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 1 TTPs 2 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.tuokio.soccersumos.kyx.m Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tuokio.soccersumos.kyx.m -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.tuokio.soccersumos.kyx.m -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.tuokio.soccersumos.kyx.m -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/dex.jar 4427 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/dex.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/oat/x86/dex.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/dex.jar 4296 com.tuokio.soccersumos.kyx.m -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.tuokio.soccersumos.kyx.m -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tuokio.soccersumos.kyx.m -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.tuokio.soccersumos.kyx.m -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.tuokio.soccersumos.kyx.m -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tuokio.soccersumos.kyx.m -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.tuokio.soccersumos.kyx.m
Processes
-
com.tuokio.soccersumos.kyx.m1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4296 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/dex.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.tuokio.soccersumos.kyx.m/files/kuaiyouxi/datas/res/1339/oat/x86/dex.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4427
-
-
getprop ro.board.platform2⤵PID:4489
-
-
getprop ro.mediatek.platform2⤵PID:4509
-
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq2⤵PID:4648
-
-
getprop ro.mediatek.platform2⤵PID:4756
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD566b07798c083758eff514701554248f1
SHA1e583657fc1109ad67bea8455e6b217df1e2861ac
SHA25650e21d506f881fdf12db3e7a05425a6dbaee1262e499edd824f19db6a7c22488
SHA5124d2a270206943cf4da10f4f8347807738476219b047233cedf6888911bd48b64428f70707a55ad18f3064f322b8f32848eb760a862f2b099c8e78449ce3573cb
-
Filesize
32KB
MD586febfaae1af34c9a1c92186ac934e81
SHA148ec0d3bb9698a229ac7f8174545c3971c33fb2c
SHA256c0af92967a1dd44d602b3b1a8ce218cd9f68e10542f0e1fc6ea5ae1bc121ada8
SHA51203feee242af857705f79737c8a593404e1c6223934b2415459ce0d5048c3650b45345924bf260cd6e27379e380a6865d04cd2f15d63858a4e2600d0f3e50df4f
-
Filesize
512B
MD59f2c3aa6e256b3f0f31ab850bd5431ac
SHA1a4eac89113f21ce9aa74394d4b6209b8d809e39f
SHA25634f27f5b5a46565f83a943ca0a6c075879af0b0f78ab805b3a03d8efc8e4c267
SHA512ec2b0a0aa9979ead286a4ea01fc3f1e60d11a25d9d83cf6896e12b8acea0b52d66268b77ed01ec0613379da664df29ddf9433782ee81a66e8904c681eada2f29
-
Filesize
28KB
MD594fb1d8061c1e2d66be839e896f725aa
SHA115867c84b9a5b18f018c670033d245d51f4b835e
SHA2569bf55aaccf54601daf68d0e716adc00b4760b3d3e5b21ac388648c18c67326b9
SHA512aefc8e26b41841f9f746b1a561f0912c4dc505acc01db8dea0d88ff9d972185b2dede8b6a2f0ef9d2e9d4a2b596331cf5b396b95919663154ad4569ce85447f3
-
/data/data/com.tuokio.soccersumos.kyx.m/databases/pri_tencent_analysis.db_com.tuokio.soccersumos.kyx.m
Filesize4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.tuokio.soccersumos.kyx.m/databases/pri_tencent_analysis.db_com.tuokio.soccersumos.kyx.m-journal
Filesize512B
MD51d7579993361fb331bbf3e1c6975dd2f
SHA1ba845e9e7a84c21a3b0684a78ba63da99cdfcabf
SHA256e58adb7699be15eb82cdd314eaa88d14fbc577908dabcca70a60ce68feb9fc56
SHA51204685f9b691a91ce18ac88d68e31aa07825a4003db3ea4fa0aa5c1213f6bbd0da9e03d73c61985d321e603ca69dc01193ec9e51a9ddc2b43df4c7af208185972
-
/data/data/com.tuokio.soccersumos.kyx.m/databases/pri_tencent_analysis.db_com.tuokio.soccersumos.kyx.m-shm
Filesize32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.tuokio.soccersumos.kyx.m/databases/pri_tencent_analysis.db_com.tuokio.soccersumos.kyx.m-wal
Filesize52KB
MD5fbbe98dc79588c360321d0093fad5a2c
SHA18a6c5286dcd52d839063db024dbb2d88812a3a24
SHA2562ddb6566b16aa277718422cf285abe80a492bd9fe9eba0b8d4c60c0a7b1b1984
SHA512401fd9d93853803933f2b1e59806469e7aa8ba4e9d1e34bf82ce20cfdfd78d07d4667970e5ff05d39683d6d7f97df72645a0a6567d6dd0291ec19fa522cfaa76
-
/data/data/com.tuokio.soccersumos.kyx.m/databases/tencent_analysis.db_com.tuokio.soccersumos.kyx.m-journal
Filesize512B
MD5448937f1440f32e8aa20990d7bf5a605
SHA1c173e6baa5a8174a90de04f894bfed74e7bbbe32
SHA256976064db7e8adc11776a0f0464f4cf500a9991a253a395c5c30b7a38248bdf49
SHA512ef6cd89e64508435f1bb56c00de0655854705477fcca21d41360051ad3e5b30452b15ab7961c74544a9a3f58ceb8fb718fe11e540f30382dba83fd855999d667
-
/data/data/com.tuokio.soccersumos.kyx.m/databases/tencent_analysis.db_com.tuokio.soccersumos.kyx.m-wal
Filesize108KB
MD5c4d9b730d5c073f512c121c6709bfc95
SHA118dd38c70650084cd04fc359ef9865b6a9c50064
SHA2566a48d27fd1c939c9dd5f2645e3db6fc8f914be86481b6e18d5b0319db1a40ae8
SHA5121393b8c07c93fc1fbe88bf3f6d66e612b6acd14b9ca2bb3f1bb83c8a6fe65ebeb55ab17c852e49d91ca06f1ad6c8f429009b91568c72affa6f7c1a0dc9cc032a
-
Filesize
1.7MB
MD53a977e9a0e54b402e8f1eb3d17a4862f
SHA1a4504afa50a91730b90ecaca529e1b79a7297b68
SHA256b26c7cd26ad5c4cce725a49d3fa9df5d437bf552f7cbc49619d04e612ee14476
SHA512a94b35a112322a9aff74d9cecf19b858ed7288b33ddad468a5533380106cf3e1a128b9bb78a9f441fe90e5b5a991de90432b9ea2c79f2cc4f905b7d85d144b3b
-
Filesize
1KB
MD579995832a1e8b57843a94a215a59ce2a
SHA1fe022eaf3de0b7aed364ab64ac1766d532b6355d
SHA25673f120bbe2b91ccf9ae90b5dbbe41b9360de69d9dc2981f4cd0c9037eac74533
SHA512386a07e560826849d37600679554dcd729b3207bfb95e75749c2dc522a4c29b5f88c2f87ca18521c76af237f77a39fcc57104a1f7a74d564bbc8998dcd6ecb67
-
Filesize
4.5MB
MD5ec56d2f1302684654fc0598f38f74623
SHA1a9fea68f1ff2e003a90b91d7d7d6a0c3b209b46f
SHA25686de77500c377943548d94491da92cd61566a3a52bdba51ea8b05b6998b493de
SHA5128b89bead1c2db1ff7affdc216947e0629ff214916b2615eb23f4115ff0099180904a7e0b318f0eb5626950426a0d0cf9df83fde3eefdf5da7d54fcb2c7c610c9
-
Filesize
32B
MD52665d60dd191a1ed2c5c45ae7ef19b12
SHA1063186f2e0a1948d3b0ca7b69d24be2b0a624756
SHA2568fb38b187912e8eb63e8e04c59389c2052c76a50629e9c29fb55348a4ec2bf55
SHA51259d938fea82f741090c42ab0cffb090adc6a4aaf209abfdaa590a36ee15bf978c4958ebe269e20ced44c821dce5045cb7f986d43950b01f94ad6e9b853304f0c
-
Filesize
4.5MB
MD52a27edf786c796357fd9cee3255a370d
SHA1e1042699b1820a22670fd3fc3b54df50ceb3db1a
SHA256070455b25f8784ae7a886f95f0128ef40c993d84917efa3c969c594b5f858a9d
SHA512eea2db3a0caca6b481253401daf0dfa562b1f9fb9105b48d4f21178d51eb2dc57edc9809a357f23ca15b1f11ab55e9d262db45d60af5972da0fe9db27fcae418
-
Filesize
8B
MD51b54ded1ec2d9cd11debd1a36d1577e4
SHA1b3f7a7c87cf512ec1e82f9e9586a874e22689147
SHA2563bb56c47022af0b96c7c5cdf5d1f79857681815a8d3eb464590f3110258da079
SHA51272a40b9bd4b6c00a360d5f4c58c698b6537e99e2d6c93599195e8a444569d82decb4a0d7fb063b2d4c666df57bfff3b3e9d773f6326663ad967720abbd89eb47
-
Filesize
10B
MD55ab63864ba72b69090787ee506b5250e
SHA1975082eb1122eb272a8c0e1bc891672deea30911
SHA25653b858861d020c3a566b74397cbf669ef6cfc650bb4776dcc7765db6d3e3fbc9
SHA512484e474c0a49a1c1ddc883b8994af3b353ae2b532822a18d62e65a4ac3cf0e0b6ac385842bbbd348b353a4d6c9d18aff9ba8d5f792a1a4f095d8c62a8fca1fd9
-
Filesize
19KB
MD52c1ed75b42b2e5fe45c87cc3729a4ec7
SHA160e15d8d6e99d144d99cf8936d4304272e0c3782
SHA2567e713c464d2e1285098b82953d2103e43e43bd42dfcdbdeaccc0cfb115b9e155
SHA512d681a6f3870b1960968d6633c2351ce67ebb0b4b1bea2926d4154dda10826f71d1529507bf32aefe436bb21f5b6682203dde61150c8ffb68eac3b50172343710
-
Filesize
4.1MB
MD5efd480af8085308a1cd65c7cd1978285
SHA143e39f89370bcef2bc0765cc06ea59eca8846f61
SHA256fe983561da059a1f24414f780bac0a823ef4459d5cb0ec1b5c3f2077c44e67dc
SHA512eab3033c556a36637b953b350c20e2afd59e5b0bd7d0af4c2c4b92e73ff2e386287b5197963f555f1fe152be8550917711c5fbf9101e8143e571e4db24cbe1b9
-
Filesize
4.1MB
MD56a1c58e8c5ecdcc94c35b4490f03daa6
SHA19f941772f27524a95c443e2142e2359011fbaed6
SHA2569d7c2786ef5b0b0d60ed43cc3be3da2f3b43c1309dd3fb2532745164711d166e
SHA5127230b900e6c520387348bd26f858144258be9837e8f75411a41f3b56021b9889a01c5e4b3622654457329f2a8e22b52f4f4977ccf9288283e0ef7b7f8c4129b9
-
Filesize
1B
MD513c8ffd977013703a701cf8e11deac65
SHA1067d5096f219c64b53bb1c7d5e3754285b565a47
SHA256e7cf46a078fed4fafd0b5e3aff144802b853f8ae459a4f0c14add3314b7cc3a6
SHA512527cff2b6fdfbc0f54fe092b17d6d8c7e22500242635fa56981e85a64da6ce8a12a3a66cf69fd48f588bcba9bad141b8e351a0cdd4925ae57289933eec1fc153