Analysis
-
max time kernel
178s -
max time network
182s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
18/05/2024, 18:51
Static task
static1
Behavioral task
behavioral1
Sample
564707abd96d4563b482c2fd098bc7fc_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
ixintui_plugin.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral3
Sample
ixintui_plugin.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral4
Sample
ixintui_plugin.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral5
Sample
stat_plugin.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral6
Sample
stat_plugin.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral7
Sample
stat_plugin.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
564707abd96d4563b482c2fd098bc7fc_JaffaCakes118.apk
-
Size
14.4MB
-
MD5
564707abd96d4563b482c2fd098bc7fc
-
SHA1
8c5df7061ddd977035918ffb799f30d93e8fb63c
-
SHA256
c6f1c5edb89e99f60ebedbaab432adff9eaf7ad1e88b63758c1b4b9f4c499432
-
SHA512
16def4679e99a91e54911017d8a03f308395d4844979e2c9c071493c9ab9e04ca8f47459cd6b2ba31fa4686f1447589ef17a02d519ff035582b09438044b9c06
-
SSDEEP
393216:CyA9WM6fa9gG+9Be9WJ59Wq29Wif9WsZxIg8:Cd9WMEcgGV9WL9WH9Wa9WsZD8
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yangchehui360.user:remote -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.yangchehui360.user -
Loads dropped Dex/Jar 1 TTPs 6 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.yangchehui360.user/files/ixintui_plugin.jar 4350 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yangchehui360.user/files/ixintui_plugin.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.yangchehui360.user/files/oat/x86/ixintui_plugin.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.yangchehui360.user/files/ixintui_plugin.jar 4320 com.yangchehui360.user /data/user/0/com.yangchehui360.user/files/stat_plugin.jar 4374 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yangchehui360.user/files/stat_plugin.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.yangchehui360.user/files/oat/x86/stat_plugin.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.yangchehui360.user/files/stat_plugin.jar 4320 com.yangchehui360.user /data/user/0/com.yangchehui360.user/files/ixintui_plugin.jar 4436 com.yangchehui360.user:ixintui_service_v1 /data/user/0/com.yangchehui360.user/files/stat_plugin.jar 4436 com.yangchehui360.user:ixintui_service_v1 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yangchehui360.user -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.yangchehui360.user:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.yangchehui360.user:remote Framework service call android.app.IActivityManager.registerReceiver com.yangchehui360.user Framework service call android.app.IActivityManager.registerReceiver com.yangchehui360.user:ixintui_service_v1 -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yangchehui360.user Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yangchehui360.user:remote -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.yangchehui360.user
Processes
-
com.yangchehui360.user1⤵
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4320 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yangchehui360.user/files/ixintui_plugin.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.yangchehui360.user/files/oat/x86/ixintui_plugin.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4350
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yangchehui360.user/files/stat_plugin.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.yangchehui360.user/files/oat/x86/stat_plugin.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4374
-
-
com.yangchehui360.user:remote1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4407
-
com.yangchehui360.user:ixintui_service_v11⤵
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4436 -
sh2⤵PID:4538
-
-
sh2⤵PID:4568
-
-
chmod 777 /data/user/0/com.yangchehui360.user/ixintui1⤵PID:4555
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD55e9dbe47b5656a3ccceff5e93b887c47
SHA11361508cc9ad1fcc4b55929c6223135428ffc6db
SHA256b774a97f772f1bb5afa959fddc89dc1aece7692ae5a8f9592ae5da518da3336d
SHA512dbfaf023712a00b6af0ed8c061fc28b8ff0a88dbce74b7abce1dc6e20c8fec02c31509a01cb01a7b3d336ee1f341969822a0ad742eac141898296cc8ce858add
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
64KB
MD59e64071e9c89fc4c03fdfa1239e934aa
SHA1d88321111bb19fac71c822a9b681a47103352a67
SHA256eb87bed79b12100d177af52048a8b1eb97373fca971a61dc988e5674b4aaf9f8
SHA5123e408f18cd65c3e39092d053560fca50898a84d5159054b0fb56235b8827d2b7442aed1904eb2280cbbf91f3dc94f422b5c430ecd4b10f73ed2feeab0819e55f
-
Filesize
512B
MD5b554d3aa7b529ec9636189ed1d49d4fd
SHA1236e4a87b2592a136780d432110e98139b49b927
SHA256023c3ad882d42f7472fa2f28deaf17ff23fe07dc2e9f52f60a16588d929a95fd
SHA5124a80584be4b928e4e70051c8bec388c2e17faab6c2d3713b78225cb4084f634056a39ab8493e1d8740957fe15e0e5782991522c105735aef25ea45dc7167226f
-
Filesize
108KB
MD52cb1e004d4f0cfacf9e5b3018ea7a1b6
SHA1881814f157af29081599e6ecd727a14efcf943b6
SHA256b110d5fdb4b123c9f9acaeedf0e8b2f82cee259467f927f823738e03ad880820
SHA512ddd307a2e1920ac3a0b8f88144a3cba81c6ecd9909a9e7fcb5d33f3ed18abb4152a5fb1caa68815f59bb8786c0879c941ff0ee66934350feef97d2bef586e6b9
-
Filesize
52KB
MD5f40472fc3a9a0085c73e7e19dd35d763
SHA16f331b341877ed9a2b4b34d48e9811199333ab3b
SHA256ae9aabddaf26d76905881342c6671bc2680079d111b9de6ef98775803235dc9a
SHA5128812a67ca5f640e0d42db53645f2d3e78e0837579e7e0094874385960db401354333ed7e906aac2c71e46de3b58c4f8bcca6f67d4f5590d2e033d739a4972b76
-
Filesize
582B
MD574ffa9dbdb1639d8e2669f4775e2e3dc
SHA13e680d7c4d21ce54662037c282655555a6996faa
SHA256af1b44f8ac78f6c19928be06d7398af5ebd43ee8e4f4d30b0de2c5b972b5ef09
SHA512e6ad5b48cd4f5f6e5a5374f638f69197b6cc9ed59c121e0f8b8cc4282bf59c51290710e560d85af1de2ce8110a0149f135a2188cbf5ecaefe87bd947ee661e76
-
Filesize
340B
MD54ea93509a534580205da4bc7c41def3c
SHA1cf3dbd253569bfea2eb5722411f30c8e0a20bc3c
SHA256cf794b339f58506a79853b00cc3757b477941ff033cc68bda22dd43e66b73c01
SHA512942055dfe5c06d185ecc52a42cc52f9c11684911b109cce4e3d8b1d06efb4654ac6b33e70ef51604ab53e324070b1c329fa50d14c6d7557007477dbe2f59371e
-
Filesize
116B
MD591f1dbe5d091a66d81428ac22a5cde67
SHA1042ea5c819cb5d273687d1b82ee564e17ee4683e
SHA256e4bb1b6a15dc8749b00dd30a819c04c0971ac86f1207aca9b9087db54af2249d
SHA51289f77ac0ba3b3eef49fc9bbc440f7888a0038988b58d1952d9399a09f1e2ecc913fd3521caae132263bb92660839cc2210b3e625b6b169f08c5b3d1b884b320a
-
Filesize
11KB
MD50e29fc65087a88f02b20d9404a60a8a7
SHA18000633222db8f1b5c8797457e04f08fb3a0a518
SHA256cba90de54e9cd76616d352449934128c1a862e9fa14a63bad4880cf3cb1bfccc
SHA5127512bd83393be414d6c5ab41bab8fc8f6d31f60cefb3a3352bc7fc143dfd9775eae7c79238b2762b18a6d2582399b9464a4f0f5e11bdded78487dda923a9eee3
-
Filesize
211B
MD596f5d389ab762848f0300052e3e31e2d
SHA13b39f446ee4f5d0e5695bd1b4b5de3fb94c227ed
SHA256d4e420bcfbc2ce0cfe249ae7aff02f0b81efda6dce0f7809a98d5651945352e0
SHA512cba8ca77c3e5897f2bd6e01d77b86407d5a92e00e5c9511ef0da4c196f0b395287c8a89750be23c59f6447c9c98cb44b21bde5efefb242553c7358c730a3b18e
-
Filesize
115KB
MD52e7b30b6ae0a4fb34cbb38bd55a17fca
SHA182e768f5e125cc7789dcb8402dadd5c6469c58df
SHA256dbf64eabd79c4688cb7a306f33c9e2e6710d37d5397505851f7c9ae75637817b
SHA512aca439acf8f4ffa4bad8931e2481115198d75b06035f9e3a13bc346334a7a8092101fbde441b36edcbf86551bd1a9dc52005d00a6dfc740d5733f8be3c158b0f
-
Filesize
115KB
MD57e36a7220c74bbf44c2fb3dc2e5735e1
SHA19b867ca625cfcbea1ff5230602d2a974a382d951
SHA256fe06a5d54bdb0dfe3755d037c7fac3f63d7cfbdf0faf5e527e75f30107aff593
SHA51280393119b1cc486d85232caa64e13b8236ec55d4850064fd0dbe151146e6dc5b5c19b36b7618165ff5560697494956881e359c125fbe84f1ee75cd2725455217
-
Filesize
22KB
MD57486eeccead3c018ca4c6b726ec8cc8d
SHA18d4d804a2add0adbf7fe6a85aa72414a7cdcaca2
SHA256f15d0d1efde75646c07b9356587dd22216199543fd2f990ad042f3596a6977c3
SHA5128a8cf20a4022bc4e5a7bc6f1ab69867aa6fa962e95c67c6cef99a881dd90839546f4e7f6dfe296e5dd777b5a433280391e98050b80e28ad615ef676f485b397d
-
Filesize
22KB
MD5fbfd3d5c8dfdfb06f712bbc4db2645eb
SHA10bcaac6931feb1262c618c12040dd43ad13d0b61
SHA256be9ad9cfad08657b6ebb1a4ed6ab1dc24d817cac644605bad6fa85b3ecbc8059
SHA51207401ec8e2024ffce0d8264e9ba6abd061c3c16f33acbb3836b9523e0969ff1fc48f8d84621fa7d2f50390d2cab730d2a3467e8e90f2f60dc929e63ee2af8537
-
Filesize
512B
MD5efd33b8eeb54dee404d2a5209b0aef5c
SHA177bf516ed5f397638308b6ff33f4c26a9a766ce7
SHA2560c31fc4f4c6c20878a255beda401908c05db5ca26d4425a625222a3776ba40a9
SHA5121eed93f2436aec5e7e4e067ad70ea3a9ce28523ab289fbd73282e71f34804e6031b0749dd2560b3cf8b794a37f420ff9a83257783cbe93dd0a4f173c4ed30f3d
-
Filesize
32KB
MD5ee13fa0345b745c0ae996d2e2f8e7bab
SHA1cec170c834e2ec1827496848c13868cb67796f7a
SHA256fe70548f7c227200ee9b5e196572e2407ea27cd1becaf61362469bb6a3a78c69
SHA512ebcb1236b06fa54e440045fb6d31ffc2345e4f50aa470a72c3352889aa6d3f37be00cef7f2222241c9923c94be3533253355d95f8e197c3455475506444d3256