Analysis
-
max time kernel
127s -
max time network
178s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
19/05/2024, 04:15
Static task
static1
Behavioral task
behavioral1
Sample
587fd13d51e04716da2fe7b4274db573_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral3
Sample
gdtadv2.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral4
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
587fd13d51e04716da2fe7b4274db573_JaffaCakes118.apk
-
Size
6.9MB
-
MD5
587fd13d51e04716da2fe7b4274db573
-
SHA1
f5668924e2eb3f123d27381fdad9125161844f50
-
SHA256
4caa8c33c9c9509d05dff8652724031eefba653b8a6fd35d045a9d5ee88e0267
-
SHA512
6874aac7f2f728484436970ade54c0661c71efbbbfc3be97deff470f9ce9361a97439232a68c01a39489241bacba94c0008c381261ab4d576785007eeb842fc3
-
SSDEEP
98304:5CYL7Si9+rBfQJmgNJvJM40u/Z0sKKSerIvwDRgHUq2CEfZc0N9bTYfQ1odYEks4:kaAf0lqu/ZFZz86Op76N9bIdbk
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /sbin/su /system/bin/sh -c type su /system/app/Superuser.apk com.kongtiaoyaokk.jjjd -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.kongtiaoyaokk.jjjd -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.kongtiaoyaokk.jjjd -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.kongtiaoyaokk.jjjd/app_e_qq_com_plugin/gdt_plugin.jar 4365 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kongtiaoyaokk.jjjd/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=58 --oat-fd=59 --oat-location=/data/user/0/com.kongtiaoyaokk.jjjd/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.kongtiaoyaokk.jjjd/app_e_qq_com_plugin/gdt_plugin.jar 4273 com.kongtiaoyaokk.jjjd -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.kongtiaoyaokk.jjjd -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kongtiaoyaokk.jjjd -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.kongtiaoyaokk.jjjd -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.kongtiaoyaokk.jjjd -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kongtiaoyaokk.jjjd -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.kongtiaoyaokk.jjjd
Processes
-
com.kongtiaoyaokk.jjjd1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4273 -
/system/bin/sh -c getprop2⤵PID:4345
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kongtiaoyaokk.jjjd/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=58 --oat-fd=59 --oat-location=/data/user/0/com.kongtiaoyaokk.jjjd/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4365
-
-
getprop2⤵PID:4345
-
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
PID:4395
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
231B
MD5baada8b762146686aecb5d31c582f454
SHA1d9e3cf3d210ae845e21ef444405a0a4cc96688c5
SHA256b3b3ecb075668ff2da6c148b78b2eddec4a20887200b1a3b9d32b647f00e5a55
SHA512a344b992e6d3e50ee8f27297a4131957b5a22e044e2ccf6462e167c147b4d33be0b2945f3e7d949815ce2fdd0ccac180ea422591d2af382f44a5f26bb6637e93
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
141KB
MD520260cd261dc030e24c9aa3738f096a8
SHA110cb03d6d2d5762185ea723204bb8914639af567
SHA256c8a9aaabd205b53a0cd5af93e3b85601b139e2b2b253baf7e5bc3ecbe0761e7c
SHA512fe8bd6533e8f54b9f1aa693b6aef7f2fb2e738513cc09c2f295efd69f542caa76b4d27cbcd1dab2b37117b36b8d19b3af4c66dd2471aef09b2e700da27c4faf7
-
Filesize
180B
MD5c07a9cd78cba123ebfad22ac2604cd0b
SHA1f5d856fb737790611033701d08476ed609b408c8
SHA25628ea32389db7edbb147928d27b2994a042fb09173ea126abd6f407a0a895c872
SHA51205da6bf460920e5d51339919a8866e9cc454929e98e8523c224148b219b49e3d6b9e590b912989b0787c5616da05c2390ce05abd60a6e8afd75f5f07477ad121
-
Filesize
4B
MD5dce7c4174ce9323904a934a486c41288
SHA1e117797422d35ce52f036963c7e9603e9955b5c7
SHA2560c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f
SHA512d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143
-
Filesize
1B
MD50bcef9c45bd8a48eda1b26eb0c61c869
SHA14345cb1fa27885a8fbfe7c0c830a592cc76a552b
SHA256bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec
SHA51291972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812
-
Filesize
24KB
MD5755d1d1b0599d7be973031b5a9ed3373
SHA13b13cffb97005729fc20cd9b9a8547e0fa32632d
SHA25690bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46
SHA512afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2
-
Filesize
512B
MD5bf93e91ac7a67eab7fc28bab597c95e6
SHA125164eae05d9ca924e4a28bb4fe73eef9f524c71
SHA256f8b3c6ba5263fdd46b2bdaeb53ddc169f6469ff7bdb2f2287046f98f2e962682
SHA512ac60309281a74d43cce453937354f6a0142167b071b95b2d18a449be2b1d5aba1066799c82c26536236cc137d5acab53f6eeed4b1ed37d2cfc539c7af25c46d7
-
Filesize
36KB
MD550659c97b5a1b6d4424afdc474aec58f
SHA151dddacbc8a6766c0f343871f287fae9b9980c29
SHA25618f79c145cffdd307170937cd0a3e6395f43807c1bb0100bdd0549983d782ec6
SHA5120825e25b403fdc7b624b7e249030a223f49bbef6304f5d23f41137df29fb9ef8ce1d49f486fb3f893b4087201434f8ecf16b4b601d084c2601678419bf3d489c
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD53b9a11e9cbcb2434076619413fdf6982
SHA1ec981bb91342fcdd9e6db1670eaf9feefe00057f
SHA256fc19a8e6797c0d5c518a26eb2a106313adaf017a4958fdd1f9d4346d2d91dabb
SHA5124b81c1df17b26488de469e2e69205e399abaa621f7172eac0f2cd4143b52ac6366ab74d8b86e91058bcf429dcb1b54be5b8412fb58c11cddec418ebacfebb9cf
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
84KB
MD50330802c181749c4ef2a2f03dc613b43
SHA12e9e9773fb59d893c13314cd771427ddcc4439e4
SHA256acf497c18836d72514c487ab5d6a05bcb501a52b7e82a190ed8f051312d18b16
SHA5129cbf59c17bc835e3cd0cec91ce03e9bb7d95b9668a23d920c691b366eadd90e32a7a7ee37a551497ad53cb86fb31cecf3f161a0782f2c4ac447ac91c7c44dd42
-
Filesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
Filesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
Filesize
512B
MD535815d8b95edf080464e3d39bf469c97
SHA109c4d129677aa22ba0b1d9bb235c71739d09505d
SHA2562118d76a7a2f2b818cba5aea005e9623a7e6e8832c4c2a08dc50084672d86415
SHA5120b4599b8f5ff8ae07a9def9bdb0b7e6fe601461728c29e87c09e50de5964391684c1da042bb34bc909d35cf58538a35f82fff0c16adb0a3d740cdd0cfaac6863
-
Filesize
48KB
MD5e504954057420a3a5ff3ef3b308fe9b5
SHA12b418b39c76171e30bbbde84502ee03bb11809d7
SHA256b00ef99b239ae9b81af8724b26e39a241efd42a8b77af308a0c58e9935ebefde
SHA512c583d5472347a0ddcb6da6d4e1d2d0570f7aeec82adc2671a6430479e033fe74a717a562575545b0ec09a0e60aed356e2a7d2887fc7563bf11e519d60fcfe26a
-
Filesize
16KB
MD5ce56a8c8a4a7539cb045b57e8912876d
SHA166d1d8b2108db9d61b73b21dd91229ee4394fd4d
SHA256c6aa6bf65fa9063e8b7bbdaea461569a7435113c788583ca9f8de0c6596b92ce
SHA512abb6125f3aeb1df6a7fcf5a67d6bd4265df9fd0ac06b76a66b2085868729e7104df77b1640bc580f8798aad5af67dc52d544f99200f4a1dc141c0c2aa6080efc
-
Filesize
12KB
MD53fe30614d7e0d11db870b4624f6c50e0
SHA1053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA25667c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae
-
Filesize
256KB
MD5a67c3be0f984f64ca0dccd18122f1d1a
SHA1270775de7cc1f9d584132e0e3187297d5e48055d
SHA256d1346a09cd92afb861b9d39a303035b5c3111d723b4e88b2d480ebb27f71ee4e
SHA51240dc17f77bc32e78d3afb12ff3830fe06369a1af92a1575205090718fc0b52ef2e044eab7a9a33fd517f6b856957888d72c669259523899096140f3e192af47a
-
Filesize
512B
MD5e1703b6d8f9d098d1fe4cccc67732c7e
SHA1a27d15e5d7e58d555df2646b3b738465c9d48ef3
SHA2562d333e4bafdacaec830722a35c8c03b12274e0e1723d0d95d1e5285006acba71
SHA512308ecb67f49b23bacde72f698813beaeaa05ea72b5da8e049b3ae35ee960abb97326134df6c57a615c5e0fedf0c510cb68175f28d765416e962b9ffbb84b5f5f
-
Filesize
16KB
MD52ab102cd6db930f2810a4fe603b079a4
SHA1af47638439490e35738bb2f88ab1b688b83d82df
SHA25686ee9a93cfd4309609b91d4d5351306bd0508282120579b306d8071a2810c071
SHA512802532d485c8dfee989dc4700ac18f5ef979ae9b42cf3c3cecd67ac0677c9e24a3f41722dd0c2d27e5aef60c40cd167d3e0d7c91d123dc05fe7f8d78d2f40d70
-
Filesize
32KB
MD55773c85771788c2d2093ed010030025a
SHA13c2c2704511cc39ffc40e221711eec25240fa34a
SHA256fa70177064f8da483058a40b422b80ee853f1681651955dbe4df997456fc6678
SHA512d10e48471aaa84c054325d6bf510d81ef10c8a724e11952c14997f7d46b7ad36584e03904258c80643d2a3fde1acdddb619e940023ef4d1186aa603a0ac7c1c2
-
Filesize
32KB
MD5d604a3bf1f8d992cc320ea5b1f7609bd
SHA1247f88df0b55c7d523ea5398637711a0e4a483a4
SHA256329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17
SHA51267e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab
-
Filesize
16KB
MD510f87e9122293d2dabf22d67a0cd2dd3
SHA17289116857c98619250aae775f5781a6f6ccf08e
SHA2561cdfef8ed453337693d939b3ffd79fdf2f7ab1967008fbae30fbc7f0a0fd1a2f
SHA512c7b92ab5110b0a54933c4416e1acc8f7660a0cb9dd7fa3a464e6cd88ca789feb150395e16fe709a70481bebe355f872fb1f5cef31826aa5f173740705772cc5c
-
Filesize
16KB
MD5bff150655ec3d8cb2ebb896422a66af6
SHA1e80484804478933197dcda3456c3c270bfc2a4c2
SHA256fac22da54fb16d1c6c96474920e35f646be5c398116e30d56327b2f92296638c
SHA512a58df99090fb28747d403698fc037ac2382a8a857cb24347661cdf242bdcea97ba4dd683f8bf48018955a033c5be977e4df0d91c9619f463b1e02e474a02d6c9
-
Filesize
512B
MD51b803648b8646eca21dfc4cee751c110
SHA1b699986dbdcfe0252f5ef460e377dc7ac079ed0b
SHA2563a778d0f38f1cfb379bddb4cb9ffd0d9f2f642b2ebb7ea9cb27069dbddbdedcf
SHA51208f2fb4944f861351eec70d66b86baf6cbd421b9c655d5c72fb54bf3ae12d00838eafc932835a762dbb61d355ea23547b41c0666c711d27c621a3a7f017be0ac
-
Filesize
56KB
MD53390c0c83d8a9a833dc0e564a33da31a
SHA1f8a01312edd1608fae719a4d5d3301973735d363
SHA256e5e5c9b4d85e478d48eb84c6616aede6b4b4b1186d23bf8d2f603ec4d04f40cd
SHA51270d01316ed4b1f2ad8777200c3d5c56817ab010d3d52722b98366c27b600e6b44088b380e63a50a9325d1378a13823b21bb6bf786ff1a20d57eb1683c6ac7314
-
Filesize
8KB
MD5f5f913cd11e6a91d8b9612bfbdfd86e8
SHA1cb2155d6a78df9bd0fe58a873ad440fa05114408
SHA2560adc0584ac674aca6e2c4d1001f6911f48b04f2ea002e9253fb4e1c094615c95
SHA5126aee477446842deb1c0a81e24ca7a52b210bff947a79c1f718d5ab65b217a4cd675a2f3be25a88e94b4babe3d51faedbea1ef2d9109d5e19b1cab996abf2ac39
-
Filesize
4KB
MD530694cce01e6273c94147bd9b575ad3c
SHA1ed54a97c0f9e6e2fd97705ad145cbe83f7c7234d
SHA256a46666b33a61a8497f105b0d33c8f124aece3cd8814ea3d81ce8e65b6bf18918
SHA512e6a4b99411572ebbfcfcbb54655423d1c13941195d72674bda8d11c973ae52da8b4bce7a9db63719563cd621a4b8fc2810e0ab250bfe65c5f0bf75d74165c5cb
-
Filesize
4KB
MD5b6cdd8afdb59d82f5212a4d508c7e14b
SHA1d6d33b2a2060149f8e73f98d9096116b0bad2e33
SHA256d4d292c095e44cfbd1bbc762b91bd8d78de16393d70046287baa66f532655562
SHA5122ef49fbf8b06537b2c6c98d7cc9059aa77de29d6c8a4f464040daf1e9147d1fe5b1d38ff21b5b06b18a568fd577ade3671fbb1a176f1436dd451c6e033ac4f79
-
Filesize
1KB
MD5c78c3469b6a1e3724901097391f96eab
SHA178f2123ce3e87f8db6f49ac883658d54cf2c3a49
SHA256d8bf1980af50a6945a2bced3e5d17e8ac8c21a4ef86a3ea17832275bae3ec1a4
SHA512dbf617df071c056ae6ec5f6c3a6b3242b448d3f7ecb58c81bb45f6bdf848437ae812ab15a0be188f7d2e7e126bc143b1a5ba79a5794429b1dfcb9da076585f0f
-
Filesize
162B
MD5b69dbd8a0412389eb88ce11a59a198a2
SHA191526a01cdc7c4670e8bc07c5d7a0f1950a201aa
SHA256217915af3697c861dddbb75d68dea577840d412244a69df3d435eb4a9471a550
SHA512431fbb194277ff05426dbfdf961784e6d13e5dce0ca4b850efd4b9b40ffd740236d2b235c12995d7ac8f08dff063d081ca36345b10584fbb3632c72f7a675ca4
-
Filesize
55B
MD5737d1546d8bb760acaca63ef23194fa7
SHA1dfc3fbe3e12e76326f228a82e3f747ba1f4a7307
SHA256a0278b5a3abe19bb3caa3f3d3335625a426d85e0a4d4903f19b90235be956c98
SHA5122807fb9c9f52d0b527e3637a38c5464491ee878ef4250072c2c551fda39782e3bb7e19aa8a5fa471273de1478d0336a65311665c7654bca578807d4e941de0c2
-
Filesize
413B
MD5713713c1e70d4f2509fad44bbfa7f59f
SHA12e6dbf9514985cf8f2a2d624b647cea60a683898
SHA25688eb4cbb55d4c3f71fc14df30748e45c6d6a178ee3f48475bcbef0045b9a653d
SHA5127b450a79440000c7614f7256ff88d0058c338b63b6f9fe9d517489b7369c2522408969f755dd040ae5276feea4dce00e155e2e450e609021a77c545437682076
-
Filesize
333KB
MD5be0867e923abb109e9d77ab2469cfc72
SHA11741c2672714f4f258ff03930a951fb741c372f4
SHA256d4ef58dbcb87b7998b0fdd112a2cf7108857434d24be079265662cf93dbfaa51
SHA51219589af875576d615d51980132ac60839cfb32187121335777aefe30aa42547434dce5d6ac473e611c69279c2c210acf159cb67a9aa168ef050773935f1a08f2
-
Filesize
333KB
MD5b97d8ce8d7ede2c41383c7937c8b8bb0
SHA1c6cfbfb43619a1da7bdfce7c673dfff580921675
SHA2567a731d4f3f167aecc6413b9821e4997331d4ed010152248d7b2dc5fec5e4c14a
SHA5127eab78aa6b6addd650939cf79ec8af1756ab7c9a9f1e4936551637037344dec480185161b82812440bc99c3efa32be21975a5f8ca9256838edbd82bcab496330