Analysis
-
max time kernel
80s -
max time network
150s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
19/05/2024, 04:47
Static task
static1
Behavioral task
behavioral1
Sample
589d6fa413e083640fc16ce9afec65b2_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
589d6fa413e083640fc16ce9afec65b2_JaffaCakes118.apk
-
Size
23.7MB
-
MD5
589d6fa413e083640fc16ce9afec65b2
-
SHA1
6ae92be13a52c105a534f578a64351a5ba6a75ed
-
SHA256
45df5e19c65c28725ccc53908b531f43e8df7887f5dbd9f91f5ce790d20fddfc
-
SHA512
2d342078d4efd46061c482751e8c851222053fb6d5972fd86ea17a41790091d5297145c3affe46adca3cbdf0ec5e2ad88da4c80bdb65c02402fc3195ca425fa4
-
SSDEEP
393216:q9QumRjyzfKaSVE/TcH/QRdh4IyL5n2I8WQH0sOu1siikELPgZYiyHa7VO:q9Qum5y2ErCMh4PLmUsOu1siDkHHuM
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.ldw.xiaolirili -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.ldw.xiaolirili -
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.ldw.xiaolirili/.jiagu/classes.dex 4206 com.ldw.xiaolirili /data/data/com.ldw.xiaolirili/.jiagu/classes.dex!classes2.dex 4206 com.ldw.xiaolirili /data/data/com.ldw.xiaolirili/.jiagu/tmp.dex 4206 com.ldw.xiaolirili /data/data/com.ldw.xiaolirili/.jiagu/tmp.dex 4236 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ldw.xiaolirili/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.ldw.xiaolirili/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.ldw.xiaolirili/.jiagu/tmp.dex 4206 com.ldw.xiaolirili -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ldw.xiaolirili -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.ldw.xiaolirili -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ldw.xiaolirili
Processes
-
com.ldw.xiaolirili1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4206 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ldw.xiaolirili/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.ldw.xiaolirili/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4236
-
-
sh -c ps -ef2⤵PID:4374
-
-
ps -ef2⤵PID:4374
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.9MB
MD5b9f9931b72aca62ab85f5dcf8453c13d
SHA1a6e3386cfd33ccf92b19b3b047ded7ad38fc162a
SHA256f004e201fe30837615cd45d2173f44d928cfa497afc2f34e43ca1ef8557f688e
SHA5127c9f29134d9591081377c2149ff2b374a56d7886fabb8223f50e50c822529f8cbdce7e29cea5bcfa39a449745c9c3a59e0e675ba3a043274bfee1faf51ce77a3
-
Filesize
5.2MB
MD50c56981f0d52eb30a6c3dc4f62c09993
SHA1a2a5fb7d344f558046fcf41003658da35340f980
SHA256edee9d3c501c4672c0d15da0adbf24b09fc177f62a4b8202435faf55b1151ab5
SHA5126b4f4724d4dec7ec701dfa5adde92cb4f0c19fdc8220eeb211ce3e7ff5d10bdd42b6759202ea43a01f8f266fe4055e409f4f18a19615ca3da16a3d04880ce87f
-
Filesize
558KB
MD598736de515958ae37ae93a0a0e997098
SHA172d0f9d43f7c9bdc9f19d13834c0872f5652c0f9
SHA256335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421
SHA512cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
32B
MD5892a67f61d91246db75cc39fac164f98
SHA1b243fd584fc39714cd5b1ae3c3d9cbb4428f2c6d
SHA2564e772b8bcc92eefe3000ed19c884817f4c627c8a2d9cb9d97560778dc70edbdf
SHA512d88447a17c8dc841ae0c726d06d2b35150292d0720e49cd519b06b9a81ddb6c504b03e42c8d5e5c7cd84f1c081c6c1e2971392f45a454979bcf5fa1e680e978f
-
Filesize
32B
MD5486413efe3c0f8c5646f2ed9408b1fe9
SHA1c4ae6004107be7b2762a7626f9450e9366aef855
SHA256dc3ee62e914f3c46f923f07e4dd822975babe515aa08df28fe4a2b5357e779e4
SHA51224b6af045270f11e35c631fc528afb3a80228f44ad0251cf5375ef0a0572d1241ef9e461805c2854424aef771bd3c2b5412c3e2d98df0420cb6ae2649f39f542
-
Filesize
32B
MD5c20f5ffa7737742401fe4968d61b80ec
SHA120c822ee7508ba2d578f17bc44140a4df24fd12a
SHA2569f2fa0cef2d4c34fdc089d08dfc98beb07eb50543a992240260391793da7a3b8
SHA51224b68c59ba2053a59f37aeb66f922b41738b0ad96f5e5bb7e3fecfc23eeca965655c83765caf6af36c98fe24b29504bee18725223d1e82638425e52274f7c6fd
-
Filesize
64B
MD57c30ef5a25d5f1f5843ce8179d238580
SHA173caffbf5cf0905e5169c08c27948fed6016bafd
SHA256ad700568f93cd3303ccddf94ea9aa221fc3bd896206543fe2206b9d41b81c7d7
SHA5122bfd61511fd3b622cebf173a725feb1446d4fa7e02d1c2c868a2e57b08454bdc88a570aeea5dd4987793fa379d86a168a43944bf8c8230701bfaec2a60983c52
-
Filesize
32B
MD5de97b290c04009a4a5d7da3dab315cb2
SHA1d4db70f80431cd249162523d6aad5f14eec31b8b
SHA256aa1cbb52a85fe5b69d4d2eba7c6a82815eeffcc0c584d2723a181cb7306d24f7
SHA512b2d8f6d2dcae7f91c461e5e736bc2dc2ff5ca5dd603ed59a9f87745e6c16ae007d476d0e94591f684dd8ee092058100964a2c76f4a4fbbfcbf329545a0724b4e
-
Filesize
314B
MD56f55b9f3c2bfc90106ce7f439662099f
SHA11b1879943292ffd0a8305843dd8d62956dc65e42
SHA2566a14964d0d77bbedd1a1aab14ba40bfd56a5c96f1672d516957f6415ddea3a82
SHA51269145f09b2f859d5620506411089c15c539ad83a7287b5c024a2fdcb27ce06ace0e1b395ac1d95c8bed55415ba7e0d0a96b024f409d8f39303b0a41fb869a7db
-
Filesize
307B
MD5f54412c19cdde887dd370481fc43d37a
SHA17f1b7cab3424a4703a73bc784510d91b878f3b73
SHA256ca54ab5aecc299fd441c0af1672d2ab147c0f30649f09405952d1f0e313e6db3
SHA5121de59ebf095060bc6ceabf0141cd34b231e45fcc5aef6e62ca7574a4bd4e550c7f6386cc65c54e9aafdb56ae6bca2fe1111034cb3f7c734f9b8df52f3a6e9bb1
-
Filesize
307B
MD597ae25d37ab468cf089789827d01b55b
SHA1ede886a3d0af564f341b226b7aa508cd3621c347
SHA256b95582a259700378fbb216115f1654ec3cdb22e24968de9a456a97af4f10a638
SHA512e1a7bd7206d26758640c6eac016f6dc629a20a5dc01ac4f2f9209600ba0a5b908daaf7a3b0a0f9c494e1a86651d7d5c6ee8f702b866051df5404ec430bfd8a66
-
Filesize
32B
MD570078fbc9b233f47677a5b18ca4fc93e
SHA1d34f91253b1aee4fdb474bdd438981ad6afc642a
SHA256d97bcfa8794c4011868c13b1bdd811091948c4b11df8c3fae7c0527c4f83fef0
SHA5127bc663b61e58245bda8227469f2e1637cb842f6dd275e80d6ef9796f4f6180d120483d07b091832f3dedf57777eecd0743ae495e9b2b892f376e2bcb9620b5ed
-
Filesize
32B
MD5c9aed6fadcd29cb0d89c4913967f1020
SHA14e23383ce2f6714f3d724b214cfb9f186cd68d52
SHA256656821c26c1342e1770f67d60e90c25bd19e5c400789e5d5f38f4e34c8f29684
SHA512fd2f13647b5a60e4da22ab1b7f4a6460dfa2872853470b2160270829baf8e09ce919bcf735d4e3f3ce9990f640e2c46d5de3cccfa195b8307b51d6ed29e4477c
-
Filesize
27B
MD52ccacee45956939ec1f3fd6ccd08bd8d
SHA1355f286622f74e4717e2d9cc9441bceb053e7665
SHA25646f2055442dc2bfd2a53f729346dba3e66ba1ae0c60d40a099eeb50104d1cd4f
SHA5127a056060a3a968b5d3e075897f43260e6c9f5fae69cecb82ab5dc5ac33147efb04b392b9685d8e60ef4ab782d0a1d21edc62b04cadc1d034fedaa06b03d3ba09
-
Filesize
288B
MD5a770e1549f7e2c5230e12ed2ab7e418b
SHA1c504ecf5d8eaece0df59f7a5f2d364b7b0680f5a
SHA25649065db8f8eaedcc08c3a4843287ee575a1e55abbc84ca376d1ba80e9b147bbc
SHA512b58cd7333f9fd699fd40a2e02cecefee9a30d4b16aa4dcad19016e5540eecac4dfec6b402f721cb9ed44b73dada43fbe699c8b2a115c534b6cb7caaf69528383
-
Filesize
5B
MD5c06857e9ea338f3f3a24bb78f8fbdf6f
SHA1c5a0a2529d2deb60fec041b4fbd722a2ebe31702
SHA256957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027
SHA51229f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1
-
Filesize
1B
MD593b885adfe0da089cdf634904fd59f71
SHA15ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA2566e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
SHA512b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee
-
Filesize
1B
MD555a54008ad1ba589aa210d2629c1df41
SHA1bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA2564bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA5127b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339