8cedf8bd07b9bcd7df2cd502211b60078bf9bd0605be4b365fd64a0bc2860658

Analysis

max time kernel
179s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
20-05-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cbe9b2a34091eb4eb9cd8613d242439_JaffaCakes118.apk
Size

215KB
MD5

5cbe9b2a34091eb4eb9cd8613d242439
SHA1

73ccc070209245e8b7538a49528e08dbe2f540f7
SHA256

8cedf8bd07b9bcd7df2cd502211b60078bf9bd0605be4b365fd64a0bc2860658
SHA512

51c70567a53eb18672454cb493b88e74b112c2cd01d1e007a1756b3c408c76a7a4093e90b0bad560017da87b546aecb4e7e61830d9a43b0ef75e26da8adc12a3
SSDEEP

3072:6NsVyQhLKHzkLsn2rWTczd6DPsK8wpFoHLyzokYdLVYDeXxoak6oPV5NfogtqHVR:S2/k7n4WT6K2ezopdLVqeXjknVQfYC

Score

8^/10

evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.jjgege.camera3

pid process

4246 com.jjgege.camera3

pid	process
4246	com.jjgege.camera3

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.jjgege.camera3/files/8888881-1000/oat/x86/comjjgegecamera3.odex --compiler-filter=quicken --class-loader-context=&com.jjgege.camera3/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/oat/x86/1716197460895.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar	4280	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.jjgege.camera3/files/8888881-1000/oat/x86/comjjgegecamera3.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar	4246	com.jjgege.camera3
/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar	4306	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/oat/x86/1716197460895.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar	4246	com.jjgege.camera3

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.jjgege.camera3

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.jjgege.camera3

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.jjgege.camera3

com.jjgege.camera3
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4246

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.jjgege.camera3/files/8888881-1000/oat/x86/comjjgegecamera3.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4280

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/oat/x86/1716197460895.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4306

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jjgege.camera3/databases/8888881-1000_com.db-journal
Filesize
512B

MD5
914d3f4255fed99ad9f268e5dc52fc3b

SHA1
29e7b2b19617644c61c5478bd95117bcf46f78d7

SHA256
9d3a6878553714180e72e5e00d7c9ee92dea23c158e75f896b171bd0a8fdd965

SHA512
0098ef3c058884bb494c856150b798b7c7a727d7905a7a234f281dc40c2efca2f154e523e78e6ffc2957fc530bcde066aaf71e51e91e78de88e45c15426bd4ea

Download Submit
/data/data/com.jjgege.camera3/databases/8888881-1000_com.db-wal
Filesize
40KB

MD5
f8918bc883b3444a166fd7c43f488e0f

SHA1
142320365346dad506620b13247f44a38df4dc1d

SHA256
ee2e286a9f7eb897f4e2b66dfc0b4f139fbb67eef8d4796b4692b063ba5d7dae

SHA512
426022ee9bd3d1a071267f33e067e4e87b8ef222926bfa020068b181865bfa44e4de2b926d52d81d9c8bf422883060fe9ad06223498ade7eb75f2403e6c40883

Download Submit
/data/data/com.jjgege.camera3/databases/8888881-1000_point.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.jjgege.camera3/databases/8888881-1000_point.db-journal
Filesize
512B

MD5
77f099cd363340c5b64779ce30554f63

SHA1
ccba08e0a1591bd84dae4d6983847f4be4a71df2

SHA256
db04f72cc54e0fbc22be9d1b8c07dfa69d447dd95badcd89c384813b762166dd

SHA512
58838c15ff598e84f780612f49cbd195bb190722e0afde5ff48e1ddf6bf418d2a948e74a6f193499746b92bb2e63d6e85a5656cf71994766f31f3603127382b4

Download Submit
/data/data/com.jjgege.camera3/databases/8888881-1000_point.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.jjgege.camera3/databases/8888881-1000_point.db-wal
Filesize
32KB

MD5
6e89b44c182f0d06e767565174a1fa0e

SHA1
ba76ac7f119df0a6763fa215f9a10ada3d5e46d9

SHA256
0e7f25d583b5c09bbac1fbfe86e99f1ae6491e010affb3b066249ec30354851e

SHA512
fd90079acf88b7b0bd56b4c511e0069cd1845883899d79a9923a5e2ac855acc68e4ec5b032a512a9cb1f3fdd8420062c116e9f910825deda1da46f0907dc96c7

Download Submit
/data/data/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar
Filesize
23KB

MD5
447bb8682b4936d4c2d412b2913c0aa0

SHA1
3c8218b85ffca484634520d2864e47b1ef26adc6

SHA256
8f4ff38ebb450310721fbad734d7b8b2071b2f3a7f321b5d01fdf5a07e7f3dfc

SHA512
baeb303fdbb79ab5d286437441e916367862e3ec734980f8a0c15421b569a53eb41190b067c8c4a8987dffd16c090686dad32e88ca51e1dba453e425cb3c8d37

Download Submit
/data/data/com.jjgege.camera3/files/8888881-1000/V4/base.so
Filesize
23KB

MD5
c49a117ec047aa41e7efb8f13e1027bb

SHA1
1977d01e63ac06b9c7a04c1b0012cb392379d67e

SHA256
58ca75e48b06ff096cd4a3a8b82ee3d9e75ef66bdd9de15833c488dfcb907989

SHA512
2dadde9392bb5045b579f1d8f28ce3f82c4dec2f08754b846f31b7c5cb77fcf3f93e04a1997f2f68ddfbc8443dd2cb64a9f6d945e1bf4e3d2e2e982ba03ea8ff

Download Submit
/data/data/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar
Filesize
58KB

MD5
5c3c8fed0398447cb0f68fba94709991

SHA1
053da3c028cb697ca1b3eb98383d17ccdc53bebb

SHA256
ad056f2c07e78bf38db7f54f5488e750b7187b66b3521ee8de2e5059d6d43633

SHA512
8eed153d663643892284948d4a7ec5bb95c2dc593b6b98ae43355d981f6d8a3e5e9d1224e81823bb26f998d3a0498b3a1b32bb820df875ec198965d5cbb2c699

Download Submit
/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar
Filesize
55KB

MD5
b15df5ac0775da741df900e4d3da5334

SHA1
bff4c27059fec0dd8a5477c6c1790321ae348fed

SHA256
067711cc3dc059cda4b7f1db13a8915720cd14ea3dda93a0b7a8a060a3e38aca

SHA512
bf41145c8828c7ddee4b83101a0422f1e5dc2ff7fe886f132f697972998285dffbd511d00a7f8f37f22d6dc844eafdacf1b66c59e60f24ab805d6102be18423e

Download Submit
/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar
Filesize
55KB

MD5
a5a564a613f526e9785fedfc70d07eb8

SHA1
3cc1b6d36d8da5780667e8e7ecf02f7a5c275ed8

SHA256
414140e55ae8fc49b28cb61d24caeb9b8bafe4e399e532eb870c760be88f1f34

SHA512
89d77638a32ceff64e5373b39db39d24414ae8aed44a5446c2d0e3fa6e7b63e27cf33072aeb978588f179b2aeabc5a9fa76701f03a03e3d75f92b1cdd1907bbe

Download Submit
/data/user/0/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar
Filesize
105KB

MD5
4c200f3ab7633657a1d86a094939b063

SHA1
a95262ca64a00e28c852adc76b66c4eb253aec09

SHA256
23223c001de5e93edc3af8556b77c5d83e7a62af9840e7a945a262847b033487

SHA512
18e5f776b8f052ee4b5c4c0a1b6468bf04c0780e967f2fe9b9d211aa4992b3767b2664c51e53dc30209f2f13c724e2c89cad8c3ced7e813e08a960863bb16d3e

Download Submit
/data/user/0/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar
Filesize
105KB

MD5
b507a9f53848ad48486e406ddb37660d

SHA1
fb5ed7f0cec031b590f832785555d1c0b26bcf67

SHA256
04b07c67571240b211a0947506223866f1f3bdeb3b53d942ed8976197daaddfa

SHA512
33a67946caa69aba337d681b78ce5b0ebeccfe925cf77d8d33155718ca76e66bc1fd3d0eb482e86f2a9de36ff6df1226f5dc588db5aa6dea68f7df29a36f66a5

Download Submit