Analysis
-
max time kernel
18s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 06:04
Static task
static1
Behavioral task
behavioral1
Sample
6640d2fdab5dab271e9d362147c3e2c9_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6640d2fdab5dab271e9d362147c3e2c9_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
6640d2fdab5dab271e9d362147c3e2c9_JaffaCakes118.apk
-
Size
19.5MB
-
MD5
6640d2fdab5dab271e9d362147c3e2c9
-
SHA1
2f47bda66732ef151f8700da7a47476fd15964f3
-
SHA256
b75a36052874806c3f0c7467fd92694f02a866a236b8d3a0fcde4b195d2049ab
-
SHA512
66aad2e7d1baa05597f49f7b6cb2f4d201b99ea30ec1dc57d36d3f7db1858a17e73257c23632e400aaeda291c20d32bc45f2ff898bafdd80d9a5b7871090b78b
-
SSDEEP
393216:leX/i/bZeqp48fJKvYqDsUUEtYoCSO6GOUtE2Js1ATpZ4WLOd:leX/i/bZeq22qYqDs+SR7lOaE1Y74WLM
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/bin/su com.remennovel /system/xbin/su com.remennovel /system/app/Superuser.apk com.remennovel -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.remennovel -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.remennovel -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.remennovel -
Loads dropped Dex/Jar 1 TTPs 6 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.remennovel/.jiagu/classes.dex 4294 com.remennovel /data/data/com.remennovel/.jiagu/classes.dex!classes2.dex 4294 com.remennovel /data/data/com.remennovel/.jiagu/classes.dex!classes3.dex 4294 com.remennovel /data/data/com.remennovel/.jiagu/tmp.dex 4294 com.remennovel /data/data/com.remennovel/.jiagu/tmp.dex 4329 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.remennovel/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.remennovel/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.remennovel/.jiagu/tmp.dex 4294 com.remennovel -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.remennovel -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.remennovel -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.remennovel -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.remennovel -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.remennovel -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.remennovel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.remennovel
Processes
-
com.remennovel1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4294 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.remennovel/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.remennovel/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4329
-
-
getprop ro.build.version.emui2⤵PID:4482
-
-
ls /2⤵PID:4576
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.3MB
MD506277f75e0a4e4f5bac8b5df7cb9c32d
SHA196325388e21e14f66d6b212e40052ec6d80d0a06
SHA2565a5cd0f76f87a871c43af6a05d5130fd555ffee180edfa4154555cc06d18e920
SHA512bdfe647815235c202fda90f9edffe29b42043b86ef604a900610a309f742403216654eb841a03a8b6b12067abbacb62b0fdeee1628d53a8c30e7eb75879dd7a6
-
Filesize
6.9MB
MD59df7daf1611e81cc4f576d622e0eff5f
SHA1eb70ce4682dfbb61cabceb55fb171e05610d8464
SHA2567f99f82a8b1dad43441ddad3a2925d4469bc0042fd7234d3fcee44aa5677ef97
SHA51282898ff96522e4f282970decce8716b5452fe1435e44bc849c41d8763444fa9dd7f4147454f85316453c082f0ef02f8155452609da05a21a467136d6c46b8c5d
-
Filesize
4.1MB
MD549230c3c73b4cb8d5cb84987edffc290
SHA1ab1480997792da94b2a970c52c97fb271ce98683
SHA256a3255ea611b63f2599d3f217a23ec0fec39227dd169d5fdf69753f93698b776d
SHA512429a302e7eb1df3e7e9844f981e6dd2ad3fe30d1f89401311b58354ae06bd21fe940492873e3c6cc7e2e704141402c5fe69cbdcefc9f3f8039d98cad6c8453be
-
Filesize
486KB
MD550750315eef281575611bc425174b939
SHA1acaff02526d7b4c257e00002ed09af364f66a401
SHA256c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef
SHA51260584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5e7aaba06bffbc4b0268f2ad0848966a4
SHA12b1cc38578493081228ace48958ff0e1cad88064
SHA2563d35ee058d03caa288c2eed786abd763ae9f3bef7a2fe06cf55259cb59cab34d
SHA5127143dad1d38e31b3d28771201d18e09b203ea6ce40397727ca7c84aec1ba4539282594e9e222662b6ca07515a1e171cf48f15ac604ac25bde163e1a915f5800a
-
Filesize
72KB
MD541df5edd394c242b99d38ecc4862080e
SHA1f2e5c24071857c7727645320c58292b5eb13f4ee
SHA256f1adaee3a04fd3ea3a76d8e28f16b9709ef79a6532f7b19fc8251ab7e8859a2e
SHA5124834e0d41607ff9424f83afb0082e8ea1e486180bfb5791071f41b6ceaee21d48a12e16f7815516fc8d4fea9fefe333a1a31b65adde7f7d4cc12af19e4b01c0b
-
Filesize
512B
MD5d436e1321cde9dd23ad7be5a8c047021
SHA1896c31b41a5eb891d7edf1e15c68cac4ed7bbc97
SHA256ce9fd398747dcfbb1b3276d22851b1d26983cd7a2608b9fcbb933e948708fd0d
SHA512fd5a64db9ac8d9b62a3991ca1baa4a9c97abe7813af4357e0e4e42e94a96f1e2fed5b7fbb4677984a6c2ef467aa5b681c265ff1cc76ff87d6a80f9268b134c8e
-
Filesize
68KB
MD529ff552b019888f89d31a2d546cffc8b
SHA14b2b68e8372f9231da3f1fde6b80e1ce2fb1db09
SHA2568dadf36e06757ff3abfcebe43ede7acc276a0149e6d7ec5438204cef68b67358
SHA5127607ee388a8a2353822d8ca0e6f05642dd77dfd62732090a2e47b42c142d43776819218efdf2b9b4b7f0f33b4cc361f04ddb0a4fe4866b66310714d7c697c658
-
Filesize
512B
MD5b14cfb99e304e02f488a4fd97da72efe
SHA1ecd41812d2363979232005e1cfa4714cffd6c531
SHA256a3fa791a3d0c29fc1aacef72d6d6997ed16f147b5366a1237804f4dea23cab7b
SHA5122a620233f204f88bbf66a8137c3d32794833f24b84aab3b07b94b0a0ebba2b22516f3662d526fa336698891ec2b6d172ba55bc975778e86c8acc3ed8af97d24b
-
Filesize
32KB
MD54c9165a762da22168f5404ce85fcc34b
SHA145c41773e332821328a01696fcd5d91f266eab6a
SHA2568fcdb610d180c0a2328661aa41b1634afea6d6eedeba567d02f2aea161d536f4
SHA512cc3aff78e8393238cc0208382e8557691b07b5d020e8ead4b2c7bd4ad9b994b6177aab3763e21ec62ded0435242ab4f5f6adef630a4362e6f9c15dc028da7bbf
-
Filesize
44KB
MD5716ea1786e10add9035ea77caf376237
SHA1caff7821bdd621730a578b2565c86aa7f35299b3
SHA256587860df2210c825d9b06bf25840d9baaf77b17ec4592e41a04d697b090920ed
SHA51215f14ea662d6198db782c612d18481a1cfdd8c058fcbe75f9f325a6fe801f039e80c5600e28251c899ab79230dc8bc8d110f4df05c50310b0774b0ef00330d3f
-
Filesize
512B
MD593575d9a0bf22c2563c54533a4835ab9
SHA1e30acc703153371a115f549795655f2b5458810e
SHA256c8fb1e2ccc1e6a51b81119ac8e0d0ae291389a5483a5622c5a2e9ce553629f7e
SHA5122e492490cf937d9a17a2289f89f8b8b2a763b327cfc3453451b156835924edafa530afc2d003d37361d765436982a8c92e653837c170dab356b8e2a05237e742
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
56KB
MD5bae77a5193debdf27bad95e1b61712d2
SHA148dc198a2cdc8e7aa4ad739417199ba2491d6791
SHA2566d3fb6ecd4515c289d32f63a1ba2d78ba9b7943863f43a089439bc1367ed4831
SHA51273d0b1fbf10f6edf089214ee4fedb9aeb8c6fdab0267fcc05cf11738571f403222724be405d6dfa4e4134c5f264a079765e0877d61de0976444c26150966e5e8
-
Filesize
512B
MD51441e35965adf6131007b3fcc6f81d18
SHA123361e410d7289af850798317b7cef6f247586bc
SHA2563f94f3b4683bf9c1f127b5db3813bb7c7ff82408d8ceb8ec539c1ca6b894580e
SHA512f70c2dcd87514a5e78264e77fe80dba7a9bb2f5b1f03e6adae2e781193dff2290415489f3f0ea077a27e1b7ff2d02b7e83fe03be0e7fe4339a9eb6859d0675ee
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
52KB
MD5c7ed89a0059d48b94ea603f9f7a83952
SHA1bab8427071e7d613f4300930e63e5df778a7d79c
SHA25608cb426ad77036c5329f4bff2ca7466999b22d58c750a42f4a01cced2a04ce70
SHA5125ced60ec13981327ce0d86bd63ababfbddf70e665e270ed107cb20ffaf596e414178a4384dd3afd33b6f6adfaa344d70aedbe5faa483231aa17da3d35127af82
-
Filesize
20KB
MD538616785cca0600a03205f84fe330b4b
SHA16ac41a6bdcae297d56dac5fdde70be5faccf0832
SHA256b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8
SHA5127ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08
-
Filesize
512B
MD50370123fcd36d1277c7d71540f6595ff
SHA1da497cbabe7a57a7556db5b6b4778234054de8cc
SHA2562f9cf37a57d42f5bef17a50361e518c58b795b40268f95c08c89f577c78bb2f6
SHA5121ea62bd66904902ab12e7f7b408fd87dc5d10f9fe990f6baace4ed2feab58d5792f507f944285ce8afefff79f3f7a8e74a442191311a83a5e5ff447acb9467fc
-
Filesize
32KB
MD556a7cc32f60a493957260ae984d9b842
SHA1db23b98bb598120f7b64b0453619ac73e0d49581
SHA25607dccf25be52eb018d44c094a16a7fc189935c8d3c2f2cf07c8e32fee00049dc
SHA512454e1fcfa4750994cbaca35d169c8a196563654d5185ed48b28c3b753505486fb420831bf2623f552ea467c434565dc72a8bde17505872e1c3921f33db5e65fe
-
Filesize
32B
MD56888acfa6e15277f24db22de89b48da2
SHA18502f372a618ee18daab660a88b7230fd637167b
SHA256436b2e4757de530304419b34fa732fc97db5a8679179c00899257fcf8a90dd65
SHA51258ec1b76269066ada3b9064ec94352224641eb581f1bffb83b5a783ce09284f648b6e1f84814e10594519f4daa8469ac417a93c2391d00d97df0036a84fbe4c0
-
Filesize
340B
MD5867112abaed31bed9f0d4cdfad3411e7
SHA1e0ccd18cb7c67084805ac30731a983adce9142c6
SHA25652b783f7f9539fbdfff2775bfdaa22a9b52aa4bd33318b2eb5a7b1b05f9e3e99
SHA5128874f30a659ec5d1b2132cbf0173caca565e5e911d8bb362d576d1ca3addffaf7db5061ab75d85232a7d32a13564c011c5ac13f1b4f4c3bb06686006871a5d89
-
Filesize
32B
MD50ae7d5dea6685a91848d93d3dbfa0055
SHA1a926cb2f60fe1da69c8abda334f813f72ab6b600
SHA2564c1117fe7dbf8777d610909cc229eb473d9194c4abaa8a1a7e88f8545a26402f
SHA5128c73c212f14779d6aefa1c3b6e7d48ce15bc359d32254e9c8d97c35d9ca1368b725d43ab2fccc6e58437489ab574d642071b631238c3fd256d4f579605a6cab8
-
Filesize
100B
MD52fa6dae717422b2106649e1192051a9b
SHA16b92e4d4a7e9d654a97d44ab3c97735777aa4c53
SHA256f276e4a307f39398aec306d2eb9ef10042d515f2da9502476d15631d5cd39b30
SHA512c3ec112c06c8b2de10fb6dada2ff957cd2a660594f59cad519548719d3b111ac31f682a2ce770f1e629d0145d18d9f32318810fb733875a040bf41cd1657ba55
-
Filesize
73B
MD50fd7e63179d7631a255bfacc5147b255
SHA1d167fc466cc142680815a8ac90e6ba27c47b0c42
SHA25655fbb0c1f7a18bb055242c61e0faa709e45a8c780f2d4e7ec3a9c8d75ea2b90c
SHA5121058d18caa923fea9eea8e53c86a9b50dbf91f95aa398314bb600a506df3d3627af635051e57df9369e16e01f19209a751f2b17e4b0b7cda3958b7297c0d23ee
-
Filesize
314B
MD534ca82c39ac60bc8fc8644714beb4f91
SHA179bf8a2c48be5e4cd6f9b2e789f3b8e8653977a6
SHA25655cba5e7d34d5a07f4607f6f7d7c8c169b188f24d35b61451386b27419794058
SHA512d786994112fcf9c2fb921611fb640c764460705f854346e5ba7906e9353351f97cf4e929ccbc96c62719be2ac9421065480f69a0f3ef9a8446b8476df771f83a
-
Filesize
27B
MD5a433a826b23e46e1ffdbf5083095954d
SHA133d4505c80fcc688446668b85d55ead54fb34e8e
SHA256b5dc2efeae153184e5d68742146c10b20edec93e750c9abb18c531427b819610
SHA51298db81db661302680d46c52bf7c3d649bc6b1a5d7b7b546ca07c307c867bc56f5b004b89df43e421d45479dfcd93a9de2180f5a060e100d04cc4addb6a8641bb
-
Filesize
111B
MD54e9b3f337b65032fb6d5882671d0dd02
SHA1597cfc4de76af1ec5ab33adba107ab58dfdae8d7
SHA256241994637d7b3699e65cf0d0584e8107b0010c64215c4581830a2c36a1570478
SHA51229d827c720db413ab49490689e76e219761f184088b474c3f0c8101146c34a3430adb61c12bd55c8d13f99a4379a2b705d9b172cdf00b7942306d559d573d6d6
-
Filesize
213B
MD5db2980722cc4239b6fb65d53ca2541b6
SHA1957c3a537262c710bdb5b13a4326ba2d33dee097
SHA2567d8d75eaccaaafd3f56394413a63b97c7b61e69fcb97ddf1f414e358e65e568c
SHA512a24dc63d7a968ca379d6f651321cd332d5eeacb62da6eb08ef5d8ef85618e38c7864e75b21119d6e8883f18d7f46fab750286e9635a374455c5e3f0e9b655df2
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD5b49fd0c7f246431dfce2e017d7b2a4ed
SHA13cf5b69058913bd6214bdf983e511f8a3043c284
SHA2568236089823983262dde3fe5adb6e259778957df29f13964727f6ea0eacdbb6c0
SHA512fda7509738b5e01642ad5a03477c9af82afb05f11b3d5d615a68a90a21451f92dca87f1e7941898f4f450605715042381219794b57b25f9977eecc3eeca3ab19
-
Filesize
167B
MD58942b813745d31f11e4b04bf2463b27c
SHA12f9a6e924b274211f45e6355313dfe2852590f7f
SHA256f4a18f57ffcbab1945008831a25ead4bb9fb3909f6b3fa97147b5e28937d6145
SHA512ded5809cba05de4b50b49ee27b46bc314380c5d91bea8100d4db3e1fd32cfc228e69828a2fcd10be831cc2d02e3530cd5a8c2386e959c795e07193040c9a3732
-
Filesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
Filesize
32B
MD536a2fa447e52944cfd14305c6811dfa7
SHA17d0e520ceb1eb662f02bcfaecddce715debb6dad
SHA256b85086c18b27ef0541b9328a59e4974cb8cccadb831c6dde7cdef97326328d82
SHA51245616dc813d20a05751b1817a415110c805745f85333b9714eff6b49d9dd82cf2599e19119276c35e3eb38a67d03b3ac60743481b5a2e527655d30836d23c46b
-
Filesize
32B
MD51420e65ecfc6e596a707dd86dd235f25
SHA131e935c04b0f1af92120485dee7c84c8e7e5f5fc
SHA256e9b7ce30c81bbcc52f7a3adaa0d5c1beb8eb68fe667df9ee43c1d7ffdf0ad312
SHA512aca2eae8d60a07163c9c78d9bca6a23d58d59b2bac2e2e28a92a8323c2910f79a4e59909e673ba1a70b6891fd0e70afc22fc4a1b8a83a10852458e554b79d5c7