Analysis
-
max time kernel
10s -
max time network
149s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 11:05
Static task
static1
Behavioral task
behavioral1
Sample
670b7698a2152cc5a8a147496f204a7a_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
670b7698a2152cc5a8a147496f204a7a_JaffaCakes118.apk
-
Size
6.7MB
-
MD5
670b7698a2152cc5a8a147496f204a7a
-
SHA1
e6546290b7525703f6eca0a7da7f24b0408deba0
-
SHA256
e21dab5f7d50298b27605fc99048e58514b81f8ebcea037c1ad9c387c4be6908
-
SHA512
448fdc861c30e662db6c40d02e400413a42a072a5bcd8085f71cffa9edebf301a938d71a25e8629842a2072bf356e87d88e393b771d4f88eb5452f3c4a9f14b6
-
SSDEEP
196608:ZjvR2BsUHQVGC77HUAg3LH8HRR6wDRPTr14fVZL:Zjp4oF77HWoHXpu
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/my.geulga.textch/files/oat/x86/pmy.geulga.textch.odex --compiler-filter=quicken --class-loader-context=&my.geulga.textchioc pid process /data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar 4280 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/my.geulga.textch/files/oat/x86/pmy.geulga.textch.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar 4218 my.geulga.textch -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
my.geulga.textchdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo my.geulga.textch -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
my.geulga.textchdescription ioc process Framework service call android.app.IActivityManager.registerReceiver my.geulga.textch -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
my.geulga.textchdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo my.geulga.textch -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
my.geulga.textchdescription ioc process Framework API call javax.crypto.Cipher.doFinal my.geulga.textch
Processes
-
my.geulga.textch1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4218 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/my.geulga.textch/files/oat/x86/pmy.geulga.textch.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4280
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/my.geulga.textch/files/gaClientIdFilesize
36B
MD510457d53c0f767421a0c003f42dadb6a
SHA1dd73c04a9037cfc35434fc120cf76d7fce0ff0ef
SHA2567943429f4b2ab336bece9543dc93c82edaa170358d3e5fca5658097978fc36ad
SHA512a6866d5f93ca5f4009af79f0ac6b0e6393f982ca93e79e12bf265f7ce875dd5a53c7ceb925d2a4fe9cb32f118484d98769ac77e9d233b629c98980ec799b6fa3
-
/data/data/my.geulga.textch/files/pmy.geulga.textch.jarFilesize
204KB
MD552f68b0c7257fe691edd634c1a497d35
SHA11096cfd29a7018e4407fe8380085a5377959b55b
SHA256981f08023b9e5aa31eb5e3838ef292cff913c5604bf0de3d1887ff8264232041
SHA51201f6ae87ef0dcd5b74bda81514d0fc80ac26b4d5a26a65fdb876be76dc322c77f1354da9433f8775c05faee7e8633c29dcd6b1fff15ca02740330b64cbfff7bb
-
/data/user/0/my.geulga.textch/files/pmy.geulga.textch.jarFilesize
474KB
MD5ce8aac17d6eb129dd4c47cec73cf8db5
SHA18e4a6a3724cdb0dabd485ede175790dd5b1fc121
SHA256b553c4d326b46b010806c58c0db089e645f9bf37605c65bd4f449227fead2445
SHA512500fe3017453b4d066d1a43f9dfdd5a287b6e785f1bf4128d18854e6cd149c20cc4e41e2f3f9896c13c4503b09e93d8dcb651b44f0e16dd2f5b0a9ad5f494d4a
-
/data/user/0/my.geulga.textch/files/pmy.geulga.textch.jarFilesize
474KB
MD5be9ed268e617410d3564cda544bda591
SHA1ccd5ab6f758b78937e358b62bd4a89aa8a2b2084
SHA256dcaaa64a5b3e1a77981f9c25e8c3b18c862d485c0830df25fe35b6f590dcf7ed
SHA5125e971dcaf1740942f44e5f0d948670eab3b4e70aaecc5dcac539b0bc1136ab1510116981f0b58a5d990a843c0b1765f5adde90c6e608fc22026212c6884e3051