Analysis
-
max time kernel
127s -
max time network
183s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 16:54
Static task
static1
Behavioral task
behavioral1
Sample
67f2a774c857d13f7480abf7e1f6e74c_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
67f2a774c857d13f7480abf7e1f6e74c_JaffaCakes118.apk
-
Size
4.8MB
-
MD5
67f2a774c857d13f7480abf7e1f6e74c
-
SHA1
1755dcd246e34b417c3fdd9ec31b353a62b61b1a
-
SHA256
1f31fa819f7a182e880a7a7a29f25fb628bfd3d774d655d2a1b96cd5968a6f72
-
SHA512
6fc8ae5b347ff98f746cb9aff851de1b3f7e29de7b8efcc7a5195cc29cecf15d7994d90307a907612a927fd3a74291c5cff8d1392b28e3ab84da0e742e134d4b
-
SSDEEP
98304:OlXjWgwd0cA8PUXcRFLpuGCLydaMwafNHnvk6JQ:Owd5A8PWiFMPmdSUdFJQ
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
/system/bin/sh -c type sucom.jpgame.zasgioc process /sbin/su /system/bin/sh -c type su /system/app/Superuser.apk com.jpgame.zasg -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.jpgame.zasgdescription ioc process File opened for read /proc/cpuinfo com.jpgame.zasg -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.jpgame.zasgdescription ioc process File opened for read /proc/meminfo com.jpgame.zasg -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.jpgame.zasgdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.jpgame.zasg -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.jpgame.zasgdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.jpgame.zasg -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.jpgame.zasgdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.jpgame.zasg -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.jpgame.zasgdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.jpgame.zasg -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.jpgame.zasgdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jpgame.zasg -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.jpgame.zasgdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.jpgame.zasg
Processes
-
com.jpgame.zasg1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4263 -
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
PID:4452
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.jpgame.zasg/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.jpgame.zasg/app_crashrecord/1004Filesize
224B
MD547400cb7d5531ef6c540879dc32b5524
SHA12fbadd527b53779b113556777befed2c70088722
SHA256e2b000ba7ae8c89056e3b2ba74a82105e7be9b0728c9cf03e97fb755baf6da52
SHA512c2908b3c20794bb4202e43a1be645478e1d0f6f8a6b145ee3a00d799b96e1bae2aaa21f4cdfd709c84aa9e1bdbfc51931ee76fd93fcd90f8094afb540b5cbe80
-
/data/data/com.jpgame.zasg/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.jpgame.zasg/databases/bugly_db_-journalFilesize
512B
MD5d43b3bd8b1edd5664a9f47cff5567bcd
SHA10b0afbb4f36c1c5e019495cd42a5eb992e6ef08d
SHA256eaea4e4f0451fb1d28b3df2b8d47222874b288b289ac87876d04d563c5c2b0f9
SHA51230b2aec14ce5f029367bcee8daa26fcd5b74147af18b47f19a57b8f1654031260ed7758a78ddd9ac9867bb7e469154003a6534ba2593b01b95f964593c2bff6f
-
/data/data/com.jpgame.zasg/databases/bugly_db_-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.jpgame.zasg/databases/bugly_db_-walFilesize
76KB
MD5f38e3f877905995a6b0d2efa66ab6f3e
SHA152f065a2b71d324ca01abc97c2d10cf717b8127f
SHA2567b1110560c3f455b2934d2d4a17762b434f75aba02d469d8760cf7049f3db7a9
SHA5125d24c2752518b437d1ad6dda8139fec8af16f9bfa7753626cad3c69e940aaa7643a24391b3565762a2a19428329fa084bfc88b87226c2321addad1dbd5fdf00d
-
/storage/emulated/0/UcQkDir/qk.dvid.txtFilesize
65B
MD51c75733241834161ac5f753584a857b1
SHA1ce724fa1207cf99217d0cd426e11f20e8bfa41e9
SHA25691338c6828dce1a80e55428c31f6fbdd0ddf25735671beb7c0293482c040efbb
SHA512a9cd56179aa3072cd1fc2aa2aa0763d18084006259e72ac4098a78e86fb68fc9b2815f1ce6af520310249d6716ecff31944eed14acb9b2544fa62358f135d037