Analysis
-
max time kernel
168s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 07:43
Static task
static1
Behavioral task
behavioral1
Sample
6a3a8bc64204c4c3d95e814a7f72ac85_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
UPPayPluginEx.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral3
Sample
alipay_plugin_20120428msp.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
alipay_plugin_20120428msp.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
alipay_plugin_20120428msp.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6a3a8bc64204c4c3d95e814a7f72ac85_JaffaCakes118.apk
-
Size
10.0MB
-
MD5
6a3a8bc64204c4c3d95e814a7f72ac85
-
SHA1
59dbd4442ccfdf44ff54334b8afe7c142d7c4d97
-
SHA256
3a27c03db93c30ce802e18a0c781065019812ab5e00b4de407af68304f9bcba4
-
SHA512
26b4c37a8550b37e5c77a1e364accf375e983d7a2665d95ea2507a32eeaaa17dbb7056cc000a81ca2fc441260332b44c8ec4dfe54814efc92a6baece5e8dace0
-
SSDEEP
196608:FbatedVTtYVTCpe6xtGv4CXo3dweNDKxZ2MYl93Ql4CN:4teXtMTb6CvmWeNDeZsgl4CN
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 9 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk --output-vdex-fd=131 --oat-fd=135 --oat-location=/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/oat/x86/5.odex --compiler-filter=quicken --class-loader-context=&com.wangwango.rockwarioc pid process /data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk 4580 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk --output-vdex-fd=131 --oat-fd=135 --oat-location=/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/oat/x86/5.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk 4341 com.wangwango.rockwar /data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk 4341 com.wangwango.rockwar /data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk 4341 com.wangwango.rockwar /data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk 4341 com.wangwango.rockwar /data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk 4341 com.wangwango.rockwar /data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk 4341 com.wangwango.rockwar /data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk 4341 com.wangwango.rockwar /data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk 4341 com.wangwango.rockwar -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.wangwango.rockwardescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wangwango.rockwar -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.wangwango.rockwardescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.wangwango.rockwar -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
Processes:
com.wangwango.rockwardescription ioc process URI accessed for read content://sms/inbox com.wangwango.rockwar -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.wangwango.rockwardescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.wangwango.rockwar -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.wangwango.rockwardescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wangwango.rockwar
Processes
-
com.wangwango.rockwar1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Reads the content of SMS inbox messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk --output-vdex-fd=131 --oat-fd=135 --oat-location=/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/oat/x86/5.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apkFilesize
14KB
MD5c7a4fcf067f62af7525ab714a0e21350
SHA132e87b00e02d77d28f3c673c9acbe8b915cef733
SHA256d46d6b675f5d79a954c75641e7387368df6a7ca5c459583f6460bd954705c4b6
SHA5126b97ae6b2d58c047153cc89c2da67b3794954eaf9cf379cb964f1041ff6c25f832d642dd705ea406577997dd0b124e02f69ca5fd519d0466f638e9b225e48663
-
/data/data/com.wangwango.rockwar/files/mobclick_agent_cached_com.wangwango.rockwarFilesize
120B
MD504d0a254f6df59f9fd8bf4a3b3624382
SHA1d241121ade2322986a3434d50305f4bf7508fd7b
SHA25631e62b3323d63f10b853fde564c132503062b33d5b1cae3a660b47d5c4caaeb6
SHA5125e8d5638d7961b5936607930ac087b17921eaa99f32369caa2b5feceb5c37639cc1e3429fa769b38ff6db9d417c547a0c75f47d7054bc7e7a752530edc01a276
-
/data/data/com.wangwango.rockwar/files/saveguFilesize
8B
MD5050b04ade5a54bff55b034e3819c4e08
SHA14da2b424da3370a0d556b2a7d74d8088e0ad9903
SHA256974ac98c386379a71acfccd999e77dd85cfef13c2b391ff58f3970b5f71ca1af
SHA5128549d985d71b1567a91d247bdc3d0b2a14de0737160f0e3507661a7c0f15676a1b779567a1d9f85ba6a9c373560c6c0083e079e2b0b5119f7b945618c24e4f08
-
/data/data/com.wangwango.rockwar/files/savehrFilesize
8B
MD5b8e4b9ce189f02685c1431ae7dcad2fa
SHA19100c987daf532867c67c6c549f425e881bf874b
SHA256e38246775570112b0bdde65049fe4bdf711bf8a8eae6ed049263b5901bfc3d70
SHA512021934353e9ab121b7b42f2f8de5630ff9484afd4c2be9be43f844cfd715fc452cf0658dfbcc2e4494dc2afd1c20bc8aa934ba78e76225ab426cc58ca90a8b2c
-
/data/data/com.wangwango.rockwar/files/saveltFilesize
4B
MD54352d88a78aa39750bf70cd6f27bcaa5
SHA13c585604e87f855973731fea83e21fab9392d2fc
SHA25667abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450
SHA512edf92e3d4f80fc47d948ea2f17b9bfc742d34e2e785a7a4927f3e261e8bd9d400b648bff2123b8396d24fb28f5869979e08d58b4b5d156e640344a2c0a54675d
-
/data/data/com.wangwango.rockwar/files/savepFilesize
36B
MD5e0b7ca711f11dfa3ec33cd19bb5d32f9
SHA1ab8e5b91f834386105713580bca75e5a807d8d7c
SHA2562e72ee903f9aba91e65702b58ee0a65628853c9510d30db020a22c79d79ffaa4
SHA512fbde97ec1a2120acb9c8c32ccdc3e40a63e76b929d839e175910ce14092e0308e2e9b302aac573051173adff91d7255e570e824a62d9cabcf443586a2a2ea7f8
-
/data/data/com.wangwango.rockwar/files/savepexFilesize
12B
MD5a3ba9ef8d25788527c04e30796c18c6e
SHA107af41e4bf937cc8b718937d92e9b431d42467b9
SHA256be756a136d1293d6a1c14cd7b79f5ab3391e4a89c5fa32569feb7b00dcc4880e
SHA51269d771a9d8ce534a8697ddf4b76949c94b4a48cbd23fe05006b047ea2aa983a45f24804d949e51ddc72b0d0ef8fd13fe01ee2c6a0c39e5d49ec6f7d19cd6839d
-
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apkFilesize
24KB
MD575b8e74722c0c16d5a9660390315cc5d
SHA1c54e00c5cb2c9807c98bc6eb235baa8ec1a26150
SHA2567fcd74209d8afa8f20fe7ba0498aef32762c62a255668cda0d3210e1cbd5b2b6
SHA51293d4ca8c02e2a2bf74a04550b6097c9d53c6daf0a80d5d74a40e4e6e07fbcfb3a13a06b501383015f3cd50c406e3d8f77d52d5fb236d3e647f676c8977c4a630
-
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apkFilesize
24KB
MD5ae7a3203e0a092938888f5c4c4ac568c
SHA1fe1bd422ee222f2d7dcf0b94b73cc9f98954bc8b
SHA256af0d34292e22ee2b7d9e8e574f076c5f8ebcd11c924f37fc963beb1eb83ddaee
SHA51229f2946ececd7eff6b35c40c431e56a328fe7df15a6ae27175e9eb7eb58eda7c77e52a73b3b46f82b3aa09e408456e719b509ca6f0814316cdb15cd5a1eee5a4