Analysis
-
max time kernel
80s -
max time network
149s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
24-05-2024 03:41
General
-
Target
6d3b5b84ff9cc242770e1e9b93164abd_JaffaCakes118.apk
-
Size
7.9MB
-
MD5
6d3b5b84ff9cc242770e1e9b93164abd
-
SHA1
0ee5813824131020abee3c6e266f627a1081ecd2
-
SHA256
68b6f9004705795d9e5665ce03cdab74b5569edeee06aad903c2f65733a8a9ed
-
SHA512
9953ce850fd80126a98f95d4c8b2361524e33b20e79f4cc698e11656bd5470781d0230b14691cf80bee822955bfd7eaaa89b7c346f7dd8b572534e082e15b247
-
SSDEEP
196608:mC4fLGedmKrM2A6yJJWLi1Nee8XlFk55RpfXCO6:mFGeDM2A6yJJt1Nn8Tk/fSO6
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.adsjpo.weoiuhf1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.adsjpo.weoiuhf/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.adsjpo.weoiuhf/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
sh -c ps -ef2⤵
-
ps -ef2⤵
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.adsjpo.weoiuhf/.jiagu/classes.dexFilesize
6.2MB
MD5b4eb457489a142b12041b53a8cfc69da
SHA15a9d1ea8a9ef4bcbda006143f1b9fc03e7d0fc32
SHA2568146072bda81bb027f235914b35623039da0dbcd091486be6df0c7796471e561
SHA512f7bafa420e7cdbc6dd3a7b365c33c0fee9fae60349fc47332b0f356cf040980378a5bd2f8c8b3ef9f45d7582ecde2339d66e6c227c2274c9f1a986e56aacb888
-
/data/data/com.adsjpo.weoiuhf/.jiagu/classes.dex!classes2.dexFilesize
339KB
MD5c1497b495f0b7bde27017830d02f0992
SHA1b5aebd91c81320337dc224d8492e3d5806b5c07d
SHA256014841ea1acb4006d3e6aafac1833f3e2667e3a3cc11f9204314e77f5ae26784
SHA51243c4f997466ba0b2141797d19d332f84f14f5414d79c46f3491a3aea7fb940980280277d928084918c10b0d5e6bb6daedc67cdccef04ee30219c31a180114834
-
/data/data/com.adsjpo.weoiuhf/.jiagu/libjiagu.soFilesize
558KB
MD598736de515958ae37ae93a0a0e997098
SHA172d0f9d43f7c9bdc9f19d13834c0872f5652c0f9
SHA256335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421
SHA512cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf
-
/data/data/com.adsjpo.weoiuhf/.jiagu/tmp.dexFilesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
/data/data/com.adsjpo.weoiuhf/databases/google_analytics_v4.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.adsjpo.weoiuhf/databases/google_analytics_v4.db-journalFilesize
512B
MD50910726af84c0944e5a807b189639563
SHA1bb001ab5c0ff5be6e47ecc746d8ddf262101ba44
SHA256c13f1c522b7622d895f1c569afca8ab92715cc46b006420cf57c28fe986db8f2
SHA5122120127e62bec56f7f4d76f15d37c9a121764ccc6f44c408c60fd776315420cd6c5dac20fd9bed7b0af8b03951d3249a52cb3076a3d57d187f218aa52b84ba1d
-
/data/data/com.adsjpo.weoiuhf/databases/google_analytics_v4.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.adsjpo.weoiuhf/databases/google_analytics_v4.db-walFilesize
68KB
MD5d999d3c44047fd394f3fe4c854cd6853
SHA10591676fa80bff9e3eebb157692bd26a06a474b4
SHA2561bab6ce12fc81b2431469b455d148e28263b5e4ae4a5bd04c1a90178b0cce573
SHA5120e4ead94ed4464474604c31a7efd4234f25cafb5d50b98245d5248ff6fcd3352c6fd86acc1b07ebb2832a6684b7526f0d68fc8f0875f6b69b6f129ca04f6a09e
-
/data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.acFilesize
32B
MD57f7c1007865f4c465b5b8844597103ff
SHA134df7f1aa00fcb957ebdbef9b5f391a6a586de0f
SHA256622ec2410f74f1aba142560a161053e68871537e695a65088104316db5bf3ecc
SHA5123f0657c4fa2637c97e659ea5c77b523b93a9c5c5ce11000baf54dfd522bf7e8fc54db7edf94303e0caaadf6b37c71b56270352e75f41b1715418be0b9d7790ad
-
/data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.icFilesize
32B
MD5299f6c1ebceb4c8954dec1b3cf880677
SHA19109b168911097e99e6559a4c2cbc93d3f3c3aa0
SHA2560096fa740c8ce65f4af901e92f692d0c8561ea6573492ad3e799516011e200eb
SHA512bfe84ec9077aed797dd0a7930d0bcfcc4b647eb5277245c031bf76d0cf223137262305fca1352e698e1fc6dc4b16ce66370dde6eeee47788a380e06e8f54770c
-
/data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.pkFilesize
32B
MD53ab315219ae6c24a631be980c544f7c7
SHA16f42c2f43ab6cf09a1f5c40c4e57cbc1016f1394
SHA25616c638445d3bf312c653ad90e48d8edcf07875d8e17e012a648d4e61c9b48159
SHA5122694097ace2d746ace7ae89673d72b671acb63bf1fdadb334a9dda0e7e5cdde0192657137aa8f715fe76eb9b403f618ace487c01858ef67c6c14e428971888e9
-
/data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.pk.hFilesize
64B
MD55e46743d001726caaecb9951ae4bd41a
SHA1499349665782fa662beb7bb641aac1107696ba2d
SHA25638c3b6f9c56e25fce4416257817887afc804ee42fec7a8b6591ad95584c3f8e2
SHA512fbe40dcb3780f53ac8bdb6fc348b85b0031219687734f582da3093a55ce7f01eb6387efc07293d7fd221a55465a6e8f88cd55fced8ae5bbab19ca2d15717d564
-
/data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.rdFilesize
32B
MD55c74df0c6340eff514872da47640d108
SHA11ceec416d33c60f9bb1ad101d9d2b239be19987e
SHA256d23f52079bccb1e31a34978b73a55cdf0d195749c618bd265b37b8017af85883
SHA5122045d14e216146d959bef19a73cdf64a265c83206ff832667089738adcca47ba87d08f915a90e4fed72b7e9f26b1fdd349a14bac28b76f33bc10fb7bc9aa91ad
-
/data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.riFilesize
314B
MD5ad1fd9b548aa30d5f2f53cf52729369e
SHA1405047c5d2af9dee135cbb8ec335ae5e14982734
SHA2563594fe596eabbefe5647ca38b2038c5f5571f55fba59e2ab2f5d63ab8d8932db
SHA512518c3f93796ac57a818daca0983d0877a3195bd863440ff4f549f63f4a02117905ba4a94ed0826c1bb3165392320b35fe0c2eeb73a74080a3ce641ac99bae08e
-
/data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.riFilesize
307B
MD5068b426ff634690fcc0a226e2e2e3200
SHA1af44d9f6677215c4374a90d1eec479150561d022
SHA256eec6198aeb547817f55ab54171213fbeb8cd678bb042ce9445dda98b5b31436b
SHA512af58f13e29d333f93dca729e6dddc87a32f759372e37b40551b1bcea8b3d8cf84f413f1b4da39fc9c9ef602c21fb9a69af77475da17d3ceccb934e2885737fd9
-
/data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.riFilesize
307B
MD5a09790d492e17c03746b1bc8eb99391d
SHA179a4e2f5dd9bc7ae2c8afc9a15f1277ff52d12c4
SHA2569b1fc1b0e8691bd903c9f4b10fe4c8043460407831c320e5f6691b4461196e38
SHA5121fd497fc39879221a27b65b0cac2dbc3bea9d14a81719c512806ddaba358e63e6bf456d175af1dbd68ed59030e6686a03542d7ea569561170602b715b96db698
-
/data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.store.report_cfFilesize
32B
MD56129132f437f647f3fa5b8ae195d87c1
SHA12a640b415127a89be534a216ef7fe622b1e82cc4
SHA25641697b42ae0f333af2ce8e0705819b9b4908ae605768dadca30aedcb8a9b94b2
SHA512196ad0f798ed3df8f850db0153897d15cb898146211932741338cd713b7ef3dca86a8b8f6d5c070c1b894f85f60a3fae379b0afa2a137c73ee684ffae27d86f4
-
/data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.store.report_pidFilesize
32B
MD5cdb2d7afb1a5484bb130b608eef6cf62
SHA12aa9f405c4ee5821acf565d61c1caf7d71feb25c
SHA256620250960547afbcd36ebe8a6dbe4de553b678f507ffdaac58fdcc3dba44daf5
SHA512911311a7aad0f330a41184b6b98f01a9befc78e6ea718bc965fb2d60c6db8fe5215d18e3d3d5caf3ea96c457963a2c57cebe8e64d6c9a5a03984198899c920a4
-
/data/data/com.adsjpo.weoiuhf/files/.jiagu.lockFilesize
27B
MD52770e6a1369b08a689c047ac3ac17e4e
SHA19c40e3fc7ca48624066df2c1af19931de065a0e8
SHA256c9fd58b2d784e71b01b0cb37dff9b25d9499fc55bed821076cc0652c8ede200b
SHA512117c8ef9b0c17e2574ea276e09b0065927ef7b65e615ef6e698ee5011a6a414408e333eb8d67723a22a5fafa753aa49f9df8e820a4cb421c8028a68d2dad8e9d
-
/data/data/com.adsjpo.weoiuhf/files/gaClientIdFilesize
36B
MD57c407062d5598165b4ebf3b6375c5097
SHA11979d33f221821e993a97f18ce9fff1e7be36a7c
SHA256c6a444fc17387c311ec911d5f6bbba8b7526108695b335b8c82829a61adb3131
SHA51259eda4a01967ce3c9ddb36bd02d06ed92fb8be2be331692ebbdfc2fdc7604b38f3a9a70c55357b50410cbc8c14f168899a275bb11daae72aab879e62c9735eaf