Analysis
-
max time kernel
12s -
max time network
132s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
24-05-2024 14:43
Static task
static1
Behavioral task
behavioral1
Sample
6edebb23c8b6e3e18d4fbc1a05944082_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6edebb23c8b6e3e18d4fbc1a05944082_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
6edebb23c8b6e3e18d4fbc1a05944082_JaffaCakes118.apk
-
Size
31.4MB
-
MD5
6edebb23c8b6e3e18d4fbc1a05944082
-
SHA1
09a149690e889a8e4209159cedd79ada99cc329c
-
SHA256
c418a39ac3d94d029b8f052c21c8f6a74a321e4224418c6be7532538f4f411df
-
SHA512
f1c4ff6c719efbbdfa6fec7d573a5585634f866a794629d3aa8932014bd35b92867e9d93ddb74e36d49e281de6ebd237542df865dff7fe436fb404cd3d205970
-
SSDEEP
393216:SHcacRdxDzhbZKaqaPtiQtPX6ltsXWKHby27Iwoi47wg2JL4baLWQzYk1TPuc4Nt:9vNzdIaFZX6le7y2cDi/peJk1JGDsbS
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 7 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.android.icredit/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.android.icredit/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.android.icredit/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&ioc pid process /data/data/com.android.icredit/.jiagu/classes.dex 4346 com.android.icredit /data/data/com.android.icredit/.jiagu/classes.dex!classes2.dex 4346 com.android.icredit /data/data/com.android.icredit/.jiagu/classes.dex!classes3.dex 4346 com.android.icredit /data/data/com.android.icredit/.jiagu/classes.dex!classes4.dex 4346 com.android.icredit /data/data/com.android.icredit/.jiagu/tmp.dex 4346 com.android.icredit /data/data/com.android.icredit/.jiagu/tmp.dex 4388 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.android.icredit/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.android.icredit/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.android.icredit/.jiagu/tmp.dex 4346 com.android.icredit -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.android.icreditdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.android.icredit -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.android.icreditdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.android.icredit -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.android.icreditdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.android.icredit -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.android.icreditdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.android.icredit -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.android.icreditdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.android.icredit -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.android.icreditdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.android.icredit
Processes
-
com.android.icredit1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.android.icredit/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.android.icredit/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.android.icredit/.jiagu/classes.dexFilesize
5.4MB
MD5cfb4abe2210ea64f6d998616667158ed
SHA182e51d64570e7e8b9d6bc0af159e1a04b4e20389
SHA256f0aa4afc4270a92bf922ca1031b378ffff6a5afe1e9d9f72264b7ad8896c64f5
SHA51292cb69952bb9382fa4e3a77c45a9eb9696f4ff62cee8432b32e53746dbc9e3f72f5fe21df56a3e1efacaf27e7ee1b3ebaf6ab535ffe4bb42e899d52586b861ec
-
/data/data/com.android.icredit/.jiagu/classes.dex!classes2.dexFilesize
4.7MB
MD546bc6472bbac78bf0f624a3db805aded
SHA14f11b2f8e99a0a821eefe29bb609896c1d404cfe
SHA2567b36b2df1b8c94fc1810fffbbe91b03519268806df0af3560cc3bbc7af96531f
SHA51251a18fdbf896e99926ff7e65cc2e4607a094bcfd99597787b46d06e990d223281f551f5c77c8754deb18153e2f5d28fa4102d0c22e985420259dedb25668265c
-
/data/data/com.android.icredit/.jiagu/classes.dex!classes3.dexFilesize
5.3MB
MD5c8f5be92f12dc8a9a69cf2065bbb518a
SHA17a9741727b91e724059d649fead74b97a55898e3
SHA256d1316cd2e0f375c04176e34f1af81dcbcd24d4e0d137bf65f316dbc5646e7863
SHA512fa6563c1c1d726354aed0626eddd182d0b51bd68d207c2e638e5d60d9548cc4b5caff6e79393c4dcba9bf9409514567e2e48e8a7388eb0b47ce41fa10aadbac3
-
/data/data/com.android.icredit/.jiagu/classes.dex!classes4.dexFilesize
3.6MB
MD53d127fff3a24fc3ca4b8094b7f93ff41
SHA16e398488793202fb1aa977f0bfcd2dc37f3b6932
SHA256310ac739fe4b6639a4130f810eed752947b1ff6efccf407a37ad5aed3837ce64
SHA51263d486198b2c6873181919a0ff4f49f6ac962b90ed794bafffebca3e72424ea6a32b5c8041c181696ab5d5b23b8b79aa1071bf0a45bc4eee3d95fd0305d740bd
-
/data/data/com.android.icredit/.jiagu/libjiagu.soFilesize
496KB
MD5f07656a2f51ecb23edc102003c32b764
SHA13ef18f74b609313887b9e825c56a54b5a9eef20e
SHA256f6847402ab69102f8495aac58b9beddde9a71dc52470c5de17e382eec2a6b913
SHA51234b337d2cf98ec3009f80ff299e43984a1c911e5f9eb5942a915915cb7b5b591ffc9f1b79a7989534c2583a703a3f0857e74be68cdd71388f68d5bef354f7238
-
/data/data/com.android.icredit/.jiagu/tmp.dexFilesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
/data/data/com.android.icredit/databases/MessageStore.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.android.icredit/databases/MessageStore.db-journalFilesize
512B
MD599dd22332bd046a37956ecb6f989ed69
SHA102bd5c2d76df389cb2326e0d341c152053799768
SHA256aece2f1596525562bcfb080fe5098b2803057d002f027e01a70ef785c7bf7cd0
SHA512a5a15fb468bda6089e22f4d725787b4254cf084d82845f447360c05d2b31130375dc0926a62a71cf9d1fd0cbed2915a3ea1f395080c9e5f329c33cb7d0e3b896
-
/data/data/com.android.icredit/databases/MessageStore.db-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/com.android.icredit/databases/MessageStore.db-walFilesize
48KB
MD5e9cfc5a4172187a0a9a1fad64510a8a6
SHA13e86e8ba0b564a75418ee123dee0b47654b9f35b
SHA256bc0343abe1a10238d8a17e2b5fe0eb31a626e213d57bf52fc627761c755bc285
SHA5120a25932ce9b08087cdce16acfa13289f2b5146ec31e4f7a53a0addef35cef38db473e088e84fb266273a4dc5fbaf7f6d8d2da5f88ef1f59c9f6971435282f751
-
/data/data/com.android.icredit/databases/MsgLogStore.db-journalFilesize
512B
MD58aad51f05b99225bf9268793343d55ae
SHA16743754ec8e95d23acc2a26b07fb67becd023b53
SHA2567a62564ef645cf56138b28dfadc94ea659f098d5ec3341b023cd1a2fe6dae78e
SHA512e0ad1df55f05316062c692d55f5214eafc7d915b20be5fe24b3f812fd377246f8f4c752acaf6c45c43310ec1879bb6423320cdd2a929a9b2b5d2e196eca50ab0
-
/data/data/com.android.icredit/databases/MsgLogStore.db-walFilesize
68KB
MD5f7bd18dfa4a998a5ff530b1438151a99
SHA18eb5e6222152fe5747f9c5aa9e5536d115a96b36
SHA256250bf08224e2e7cadcc6ddd1ae4e7d481ce2dfe6bbcefbb7fea4d703b8ab95f9
SHA5122660b810a778af6537ab4f3b409054fd1ba0c19082731dbcb19780e1d23d7a8e0aca6491b3b355320c8f2899172d5da61dd1ed112e175c5852ae902d8ef81f5e
-
/data/data/com.android.icredit/databases/accs.db-journalFilesize
512B
MD5389855fb6add7aea77583ff09fc35694
SHA1b107c472ba3f8c66cf78ee42fbe4cb5963f0944e
SHA2563eb52f14ac2c64dd75ac03dc1f9e44b54519ce411e8447ab586e40c2e695ae68
SHA5120de93dd864958c164d381e510d27e56bb7b0127f836c020e88bcf101c6201daa6f903d8bd0367b4eb98b9dd1616825002ff31990e7fe98cc514db51d1c172388
-
/data/data/com.android.icredit/databases/accs.db-walFilesize
32KB
MD553ea9bb753501714c28a7e78163b974e
SHA144c0fffdefdd9f06cac873515221a1e444c26893
SHA2560515abd756528f3ffe2947ddb599c208f9010e24b91623258320189e3eaaddfd
SHA51299cf48e1c49d00f4d768d9a01c5f4e6968188db52ddd9514c362d8cce6db909ec2493ccf1d11ae8f82b8f65bf129572a990b1560598006902954ad3839a67da3
-
/data/data/com.android.icredit/files/.jglogs/.jg.acFilesize
32B
MD55dd6d71784d0efcf0d815166b441b2b7
SHA165ce33eb84f487330a8ed612b25cf7db71162f10
SHA2568fc6477965ee970b4f7bdeaf712f91cfd6541d9549b9c556441a5d2ff56df2a5
SHA5126beea13c569b5bf1515e843725088c10deb4a212e7e2b644d0c952222960e40f83aa2807909c0bd996a8ee344d0649f82816a5d063f1466504c5827c699decb9
-
/data/data/com.android.icredit/files/.jglogs/.jg.diFilesize
340B
MD5ec63527ef55a93cc10d5c8a8838d79cf
SHA1c143ae45e137ecc09166876d3aeec475717ebc64
SHA25600369cca03d0c606b9f7f4e116cf91a36861bba64fe4535e12817620cadd35e7
SHA51274a68fa0c88ac96796ac8d813fcb227859810d54782995e182bfb6316150d35d0334af931dec1df4b311f243f100b9a5cb79eb1dedfae43d2389928f03641c33
-
/data/data/com.android.icredit/files/.jglogs/.jg.icFilesize
32B
MD5cbb6306ff58511563c64a72473b7bfdb
SHA11128c055f7a8ab06caba5d848e7a395b9c2d44df
SHA256952a538a684c995254dc99add9469e5ffe61db5fac432b8ddd419b1eada61f71
SHA512c2957f7b41121a127fbf171a65309b840e5821a09b2435d9085d4924ae2bddfdda4558512e6cb5848db1ed6dad735e673a01ea9a473bbcd2471aabcf2fa2f3d8
-
/data/data/com.android.icredit/files/.jglogs/.jg.liFilesize
100B
MD568355f7003a35a9f6af8b19804ef0e02
SHA1189f8e0a7ba9278061d35a95c70d6555c4e1d9e5
SHA2561640fd579fbee1af3a97e9b8a5f044f182454e6ae5753b3e97a837437e25c840
SHA5129956f6df26657ad37a1c9eea4ad83f68fdf1614f5b7b062adec70eb5fc56fccf6c31fdb76b946599a77c2d0453e996999cfa21076352553a1b18b36203ddb114
-
/data/data/com.android.icredit/files/.jglogs/.jg.rdFilesize
73B
MD59a9b5ae857a5f6be9ace9e329d0281af
SHA1cdb817f5bfecf28858805546d7e7319a2d7c1536
SHA256aebf629f0e2f1bab16bbfaaa3d7b9be2cca9ce3ce9bc2f76c8eb529a06dbe88e
SHA5123f6c4bd4250f43df02d16e95b609b88012da925150c3b50bdeed59d73d47c7167256a601c8c47ee7ed47cf81894b838e06dbbd8efdaf89caeeee0b32c0c4de98
-
/data/data/com.android.icredit/files/.jglogs/.jg.riFilesize
314B
MD5b6e27f6aed53629f0464b45e3ddd347f
SHA1eb9591a9760a123da6d14d30f8c457cc27738883
SHA256235714118027731cd9de70771a706c1f9979803ada96004d239a22c9772f9a9e
SHA512cc884fb6ed7910e0a8f093270d90278f959fc15367d4b96b2997ab4c9cfbb6ebbce0c6f4249e2289a6ef49d05d1efa6e5b61ea3c7f31b0fb24ff8ab164093435
-
/data/data/com.android.icredit/files/.jiagu.lockFilesize
27B
MD5bac3e8c6e65d8429ab91935a740d0aec
SHA11d2a7c0a25c974fd165d78051329512040e6eb19
SHA25674f0c56e0c4334834ab4545ca8618dfd43d3c84c9c728f01629206386a6ec488
SHA51238bdffc53ebe4e85571ab43ef5e8fe2623c3b0e23f0bb7705f9411061dff4ac61d5d37e07fdf7ad9c38138b71ddbdc2c6eaa17a598d7d19ced384955ae23aa5a
-
/data/data/com.android.icredit/files/libcuid.soFilesize
129B
MD547d5c67e2d94d70c086dd84f28072634
SHA1c8341eff4d2f648c69f08111594b47c82d9efe01
SHA256db1eda98a2986a4b473ee419f6371368198b8779c4fbead8302e0432bb6b57b3
SHA512723dc58a0e3f088e456d6a02188c044131fcfed1fd69bf75ac6ae7d507452afc54698886d559e77bb2dd16d3e98166d21dd988258642856372215c3ce2092c0b
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD52d0559dac826766c583af5bf09af968e
SHA136da2d2fb1296c0e09cce847089c689f54c0d25b
SHA25661c9fcef91004fffaf76129125c68472b206fd6ca02adde698d45668c82fb980
SHA512d8b474ab9fff6fb98f49deaa073b0af54930a75ba25af265dc1e39baa59ad6926f2764ab0f4692b46a60a384e46d7f1a8529ba14d6b9c075fef83df99eee5dea
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD5b8961c61a5c0ef058fe145ec2da5e96a
SHA1fefe24f5308c5269dac21aecad182f4af8d92e43
SHA256b7a1786722647d96af1255a30a52c6a834ad9f041ed554c29f43936a95835cf1
SHA512564d57a5600716bda81c1c2b7d71bf566e8137bec05a157f6b8b0a9865b164b57847440a6b1bbe66a9e2c8d4f8892df98daad3cfae05d306e44f6135e1b35db8
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD5fe5b8d1b3ef8fcdf07d79bd230b05110
SHA16cf3f45edfeccb0c47db5341121074b3ce1c2eec
SHA2567713297f9a1be2dd8e05495ce40552830cc2476a5b089dbd1ac40c4958eba16a
SHA5121caeb5543c93ad4112b7f04fdc0b81b98d7dbd529b5b319bb30f7808ce8c81a5b8b0c1ea778e9055f1feaf28b6a6332ebb341e499bb7fc9336f67991cb5f3a4e
-
/storage/emulated/0/360/.deviceIdFilesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
/storage/emulated/0/360/.iddataFilesize
32B
MD5e681ea5f1a4bb7fc40a43315d304af1a
SHA1d377eb36544118b7d7392641e3871071b3e2c730
SHA25684bfe02647f3006f9a422ead9452c70636224e843c21e560860943f65fd16c58
SHA51284534e718036d7a1260872bdbc8229f7b8da97bf55f006c1d8d4b2bcff944309eba01874de56d5b7ba597d3b8781df2b1570fac29190957dc6fa3fcdf5e91559