fe175a48ef81b6189c0d17e677205d5251d708ed1d7e43420914b03dc8c238a0

Analysis

max time kernel
6s
max time network
150s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
26/05/2024, 11:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7544bdf61d4d9c1331fcaa839c7509ae_JaffaCakes118.apk
Size

28.6MB
MD5

7544bdf61d4d9c1331fcaa839c7509ae
SHA1

a60d7a960dfb586c39f46dc98dacb4f9f71bf4ea
SHA256

fe175a48ef81b6189c0d17e677205d5251d708ed1d7e43420914b03dc8c238a0
SHA512

cc90237b2c54a680de917b5ffe73ac7fa9be1408e83c6f8dac2a33a0bcb934503cce581b4eeb052df52cdf9d3b5a41da0842446d32b86711e0e6d0883fe8232e
SSDEEP

393216:sgw9gx6zCjYKV9NqIV9LazGaHk4k4tYiT7jsWrw4JKTfZRZSnuyxUdT3ofRMiCep:uga4fGHkAgfdwuyxS3osed4cuACzUl

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.mell.iceracing.elm/.jiagu/classes.dex	4293	com.mell.iceracing.elm
/data/data/com.mell.iceracing.elm/.jiagu/tmp.dex	4293	com.mell.iceracing.elm
/data/data/com.mell.iceracing.elm/.jiagu/tmp.dex	4322	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.mell.iceracing.elm/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.mell.iceracing.elm/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.mell.iceracing.elm/.jiagu/tmp.dex	4293	com.mell.iceracing.elm

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mell.iceracing.elm

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mell.iceracing.elm

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mell.iceracing.elm

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mell.iceracing.elm

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
12	raw.githubusercontent.com
13	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
9	ip-api.com

com.mell.iceracing.elm
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4293
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.mell.iceracing.elm/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.mell.iceracing.elm/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4322

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mell.iceracing.elm/.jiagu/classes.dex

Filesize
3.1MB

MD5
d2762a5ba9bd85c78b2f3751066d0888

SHA1
58dbc2b0370c7e2eb967de6a58ab255b256da5e2

SHA256
f0c8a9ffbfdc21e88e4786276b7c7b7d79f38d99b842977d81a77faf31f7060c

SHA512
1557fd5fd6c1098aee804c9bb85eb2b7d85e9926b4d259f4d029c7e8964832f07f0f7ceae81566fd36bea6a77df432ba8c31ecc34978c9f0a35fc8aad92a44ec

Download Submit
/data/data/com.mell.iceracing.elm/.jiagu/libjiagu.so

Filesize
496KB

MD5
f07656a2f51ecb23edc102003c32b764

SHA1
3ef18f74b609313887b9e825c56a54b5a9eef20e

SHA256
f6847402ab69102f8495aac58b9beddde9a71dc52470c5de17e382eec2a6b913

SHA512
34b337d2cf98ec3009f80ff299e43984a1c911e5f9eb5942a915915cb7b5b591ffc9f1b79a7989534c2583a703a3f0857e74be68cdd71388f68d5bef354f7238

Download Submit
/data/data/com.mell.iceracing.elm/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.mell.iceracing.elm/app_mimo/mimo_asset.apk

Filesize
68KB

MD5
3adc7084cf4c5024710bb25e1ba5020b

SHA1
060ba20d0b5c7ae6d632d95d985ebffb72395b8f

SHA256
76a29d8e7892220478596e90fd9852b82806bb4810a9658e2c48df3a03c3a45a

SHA512
615bad17026828108a51537b667a86a765fbc2a226e32f62358a1ea2d7ab2b9259ccb199219ff097cf561c5bee22dce0401ecb1da007269614f9e8d1b5b28a6f

Download Submit
/data/data/com.mell.iceracing.elm/files/.jglogs/.jg.ac

Filesize
32B

MD5
980655ba0c8aaef555794fe8839e23a0

SHA1
3f91b690a35f679fd5ccca5cbbe0f0b9f292ad75

SHA256
e47f325d155caf97e519ca57307757a6a993700ceec086e9b6bf104aca0cf9c6

SHA512
bcd49b447939cfaa897e3f95b4d970c468b464dfaa6f977ceb5500324eeee9a67e29fe09f271c679c766c076e4050c54e0ff460771ec166c801183243304692b

Download Submit
/data/data/com.mell.iceracing.elm/files/.jglogs/.jg.di

Filesize
340B

MD5
afc2b9848ed37356c028d6314fdc0b46

SHA1
9d7fd0ecfe34cc785e8bc96103c508d98e0f5346

SHA256
1f2649786930b01e121f3dfa097f630c628c6822cef150d1e48ea42dccfcfcd2

SHA512
0734783346e952d0cb520d79d79504fc5b047728cc2f23c3e7ba65189f7c2376e70f3ca36763b883cb114808929c4e4ec6f522b9ee07454fc30be79a5d21820f

Download Submit
/data/data/com.mell.iceracing.elm/files/.jglogs/.jg.ic

Filesize
32B

MD5
9805e9d673b055d3518a9fd9004af211

SHA1
02a08d27e3f250f0fed2c516fa36a36ab9fd27ef

SHA256
84b6d6426c5c8ecf417d2069a320fd07bd9258922783455ecbc5e2948d279307

SHA512
c2251696866e3abb5b8360e5f1ef75877fdcd611cabd96f1c3cd758228bc9bbbaffcb4bccb3b1e4bfd516ed1846d7071c0d175d465d1425a9f9e0cfafe20feb7

Download Submit
/data/data/com.mell.iceracing.elm/files/.jglogs/.jg.li

Filesize
100B

MD5
3e236bb4c350173cbb00cc7c039bce44

SHA1
1cd943e3472c522282605d39534cf4ab541601c7

SHA256
b19d369e2b76c38e0144b3d87788c08f0866b7881697d293dff8aabfd404c48e

SHA512
81c9ef37a959a75aba482b461bc0952f742c96afa7fd16ca99cae6f663c1f9daf8e0518bcd77f1e269ec4803613fe52c4d2ac5ab996ea44414201a919a389d7a

Download Submit
/data/data/com.mell.iceracing.elm/files/.jglogs/.jg.rd

Filesize
73B

MD5
14d56c9bad33bf9fa188163a3855af84

SHA1
6133bdd78f152076e7a7276ceecc340004929e58

SHA256
8510fae04068dd02f6bbf63026eef4fcea85b4bf80b4268e9a66bf865064eccd

SHA512
cb2f85ea3407c83d67c11d0b01e08c084db25010106486db25a98e581f352a3d2012d5678ebc53c2896dfd2462547445f52fb39f2fe5a741d0de8552cee9150b

Download Submit
/data/data/com.mell.iceracing.elm/files/.jglogs/.jg.ri

Filesize
314B

MD5
b08a4a50e9e417734ac6deef949087a6

SHA1
12a1c8147509604c297ff8bb12e37711b1884320

SHA256
678da9117e96269f14dbfdce20056b9ca7b3622930c87fc711b51b66a2041b96

SHA512
1d600ae5c84baf1a0993b885672ddd8e342a5b76aa754302ce762aa45c3006a8e2534779809c5a6f2e7e2fb1ee1709f8dc8423038e91652b1a994bf99b7edabe

Download Submit
/data/data/com.mell.iceracing.elm/files/.jiagu.lock

Filesize
27B

MD5
e06859dcda77d38ecfd16eb2c00d5839

SHA1
4fad57ea5b32216dd92d26ef1e62f166055af1fb

SHA256
efec99cae5fe4498fc7bb719abc76a421275b23f479350913d56bd8e6a4eb1a6

SHA512
6a7462b9c251a41677ba6b5f65e055be4aeccc60df2a4a27915fccdbf17d4677d3f99d8604e309557db5ae2d8c032004629258b9db0800ed59df4b290b8bf216

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
06cdf8f5c71e93bcab1bf2b2da837654

SHA1
29bd5a880f44d7512388bcef4dc4ee37f64b4d9e

SHA256
4edcea9340ffaad4a3c2b7347dc5cd607ef2504fdce87fb99d4110c5aa833289

SHA512
f6a984f140a4f24a38f1e209c2632e6a2082c8b902cf3ee55b8a772ba6a714a131ad5d4b75b3da03e2276ef67037763ac2f218abcd59ab897fd44e3b03814520

Download Submit
/storage/emulated/0/save_data/com.mell.iceracing.elm/.jiagu/oat/x86/tmp.odex

Filesize
16KB

MD5
646f1a0e8f1cbf3dec6c7d553d39d085

SHA1
f7b97103d62a8cdd6748c12995bcc1a1d81fb164

SHA256
fd0f872186d8cec720f6010467bd0c000587603d2debc1c5dccc75b75660d967

SHA512
102b995ccdad95d97f86d4b8d0c6c3960cd7649022b4d8e08dd7a944c4524c42e8d0298a1718a6aad1c68f603c107575d12bb6d76b1142532e9d7c2599a541e0

Download Submit
/storage/emulated/0/save_data/com.mell.iceracing.elm/.jiagu/oat/x86/tmp.vdex

Filesize
340B

MD5
c5d40bc64b9b3c2ba0dfbcfa6b04108f

SHA1
21bde60a1c8123743aacd6876882eac00b254f3d

SHA256
81709a472f663b31ad554d377e5182219668bf02b2c4444fcdf26adde7142721

SHA512
49e0dee8e65eb213c7b3c2b4b2e00f78714d3cc6742e613ad856e8b8e00867e743da758f3f8e35a2ebd6fc6f9e031c5a0039c5330eb5f196f0ba193f76e4b42b

Download Submit
/storage/emulated/0/save_data/com.mell.iceracing.elm/files/.jglogs/.jg.di

Filesize
340B

MD5
ae5a9cad584ef4b742cafe882c4cb77e

SHA1
2d9bfb37a43ca2cc0bed09413fe757ecee747365

SHA256
5bf557785cc1cfc0422d2b0f91bb5dce1a761aef03c576de0b933ee25321ef1e

SHA512
bbeb1c60c47b17333611e83fd850e3123d0fd7b17722a1c919fc0c02196ba3f8e91bfe6b540bb2477a684dcbc4d70c02701e166d62ac2c21166b4da7cc5d8c1a

Download Submit
/storage/emulated/0/save_data/com.mell.iceracing.elm/files/.jglogs/.jg.ri

Filesize
314B

MD5
e0e8d67287971bdb797c45fe20c5471d

SHA1
a39331e5544ad7d4d70a4d38a2abbff49c3d16a9

SHA256
79d9bcd73f13bea4eafe700c61ff1de23c4e2627230012409fc627c50dbc04ba

SHA512
9c9167f6e759ac0b3c56d1803d6e62e956d360feab192564007f74a9a1932e6c436b33602ebf077a3b5faaf096dd1fb51e5f07da9a24b08087202ff9a6b0b93e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads