Analysis
-
max time kernel
85s -
max time network
187s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
29-05-2024 09:41
Static task
static1
Behavioral task
behavioral1
Sample
804bce7ec47089e1bc88a79f8a1ac154_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
804bce7ec47089e1bc88a79f8a1ac154_JaffaCakes118.apk
-
Size
25.7MB
-
MD5
804bce7ec47089e1bc88a79f8a1ac154
-
SHA1
f805968436c17fe9099a41dbf3bb5519998cc162
-
SHA256
10c0ce8254fc042884ef5b14cef1bbc917fe70ea5bf90d8a703546380597b5f3
-
SHA512
9343d48132b9c993072af925b9fee58ec035ccdd55d50c6c82416378de46a075d78463023dcee2afb0bf3b60a878adf3df491f3e7dc681bd62b482c5309babc8
-
SSDEEP
786432:+YUPqoVuhQ2sbnm6UcJyfsF5FXf+VnYQk92HdWGBR:eQhQ2sbnmtf4bXmVnm9GR
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo net.imaibo.android.phone -
Loads dropped Dex/Jar 1 TTPs 14 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/net.imaibo.android.phone/.jiagu/classes.dex 4307 net.imaibo.android.phone /data/data/net.imaibo.android.phone/.jiagu/classes.dex!classes2.dex 4307 net.imaibo.android.phone /data/data/net.imaibo.android.phone/.jiagu/classes.dex!classes3.dex 4307 net.imaibo.android.phone /data/data/net.imaibo.android.phone/.jiagu/classes.dex 4494 net.imaibo.android.phone:core /data/data/net.imaibo.android.phone/.jiagu/classes.dex 4601 net.imaibo.android.phone:QALSERVICE /data/data/net.imaibo.android.phone/.jiagu/classes.dex!classes2.dex 4494 net.imaibo.android.phone:core /data/data/net.imaibo.android.phone/.jiagu/classes.dex 4635 net.imaibo.android.phone:push /data/data/net.imaibo.android.phone/.jiagu/classes.dex!classes3.dex 4494 net.imaibo.android.phone:core /data/data/net.imaibo.android.phone/.jiagu/classes.dex!classes2.dex 4601 net.imaibo.android.phone:QALSERVICE /data/data/net.imaibo.android.phone/.jiagu/classes.dex!classes2.dex 4635 net.imaibo.android.phone:push /data/data/net.imaibo.android.phone/.jiagu/classes.dex!classes3.dex 4601 net.imaibo.android.phone:QALSERVICE /data/data/net.imaibo.android.phone/.jiagu/classes.dex 4928 net.imaibo.android.phone:channel /data/data/net.imaibo.android.phone/.jiagu/classes.dex!classes2.dex 4928 net.imaibo.android.phone:channel /data/data/net.imaibo.android.phone/.jiagu/classes.dex!classes3.dex 4928 net.imaibo.android.phone:channel -
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses net.imaibo.android.phone:QALSERVICE Framework service call android.app.IActivityManager.getRunningAppProcesses net.imaibo.android.phone:channel Framework service call android.app.IActivityManager.getRunningAppProcesses net.imaibo.android.phone Framework service call android.app.IActivityManager.getRunningAppProcesses net.imaibo.android.phone:core -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo net.imaibo.android.phone Framework service call android.net.wifi.IWifiManager.getConnectionInfo net.imaibo.android.phone:QALSERVICE -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver net.imaibo.android.phone Framework service call android.app.IActivityManager.registerReceiver net.imaibo.android.phone:core Framework service call android.app.IActivityManager.registerReceiver net.imaibo.android.phone:QALSERVICE Framework service call android.app.IActivityManager.registerReceiver net.imaibo.android.phone:channel -
Checks if the internet connection is available 1 TTPs 4 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo net.imaibo.android.phone Framework service call android.net.IConnectivityManager.getActiveNetworkInfo net.imaibo.android.phone:core Framework service call android.net.IConnectivityManager.getActiveNetworkInfo net.imaibo.android.phone:QALSERVICE Framework service call android.net.IConnectivityManager.getActiveNetworkInfo net.imaibo.android.phone:channel -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule net.imaibo.android.phone:channel -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener net.imaibo.android.phone -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal net.imaibo.android.phone Framework API call javax.crypto.Cipher.doFinal net.imaibo.android.phone:QALSERVICE Framework API call javax.crypto.Cipher.doFinal net.imaibo.android.phone:channel
Processes
-
net.imaibo.android.phone1⤵
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4307 -
chmod 755 /data/data/net.imaibo.android.phone/.jiagu/libjiagu.so2⤵PID:4382
-
-
net.imaibo.android.phone:core1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4494
-
net.imaibo.android.phone:QALSERVICE1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4601
-
net.imaibo.android.phone:push1⤵
- Loads dropped Dex/Jar
PID:4635
-
net.imaibo.android.phone:channel1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4928 -
/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/net.imaibo.android.phone/.jiagu/classes.dex --dex-file=/data/data/net.imaibo.android.phone/.jiagu/classes.dex!classes2.dex --dex-file=/data/data/net.imaibo.android.phone/.jiagu/classes.dex!classes3.dex --oat-file=/data/data/net.imaibo.android.phone/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed2⤵PID:5053
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8.0MB
MD56d3537ae1fb8d9f436889648af0010d6
SHA130f88b46908b56a0cc521afb5541740a40eaeafb
SHA25600722c211e125600ddea97f1c0ba0cfeb31e6088dd2ba73b5ccae53a0c455931
SHA512dff92059cd9c1b48f114f8647c439fbfca6198876eb286178755622b03f5d59134ffb92e88897c4a450b817f4373b80589144bbb2a7713a91f45892b93ace380
-
Filesize
5.5MB
MD5a67d1a1827ebe68383398c82a7a8d429
SHA16130607495c1e5ba080a6586e68df1e1cfbbcc4b
SHA256cc1f0b4a890a4e5fead0c108e909152ea45c48dba5e56d4fec925b310e9d6140
SHA512705160ade669c56b30a626dceacc958a07c9bee21420c0bc05cf82d2008371dc52690d1d7bb69ba5ddf9fe5fad0dce93f0dfd94aa3265ac54d458a384b7c96c5
-
Filesize
5.6MB
MD5684213a89b9b903fc1d8b4d675a6f727
SHA1538c4f361d006aca1dddc196b623a136410d6f1a
SHA2567b393c0a29d72c28b84bd47b4f68dc67c89faf0cd4ce74e35cf32c9148e452d1
SHA5124bfa5325993038a2d4f300fa031d92fa544ad9064f042922d64ec8607bf9b93c942c03c868fec7337bd3d2192402da0e536da1e14224a20ffa6784a288f668a8
-
Filesize
5.6MB
MD5b24a7201d8ec4a8351458f83a69fe87f
SHA13ce1727f6d566b655d4711df7dd54f3701142947
SHA256a8eab6452a32cfbd7d26aa111aa4282839be5e6bd873d414e2d8f256c4db1366
SHA51292b8f16b650cc37715ca9e65d5bc176d9c68f4648064360c1f977be7f1831ba4747bd13ad6c631cf7a440022fc174dea6bf98b22af4ff6517391f75284114e9e
-
Filesize
455KB
MD5f8533948682cd389cfadc8489e567196
SHA17f84423f8bd797e8003b1055e5fac6f057d75e66
SHA25671b6b7bd7a3c04a88306fc7d174d36d664918e80adf6d6a288bd595c2538418d
SHA512bf0b424a486416fbeead0f74d5f17c90a63222ea2e9ea55e0df4ed5727358c6fa3e67c2557a9701fbc55ebf5e8efc7d6fb68750d1ab0cb5581b7c2e3f731fbc6
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5a0383c90f712ce232c31125dada9becf
SHA1d22e2fdbee0a186a4cc75c7b4907c22ac005abd9
SHA2567e35829d68f65dac9fc49e9d8a50b8df3098a638983e4e14d1c4f9bb0b7d70f6
SHA5128c903305baf7e9f06eeb4f2150e568fa6f3a1d10e4090b7857b720f9c77e93d8a7c01d44bfdc075d5266afd05582b49f4c079c4576eaeb61e24f839f416f58e6
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
56KB
MD530c24c31e01c27e8d470be99590dc43d
SHA1e8e980a97cdc226b6e1338373031d5d5dbdcd60d
SHA2560de88fd25850e5a71ecc7f36d10b7fb7d7a5c43c179745d686b6b72a9bef3dbf
SHA512e47ad8fc0396aaa04c59f5cdf1133e0a0d930fc77ade98f1867c87b7ba06b7c5214f1f353907b519de77a6160bf718b0eae8c174fe06db4a0cc73391bce4f931
-
Filesize
512B
MD5110ca25e2499c60df8f0c990148f266b
SHA1eb6045b59ae3173cdb4cee993bc9cce0d0fbc458
SHA2565358e4633a1b72fc6c7a01cb49eee4aca54cdc7a657aab40f9f5fe0f526063ee
SHA512a1b1a3419c640cd48d1c9c8486c416b3957c8d427fd5fb9dedc63eb1c4e3ea0dc2b1d56ccde915fc785e00c575c2dd927478e6a40258893bd557bf4b35deb98a
-
Filesize
68KB
MD5ad6b2b3f8586baa0a5c8fd5cb8f5aa0b
SHA1d75a06f5fa84a1e4e211d3668c0a2dbef1fb3e07
SHA256747923c9201d32a17e2b060543d49596b33a38de9eed3774e1264dfeb3379711
SHA51210ad3cb453e6fbc4b4e8fadcdc6790a716417674b57933a18886245b57d05ccd730e9c71077ca058e69f3265850ef9c1c37bde51dda259ba9b0d48278e59ff74
-
Filesize
512B
MD5e3f8d1e4cf94e879e3112d91a27f2078
SHA18191f60f8ddc37278318f4333460e527741928dd
SHA256b098082b1ed122e5f0471e8dc49d29955e422218b19a66d9099002e67b260866
SHA5129dc2709405438dea036661cd4cc1e8e81274f35043de91d61fe28a71ac88c59648762223d69344fb954df6ede8d2dd4358e3e5fa4d10c7107c033e6c73d14bc6
-
Filesize
32KB
MD5a6667d909f6741fa8daaecb7d396043b
SHA1da79725944048cea2c9e104dda75bd07c84b9e68
SHA25606173cdfba06cf202da8bf45e4b6be4e5ec01802c017cdd9dd1d289964aa102a
SHA5125f35d06cc109d93c5c4b4333627d346bb55e2ee7381123510ce57d83dc58fbba7cc1dd3a68ef61aa93e2cc42add3a92fec40d6699adec30ef36536746197c21e
-
Filesize
48KB
MD5a33f4b3537fa4e05acd719949844641c
SHA1150e4f8c52659afa200e964057702ed2aa03acd9
SHA256599fb2a078f1669835bc2352320618e6a270dbf8054d578cb13e93de46304fd1
SHA512cd3c173f20b2b066cb65d064c2a3fa81ac7ad28de47745b84741ce35293ebfe2c5b823799404ce08b43f190841d9da0edfd840350ae0566e4d461a19460da483
-
Filesize
376B
MD5cafc5d8c4fa891c8b9a31d3425528e1a
SHA1157a3f48edb0955fa9484c1d5f2e95564c75a480
SHA2568dd84870e97643b72cc11261fd3e2bfdcc0b42091d53e7d22b7d4bd4f56a51d7
SHA5120f487cf2f70dffc9db0552da16da38ababc541bf096758d7c26fb436007f9ed1afe4a8729772fd0cf40114b701d32b28a93017d23aca302f6c8548a977b64516
-
Filesize
32KB
MD53c5a7f4f95912b3876e9a2bfdf040faf
SHA1b749a4ea45e848ea95b2fa4913aaa505212ad456
SHA25605481fdf3087ae33aba478f5e4d98908551f33a7824fce937b0ef0609695310c
SHA512d4c7ee58d6b0beb722babf0a95a6218b0c9342f1bfc0ef8a5687ced7293e179e54a3d9afdeb0a0ef1a422b9a1106ff63b75249fc90c23b13558a4f0812d39202
-
Filesize
36KB
MD5486e2bac2b3e9e1cb411d2838a4854bd
SHA181dd0a7537f4af319b830ae834908986be85da8b
SHA2565644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681
-
Filesize
512B
MD5a556c065746a8adec57593f4574364dc
SHA1c9eb25cda0e78d7d6e780d3bb80dea99952dc0bb
SHA256c0c4892354ae32dbe49d35b393419cb4108260c26a9c65962fc3a0236e31798a
SHA51261e5e67a81970e066eb356b267e589e069cd3a9ff2a9e40cabb56dcfe00c1e907002f7b9ff9d64e031d08fd43371636f6f455b9b821162be4e8cbb806115859a
-
Filesize
101B
MD5066a63d682109f43bad70c8d28c5f583
SHA138a7305a979825b4eb3f846b2698989e3d5e2df6
SHA256901c7fc0f519a57c6be44a4ca7441a8b4a89587bf04346627838c69c0e5c9007
SHA5123d1bb8febcd53d6adcea21755523da6e9d4ba2f1dd5fbb2a95d747858df9d62d48a0147c220c5da43dc4c56aa8a37e0feb27c4ddedbcf290a76057772688c06b
-
Filesize
213B
MD572b10dbb0787613f1669f9148dfb7913
SHA1d8b3f5f1aff18b900bac333448bcb15edf1a628f
SHA2567758f87cb7523f5ebadc80bd73921d1b931f9418de6ee89c765ab74eca53233b
SHA512c39e2f0e503f78da37bb9ddf6ab700067e5706a3286d7a4e8046245e1c6e32cb99895bb8cd600bd8c14cdcf713695cc57a584dbb8e734f313f642e10f1506601
-
Filesize
111B
MD57f29dc580c3eaf2f113e68caea43b369
SHA1fd184721a3b94ddd8db93de38094b6cb4a6a1c59
SHA256cf3033b8c1fb483ccf88125314b5cb467c48ee9c1f88e0d783174b0f2cc094ac
SHA51217cb3871c6564a98cf0a96754a86a203878247ba95277e268a82cea7fb091ec36908f4b9f2b8137538237fd7687fb2e360ff862a3a124ad5eeadf9eb0820ec15
-
Filesize
213B
MD5b69a60cc1671fdae8b6b2b85280f7433
SHA1068d0a864f2c3e0aed54c39b70c83e4acd331c85
SHA25695b62c10ec5d894aba9af1fc3ab4632403e5fd7f38254f653e0a6444d6b88b68
SHA512cd8a11b17ac1ddde53c9c41af630efde239fe6c2c1675656c1728db86417938e4b9fe515e09a4f40330f31ad4ba7b973ce4a9f03a94d0867055d1832b1fd86be
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD5937a5e6a4aacb77b8cf51cb56959bbcc
SHA1f1a038c3934d9dece70cda948d15c09efce16450
SHA25619d71feea94e02f68e2d8d8ff8fcc94c5af4adfaee48ef9e874eba73744ddd94
SHA51254fd24234281f6350880dc84f2b5954273d66a59843d0fa76234f58abcb3891e616619a0d5264cd55930b6d550a5c4a5b85e092799429c3cc07073adfcdb95a9
-
Filesize
167B
MD5de9c714dc6f82892b5b6a0b3741f51dc
SHA1a1c6fe9f3bab9bbdf89dc163810569890a933577
SHA2568b8caf86f7e29c8a34aef683c62b3614dc56001e5234b03718884940f9167fa8
SHA512bfe470e81244d35d413c816205dbd00f2270a52911e213155bb8317161bf9d54d4d177e51cc16ba145db4cfaabd0d9399e60472533658d300037464d1b0c5d95
-
Filesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
Filesize
400B
MD5d3906fb7d52dcdc815755ea6ccf0cc03
SHA12696f302d140ba10696cadcf4274518957660269
SHA256087f4a02f2eb4e22798e823be7a0244ce74d4013a7c68651171dfe4cdc4a78c2
SHA51212d505655ad01edc2fbcf9687dbf0513bee70cfd774a6ab110d76cf621d08dec52f67542519d25e874c3f8f4a5618c8c69cf41b2895e075f3c23f900d60b84e5
-
Filesize
1KB
MD541d2bead492aa551e2084aa8e6258708
SHA1cfcc23b1ec630350a5903e029fda83342029e9a1
SHA2568d50dd61ee45b2f37c92c78a3862f388b2bc3d33e757e650da4e6581509427e0
SHA51249544cc9d10e7f1776a1234ae8c6837ca3993dfe741fdb9fd1cb0b3bbec742fda6ed3079903b2ded57fcba42f957121aec0924f71eca9e2cb73bf7103b70b335