Analysis
-
max time kernel
163s -
max time network
171s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
01-06-2024 03:47
Static task
static1
Behavioral task
behavioral1
Sample
89472a0e2c72bd040ae1324005d35927_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
89472a0e2c72bd040ae1324005d35927_JaffaCakes118.apk
-
Size
31.2MB
-
MD5
89472a0e2c72bd040ae1324005d35927
-
SHA1
ffcd088fc7275dc92eaa8cf6d6d398a27e6746f2
-
SHA256
6bd7e2a5f2d902275d81f0537ea1af67f3ee9ba4f9f324f661120bf41615d60a
-
SHA512
f99f1b67697f8f62cd76102b01913d520c557be821c840cce6de08cdd9665476fad16f0f85b6db678f444b8ada25111ebeb58056b570fb4f11291d0a0d5cf919
-
SSDEEP
786432:VyQMTSBSMK5OOaDSf9q3h/Q+VmYEYAXGmWa:VQTcDKJlIBVXEFrH
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.bennanan.zhaoxiangisaopgwte /system/xbin/su com.bennanan.zhaoxiangisaopgwte -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.bennanan.zhaoxiangisaopgwte -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar 4322 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/oat/x86/17172136652491.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar 4289 com.bennanan.zhaoxiangisaopgwte -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.bennanan.zhaoxiangisaopgwte -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.bennanan.zhaoxiangisaopgwte -
Reads information about phone network operator. 1 TTPs
-
Checks the presence of a debugger
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.bennanan.zhaoxiangisaopgwte
Processes
-
com.bennanan.zhaoxiangisaopgwte1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4289 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/oat/x86/17172136652491.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4322
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD540c8d22e93e466b98e76537bab51ebc4
SHA191d736c20368b903957f8da9e7afc5eedfabfa32
SHA2566ee5bd77b0b3de536386b08f461fb0e715fc8a806b5cd4af94dddff2c3772ea9
SHA5129befe41c17d6d576c013736f84a0fb96ebfe402bc3dcb1857e9a174544e5efec62b747467068f47da2ffe5197b5fb1b2d7c230ee3849dc4823c7391fa55f69fb
-
Filesize
36B
MD5dcd5211d0c9cacceb4bfe330338f0f3f
SHA118839d068040cdbb649ced59cfc445ceecf12d36
SHA256d0146eabc151ad7238154ca0fb4ae681622fbed6f34770a83bef985163c88761
SHA512a91540e9cac6f4739e23a2ae64a7f663008e9431695eb2397827e9083a482fc0831d1af3ba413f20d3930a16e960f50d9da3566d37848fa63cb9d790f968791c
-
Filesize
512B
MD55fd59645e9426770f00400687b6cc674
SHA130b1a97ce22928176a713800674c05a8990de020
SHA256966e369f618e52674392e61e35e987edf6acc7eccf26fba29a7ab28a7716c98a
SHA512df0d820c0f3a8292b8b99152cc895abe64d2391f39dedd08c04e533a68bc09d2486779634e95fa31c8f95d689f7539fee5deafede6868c6865a1830ba5c00434
-
Filesize
32KB
MD539de9890854f864085c1f6bd5341c643
SHA100c06155198a6b98b89cf34372bf15f35a5bbdd7
SHA256bdaf3906f34271fad083d67c4a19d13bdb6a4ec932f9813233a420b4c184e0bf
SHA512fe9a050796797cdcb9d33027e02d7e979136d52021bab4712538a19aea1ecbcfe69ff7fee1d856b445d7fac88b9f4a28d02a3cf61d46295e53a889db4d1f392c
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5a7bb07bc293360b55dd223bd784254fc
SHA14e1e54f9eb01b5d0cfe0b9540d1a5bbb6ade8379
SHA256b55e92813081ce9afcc7bbfd26b2454edd353adc52069666bd00ae86dcd153e0
SHA51256a7671577bdcfceac43a7e617f8447edb2ec9334be2c6b1bc9c2c6e2894648d2fa13f5c13103b9ccc10dab178242ae929f12bd962e5933908ba308ff8f44079
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
72KB
MD53af490016d2dd1c532854ff17e6c8e2a
SHA1bb96c776a938dfc9fdaaf1cebed99b40ccddc1ed
SHA25682f3393879f6e86afaaa5f8577eac9e72a4b092bbf39eb0c5975bc7cf77eb413
SHA512267b812c0ad45918e2e1a5b2141f470480b5128fbc8ac3d4fd08d2c4d19342c91faa12764f217beb7b5d097fbba1a4f915b6fc590ab6acef27de2352921550e8
-
/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E20303-0001-10C1-D268CCDF0DACBeginSession.cls_temp
Filesize78B
MD503912ae14a454d49890dc194fd88a7f9
SHA1f886ad53bf5bb39e35a44fef9831cb3326428a76
SHA25649bf6848d7cd9dc348099a40d2994c07068e9d6de284121e27c8e36aea8baada
SHA512d05c51a6ed4de07cb24bf75fdd0db9c1c80f9b96f544747c1ecc29b61d91d5a0eab87916b4dc2aaa7936799cb684943fa491eb255ef016041304d3b61c5bfc8b
-
/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E20303-0001-10C1-D268CCDF0DACSessionApp.cls_temp
Filesize131B
MD5cc0638182849845c6a96eae65dda0d76
SHA15064240f4a299352c0b8e7f32125f643790bab88
SHA25642f355907b85b48f0ff3a4644145c3616b5b42083212651c0a96a336ec8c1e9d
SHA51220d0d84c1a4551c67538720fa2c60d49b71a546ce885b61d5b4a257703e5cdb7900c8a3e3fe158b30c59a3385a6d2d8b2edebdb3ac65bcb6673554d3196a1ac5
-
/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E20303-0001-10C1-D268CCDF0DACSessionDevice.cls_temp
Filesize101B
MD5930f4ac7f18324403553702956d08690
SHA1062dfa8ae725a0d6c433b6a73c7dea171726bfd1
SHA2568953accee02c4aa78e33921e46cb8dbe884f0ee1bfafc4eac0d367ae2d44b220
SHA512a58cdfe55de8334f76b2023ff5c8d676611c2059cf264bf9b59e4aedce3237a8107f7cc6d284614badaffc829c98ab0566384104b5cfb27af792a028753198bf
-
/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E20303-0001-10C1-D268CCDF0DACSessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap
Filesize369B
MD579c642a6b0afe86b6001d2ca55d007ef
SHA1555af9c517216aa5afa423f289e74f6bddfd36f7
SHA256cf2446c04c5c06e81bfc5cf47ec45be3e119bf66b7bf457ae82aa6c1bc9ad10e
SHA512e9f5d324171befaa1e84baed1ff66e0f4d622bcbdcaa4981325754819a06d811e83fab545bef31fab068fdc37aa2ad540358707f4fae84b71907576bc7bc5394
-
/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap
Filesize2KB
MD5a4680624109e2e339e786e28f9b014b8
SHA16822c7f7964ed39f39367ee3276baf645d85e5d4
SHA256e1c45527dd2c886a0fe40be89fd34a3c9897680f63a9d1d84c681cfaa2831fb4
SHA512aca5cfe751195b11990c1409e94683a776fbe62ab6b8e98588f17c606c77099761680021a279bd3f617ff13eb5f800f7e71a5dcd800a94790bd819eb0ab8a51b
-
/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics_to_send/sa_b2ee6df5-8fa1-4d0a-901d-1cb7f7967d1e_1717213667131.tap
Filesize308B
MD5f3399eac7ac279fa6f7a7dcbb02e63f0
SHA143f22a4922084f28b8f561ebd47b144371e2b557
SHA2563905c6d44f723b5448db7c475e1bbee4d7f4f253af470895fce47f80d59763ba
SHA51288d2628d0c40ebdfba6081c39ebb98a29c65764462d2828f8590647ea5e28004d96f57f8d2bf7f164c5bc38249ff4da93c46f3da08d770fb3ef99443f7101ad5
-
Filesize
67KB
MD53eb25d946dbc148d72f07cdae3a7c0c8
SHA1fb7f2fd3ee9bcbd2ff29564623fef5fc528062cc
SHA256ed777d16c2353b497c57d6e92e7aa029771b0961d07cb44dddc6814703e987d1
SHA512cc249d7ab567a8e5c25874e027c3fb019a0a60623961197843e56d6172bdd782e6a522f092d41905187f37cb8dbcdf345c1b7aa0ed6bf0b79d3a811410a8965d
-
Filesize
36B
MD5b246185f76796e9a100521a980959764
SHA1b3d392901321c90187bad33c1c6a0441e973d45b
SHA256935e887b31148a6d43cdf75b7930cba62023bf28ab91bf54e4d224199964bb82
SHA5121286c27d22f030156ac8cb1eee1613f4942ba8763ca2049bd847ea740a3a86429d4a2fbf51e73cacc3433b5575614b6b049031e678fa1fd5449dbabc6cbdb8e6
-
Filesize
139KB
MD566b8b7ad3dcc08b32be205093f3e5d4b
SHA19820f265e047492d8088cd19dab4309f6a7a7f70
SHA2569d1b5a933ed5a0fcef96819a2c26e662483e5308dd34d637527b8551a64b4bf7
SHA512a8bde13ad651577ec0bdcf81e0eb373376f29a9e229d9faaba5feee89830fdc2ee5ab752dac949a6b39e9eb940d5d319296e2e9de70740801570b3ad813f9225
-
Filesize
139KB
MD58ae00b9335817d085441caf5cfb54f65
SHA1623e17da298ca9c0044c295be9f8d7702ef84480
SHA2562106565ad1234144c2143fea33c571f1bf5ff788fd5114b0d3e6316042d94e1c
SHA5129b5e4b9b90067bcaca12798ffc379e12bf9ca3a5990a86fe009792824340289e3da5a3c442baed1cdb2e512474c0c8933fe0d5d41ec0f6ed34ea1418f00b51ff