Analysis

  • max time kernel
    163s
  • max time network
    171s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    01-06-2024 03:47

General

  • Target

    89472a0e2c72bd040ae1324005d35927_JaffaCakes118.apk

  • Size

    31.2MB

  • MD5

    89472a0e2c72bd040ae1324005d35927

  • SHA1

    ffcd088fc7275dc92eaa8cf6d6d398a27e6746f2

  • SHA256

    6bd7e2a5f2d902275d81f0537ea1af67f3ee9ba4f9f324f661120bf41615d60a

  • SHA512

    f99f1b67697f8f62cd76102b01913d520c557be821c840cce6de08cdd9665476fad16f0f85b6db678f444b8ada25111ebeb58056b570fb4f11291d0a0d5cf919

  • SSDEEP

    786432:VyQMTSBSMK5OOaDSf9q3h/Q+VmYEYAXGmWa:VQTcDKJlIBVXEFrH

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Checks the presence of a debugger
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.bennanan.zhaoxiangisaopgwte
    1⤵
    • Checks if the Android device is rooted.
    • Checks memory information
    • Loads dropped Dex/Jar
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4289
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.bennanan.zhaoxiangisaopgwte/files/oat/x86/17172136652491.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4322

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bennanan.zhaoxiangisaopgwte/app_Parse/applicationId

    Filesize

    40B

    MD5

    40c8d22e93e466b98e76537bab51ebc4

    SHA1

    91d736c20368b903957f8da9e7afc5eedfabfa32

    SHA256

    6ee5bd77b0b3de536386b08f461fb0e715fc8a806b5cd4af94dddff2c3772ea9

    SHA512

    9befe41c17d6d576c013736f84a0fb96ebfe402bc3dcb1857e9a174544e5efec62b747467068f47da2ffe5197b5fb1b2d7c230ee3849dc4823c7391fa55f69fb

  • /data/data/com.bennanan.zhaoxiangisaopgwte/app_Parse/installationId

    Filesize

    36B

    MD5

    dcd5211d0c9cacceb4bfe330338f0f3f

    SHA1

    18839d068040cdbb649ced59cfc445ceecf12d36

    SHA256

    d0146eabc151ad7238154ca0fb4ae681622fbed6f34770a83bef985163c88761

    SHA512

    a91540e9cac6f4739e23a2ae64a7f663008e9431695eb2397827e9083a482fc0831d1af3ba413f20d3930a16e960f50d9da3566d37848fa63cb9d790f968791c

  • /data/data/com.bennanan.zhaoxiangisaopgwte/databases/0358240051014041.db-journal

    Filesize

    512B

    MD5

    5fd59645e9426770f00400687b6cc674

    SHA1

    30b1a97ce22928176a713800674c05a8990de020

    SHA256

    966e369f618e52674392e61e35e987edf6acc7eccf26fba29a7ab28a7716c98a

    SHA512

    df0d820c0f3a8292b8b99152cc895abe64d2391f39dedd08c04e533a68bc09d2486779634e95fa31c8f95d689f7539fee5deafede6868c6865a1830ba5c00434

  • /data/data/com.bennanan.zhaoxiangisaopgwte/databases/0358240051014041.db-wal

    Filesize

    32KB

    MD5

    39de9890854f864085c1f6bd5341c643

    SHA1

    00c06155198a6b98b89cf34372bf15f35a5bbdd7

    SHA256

    bdaf3906f34271fad083d67c4a19d13bdb6a4ec932f9813233a420b4c184e0bf

    SHA512

    fe9a050796797cdcb9d33027e02d7e979136d52021bab4712538a19aea1ecbcfe69ff7fee1d856b445d7fac88b9f4a28d02a3cf61d46295e53a889db4d1f392c

  • /data/data/com.bennanan.zhaoxiangisaopgwte/databases/commments.db

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.bennanan.zhaoxiangisaopgwte/databases/commments.db-journal

    Filesize

    512B

    MD5

    a7bb07bc293360b55dd223bd784254fc

    SHA1

    4e1e54f9eb01b5d0cfe0b9540d1a5bbb6ade8379

    SHA256

    b55e92813081ce9afcc7bbfd26b2454edd353adc52069666bd00ae86dcd153e0

    SHA512

    56a7671577bdcfceac43a7e617f8447edb2ec9334be2c6b1bc9c2c6e2894648d2fa13f5c13103b9ccc10dab178242ae929f12bd962e5933908ba308ff8f44079

  • /data/data/com.bennanan.zhaoxiangisaopgwte/databases/commments.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.bennanan.zhaoxiangisaopgwte/databases/commments.db-wal

    Filesize

    72KB

    MD5

    3af490016d2dd1c532854ff17e6c8e2a

    SHA1

    bb96c776a938dfc9fdaaf1cebed99b40ccddc1ed

    SHA256

    82f3393879f6e86afaaa5f8577eac9e72a4b092bbf39eb0c5975bc7cf77eb413

    SHA512

    267b812c0ad45918e2e1a5b2141f470480b5128fbc8ac3d4fd08d2c4d19342c91faa12764f217beb7b5d097fbba1a4f915b6fc590ab6acef27de2352921550e8

  • /data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E20303-0001-10C1-D268CCDF0DACBeginSession.cls_temp

    Filesize

    78B

    MD5

    03912ae14a454d49890dc194fd88a7f9

    SHA1

    f886ad53bf5bb39e35a44fef9831cb3326428a76

    SHA256

    49bf6848d7cd9dc348099a40d2994c07068e9d6de284121e27c8e36aea8baada

    SHA512

    d05c51a6ed4de07cb24bf75fdd0db9c1c80f9b96f544747c1ecc29b61d91d5a0eab87916b4dc2aaa7936799cb684943fa491eb255ef016041304d3b61c5bfc8b

  • /data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E20303-0001-10C1-D268CCDF0DACSessionApp.cls_temp

    Filesize

    131B

    MD5

    cc0638182849845c6a96eae65dda0d76

    SHA1

    5064240f4a299352c0b8e7f32125f643790bab88

    SHA256

    42f355907b85b48f0ff3a4644145c3616b5b42083212651c0a96a336ec8c1e9d

    SHA512

    20d0d84c1a4551c67538720fa2c60d49b71a546ce885b61d5b4a257703e5cdb7900c8a3e3fe158b30c59a3385a6d2d8b2edebdb3ac65bcb6673554d3196a1ac5

  • /data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E20303-0001-10C1-D268CCDF0DACSessionDevice.cls_temp

    Filesize

    101B

    MD5

    930f4ac7f18324403553702956d08690

    SHA1

    062dfa8ae725a0d6c433b6a73c7dea171726bfd1

    SHA256

    8953accee02c4aa78e33921e46cb8dbe884f0ee1bfafc4eac0d367ae2d44b220

    SHA512

    a58cdfe55de8334f76b2023ff5c8d676611c2059cf264bf9b59e4aedce3237a8107f7cc6d284614badaffc829c98ab0566384104b5cfb27af792a028753198bf

  • /data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/665A99E20303-0001-10C1-D268CCDF0DACSessionOS.cls_temp

    Filesize

    14B

    MD5

    9b3d4522944ce6396563812bfdb92fa9

    SHA1

    6d2a6133c8f01938a48ccc77ef86ad8ca335c020

    SHA256

    d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

    SHA512

    091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

  • /data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap

    Filesize

    369B

    MD5

    79c642a6b0afe86b6001d2ca55d007ef

    SHA1

    555af9c517216aa5afa423f289e74f6bddfd36f7

    SHA256

    cf2446c04c5c06e81bfc5cf47ec45be3e119bf66b7bf457ae82aa6c1bc9ad10e

    SHA512

    e9f5d324171befaa1e84baed1ff66e0f4d622bcbdcaa4981325754819a06d811e83fab545bef31fab068fdc37aa2ad540358707f4fae84b71907576bc7bc5394

  • /data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap

    Filesize

    2KB

    MD5

    a4680624109e2e339e786e28f9b014b8

    SHA1

    6822c7f7964ed39f39367ee3276baf645d85e5d4

    SHA256

    e1c45527dd2c886a0fe40be89fd34a3c9897680f63a9d1d84c681cfaa2831fb4

    SHA512

    aca5cfe751195b11990c1409e94683a776fbe62ab6b8e98588f17c606c77099761680021a279bd3f617ff13eb5f800f7e71a5dcd800a94790bd819eb0ab8a51b

  • /data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics.tap.tmp

    Filesize

    16B

    MD5

    c33583fae4e0b61cde1c5b9227963237

    SHA1

    fe2ebe4d27469af1460f7e852031a04208ef629b

    SHA256

    35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

    SHA512

    fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

  • /data/data/com.bennanan.zhaoxiangisaopgwte/files/.TwitterSdk/v/com.crashlytics.sdk.android/session_analytics_to_send/sa_b2ee6df5-8fa1-4d0a-901d-1cb7f7967d1e_1717213667131.tap

    Filesize

    308B

    MD5

    f3399eac7ac279fa6f7a7dcbb02e63f0

    SHA1

    43f22a4922084f28b8f561ebd47b144371e2b557

    SHA256

    3905c6d44f723b5448db7c475e1bbee4d7f4f253af470895fce47f80d59763ba

    SHA512

    88d2628d0c40ebdfba6081c39ebb98a29c65764462d2828f8590647ea5e28004d96f57f8d2bf7f164c5bc38249ff4da93c46f3da08d770fb3ef99443f7101ad5

  • /data/data/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar

    Filesize

    67KB

    MD5

    3eb25d946dbc148d72f07cdae3a7c0c8

    SHA1

    fb7f2fd3ee9bcbd2ff29564623fef5fc528062cc

    SHA256

    ed777d16c2353b497c57d6e92e7aa029771b0961d07cb44dddc6814703e987d1

    SHA512

    cc249d7ab567a8e5c25874e027c3fb019a0a60623961197843e56d6172bdd782e6a522f092d41905187f37cb8dbcdf345c1b7aa0ed6bf0b79d3a811410a8965d

  • /data/data/com.bennanan.zhaoxiangisaopgwte/files/gaClientId

    Filesize

    36B

    MD5

    b246185f76796e9a100521a980959764

    SHA1

    b3d392901321c90187bad33c1c6a0441e973d45b

    SHA256

    935e887b31148a6d43cdf75b7930cba62023bf28ab91bf54e4d224199964bb82

    SHA512

    1286c27d22f030156ac8cb1eee1613f4942ba8763ca2049bd847ea740a3a86429d4a2fbf51e73cacc3433b5575614b6b049031e678fa1fd5449dbabc6cbdb8e6

  • /data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar

    Filesize

    139KB

    MD5

    66b8b7ad3dcc08b32be205093f3e5d4b

    SHA1

    9820f265e047492d8088cd19dab4309f6a7a7f70

    SHA256

    9d1b5a933ed5a0fcef96819a2c26e662483e5308dd34d637527b8551a64b4bf7

    SHA512

    a8bde13ad651577ec0bdcf81e0eb373376f29a9e229d9faaba5feee89830fdc2ee5ab752dac949a6b39e9eb940d5d319296e2e9de70740801570b3ad813f9225

  • /data/user/0/com.bennanan.zhaoxiangisaopgwte/files/17172136652491.jar

    Filesize

    139KB

    MD5

    8ae00b9335817d085441caf5cfb54f65

    SHA1

    623e17da298ca9c0044c295be9f8d7702ef84480

    SHA256

    2106565ad1234144c2143fea33c571f1bf5ff788fd5114b0d3e6316042d94e1c

    SHA512

    9b5e4b9b90067bcaca12798ffc379e12bf9ca3a5990a86fe009792824340289e3da5a3c442baed1cdb2e512474c0c8933fe0d5d41ec0f6ed34ea1418f00b51ff