Analysis
-
max time kernel
7s -
max time network
145s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
01-06-2024 03:48
Static task
static1
Behavioral task
behavioral1
Sample
89475a793dc1e74bd5bd6f2d4e9867b4_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
89475a793dc1e74bd5bd6f2d4e9867b4_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
gdtadv2.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
89475a793dc1e74bd5bd6f2d4e9867b4_JaffaCakes118.apk
-
Size
26.7MB
-
MD5
89475a793dc1e74bd5bd6f2d4e9867b4
-
SHA1
44903e6a607a039ff4fcfcdd615ba912e3274df4
-
SHA256
989ad5e75622095706fbe9cc3329ded2d4010a6e5987d027e7d577ee3637f5ed
-
SHA512
c1afdc32363b61847477ae36b897c63c162a4c5d686159950ba4dcac1324b4904f7d015e17772c813dfd4a562658f49addf16381973ab891e86c4a8b3a550f34
-
SSDEEP
786432:knA5WeCPiTmWBh3xMn/Dbhui+UzaNo8UyK7hLs9:knA9CCZW/D2U+IyKhI9
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.chaoxi.weather/.jiagu/classes.dex 4252 com.chaoxi.weather /data/data/com.chaoxi.weather/.jiagu/classes.dex!classes2.dex 4252 com.chaoxi.weather /data/data/com.chaoxi.weather/.jiagu/tmp.dex 4252 com.chaoxi.weather /data/data/com.chaoxi.weather/.jiagu/tmp.dex 4374 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.chaoxi.weather/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.chaoxi.weather/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.chaoxi.weather/.jiagu/tmp.dex 4252 com.chaoxi.weather -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.chaoxi.weather -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.chaoxi.weather -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.chaoxi.weather
Processes
-
com.chaoxi.weather1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4252 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.chaoxi.weather/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.chaoxi.weather/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4374
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.8MB
MD5a0c0f9b2fa7994d906ae85a91ac2773c
SHA1a33ac80de47e0af5304929cc0cc547586da252e6
SHA256d27e71a1666d2357c3e025c5c86f3a335ae395b0284c9898d78dc967c497ee7b
SHA512eb4a92c43a921104e3768ebee8a30d7f3842e6aa80126973770187965dbdb327b0c877bc3ba89ad531c97c04ef1069f17365a483428064c4189cecf018e2a14c
-
Filesize
4.2MB
MD518794cb038d4c7a39736bd1f4956d897
SHA10ad7810e087e3d3f50d42113448b923dc7e7bac2
SHA256430da1f9f4861071edddfdd2a535531eb5159e933baeab9ac218c77435f7ab59
SHA5125f2df51a3f425a2cc3bf3722dd46e5b93aa0fba5db6451a255af34536313f9a502058bedfb03db9d19607d5e68d12e8316208c156e22ea87d5e12b3f66fd9da5
-
Filesize
475KB
MD55aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1522db1748608e9173547b29b7aa82ddc3542c534
SHA2565a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA5125c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
307B
MD5b90a524ae72ea9b7e5c72acecf9b169b
SHA1e8449893f37fee60d812284faeba232eb1c6b540
SHA256c7576ea277242b9553416900437bf51f2c3fd09c521b56e324967cf7307f0904
SHA512f4090a58830eb685720f6aef7ec1186a1c05e99e8705f7be54d5bbeb134e4ae57f3977e9977ffeee87aaadf686a49d5c952d9926f8a81bc0050343cf436da658
-
Filesize
32B
MD521405b3fdc7c021457df4ecfcd90da58
SHA10ff0bb98b7087e4412f23fb834152533af4a7153
SHA256af349d91f101c404e428df6da46cdb02fc6b2598c035b36a130d77a06cbfd27e
SHA512f5250fda99af29d6947e81d878b0e7bb06c1cce04ebaf3a11f52c06bcd80bb81ab816158f156de58108a12621ce68a87110390dfd29fd27c0b787914b74a4aa1
-
Filesize
27B
MD53bcece042895a33297dd26093007c853
SHA19b84e06372e9ae6b0eb6198817db0b23f3944e5e
SHA2566ce8760363a2f80082c85ce0dfb73ad9571cc9e019f939072e33117f533f7a40
SHA512af2a193b4b41b37d75cda0cff9795c2ffcf94d9c35bab240b464aab20f1a64a1b6ebf2d46c0159801205fb8e0096d9a8b9f89e9309feeb6821b6be0ad27659bc