Analysis
-
max time kernel
42s -
max time network
133s -
platform
android_x64 -
resource
android-33-x64-arm64-20240514-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system -
submitted
01-06-2024 03:48
Static task
static1
Behavioral task
behavioral1
Sample
89475a793dc1e74bd5bd6f2d4e9867b4_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
89475a793dc1e74bd5bd6f2d4e9867b4_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
gdtadv2.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
89475a793dc1e74bd5bd6f2d4e9867b4_JaffaCakes118.apk
-
Size
26.7MB
-
MD5
89475a793dc1e74bd5bd6f2d4e9867b4
-
SHA1
44903e6a607a039ff4fcfcdd615ba912e3274df4
-
SHA256
989ad5e75622095706fbe9cc3329ded2d4010a6e5987d027e7d577ee3637f5ed
-
SHA512
c1afdc32363b61847477ae36b897c63c162a4c5d686159950ba4dcac1324b4904f7d015e17772c813dfd4a562658f49addf16381973ab891e86c4a8b3a550f34
-
SSDEEP
786432:knA5WeCPiTmWBh3xMn/Dbhui+UzaNo8UyK7hLs9:knA9CCZW/D2U+IyKhI9
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /system/app/Superuser.apk com.chaoxi.weather -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.chaoxi.weather -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.chaoxi.weather -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.chaoxi.weather/.jiagu/classes.dex 4327 com.chaoxi.weather /data/user/0/com.chaoxi.weather/.jiagu/classes.dex!classes2.dex 4327 com.chaoxi.weather -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.chaoxi.weather -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.chaoxi.weather -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.chaoxi.weather -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.chaoxi.weather
Processes
-
com.chaoxi.weather1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4327
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.8MB
MD5a0c0f9b2fa7994d906ae85a91ac2773c
SHA1a33ac80de47e0af5304929cc0cc547586da252e6
SHA256d27e71a1666d2357c3e025c5c86f3a335ae395b0284c9898d78dc967c497ee7b
SHA512eb4a92c43a921104e3768ebee8a30d7f3842e6aa80126973770187965dbdb327b0c877bc3ba89ad531c97c04ef1069f17365a483428064c4189cecf018e2a14c
-
Filesize
4.2MB
MD518794cb038d4c7a39736bd1f4956d897
SHA10ad7810e087e3d3f50d42113448b923dc7e7bac2
SHA256430da1f9f4861071edddfdd2a535531eb5159e933baeab9ac218c77435f7ab59
SHA5125f2df51a3f425a2cc3bf3722dd46e5b93aa0fba5db6451a255af34536313f9a502058bedfb03db9d19607d5e68d12e8316208c156e22ea87d5e12b3f66fd9da5
-
Filesize
475KB
MD55aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1522db1748608e9173547b29b7aa82ddc3542c534
SHA2565a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA5125c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316
-
Filesize
509KB
MD5289fb443987b114ee4237b4dd97672bc
SHA19b898410845dfaeae3af212b5df41177ba9b8f34
SHA256a55e9ee18285b41a4ea1bf375930a5bdb603dbfc530a3dcb224bbded14e68210
SHA512debbf2720c9b132b5923eaa9fcb372a72a97d574bce59789d06b645925fa2d6a27473aae4c9f1e4968614d44fd98a8b0fb1eec217a595fb5c80bcfc056705508
-
/data/user/0/com.chaoxi.weather/cache/image_manager_disk_cache/8757ac4fd47db724a11276397fe457edd27753098b1b426264f2a861957831fb.0.tmp
Filesize76KB
MD57275aae782f14e432edbac161a629ecf
SHA17c281c12f67a6171ef68b1222a4fee8259c74ce7
SHA256ef05ec36f625eb0806c87f593587c74cf380eeeb3b956c7ea6f5b7f074068d25
SHA51202c8ff72633bccbd5c0ac27c10252c187283a6e8a4a0d3fd0409f04ed91c5c3baa191292ce466374703ea0abb1a255ed3c1c494c6cc8f2a5690d08ab4dd056e8
-
/data/user/0/com.chaoxi.weather/cache/image_manager_disk_cache/d8ac8ba3c3dcf5e6aeaf37cfae4deca5bd56f221c2efbd3bc47729684d62f640.0.tmp
Filesize25KB
MD519adba9d3ce25a4c92693e97888a45e3
SHA1b60080a92c7999dd8ce41ada8c1aaf9278dc75f5
SHA256a6ee080e5c3128b004e846992d4e560ff8c5692cd2db875938eef111d8511529
SHA512ca29a82b4811d46ce3d7529947caaeed60d47e88fc93c10da56795061e4273fac2c7a8a77f45edcd8a8351045a91bc862ec91cccc2f7e18ef7664fed2cd3dac6
-
Filesize
327B
MD5a2f451297f56dfa74ca49112a287adfd
SHA1fa36c4b7b19963fb22fd4582a1b996668ea39682
SHA256d7476abc9b058c3dc7344c91553364b72f798d0f9e99deb89fe56811805a223e
SHA512b82ad9420887559be88c64ec08554565f88026e48ea462ea6a4bd2c22d539a2d37f16c81daf16d564da4d0592f0bc5239c92403ff8936723f8d778710e219f3a
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
48KB
MD5011d5cb693280f91a686bf5b8513d69a
SHA1db80a21a0e7142ee322e8930d81a86b649448f63
SHA2561c6cca811e07ddd717cc256bc3f494c08d354e94f667c9a9ff581a3dd1ec6227
SHA512c034fa991837a97b7ff756c9d6d1b33942b57f7c97a066055faf0d7b92eac0e3c02572182de9bc450cfcb99b75514bf003f0ac3fb8faef4785c3cd7aecbc3bd6
-
Filesize
512B
MD523751d0307bc5c20f98108f1882bfde1
SHA19844609f571ce3b3be25ab5f542f188ee4aa26c4
SHA256918cf51f6116b3c4f781a633382e952c0cee3380b4c84c3fe6a4f443784950e0
SHA5128b4e526d248c6964e0ae6e65855d52fc9225d4099aa84df70b0518026b20bc517076d053540840a5fcaae44753c34f08a4fb8f74fe39c6a5fc8f517b7620097c
-
Filesize
8KB
MD5f9be80c231617356fdc4fc4f6d6b6305
SHA126076a874222d8dc4d558a7199e6e6862839f6c9
SHA256cb6365a09ae6ffb1c850dc912e04e6bb13cbd1b57f3706b2283abe8996ea8847
SHA5122ff14467e9625fa2111da10614bf6dcf9f904d1efe661a758114edaba7ceb6c40b6df6a880d69fe1fb2e19d943dba59f2ca825b6cf6d74ec0b354dac0937a3b0
-
Filesize
8KB
MD5ce4a4937d505ced5adfd13ffaed56217
SHA1a87e729753df029a59f275bde1374ec24bae9f97
SHA2562f5e96007b1995c7ac42307c5d70147a60c00bbc04a29b8814ba9229a72f6ff5
SHA5129beb340d6a646ac697bfb116fa3a6119caf7a68adc3f022a6204b59a684ba96ec64fb5ed58bf58ebaeb01ef68cc34c5a3a628c84343135b951a6597d8faa9c17
-
Filesize
12KB
MD53ad8acdaa6facef67738185beaa09154
SHA19c7cd9000d579ce82cf13a64ea7decffc69af9b9
SHA256e98de7086ad008a91d05e0581101b681ea7f5bcf20a0dd1831c1e97b331e5444
SHA5124527f32e9c093d0e90a7675a2baeac731de87ef45fb962530807e15e4374a00ec287f177ff4dc9cbf4ac40f3816b9803501cf8ebf7224881274eb7deb22e56ef
-
Filesize
12KB
MD57ed5bcce02ac01fb4bd5838aea277214
SHA1321ba834b0e41c81199b06a5018f5f310124fdce
SHA2560f309cf6d9ef019e5b349a98be819e413a58e596b0cb044679cd722d32c7e64e
SHA512b3bc28be3411a6d82f5f45ebcdf1f981007d88c29e36fe60f969c1f41445c8e17076f8590e7d04acfaf42edd712574f0af3454cb1c43bbeb7d5d72dc0c69fa7b
-
Filesize
16KB
MD53489342a664fe859673eb3261eff6a76
SHA19e3a3af8d1e1358835ad6e8f426c079a9f2f7c48
SHA2567a64768bce651d3a7826b9897304f189a67aacf2176bd041d34228d02bc8f444
SHA5126320700e2d447e9937941060c63c2666908a95b3c8ba96f3e023e478c82bbb374dc64d05e582d3cadd404916a713b7f1dcea116f241652aa32887f75583ef42d
-
Filesize
32B
MD500fc02c6ec985c26f5cd9cb5edca26b5
SHA15e132f11cf0271eb1f87dd610e4c63c2f56a4adf
SHA25610a3c0ff573b107f26c8e9f11837a9c01e4f07bd26d7baa834bf8bb59cd1caf4
SHA512bfc74490358ef8a747b9492b3fe37d071ae6b6580e5b2f58950a2180f7e038956479c935cdaafc88050c028b815ac7087a58964d9eeecf2580ee5837fda5d51d
-
Filesize
32B
MD59a6185f2623013eb7c1d84edd120f681
SHA190045e636098c4553df13b43f2e76cd8598cdd69
SHA2565278eff3270890b22569e52fbc5b8e0983492748be483f8bbb7e2dc64197c5ab
SHA5125930ee9f0302faf6c60d394cac978a285a10a5eb218c3df3e7d852c9a664536cc35636b914ea03cf50a662d9da215cf0ee4a8c653c7e2fea93fbfaa6fcfede47
-
Filesize
32B
MD57904b92292e819f991e1029ebe862f55
SHA106f8ca9dbd2140bf1d825c9c4e79aae7532639c3
SHA256f01edf3edfe175f1e4d02916fe55fb133c4bb1a7d365c005f8fba7e9f8a35bdc
SHA5127446f818a45f01b56920b30a0bb0d8d067a14088fd13e0dad400652a6aa29b183b269a478dfd6eb7b6afbdd1d9bd78a535a7949b19b75bb84aee94b598ec557d
-
Filesize
307B
MD5795131162b2cf840b0d52e14ecb93c90
SHA1e8f4d2ca75f6f472db99b162f0b0fdd87b564013
SHA256191ce88fd8ee65326ca8ce1c397516d8fadf2296675f5163979082c8187549aa
SHA5122d544882427af90097d7c3ac091574c3f25d1e949c5a04ca189c700ad3e44d34cee3dd4648ac28a22ef2bd9bc510ee4683fa0b6f33f1dbe3b62e6c154ac5ec17
-
Filesize
314B
MD59fcece230c3124596cdf34696b70c065
SHA1f06330db9ad146136901c8f35c41c9ae23642807
SHA256d77c8931f1e99379ef1f12b3692e0ee9c88620c2a003e406764a02a088c6a77b
SHA512a7c38c0619207f73cca7bf782a879dd54a9f1ab636d23688c46315b1e3373ff8301fa7ab24bdd7ed1f92a8ac4795f4c54291e3b4fc605572df7f59ed983db774
-
Filesize
32B
MD521405b3fdc7c021457df4ecfcd90da58
SHA10ff0bb98b7087e4412f23fb834152533af4a7153
SHA256af349d91f101c404e428df6da46cdb02fc6b2598c035b36a130d77a06cbfd27e
SHA512f5250fda99af29d6947e81d878b0e7bb06c1cce04ebaf3a11f52c06bcd80bb81ab816158f156de58108a12621ce68a87110390dfd29fd27c0b787914b74a4aa1
-
Filesize
27B
MD5ba4d1274da866be4d086b692ff86293c
SHA107ba23690260107ef31c1d37183fb5b1a3e4066d
SHA256b8b98d84075509d11d73df92fdad0f400113aab74da239cb173a7b683a264305
SHA512a4703e89266903980b280e3e651fbc03ecc78d00cf637101fe69527cd34736c74f98c1b13cbfc14c29e317933693ba3dddb550dcac58e41c830454cd63a083a9
-
/data/user/0/com.chaoxi.weather/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3MjEzNzE5NjQx
Filesize1KB
MD5c5d0eadbab68e0aed1959078abbed1dc
SHA1f7eac85114362d11b329ff0b10c103c55e6f3117
SHA256026f3558aa3d74af2a041911fbb00fae4c8ecd143b5d73c3e6d72227126dcdf4
SHA5123399dcceb38e78276c578d5ff7bb9534030b6fc7daddddda502a39a124a8179bc056b0c87c3c6a9d6bf0784ce1cbaa99c2b8f38b856a4314208188619c1539a7
-
Filesize
350B
MD5c1247c3a4dc3ee183e14b8d0e62c43d5
SHA1a054f74da62ba74c7babc7c73bbbb16b737fbc39
SHA25648f2f61668636cc39149f2030b6704c08814d1edc5f6f3ab5758b0b77b731e34
SHA5127602b755a11305cc04f51d180e5f94c36d04fb295a6b3e6cb128b53eba13a55cd60f9be89f67b185d177a38c5ed0938b6a631925262b06dd51703195a2cd7267