0042e8188bdad9989cc47d0c9304fef463f6834cbee9125a65a1a05a7f9a0737

General

Target

8a3c4f7e58eb94fd4f6cf3fbeebad98c_JaffaCakes118.apk
Size

3.5MB
MD5

8a3c4f7e58eb94fd4f6cf3fbeebad98c
SHA1

9b840187e2e9907115be477bafb22d50823b9904
SHA256

0042e8188bdad9989cc47d0c9304fef463f6834cbee9125a65a1a05a7f9a0737
SHA512

1d99b617036eaddac980c7de8432da67f64c2b5622a5e053b456e5d286fc4fcff186c9406dd6c353bda1a5f7941f4d597804107a5fa0c76e061f180adaec7c32
SSDEEP

98304:mqEBOlJXSM3E43PelyLaYA7tRdzhCBjarU+:plJT3P3He7tak

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/storage/emulated/0/Android/data/y2/c2.zip	4288	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/y2/c2.zip --output-vdex-fd=47 --oat-fd=48 --oat-location=/storage/emulated/0/Android/data/y2/oat/x86/c2.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Android/data/y2/c2.zip	4258	com.hj.djdry2
/storage/emulated/0/Android/data/y2/n.zip	4347	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/y2/n.zip --output-vdex-fd=48 --oat-fd=50 --oat-location=/storage/emulated/0/Android/data/y2/oat/x86/n.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/Android/data/y2/n.zip	4258	com.hj.djdry2

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hj.djdry2

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hj.djdry2

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hj.djdry2

com.hj.djdry2
1⤵
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4258
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/y2/c2.zip --output-vdex-fd=47 --oat-fd=48 --oat-location=/storage/emulated/0/Android/data/y2/oat/x86/c2.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4288
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/y2/n.zip --output-vdex-fd=48 --oat-fd=50 --oat-location=/storage/emulated/0/Android/data/y2/oat/x86/n.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4347

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1

T1407

Credential Access

Discovery

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hj.djdry2/files/e.zip

Filesize
43B

MD5
8cc27b49b00fc207ea841148bca5f081

SHA1
a9ddc709ee362e5670b411060754acb28cb99483

SHA256
aa3f84d51cf428c281d0d3cbbf7f2c4c8243be6d1e7429cb04a392fe4a7ec0ac

SHA512
3d205d228cd50b637f4b0d69ba7ea06061aab5e7086c255efb508bb1c5c1a708b95b8b7f51c1f819b72139979b35c9b939b9bb37d2a8c3893c8307bcfc9b0680

Download Submit
/storage/emulated/0/Android/data/y2/c2.zip

Filesize
337KB

MD5
04ed52d349534bfe58d0a761361c61e3

SHA1
87f9440bee102d88489da6ca64589051c1ba67fc

SHA256
b457d2589bfc4cd6318982488bce407a047f6311bc20cbb168e5b88342e64ce9

SHA512
31ff8175175f5e4b95e240a40f555891c0830a14d9fd3a2082fb1d11808660fcdc9d25634cd3a34c2e7ae61bd6456bb1a3e60bec2484cde4234699f42c895213

Download Submit
/storage/emulated/0/Android/data/y2/c2.zip

Filesize
19KB

MD5
404641fecbebc5bca38ff6a77fb9b65a

SHA1
67426c0a108ada63c9d939e43868a36ddff3af25

SHA256
4b889bcef7cb3262099dad83dc5d42842aa20a0ed405c67023a345eff57f0513

SHA512
82e3f3600899d9b714ce780ea16bc166d2189f2bd0b29d3074dc3180cd03e3bd5f2783a50f5d818dfa24e7efde5e06a80c9b70b7a1df462d5725f7a87c944a62

Download Submit
/storage/emulated/0/Android/data/y2/c2.zip

Filesize
19KB

MD5
0cc97fb37b7e688db7554fa04bdb5682

SHA1
be2e12ce1cea4db425ef0da31e25a4d1d6b6551f

SHA256
3a7f75ce07f2a37dbf23dd43b7dc1eb3f638c0d5f080a4ae95fb638e39a840ad

SHA512
14db11a62e1a73f6d2538bfe854501a381f6855be2ef5c9c4446345ad3ef6f49792d2a9badf7e1b09164454ed7b2b230342fed397e6f097cdc8b921a273db885

Download Submit
/storage/emulated/0/Android/data/y2/d.txt

Filesize
32B

MD5
64cf7e18c20dd2453e24828938abfa76

SHA1
6d61214c15075543a767721fd8fe5bb7c2220fa5

SHA256
f5c3743ab0148b63b11d24e9df4898a6df3320124e181214a2bd6543f7cd9cc7

SHA512
e8885e84da9f2e1f6a021b88bbf0fb5eb3590120b549bde79624f5749887ac818a8ab9dedb06c54caa610e9a1a73aa3d285c65fb16a30e457e7200288a92936f

Download Submit
/storage/emulated/0/Android/data/y2/n.zip

Filesize
327KB

MD5
4714b988e8211fc6e1a5c22c51abdb3b

SHA1
118bb4af2a24e13b3f384c9a7ee5119982d7b294

SHA256
ef0a064325589eef224d1f93acfb207c72eb143780a1fda46c3df81600551450

SHA512
ed191d51d46c3f3ad12fa4d0a6d2c860e879d7cdd6a0fe2adf863dfe8ddcf49169184925dde51fbae04b2da256176a0a23a473bf4d54f54fa1f1d5c09b684c74

Download Submit
/storage/emulated/0/Android/data/y2/n.zip

Filesize
350KB

MD5
2452966b3845a92672e3861bbd25591b

SHA1
e4fb5097e37307ac433628154b4b88c3564f9a3b

SHA256
3661b10ca09647b93542d87060844a2e21ea1ea92528e84364623b23a2bea905

SHA512
ea38a3abc8ac5e413d8c7c3bab3a5803fc212270d18fe5c1c5579920b00832a454995f68131aedf9bdd701ab5be0ed98abaf35854b3870330022a089b63fd732

Download Submit
/storage/emulated/0/Android/data/y2/tn.zip

Filesize
30KB

MD5
83c7d557fb56cafa7518bc33c8313de0

SHA1
f194980c9fa8abc1c5adbe95c0231fccbb4767fa

SHA256
cf786d2f1bd49b3550228f21b4660f88a885d47e0b619b5274f505db64cce828

SHA512
b7ed5fff7c469e7464878a2de007e200164e4656a7b16f6be08709d2f3c9ef77067a8423b57f6ca458e6e508fa3ff2d1dbf0def8dda83d827dbd96ebd1073c6f

Download Submit

Analysis

Sharing