Analysis
-
max time kernel
8s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
02-06-2024 15:10
Static task
static1
Behavioral task
behavioral1
Sample
8e8069293783668c84b449f0fe24e3b2_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8e8069293783668c84b449f0fe24e3b2_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
8e8069293783668c84b449f0fe24e3b2_JaffaCakes118.apk
-
Size
14.4MB
-
MD5
8e8069293783668c84b449f0fe24e3b2
-
SHA1
071103dc6475ac1a57011abfc4848e907eadb551
-
SHA256
a0b9837f9e2d60528b6e49e21a8e2770487f71607e72f56bfe6e4569e3a0e08b
-
SHA512
3b29370520ec8b238ba280ddf9bd1e8d97f1b1ab4f75de61429ed36e47cd2f2e69aca5800df28d6f88eee7e221f03c8d7477f050c7392746d272bd9c6e9fa988
-
SSDEEP
393216:9uzySpSDJrufTEOcxcM3ZG3iEAV9XBp7yNS1SHo0IaTg:+1cNrurE7w9AnX/yLU
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.qky.arealracing2ioc process /sbin/su com.qky.arealracing2 -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.qky.arealracing2description ioc process File opened for read /proc/cpuinfo com.qky.arealracing2 -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.qky.arealracing2description ioc process File opened for read /proc/meminfo com.qky.arealracing2 -
Loads dropped Dex/Jar 1 TTPs 8 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip --output-vdex-fd=41 --oat-fd=42 --oat-location=/storage/emulated/0/Android/data/com.qky.arealracing2/oat/x86/c2.odex --compiler-filter=quicken --class-loader-context=&com.qky.arealracing2/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qky.arealracing2/app_jc/fx.jar --output-vdex-fd=43 --oat-fd=41 --oat-location=/data/user/0/com.qky.arealracing2/app_jc/oat/x86/fx.odex --compiler-filter=quicken --class-loader-context=&/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qky.arealracing2/app_jc/fp.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.qky.arealracing2/app_jc/oat/x86/fp.odex --compiler-filter=quicken --class-loader-context=&ioc pid process /storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip 4312 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip --output-vdex-fd=41 --oat-fd=42 --oat-location=/storage/emulated/0/Android/data/com.qky.arealracing2/oat/x86/c2.odex --compiler-filter=quicken --class-loader-context=& /storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip 4285 com.qky.arealracing2 /data/user/0/com.qky.arealracing2/app_jc/fx.jar 4337 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qky.arealracing2/app_jc/fx.jar --output-vdex-fd=43 --oat-fd=41 --oat-location=/data/user/0/com.qky.arealracing2/app_jc/oat/x86/fx.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.qky.arealracing2/app_jc/fx.jar 4285 com.qky.arealracing2 /data/user/0/com.qky.arealracing2/app_jc/fx.jar 4285 com.qky.arealracing2 /data/user/0/com.qky.arealracing2/app_jc/fp.jar 4363 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qky.arealracing2/app_jc/fp.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.qky.arealracing2/app_jc/oat/x86/fp.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.qky.arealracing2/app_jc/fp.jar 4285 com.qky.arealracing2 /data/user/0/com.qky.arealracing2/app_jc/fp.jar 4285 com.qky.arealracing2 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.qky.arealracing2description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.qky.arealracing2 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.qky.arealracing2description ioc process Framework service call android.app.IActivityManager.registerReceiver com.qky.arealracing2 -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.qky.arealracing2description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qky.arealracing2 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.qky.arealracing2description ioc process Framework API call javax.crypto.Cipher.doFinal com.qky.arealracing2
Processes
-
com.qky.arealracing21⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4285 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip --output-vdex-fd=41 --oat-fd=42 --oat-location=/storage/emulated/0/Android/data/com.qky.arealracing2/oat/x86/c2.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4312 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qky.arealracing2/app_jc/fx.jar --output-vdex-fd=43 --oat-fd=41 --oat-location=/data/user/0/com.qky.arealracing2/app_jc/oat/x86/fx.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4337 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qky.arealracing2/app_jc/fp.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.qky.arealracing2/app_jc/oat/x86/fp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4363
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
306KB
MD5903f28652432627489b5a538ea86bec9
SHA1ba1f589036af496318fdd7df328e9c231e590ca0
SHA2569bfeff9003583c5440e80606993154c4e5ce090424176e3d54ce18a6cade8ffe
SHA5122349d1a854a610bad74f914e2eeb2bf6c393332ea32d5e31820d68d87b67685076e26dc5187894e1bbd5f903a6733c81085cb11ca1f66874ee196bb57cfc336f
-
Filesize
306KB
MD59c9e2d273606d14831b64b59f37017a2
SHA164ea038a4d42efe54bd24a23ddbd89f0702710e2
SHA25648cbcd6655fcbc5007134c9f718d4d135944e8e6b27878e318cb441604ec6d7c
SHA512ef66402aa2e0a4ad158fdedfaab0befe7aea06c2c1ca135abd4960c8534dfc2deda4989e890d2e0728dc98e3a3a39a71c89575cb7bc2332b43f9e53eb9ce0370
-
Filesize
114KB
MD51047cc5aaa16cd39cbe53cfb73002f1d
SHA1560edce1216eedb4911cd06c7ab19090c08b5ec1
SHA256028afd3d6cabc11e33e3ffbaaaa1e7145d0d9cde87191584a497dfefbba02714
SHA512e008db765b4c5f2b152345c1e547b44371170bfd5875ba5cec34afc0bb96c2837cdc2afc899a81e9774084da699cd01d4163d001552f66622d878e975720f704
-
Filesize
133KB
MD559705f3af17d5b6695ddc0d11a3a63af
SHA1dbf6ffb0a256cff76db302a7022c18174ed58c28
SHA2567a1c09b07f3c4178849bac88e545b9ded9ccaa1980f934ab3d99cd44f16f6762
SHA512fb7d9f85a6515f434dca2988b81dd9245f1e517cafa38edc4f2510779874fbbf72c1a7577af9a70f339df138f02fa51074010bd9f13560629792269d1e3067d3
-
Filesize
114KB
MD50941a865befbed90cf7bc86a1af0602f
SHA1e161a14cd80fb88d81c7181301bb59120e1fff46
SHA256d36b6598037d04506721468478630617c492ac642e11695d6e188b78359b54cd
SHA5125fdaf04dd705497b23fd900991a047a1b2011a8c626e3553e7af3fd6822134a038a4a96cf25672eef4303c8f9cf89d25ece9897f1bbae6663b525afd2798d117
-
Filesize
133KB
MD5e6af523b04ea1f0c64c48e8e94c35f96
SHA1eaa37708f0e4a7fef0d197b73a03c2e830254442
SHA256820e2d992efb9c6eceebe8e020876b596b70e8ed09ed9273266ad47af36e01f9
SHA5120faee6070d2fe649ea1ea4d10049a79d2a8723b41687c9a74e6d806f9ed3cdf062375b466cff8973814af355e7b7809c8d9825e970a430069d14120d766d00a1
-
Filesize
38KB
MD5840dbf3852edfa1261435df285ff1e88
SHA126dc95a1ad5261207f83b4e36c783f868ae0e73c
SHA25696dc394075da003d52317d18a42ff5cda408aed74c1850de0cf10b8c33ed3922
SHA51205e06d7b40a975320732e4f1cc6550e87c08a438892bac3c3aadf9f1429e6bc0c092a03d672ad31f79d788721e12e1ba49a26f5c1166104c301c1b7a471e8b3a
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD54ae5272012acac88d8985ea4a8717f3a
SHA1f384106f9bda632a355fb3e2e8d23f2fbffdabdf
SHA25686efcf85a4a9753ec326a828995bdccad943cc48bdc2483776b205ffac1f5e5c
SHA512bd99ed6f0ac33ab34c127dd2618f0350d6319d04c591ae033014493d7a302380d5cd501e81ce4c4e4867fd934fce7a4fa44195623de2050c09f4935b4cf5bf5e
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD515c6bd3f0b5aaeebc21d381ae394de3a
SHA12e7ea1ca66be75ad34b73e28c03fc17f89d8260f
SHA256a14db60d140826f287f3053f1cdc8cae53ab631711b3cf9569ce4d490bb2db37
SHA51292ccb16a132bfe0c2d7275f8670c45de607faec966c19b27651687b420ae6c5680651f5cc9a559a579bb4a4c3909fba3a3289b098867e5dc473339c6fb347588
-
Filesize
512B
MD551a3622b1405450b6e0bd925a4ca3f7c
SHA1075af3d896c66016736938fbb9507a770615ccd8
SHA2564b4961301ac7fa2c1cf0786f5fee140f90f5821779b2f033ec45069a0ebcb46d
SHA512959fbe884a0145dee170980cde89d4ecff17108ebb1cc6492d86b11660eaa1171195c6312efad02d66aa4946d153f38e3dac4ca8c811ed143a28608049218913
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
40KB
MD5d9eaf3a080b5fbf3e9af16a3f8eb46fd
SHA1235397f6d684c7da1be31e376ca32593a40b22c7
SHA2563f10cc4be6b17185f35bc0c4708cd2e1f79ae909a0233218031e5aaa19a5900a
SHA512dd0da047daef2a9a8e43c7c5c19e2d3060481018d44a59e152245d8adba5bdfe2afb3f0c3f0004a6ff6bd2849535cb0d8c523c3c8be6480038e03fbf7124300d
-
Filesize
34B
MD58bca52a35d540c5a6042753280995305
SHA18d536262c521e8a2d71e7c41a0845024407f9ebd
SHA2561753aeb43c4318d1473be99f330d99a74a2344b0a0809eb65d1579456a584a3d
SHA5123cd4252329aa0ed9ca8a678036b75eddd499f2a049a61ed58e83d4d1a478a9970505c6ddc7a98dee55a83d44ffe5b3db14b4f5585dd69b062ddbf71e514db824
-
Filesize
566B
MD5c41744ba4484a86d06e72e2b514966a4
SHA1894c4c04b99cef8b75c9cf7ded5bfc1e2eaa6e1c
SHA25603abed0799b1ca573c2e7cdaa3a6aa4814f360ba28ff13ffa3d3d55aaa8c2484
SHA512f33872170a683fd30fe200ab3969bc1f79a80b71384166248c8791daa14dd0987d79a75290995b660cab4a2616fd71f2f3c6addbec6abcf8231d8b31c52c4376
-
Filesize
171KB
MD5fa6d23be417a5dec12791ffc748a5ecf
SHA1c3dea4c61c83ebc3d918b1d7ed570a8ca633ad58
SHA25656886a3515106e4b010a7d12c36631b67852b2ab73099309cc28d5894906e555
SHA512d468d3fcb79755142de0e20557cb2592eb723ff40027a776a346b221fd1aa6169bb760be14bb7b6abcfd36627d739072aa9dd0424cd243550111a9fb3e70cb00
-
Filesize
171KB
MD56ed19d0fda7f59cdc1d8f6586a3b3ed1
SHA1843e50f2458eb8946a0452ff4e6fa3e72d277cd0
SHA2561920b1320d130034aa987dd20f9f222b9787caed651a0124abfb3657891f965c
SHA5128b593f3ce06874fe840b1b1ce06f0a8a0e8f89240ae5211e3225bd2ed8d5dc43a4ce6ba0f69500eb3e8195c79d6e4ff3f0b15249def27e5254f28d6807009a5b
-
Filesize
176KB
MD5e785d4334614a792ffc90542432dc10d
SHA12d6b9d63864fb2d62932d23d6b8a9974b61dbd59
SHA2567c5a4eb113cb46d852cc491ce7864da475104c2baaf21863163e48c9db8bcedb
SHA5125c28f561bab5c7f0d49128a9a7c08ba24e8787301f06160420442ed45f47a378089a926f81fb0c987aab0efb7e37a92d7f056c114e2da190775a80327dbdc636
-
Filesize
176KB
MD573f49c3686814005f266cc14e24fce54
SHA1fb059dc5248a7334ab947be8cb19876af04657f6
SHA2565e4887211cc909a540e71a3707e9f895fb2a98312f12989585ef7fcb87fa0fef
SHA5126133b74b7ad68e559c30a8b67077f8c5bd45c4502c0d5d7bfec2978ca83490f7ed12678dd64be5e79b2fe88665068db73325eb0efc9973ff6b4c6687087e981b
-
Filesize
21KB
MD5d14ca1113a0e79962b5f2ce86188fcbb
SHA195aa1ae1169812f065f3ef78a7cb88342284c25f
SHA256a35c52e87a9639512d93e95199358dc5f01f8c2c1d67a22000bfdb6cdacdbd7e
SHA51214b799b7751be9780fc19bb5541f840e4b953d3cfadd49fb6eff044015ccb09e3885fb8a8928d4304dd72e5a298127d21d36e7a7b7043194e7f00b20bee7af00
-
Filesize
55KB
MD520393d4c6d20f59468554114cfe35d30
SHA123c536fde6b4231476cf19bf50ccd8bf3df37ae4
SHA2567c2fb8e66db8557aea86f3cdb925779ed1dad2255b9485f34df73d4f4d133188
SHA5124d8084537073f3397f963b3d5b8ca80d5ba9f84ad202c99c52c148003aa602a0226360e782ffd9060f0851539c727fdf1dd3c5391cde31d1e5279fe2400b827e
-
Filesize
55KB
MD5925c4be52ca0973bd2b10cd8569c3a23
SHA1a7b189f3557c4461fdffde2ba888c5a815fb1a09
SHA256704d15dd2a5de50f6b2076d3fd4ba936158703634190333e8ff2475b7db3d17c
SHA5121f02714df0ec9c2375e39d310e031d7ab883986c845e0ac11656022b0b21b5fe4c0e5369b286debba7861b7d44d8387b0a448bec55e174cfee184d8b3b9bd4b8