Analysis
-
max time kernel
7s -
max time network
131s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
02-06-2024 15:10
Static task
static1
Behavioral task
behavioral1
Sample
8e8069293783668c84b449f0fe24e3b2_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8e8069293783668c84b449f0fe24e3b2_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
8e8069293783668c84b449f0fe24e3b2_JaffaCakes118.apk
-
Size
14.4MB
-
MD5
8e8069293783668c84b449f0fe24e3b2
-
SHA1
071103dc6475ac1a57011abfc4848e907eadb551
-
SHA256
a0b9837f9e2d60528b6e49e21a8e2770487f71607e72f56bfe6e4569e3a0e08b
-
SHA512
3b29370520ec8b238ba280ddf9bd1e8d97f1b1ab4f75de61429ed36e47cd2f2e69aca5800df28d6f88eee7e221f03c8d7477f050c7392746d272bd9c6e9fa988
-
SSDEEP
393216:9uzySpSDJrufTEOcxcM3ZG3iEAV9XBp7yNS1SHo0IaTg:+1cNrurE7w9AnX/yLU
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.qky.arealracing2ioc process /sbin/su com.qky.arealracing2 -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.qky.arealracing2description ioc process File opened for read /proc/cpuinfo com.qky.arealracing2 -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.qky.arealracing2description ioc process File opened for read /proc/meminfo com.qky.arealracing2 -
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.qky.arealracing2ioc pid process /storage/emulated/0/Android/data/com.qky.arealracing2/c2.zip 5230 com.qky.arealracing2 /data/user/0/com.qky.arealracing2/app_jc/fx.jar 5230 com.qky.arealracing2 /data/user/0/com.qky.arealracing2/app_jc/fx.jar 5230 com.qky.arealracing2 /data/user/0/com.qky.arealracing2/app_jc/fp.jar 5230 com.qky.arealracing2 /data/user/0/com.qky.arealracing2/app_jc/fp.jar 5230 com.qky.arealracing2 -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.qky.arealracing2description ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.qky.arealracing2 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.qky.arealracing2description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.qky.arealracing2 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.qky.arealracing2description ioc process Framework service call android.app.IActivityManager.registerReceiver com.qky.arealracing2 -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.qky.arealracing2description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qky.arealracing2 -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.qky.arealracing2description ioc process Framework API call javax.crypto.Cipher.doFinal com.qky.arealracing2
Processes
-
com.qky.arealracing21⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5230
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
306KB
MD5903f28652432627489b5a538ea86bec9
SHA1ba1f589036af496318fdd7df328e9c231e590ca0
SHA2569bfeff9003583c5440e80606993154c4e5ce090424176e3d54ce18a6cade8ffe
SHA5122349d1a854a610bad74f914e2eeb2bf6c393332ea32d5e31820d68d87b67685076e26dc5187894e1bbd5f903a6733c81085cb11ca1f66874ee196bb57cfc336f
-
Filesize
306KB
MD59c9e2d273606d14831b64b59f37017a2
SHA164ea038a4d42efe54bd24a23ddbd89f0702710e2
SHA25648cbcd6655fcbc5007134c9f718d4d135944e8e6b27878e318cb441604ec6d7c
SHA512ef66402aa2e0a4ad158fdedfaab0befe7aea06c2c1ca135abd4960c8534dfc2deda4989e890d2e0728dc98e3a3a39a71c89575cb7bc2332b43f9e53eb9ce0370
-
Filesize
114KB
MD51047cc5aaa16cd39cbe53cfb73002f1d
SHA1560edce1216eedb4911cd06c7ab19090c08b5ec1
SHA256028afd3d6cabc11e33e3ffbaaaa1e7145d0d9cde87191584a497dfefbba02714
SHA512e008db765b4c5f2b152345c1e547b44371170bfd5875ba5cec34afc0bb96c2837cdc2afc899a81e9774084da699cd01d4163d001552f66622d878e975720f704
-
Filesize
133KB
MD559705f3af17d5b6695ddc0d11a3a63af
SHA1dbf6ffb0a256cff76db302a7022c18174ed58c28
SHA2567a1c09b07f3c4178849bac88e545b9ded9ccaa1980f934ab3d99cd44f16f6762
SHA512fb7d9f85a6515f434dca2988b81dd9245f1e517cafa38edc4f2510779874fbbf72c1a7577af9a70f339df138f02fa51074010bd9f13560629792269d1e3067d3
-
Filesize
114KB
MD50941a865befbed90cf7bc86a1af0602f
SHA1e161a14cd80fb88d81c7181301bb59120e1fff46
SHA256d36b6598037d04506721468478630617c492ac642e11695d6e188b78359b54cd
SHA5125fdaf04dd705497b23fd900991a047a1b2011a8c626e3553e7af3fd6822134a038a4a96cf25672eef4303c8f9cf89d25ece9897f1bbae6663b525afd2798d117
-
Filesize
133KB
MD5e6af523b04ea1f0c64c48e8e94c35f96
SHA1eaa37708f0e4a7fef0d197b73a03c2e830254442
SHA256820e2d992efb9c6eceebe8e020876b596b70e8ed09ed9273266ad47af36e01f9
SHA5120faee6070d2fe649ea1ea4d10049a79d2a8723b41687c9a74e6d806f9ed3cdf062375b466cff8973814af355e7b7809c8d9825e970a430069d14120d766d00a1
-
Filesize
39KB
MD5a997b9dc5a7f028f33c331c5999383c2
SHA10c163f9ba2796e47669999dfb349021a15d670d9
SHA256b263aa2dff9f516ad7cd11c5d0393b09ef32979d8481692b55b88d9a3643c149
SHA51205c6fb8f7e6d41cb3cf68c9ddb21ed772cb9f236d586327e60c7da52ee1182b25e539b206371c0dde75600f66d31259eceb3c798ae81e5317aedafbaa7af78d4
-
Filesize
20KB
MD5c2810d7e661b18a9ebc3d1b2f4993403
SHA1ef14c987c020481a22fb475223cd3d4b86d64692
SHA256eed45ca74837fe7ffd934a7359ac11dc2394ec4f3a55226fd752c186e96fa337
SHA51290be91836668216f3f9f0c954d75816efcf6fdf296a76f997f7e4e845e89509f6d923f27c9d2a1b0c7747f57100e2d2a63f1fcb32a164be923ffd9886f5f2732
-
Filesize
512B
MD5db8a5888274c639989537bfe5cd58f75
SHA16d11ba36563e9750d0886e39d63a3e0b59b8b356
SHA2569c07f323224b2eb0154d8f9478c166e0233dc658c230c426137f9f8162df4ae2
SHA51297cce59a2a717639a0d4d37dcaf812675bcb676cbe5d77c0e782d7baac494ce04d4849bc65ab0b1c23893dcc78b47d6f608ce648988278b6697d39917055f014
-
Filesize
8KB
MD5625443419fff1d8215091759fe10e9dc
SHA19927b3a6da84d10e2a8d6cfd2f157670c10ce467
SHA2561ab1c7fa89a657f68a579eaa4d8d48c879808448435bef0b80cacd86fa5f4c43
SHA5129776b06a1990f984a20c9e5f981676b91b699d309fb3ed66dbc69df9bc1a6ddcb6c0c30b6ac3c07cdf002ada01d871101cea497730f5c8ae7d1b8d0a150b50af
-
Filesize
8KB
MD57556bddad6ff958ae858b315c8610cb0
SHA1badeae1ee0dce2980039b05d32921d2a8d83856e
SHA256315192d0763e8bd86071465b8fc836b3d7a1fc16b1abb7a4e5699553d2c02837
SHA512fc6a505cf954362a9d0db43629855e70138387950ba53d4e58d03bf9710dbadca9bf42e6d0618eda9ac5e906aa592c42467e10e98f5c0af8624cbfb008bde2a1
-
Filesize
20KB
MD51a10d94b9f872d4d84d08a12fb45596f
SHA1c20c8af8550655c3ab32365fee2fb109544f118a
SHA2569aee05d94cab147521dc1c78a3f5cae2e5371e1d2fc4a41cbdb554e9c13bae6a
SHA512c5a34d7af36f16d31d014bc11b7b823fe6b6cbee1266bca049bd974fe0be0ff68faf8b3bdaea12d5246871df31488566c8bfb31ead0a0f732df0c148249adcb6
-
Filesize
512B
MD5a27bd8f0ba499c2f85dcdea3dff93d10
SHA183403fad3d142eb1d34f4dcadc5658b5f37de7d0
SHA256894e693e0f21a8fd34ced046fd2ff449c0f31e7faa2449b144e797b735a2b379
SHA5126eeeb939f22f978f1e7731c8fd4c58d2a1b345e113e5dda544885ade4eec334d9d2a05117b39dcbfe037729bc54d61cffdac41464485e5836d62fa5a8124243b
-
Filesize
8KB
MD576c946734148df44156be58f78414265
SHA1858fedf822ab5b985895c4f92d85c476a1fd21c3
SHA256558498b0d7bbfb7c7a6e963db191530ade19410b31748b2e134f62fdfc484450
SHA512e79e8d3961a0863b36db2e23680320ae570fe34839c702910a153af5f58c309c63b1bb6d63c048970cb6eecf8086cbc295a4faf073ddb1854f29d76aa02391cf
-
Filesize
8KB
MD5d84700b58756c1abc3efaef2ac8468f0
SHA1cbd9ba22db26f102a2b3d6df977d33935a1d19dd
SHA256e35c7001b177ff57114d9642bfbcf8039562e060aee712a88ea918fb067560e7
SHA512ff4e93c8a3f8603c04e6de940f26e5da3803ba54ec8843656bfbf3664d7f968081052d2d9ce3dcb8b04534cc6f097b01c1f59994fb51f73161673b32c106bbde
-
Filesize
8KB
MD55c82ee78efca4e730da4039d90f61b90
SHA12fdd66341de4c110f2cc2416f2d9dca7d56ffa97
SHA256710b7d38117b279ad41a77ac9c12404e85471fd4a39e95b6669c5c7832a36015
SHA5124b2f5658a9a674494fb12b8be0a4d86972989551f86476b557a216f18f19532af99efed2e7fc4667dbc4055b0b4b4fcbcf9c591b3fca1ddcf0aa4728510cc37c
-
Filesize
8KB
MD519ddc151a4492249cc6db9726fced20e
SHA17fc2ec3b1ddf98cfcfe440d566b9f63dec9226aa
SHA2567f014a62705f23bf7e9a59da9575869db9d95114c18b8cbb38321886fb8037e3
SHA512c6793726b433a870851b98cb07f4f8f08d46a28bfd3cc28bc8eca39ada1c8bb416a3de042885cb69c2ff2045d3b7dc671457f5b28b084a1e938994b602bfb17c
-
Filesize
34B
MD5846414187252099435cbb816da0584e7
SHA12ca54a41b26340533690e48add283d8b1f438bb2
SHA25629330ca9ab25c7f9ef70d8270d8370e094aa2a0d15ec7d30164993c65873a25f
SHA51270e799aea664a81d283a5ee944227b90287096956dda67dbe28367e1462d2565518cbee8c4f914d89f86c7feefe5b7f7c8986387f34fe189cbe187b8ebebd7b7
-
Filesize
566B
MD57bd19fb9bf9e09cb26af06606fc777eb
SHA1f1d528407eaae497995be9a6143efb12c5799ce7
SHA25642503db351a8f052e57065c7dcd371d950f488fc11ea2dad81cf43e7339cc724
SHA51227c11957e3d209b7f2d7d50072441a6dc2c76d63cd3f16b5f88fdd5dda81b860156683b69f1a198dd3d2b896613a7f5709f8118a6e3ed8c3519462d265c8bcd3
-
Filesize
171KB
MD56ed19d0fda7f59cdc1d8f6586a3b3ed1
SHA1843e50f2458eb8946a0452ff4e6fa3e72d277cd0
SHA2561920b1320d130034aa987dd20f9f222b9787caed651a0124abfb3657891f965c
SHA5128b593f3ce06874fe840b1b1ce06f0a8a0e8f89240ae5211e3225bd2ed8d5dc43a4ce6ba0f69500eb3e8195c79d6e4ff3f0b15249def27e5254f28d6807009a5b
-
Filesize
176KB
MD573f49c3686814005f266cc14e24fce54
SHA1fb059dc5248a7334ab947be8cb19876af04657f6
SHA2565e4887211cc909a540e71a3707e9f895fb2a98312f12989585ef7fcb87fa0fef
SHA5126133b74b7ad68e559c30a8b67077f8c5bd45c4502c0d5d7bfec2978ca83490f7ed12678dd64be5e79b2fe88665068db73325eb0efc9973ff6b4c6687087e981b
-
Filesize
21KB
MD5d14ca1113a0e79962b5f2ce86188fcbb
SHA195aa1ae1169812f065f3ef78a7cb88342284c25f
SHA256a35c52e87a9639512d93e95199358dc5f01f8c2c1d67a22000bfdb6cdacdbd7e
SHA51214b799b7751be9780fc19bb5541f840e4b953d3cfadd49fb6eff044015ccb09e3885fb8a8928d4304dd72e5a298127d21d36e7a7b7043194e7f00b20bee7af00
-
Filesize
55KB
MD5925c4be52ca0973bd2b10cd8569c3a23
SHA1a7b189f3557c4461fdffde2ba888c5a815fb1a09
SHA256704d15dd2a5de50f6b2076d3fd4ba936158703634190333e8ff2475b7db3d17c
SHA5121f02714df0ec9c2375e39d310e031d7ab883986c845e0ac11656022b0b21b5fe4c0e5369b286debba7861b7d44d8387b0a448bec55e174cfee184d8b3b9bd4b8