Analysis
-
max time kernel
179s -
max time network
170s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
-
submitted
04-06-2024 00:14
General
-
Target
93180381acdc9d04a9dc73535ea6fbcc_JaffaCakes118.apk
-
Size
697KB
-
MD5
93180381acdc9d04a9dc73535ea6fbcc
-
SHA1
341f4cbe80014892f47d282bd145250c9ae47ba1
-
SHA256
eed27b67213d85848905bf61a5a117253bc623686e78923aa4f87c5e5431724d
-
SHA512
b0c2c5d1cabc397b551214a54483a5d2d7a4a7603e0badfea5d2739d48b8fd04e10df1b00dd37341843ebae240b6b86d1a924819e091fbb5ceeee19b5a939cf2
-
SSDEEP
12288:q2lsH0pYrDA/9ybLeWDjn+NZNMjQzdvBbeiTCLi7Q5Cvvk8I9ksjGn50:TlISCD+NMjQzdQZYI9kgGn50
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
Processes
-
com.hsdxlpwka.zshvfp1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Reads the content of SMS inbox messages.
- Tries to add a device administrator.
- Acquires the wake lock
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.hsdxlpwka.zshvfp/app_dwuaubfhob/tzxvzxenl.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.hsdxlpwka.zshvfp/app_dwuaubfhob/oat/x86/tzxvzxenl.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.hsdxlpwka.zshvfp/app_dwuaubfhob/oat/tzxvzxenl.jar.cur.profFilesize
193B
MD5a3c35f9b1a975d205b74a2572185dfe9
SHA106899642016271a4d6b7d30389c42be4a4e396d4
SHA25655cf044740c9fb5e4f5537a2e35ae45e6d21fef754fe5113648aeac5a6c16aaa
SHA5126c7702585ccf962c5d846c1a58ebb8c6e8f6c7c24c92496dc64cec0f58263c38c47440a519b7e214239b8b1ac91700bf747a5de3492d34eba85e21ef67ba9fb0
-
/data/data/com.hsdxlpwka.zshvfp/app_dwuaubfhob/tzxvzxenl.jarFilesize
78KB
MD56d1ec70684bd943b2891bb83d6c17aa6
SHA1a13d8f9e7f0327f693f3026e45608aa014661c9a
SHA2560559ae0fc3dafcf2d4f4744325b782682da597c7d3628bed112f0c7344e83cfc
SHA5120c853bfd54fe4f94ffaa2dce41ac92b4b28944eec50118ec56f397eff2ab0da436000ed83daca73853b1629a09babbbd21b7aaf470ae8567156a9583ae2d8028
-
/data/user/0/com.hsdxlpwka.zshvfp/app_dwuaubfhob/tzxvzxenl.jarFilesize
179KB
MD54c4db1f95bfe6c0467355b0f2a46329d
SHA19ed25d73e248802226a54066053156eeb65c64fd
SHA2560ed45557600beca798f14fe340fe9569c1c89d451b264ec211c3667ea47f4222
SHA512dccb6167829c3aa9231ff2b29e77163b2e183dfc45b11a29a711d02459e4665c4e7fa1c76d462685a104516b973d4268723868f3fb897b4813ae30dbc8d9ac17
-
/data/user/0/com.hsdxlpwka.zshvfp/app_dwuaubfhob/tzxvzxenl.jarFilesize
179KB
MD5aec2737ee9622bb4d6cfc0707dff4d14
SHA1f92828999ca098e1e58d50da8d1309dae53e8f15
SHA256f62e571f4f061eda53c50f7475a8da0e6b037a2e2c14796666e0cfeec1156c28
SHA512b78d80167cce29c3919c94faff158aeee036a67401a54b64c8a1486779a5e6747c662ce6d535cbc900f710281fcdd67fcfe751b6afdd4856e5605e61d0de24a5