Analysis
-
max time kernel
173s -
max time network
142s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
04-06-2024 01:04
Static task
static1
Behavioral task
behavioral1
Sample
9339cf5497ec189cd57b7fd89d45e0f3_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
General
-
Target
9339cf5497ec189cd57b7fd89d45e0f3_JaffaCakes118.apk
-
Size
5.9MB
-
MD5
9339cf5497ec189cd57b7fd89d45e0f3
-
SHA1
c4962525bf649a2d7a892daac0a00d089ea6682b
-
SHA256
63c166ac29f1260e5647758c7d260064958dc50d5e4ebb59bfa44b2c39155681
-
SHA512
c0d550a76dc8dcfba0e1465bb71a96ec5b14c60d60f7b7cbd42c435bf576d8ecd6d17c3a1af389b9a00ca3f0236b8bdd8231e1fe80c0ec93d60421807ce02467
-
SSDEEP
98304:/OKW+OQ5b74SNQ3mCSaFZrrgU9Ze17U4PpVCfafKijDrl2R90MnuB3wkl+:/ONi5bBWLU7U4PpQCfVxE0MnuI
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.tianqi.tianqitianqidescription ioc process File opened for read /proc/cpuinfo com.tianqi.tianqitianqi -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.tianqi.tianqitianqidescription ioc process File opened for read /proc/meminfo com.tianqi.tianqitianqi -
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.tianqi.tianqitianqicom.tianqi.tianqitianqi:remoteioc pid process /data/data/com.tianqi.tianqitianqi/.jiagu/classes.dex 4275 com.tianqi.tianqitianqi Anonymous-DexFile@0xcbd09000-0xcbd18e88 4275 com.tianqi.tianqitianqi /data/data/com.tianqi.tianqitianqi/.jiagu/classes.dex 4401 com.tianqi.tianqitianqi:remote Anonymous-DexFile@0xcc772000-0xcc781e88 4401 com.tianqi.tianqitianqi:remote -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.tianqi.tianqitianqi:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.tianqi.tianqitianqi:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.tianqi.tianqitianqicom.tianqi.tianqitianqi:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tianqi.tianqitianqi Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tianqi.tianqitianqi:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.tianqi.tianqitianqicom.tianqi.tianqitianqi:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.tianqi.tianqitianqi Framework service call android.net.wifi.IWifiManager.getScanResults com.tianqi.tianqitianqi:remote -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.tianqi.tianqitianqidescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tianqi.tianqitianqi -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.tianqi.tianqitianqicom.tianqi.tianqitianqi:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.tianqi.tianqitianqi Framework service call android.app.IActivityManager.registerReceiver com.tianqi.tianqitianqi:remote -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.tianqi.tianqitianqicom.tianqi.tianqitianqi:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tianqi.tianqitianqi Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tianqi.tianqitianqi:remote -
Requests cell location 1 TTPs 2 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.tianqi.tianqitianqicom.tianqi.tianqitianqi:remotedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.tianqi.tianqitianqi Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.tianqi.tianqitianqi:remote -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.tianqi.tianqitianqi:remotedescription ioc process Framework API call android.hardware.SensorManager.registerListener com.tianqi.tianqitianqi:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.tianqi.tianqitianqicom.tianqi.tianqitianqi:remotedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.tianqi.tianqitianqi Framework API call javax.crypto.Cipher.doFinal com.tianqi.tianqitianqi:remote
Processes
-
com.tianqi.tianqitianqi1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4275 -
sh -c ps -ef2⤵PID:4490
-
ps -ef2⤵PID:4490
-
com.tianqi.tianqitianqi:remote1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Requests cell location
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4401
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
63KB
MD5936afc4570078f5ef2b6fbe1abb985fe
SHA1fed9bc4acd6b5719b589643d86c79719570ea278
SHA25673a13902423efd32474b155030e5c1787a4e4576fadbcb2c0be949df0849a130
SHA512265744df1a6a11703022d2b3fc0d6cd75eb01d38cac77c1a08e2cbdeea618132ede727bd58deb9e9f10aa9472a0a5c7ac2ab9dce145c8c1022273d71b9a850eb
-
Filesize
63KB
MD55061e4948844f7d366972ac8005e9f13
SHA1a2b79a1c79afb095ddebf0f16a1f9db64482bcaf
SHA2563aa6caecfcd101531539147e01382bc530b4fdc61e98937d63cc4648793c6a45
SHA512223d18ce248912df18cdea3c8e864ea5e6ec058ca42cc5fde738188c54abcd260d7f24ac53d4987d3e32f4ae3e1e40e01354054d035bb100eef51b2d695f5299
-
Filesize
4.8MB
MD531603c22ef582041a5a31223425a93e7
SHA1af5cbad4e410cc0ca84ff391c7016ed3323e05fc
SHA256b78c8d3dcc9b9d6e5dd1e7b457e4e7a5cc8ef1593a941e6b5bee20b582f4aa81
SHA512afb3d43db9c477764253304b3189459bee87b9cb1f2785e0ee3086a8ef347da68b37148ae3f432fefb7c829db9ac11e3e5b2d3e3b24f826bd4a02a7694e98560
-
Filesize
491KB
MD5940317093cc329d45cf45ea8713b1c1f
SHA13f9ff8cef8e41d03ea714b8d5f030ad1fcaec0be
SHA25657f0ffa7062aaa03074648a0c9df78ed9d3f78c2f07fb846b11bb1b667e246bc
SHA5123f40076d241bc3a2b83e56d01e826b8cb7d310a67128ac8b1165bdb93dd917c6a7219c1e65dbd8a40432fb38331828c7171e266e8474dfc69db2675e29e2723f
-
Filesize
40B
MD5680eb14a669ad07ffb3ab70c881a1d67
SHA1af97db1407193cb2512cef48f40ead6bb2fca867
SHA25636eec4ed9fb36a6b8730596f966ade178578cd95e0efeddbd94ffb99d84b060a
SHA5120b0347c89a330cd4b98f2689c7f8600f801644f6a5befbab103dfce4f21c6e7ce1401bd7b3af48ba2fbf0b7d965e7018e4032373c784e4fcbc3e8cfb506ccaf2
-
Filesize
32B
MD5a629718788ec5fc099d96d8500d0a4cd
SHA1f451c3116405378d19b285ce24cf9e95f88c8012
SHA256c4e125257484ef534977edd4effaf70a283fcccbdae98a44e2f4ed19c616d925
SHA512069eebe7ff764e4214348cd4e934102e6121f604e9905615e83e054a7a44c731c36c4bc3717e34c7a5b317f22c24d4ea40f468773b0e445aabed7abbf7e54815
-
Filesize
32B
MD58deda67a258854d3fddf8826c36c0372
SHA10a27a02d5353aad4b6f8ae62c4e8473a86cbd99f
SHA2568bf51df7c2e5db05d96a932ce6f79af4679a8bb5921563290edba4499cb8e96e
SHA5125eb9b921ddf0ff2ba998936740fff1d2e88527b9f7555f9da5b2e35a44a82ef06fdca2ff7732e200e64cea0d0db9d770d4ee6066e2a524b8e5f0015ff6569519
-
Filesize
64B
MD5ba10b982a59abd45335e3d97e869b2b4
SHA18a0531afd3f318b23ab1b89979cc7ae60485c3c5
SHA256c681edf8df1a95a1952a70f024ca887b9859d3da0ed560adcc9859d3ab5532fd
SHA51289045954060266d00bdbf09e52db3aa65613ebd3aa277673077e5296d8305e28eb176cf960ab45eb0ea8c861d3dd768724cb2c21259622a173182ea55e39448b
-
Filesize
73B
MD5a5d37b1a13dda279590f0daf33483f88
SHA1273ab0444b6176c431370402199584312054dba5
SHA2569a8e0e1847bcdb6e2269dd01476d5fbe5e0a007cebf0a86fb3c6c4ae41d00d29
SHA51247c60ac89080fbba4b69c92510ed5d7d156a84a7a6eda1d4eb6b14f33ce668326c892b928328c0459fad58d301f2aa6e9152646c603a06609ab313880bd03fe6
-
Filesize
512B
MD51da703828d9956e146104f6adc8bb0b7
SHA109498e7ded01cd4dea8ffacf066c2400cb9eb5b9
SHA2568f6ee350272cfedf821dd27ca83fadd81f77a145756853fd2092d464c14532c3
SHA5120685eada9d69c407ec809d0512ca41cd8775d976dc81c373f4ca4e73a7ced575fc83c922ea393f8ba33b9c110dcd2c8a980eaf7bd270b244edad425b2f63263e
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
54B
MD58ae3bdebb67541f4cbd94e8f41d84b1e
SHA1393931370dd6e0e29399390085893ba4ff44dd98
SHA2568ec0fb2a0f42b8146c65ff86d9799efc74515cf697679aad5f54ddeffc509c4a
SHA512e12b7ec6d47581011404c3fe4239c94f26d22094c6001f2d8ed7aff7a00bed534cfe3766f594d9552f545d978e041c6958aac11a14689a73521bb53a984f771a
-
Filesize
36KB
MD56e185497928ac98160b89176bc22b8b1
SHA1f69f4985ba8efd433dadf15ca3e11c83cc914027
SHA2565cfdd1880b107f74cd1121cc7de6129597ee0c14a3bbd226695c1820baf8013b
SHA512097e2800b7f5d96af8cafdb72f7b481c1563b59c1c699558d24e42e9c2b7aa613bea4162c350e7743bb2ffae8e3ed0b711e62407a5fcb95decef465e61a5a2f7
-
Filesize
129B
MD5054df80e7a069249a371a9f5957dc1c1
SHA1953feb1bd68bc1aaeade0f067b238db5bd007ee0
SHA2560b8f4db65c1c35181a27eae06104459b146b9042d895049e0889c5eff83dd90e
SHA51299086d56fedf5e0171ef0d7fd7748137f3e11d76e8e95e61fa9fa1453bb58ef3c323998216585a890c41fe9313bfeaa87e341fc53290269f2bafd9e5e1a363f7
-
Filesize
27B
MD593ba5cf006ba12ac4d82082c9712027b
SHA1f2a51a47b4083c1440a804c5fa6c68a56675e3c7
SHA256aabc1adabca25dab061b633cc80bddfe1ee219be30b3313b0bff811f3a715f22
SHA512f99ac17c489d268312f05a511908cf30fb5c7696cc6a4ceb31d7c9cf2c9f53a38d1828b25eda93455d9436ec5151fd374de869d09338a3667e9d61a09c940a93
-
Filesize
801B
MD5daaf83092446dab706fd81f619efc031
SHA1db366961bbb232cfdf6c47f4cfc61fb23f22a638
SHA256eb0b7e2bf53fa383afb3cd0cbbdc89dcf5ceed3ba656e98808b32718083d2c3b
SHA512caaaf68f93fd9055b4c4ff6a53b2f7385b574f749f2686c122662cd224d5811b9e00d9d6b05889568a9433ea9992e3cea0952781e595e0786a71e8508ab6885a
-
Filesize
314B
MD586b763390b88efcba72e94c680bcb321
SHA13e1175c85d6c35d80329007632f374a57913faef
SHA256c95c4db35de1a50a8ac2e5f290840253c2b24827ebab9e0f25138669cb5bbd74
SHA51298552a5dfca96b332f58e4e6a0e003a67ee40add8a019acd50c6844c28f6bd387d3f8a2d7d852d720985b32b6c7883e89330da3257881d5b7e0177018622d01c
-
Filesize
129B
MD57c0c7f5e7a3647d03f0368e2a36fff29
SHA148e89cbe3ed325ecfdf8f28db836b408f61dd76c
SHA25615aa9b8fa0dcde50502468beb45115ccfc02add3ecaddba074d85557513acc9e
SHA512718b838a921458076a2f73cef6595b35a30a98c116eabbeecab0695c7f0e02039abbc637dd03003cff2d19d3cfbd0203ffdf089612a8e4af540c5f5d8b5c08c7