Overview
overview
8Static
static
698d91d4e76...18.apk
android-9-x86
898d91d4e76...18.apk
android-10-x64
6aisdk_qtt.apk
android-9-x86
aisdk_qtt.apk
android-10-x64
aisdk_qtt.apk
android-11-x64
bdxadsdk.apk
android-9-x86
bdxadsdk.apk
android-10-x64
bdxadsdk.apk
android-11-x64
gdtadv2.apk
android-9-x86
gdtadv2.apk
android-10-x64
gdtadv2.apk
android-11-x64
Analysis
-
max time kernel
160s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
05-06-2024 17:57
Static task
static1
Behavioral task
behavioral1
Sample
98d91d4e761d8bbc987a924b5d4b728e_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
98d91d4e761d8bbc987a924b5d4b728e_JaffaCakes118.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral3
Sample
aisdk_qtt.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral4
Sample
aisdk_qtt.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral5
Sample
aisdk_qtt.apk
Resource
android-x64-arm64-20240603-en
Behavioral task
behavioral6
Sample
bdxadsdk.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral7
Sample
bdxadsdk.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral8
Sample
bdxadsdk.apk
Resource
android-x64-arm64-20240603-en
Behavioral task
behavioral9
Sample
gdtadv2.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral10
Sample
gdtadv2.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral11
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
98d91d4e761d8bbc987a924b5d4b728e_JaffaCakes118.apk
-
Size
14.6MB
-
MD5
98d91d4e761d8bbc987a924b5d4b728e
-
SHA1
b65459dc9caa57ec173a59708110f7db4d469fa9
-
SHA256
e542f150c7eaf25c2adfb9ae27a7f76056cba91f0ba5886d0c2ba5f24cd7768a
-
SHA512
d0bdfab887a236202b3e0c99ca71a49be3cd385095b6e5c1a14d9434c866c4722eb91fd82a6e44c5e99a254b4b658e3e4f374da568ed112e328411cba5f91748
-
SSDEEP
393216:LoRir8Ef0x07KvKZPSS7m61p96/kTwT+ibjn+Rupo3AY:kR88H0ey3bYGwTD3n+Ua33
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.application.sven.huinews /sbin/su /system/bin/sh -c type su -
Loads dropped Dex/Jar 1 TTPs 10 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.application.sven.huinews/mix.dex 4229 com.application.sven.huinews /data/data/com.application.sven.huinews/mix.dex 4229 com.application.sven.huinews /data/data/com.application.sven.huinews/mix.dex 4229 com.application.sven.huinews /data/data/com.application.sven.huinews/mix.dex 4229 com.application.sven.huinews /data/data/com.application.sven.huinews/mix.dex 4612 com.application.sven.huinews:channel /data/data/com.application.sven.huinews/mix.dex 4612 com.application.sven.huinews:channel /data/data/com.application.sven.huinews/mix.dex 4612 com.application.sven.huinews:channel /data/data/com.application.sven.huinews/mix.dex 4612 com.application.sven.huinews:channel /data/user/0/com.application.sven.huinews/cache/hh_8.4.dex 4612 com.application.sven.huinews:channel /data/user/0/com.application.sven.huinews/cache/hh_8.4.dex 4612 com.application.sven.huinews:channel -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.application.sven.huinews:channel Framework service call android.app.IActivityManager.getRunningAppProcesses com.application.sven.huinews -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.application.sven.huinews Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.application.sven.huinews:channel -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.application.sven.huinews -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.application.sven.huinews Framework service call android.app.IActivityManager.registerReceiver com.application.sven.huinews:channel -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.application.sven.huinews:channel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.application.sven.huinews Framework API call javax.crypto.Cipher.doFinal com.application.sven.huinews:channel -
Checks memory information 2 TTPs 2 IoCs
description ioc Process File opened for read /proc/meminfo com.application.sven.huinews File opened for read /proc/meminfo com.application.sven.huinews:channel
Processes
-
com.application.sven.huinews1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4229 -
sh -c getprop ro.yunos.version2⤵PID:4260
-
-
/system/bin/sh -c getprop ro.board.platform2⤵PID:4275
-
-
getprop ro.yunos.version2⤵PID:4260
-
-
getprop ro.board.platform2⤵PID:4275
-
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
PID:4312
-
-
com.application.sven.huinews:channel1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4612 -
logcat -d -v threadtime2⤵PID:4680
-
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD53389fd7f6cb45e7ce96a5de68e4fb9e4
SHA1c526b161e3ecda002798477eb3e511042975356b
SHA25615148480d0b0fd31a027c6e3768e6419c89d30d67d045f3fd360a00f46eca591
SHA512759a062bb2311fb8b4cf275e7ce52772e9d540c24b5c31c2c15f4b4cc5aa95bb7b3123bccfc9484bdcea98e600f5bc0a8e6847c12fb5d8d9530fe470d6f9c6e8
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
48KB
MD51f1e8548271be233e8dde28177756b40
SHA1098a582035c747ebf149a547d4dd1156563ab3bd
SHA2568898752b3f86ddf5cd1cf5fe24c4f494354c5fa518774b5f83e787eee93e9c3c
SHA512eac27c8361950c337c2a3bfced6c3a4c04d1a58ab00b934d21796a578acdb66fc9153b40b4f5c9be9e923657f7e0c44a7625bc539b045cf56b6628cdcc5ddc22
-
Filesize
4KB
MD53196446de933601376ff7ecbf833ee4a
SHA1736ed5232eb3a6360f16488ad4f329d298620152
SHA256c1d57cab4d9cfdd99a577834f2e64731e12048b9b58e4fd6f612ed0888766269
SHA5126079102ab30250efadc3173d20a7fd45b288c9fc5487ddac706fb0b5ae6141086f3775734a8879e10cd29d23903b1a05e9a605ea054373bf035d26218d4887f1
-
Filesize
512B
MD5df0f0d96c8b3d40f4c7790c282793729
SHA1df0a9557aa99636b47026ed69aed7fa5ed744155
SHA2568f0d4e14ad6df20eb7fcf35b31125137f1b46cf112e74f3c1eff11bfc57cafee
SHA5121288e8daa4538e16c148acc5fbc2e0c90246c82375ac2a0ec8aecc37792fc197001a74730664d734f7932919ec831029c58021a2d899c51f89eb067fc7c58ea9
-
Filesize
68KB
MD5b9f47d07f8e23a733ee6daeb8303866e
SHA1c5ba926be81fb92923ce9e7f2d88829ea7453329
SHA256bead27d4158e76a5b17dc953152cde29c28c9cf94a59156e61e85c1e2bcdcc30
SHA5127ee16bd4b5181eb769269f40447242f96c19acddf400418a7671e7888529868862f54f881bb32b8f29684192fbde6667060fbe41f8f98c5bea8a53c54697ad37
-
Filesize
132KB
MD5523ab9d7a7711f84f32d35839b826b30
SHA17bd3f0cb738c9717cb3bcd8e500454ea54419d5f
SHA256c93fffba35a6aa634ac274d79f731f686d0fa86c3fc2f3c53098d74f7db6263d
SHA512b7d622643621a3f1f31e08ca3a72b79bcc44a3b8864e1b02d479b51f3958478809a33c772855383e2626fdb60fe102d742a8cb3b7c74d6c742da09d6d034f5e7
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
293KB
MD58125e52c5203b6775378288c896bc67a
SHA196bc3fa4c0176990bc44caa6e75ac2c45b1d286d
SHA2562bbc9412d6fe4074b03998a221f705e50bef54d4290c95b7fa98c256759f6ac4
SHA512cc2e75cb4b85372240e5847d04965cdd69f418f3e1b631ed40c29f2ec986058dc4674c805e7b21b8ab30cf63fdfc1bdd5d8ef8a9df904d3f718a18ffbe99a77d
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
92KB
MD524cb78f07961d4ccaf8896709a2038a0
SHA19293c05ad8bcf8343dd60352abd3e6d036405367
SHA2569cd92272d83e3c335bc6989d01d1d0895a38afe8cac87dd0d6abcda8081236f6
SHA512dce1f5be57cf1a60ed4cd4f3cc3624873120b73c18d7eee666d5666188bcdae56c4c95a9c0476ec63b9ba1675623c36ac4ad77526c579bc151466962211f86ba
-
Filesize
36KB
MD5486e2bac2b3e9e1cb411d2838a4854bd
SHA181dd0a7537f4af319b830ae834908986be85da8b
SHA2565644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681
-
Filesize
512B
MD5a98e0c6ec661f5a14bd13da382e33dd7
SHA12f8c7818e01a6c5df0d9d8805be21142daa3b66c
SHA2565b1a5c4ff61be3b80069bf277964c7caf0e74cd3a1987ad15d1e68f53cc05e8a
SHA512a83522c411c0b2f72ed6fd1be703d11f7f5ee2ea5e1bcd05f9baf81f041d40a24b130d8890a58a79848f5aeeb1c876531691bf0b44d5675c6472a64df3a5f865
-
Filesize
48KB
MD5a1953b4037483c8f5d6ef7d394b7147c
SHA1fe2bc3fc36c3a281a920afc99bfe3da5ec77634e
SHA2562681c93a4385292f70d17f03c7a8dad8ead3dfcf814a44f8756fa03d029afe27
SHA512af21d0d4706b683ad80fea4160babd1e3e7cab2588dbf2db5449b6fc01ff65236ce7c28cebb07463eb87c7d9d3ecaae16e220dd97d488286e9021e3f8f2c98a4
-
Filesize
24KB
MD5eb81c8999fe3b85f215a1c004b27be4e
SHA18a382623a31a2d8d6944fe04ff51ff2ed2d3dbc0
SHA256846b490c8de1866772390978762c3c06e97062605914a54f8a4a72151cb178e7
SHA5120748d723d2e07c096b2a7a2ab6cf2ade5cfec073a2f2403fd7822027557d43c6a0dee5b880040ffbbcb16d8a345e59e461191ed22e9c25ebd2754f43836cd463
-
Filesize
512B
MD5155d3590d878046eec15d8a6965d74fa
SHA1ea4e0038b953911c43b401384b737218c2c4893e
SHA256e1982a80e540996d93ee964fecc5c38c071b0f84f774ba4a93bf1bf77dd4f209
SHA512dcedb5626f0e8f8731fa98caeef1fa3a093e0cdb9c08a9bb5e99969caccb1e97e32db9aabba92423586fdbeb03ca19ce1eeebc96f7d484a34c754b67d0f1de8e
-
Filesize
97KB
MD570baddf1de527c9b87945d0a20b113a5
SHA1aa541a4c5a6420f48ced284b7f7fbe65c17cde2b
SHA2569610900b78765c0ba8d614ae85b310607fc1823b2b95354fbbad801ba5b396dc
SHA5121669ef3bc83c0330ce2dfbc06093f8b1dcf398d3e81afcf09e82d4a1acf918a98d1b0032349b173c299790bd5933ca81ce3bb9f063b521154767a079f6e631c8
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
23B
MD58e24e79baab91c4d0604eaa9006a0cb3
SHA1e427afc94a4b957a7096f73e395a10ea404c076b
SHA25665ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d
SHA51245bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae
-
Filesize
4B
MD5000871c1fc726f0b52dc86a4eeb027de
SHA10f34ebc843b59f1a3c744d7d5acaa87fad49dc0a
SHA256b4ff2b19753f126767e446acac628f07165d8852d9296e95cacda9b8aa00c641
SHA512cb31a32d4f4278d90307912b8d8331280ee9f0e66f3185dfe271bc7ddb8e8ac0a590a2685d02078243c6dd74ebefa723bb90a15ac759debd828fefa5df2aa2b6
-
Filesize
3KB
MD52d3e42ec1fc7e5d1f5428b268308478f
SHA118ce85a1ddbd9a971106e25ce0df2de8ade100e7
SHA25680c8ee744dff0623a06c3423edcd9421ec675b0cdf373e19719da4369a633aa1
SHA512431d4ded579b3d4db7dbce4d0b6728ea6bb3de1be92d1dc62e0602157c9b9f85398df5d51c67a4ff82ba6f099cb3518646fcff3873f0f80cd601cd5a4503392c
-
Filesize
292B
MD563f77f99bd2c2b772a479923bde11974
SHA1c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA2564c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA5123aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c
-
Filesize
111B
MD5f63b7bac1d4a643d5102e535684d0172
SHA10efbac24e8e33fd642c7cccd64e873d6c49caa75
SHA256822db8eb3c2f0eda0e24bf21c4084b864491f6beb1ffa7c3185c601c64c80cc6
SHA51299c2514d245d1d977e172c53152c8601e4eb689b4d81b84f4de6d0f368b12762aeea105977fd189e137da30dd13b2401b956f49b3dc2a7985813c461b157a2b1
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD5812678674ee827687c6440eef86527e6
SHA1c839f82208b47e45ce0d58d79b8bbc49a1e7a3ff
SHA2563ee38a14e1225eba41b69b6f39d1d98449c43f8c47c4a23d0d0c7dcee1fc926d
SHA51209e9e81653e30083ee8bc99a7856d266829d38db6d18f5c59dd009cf23aab6c4558b318ea6d2bb95dc49d40297b69b3134d03dfeee15fde943126c72d6f2cd60
-
Filesize
57B
MD570a42cba408700f9a6c01c7941a8829e
SHA1eab01cc2c0671538795fb0b1146017dc099d0984
SHA256499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA5128900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c