Analysis
-
max time kernel
179s -
max time network
187s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
12-06-2024 09:53
Behavioral task
behavioral1
Sample
a03bc1695ea924cf5a3fdc673ffcd8b5_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a03bc1695ea924cf5a3fdc673ffcd8b5_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
amap_resource1_0_0.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
amap_resource1_0_0.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral5
Sample
amap_resource1_0_0.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a03bc1695ea924cf5a3fdc673ffcd8b5_JaffaCakes118.apk
-
Size
31.2MB
-
MD5
a03bc1695ea924cf5a3fdc673ffcd8b5
-
SHA1
9c9395ae758376c299ec827b5ef4df16cc3d7a52
-
SHA256
35db68b82a03f23cbcb4d4e45f1bc6bf80aa0a93c523dd1fe4e7978febd7124a
-
SHA512
0548e2ce1175a69748e0871232e61d126f6f68aadd0d3adc34154649a4a43b1a52150c46f19c7e894cfa41ca63906587669fb5436189aa452a46c5ea533d8668
-
SSDEEP
786432:gI/j0cEd62dOebcgl25fV+3JkdkLFbDKoJasV9z5t9y:gsjmk4pbo9s2kLFbDbBzfo
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
Processes:
com.dream.recruitmentcom.dream.recruitment:pushcoreioc process /system/xbin/su com.dream.recruitment /system/bin/su com.dream.recruitment:pushcore /system/xbin/su com.dream.recruitment:pushcore /system/bin/su com.dream.recruitment -
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.dream.recruitmentcom.dream.recruitment:pushcoreioc pid process /data/user/0/com.dream.recruitment/[email protected] 5170 com.dream.recruitment /data/user/0/com.dream.recruitment/[email protected]!classes2.dex 5170 com.dream.recruitment /data/user/0/com.dream.recruitment/[email protected] 5226 com.dream.recruitment:pushcore /data/user/0/com.dream.recruitment/[email protected]!classes2.dex 5226 com.dream.recruitment:pushcore -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.dream.recruitmentcom.dream.recruitment:pushcoredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.dream.recruitment Framework service call android.app.IActivityManager.getRunningAppProcesses com.dream.recruitment:pushcore -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.dream.recruitment:pushcoredescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.dream.recruitment:pushcore -
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.dream.recruitment:pushcoredescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dream.recruitment:pushcore Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.dream.recruitment:pushcore -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.dream.recruitmentcom.dream.recruitment:pushcoredescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dream.recruitment Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dream.recruitment:pushcore -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.dream.recruitment:pushcorecom.dream.recruitmentdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dream.recruitment:pushcore Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dream.recruitment -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.dream.recruitmentcom.dream.recruitment:pushcoredescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.dream.recruitment Framework service call android.app.IActivityManager.registerReceiver com.dream.recruitment:pushcore -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.dream.recruitment:pushcoredescription ioc process Framework API call javax.crypto.Cipher.doFinal com.dream.recruitment:pushcore -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.dream.recruitmentdescription ioc process File opened for read /proc/cpuinfo com.dream.recruitment
Processes
-
com.dream.recruitment1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:5170
-
com.dream.recruitment:pushcore1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5226
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486KB
MD5ff158ad446387f3cbc1e8f0dcbf30ca8
SHA12eabde05de79be3fcd535aafb08f33707583df24
SHA256ce714401d6ef068e322395f87b87bdecb28e1ae37d9714bbb84b7151e9242fa4
SHA5122419304d1ae11ba14f997bffdd479ddcfcba3bcf4ef09e997e24c34f16622a4f6ff8279da36011009ddcdced77f628af4d0bcb2ad451308adb8625e08afa8600
-
Filesize
568KB
MD5b7874f194f1cd6b53d5a7cb7eb08a896
SHA129c28cf753a3c64bc3835b312d5795161dd715a2
SHA256d51c08a11f6b854a5662ea2561dc6dd0ad0135c72bd0e5cbb9e1f912805018d0
SHA512d298930a4996db8ab96346ca389be05b5195f5a920149144225855891aebf580c0717f6a3b2374df63fb56731053dc359c2eb815cd214b6409b32c36b8275e95
-
Filesize
28KB
MD5995655d4963744d4f32d85bb40093836
SHA1c5cd342506de1c8d276f8dd8b76d6a509e7a80f7
SHA2567381494956dd65796066c972cf1e0595dbd892ae7ab8900d27e0f470d6b60917
SHA5128b0ad824185172fe59ce98a1729a7b384e140137544fa862fca782d044b0c6fbac0f82e5cf22bedb4b12987bad9457b7856ee90277c458f725478fad941f76b0
-
Filesize
28KB
MD59125c1370ae443887e3295bae7b15b84
SHA127387a85158b5a2390cd5c0ccd9034b6ff9d6a89
SHA256a38ce2523f9fbc3baa3d03140ede08485e54ef588a5a7b6d20be52af48988ece
SHA512b7098cb83eb9f6027d095d49a0a836b09ec4b24fd68e2a33acd8797b69f3c11f70032d934bb5ff747c14d12607b21d597538cd5d0289bbb14769e4236afb5f29
-
Filesize
28KB
MD50e1d9cce7fd442d1a8b61a19a9d3b86a
SHA1d8959feaefd105d5170bb6a86d852546d36ba401
SHA256c3324bc761a5d5d9bbfd8163c4990dcee48f971e5391cd870f191fe76ddb6828
SHA512777177d9dbcf5d0c6def54b5b0b1cf7ec5882fda03006294481a6df506f6be5b02cfd7741373275dbfffdddcb9c4b7360db5fedd6f7754f01bf7bfe681344ef2
-
Filesize
12KB
MD52c766a9aecdfd32c32de09849e7a2694
SHA11456e84fecec04ed0b81d867ca82b129d3dfe922
SHA2560b2fd5a0782e36e20430cc450016e649abcec20ce9dd3a83f9ced9f5597faf18
SHA512f80b3760d5f090cfd251584530b009bc0d63b52062bb2e678f0607dee1e7b8d14b117e5e1688fc64c61f0837edb05d251fdbdae5a0529440db59a6459c2f1063
-
Filesize
20KB
MD57920e3648b8a1fa0bc07d51ae66693b9
SHA1534c26004706c4896734f2c6611f96909f63725b
SHA25624a6e6045303cb24656a93871fd70229b45042264405507e3a821e673fba75d5
SHA512f0aa64c8b147e5b10a1520796f8cab1b8323ef80fde4b63fd55f9b38aed452e8a8e33ca139f6c310ffe08acaa4e5c8cfe7ff8bdd67f5a7092c999ae0bec4c77b
-
Filesize
512B
MD5eb0f0e45397f27c8ebb55195b520c26a
SHA144fc1d940554eae02b6cc8d3a100594a02231477
SHA256bfd40b5b53f11bc48c2158b85948283c047cbca2d00742ccfa27daceecd0146a
SHA512ac3326cf0fbb89b8275f6ac86cb161595063257c7c1b9b66d092db05e43e58a0823abf5f892095e8d0a61d4787e0252eaafd991fb869743b0c410a27be1b3899
-
Filesize
12KB
MD5ea628e04765adaf4238a5dcdff4bbd51
SHA1a801947619ea8c368efe9c006a324dc6339ac60b
SHA256885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe
-
Filesize
12KB
MD51bb9db288a3a769cbf1f5e38602d6444
SHA1bb449d2e18404f6eca2ee7698d1d484a77e64541
SHA256c434b725b55b6799de08dedef2e53f5cd58927968ad0dc9ddc214e79ddb062ab
SHA512c8f896595a7acc371ffba4e178e594d6130c0e4aed07a4dc9b7801e6bfe3c5a4087ae2e91c871163bbf20130b2b65ba66f16442ca437ea7cf5c16a965011ed58
-
Filesize
8KB
MD5a1e0c69e8a4827173481ee2e6f46c14d
SHA137ba5d890086c44fbb61e4cbd588668a0176df61
SHA2566be12cf9a72c91206709ab0f02c9e19eb9a866694b594ab1fd8748cc951ce101
SHA512c938d2683e70d8cf65e468eb31346503525ba757f80a581a26dee8d084f547ef06e18b54fe750bdc3315d17ac44a18b4b3c050f084fcb125c3e2a34d7e3d42ae
-
Filesize
8KB
MD5be4b89a379cd579b26294679f3e8fae8
SHA17aa0c7d31b707869a5ca7e13fd933970e841a88f
SHA256619455e42b99dce9e436db63f2134456cdaf707586c599246624908d0010e3db
SHA512d24fe344216d9cf74a2b226718c919fa4d6e699dcd791269e2b2339d1b1df599a6ab1b0fede45606044927c169a67287cff426faa2918910677c85cab85cc3b7
-
Filesize
1KB
MD5e5339592e6f3d53fee9df635f94f3667
SHA1b665604fbd3547d89622f6b149ee972ccd2e229b
SHA2565d40ceaba2e5efda65a205b13487e977a4bbf66ddad30148920e66fc87fb704b
SHA512b8a4600705f4d6fae783e1762feaf4ce00eb63edcb99258a90e97fed1395a9b44d691aa48ac22f2af2ed4ea1f6e8d3b10bce7beb4083e251af05a099a25c0492
-
Filesize
564B
MD5b783780e9615fc7123f283ac5240613a
SHA1dae662d6c6c5264a319a2d0d5dd44fe50d966661
SHA2565a73b8d10b0e5810678b3c27e252d70b858896c0d21dd5374a67b340a30e688c
SHA51204aacbec51e57f136f20bc82d01bdca929e0c897ed12839707ac15f7424a34e944e1167e1aaf8b455f4a77bd7cf6736f623fcd919af458452bb2cb04d58e4e11
-
Filesize
544B
MD58c5593f91139a5b6911772e70fdb9ec9
SHA125cc464e4640f4d20079cd91865e3c05eda12c70
SHA2561dd6e5c6a1d789d70d3e9127458818b8b306525ddbc3e628e076739c80acea9e
SHA512a22b3f0e89c2cd12dc588960fa61848e1c666837f6987740ff6c9475e566e67cf48657b558e0d9a1b1f90e6ba51ee96e65ee5b42f897ecc66aecc077e6c55858
-
Filesize
1KB
MD52098989cac23f130408070d5ac566d34
SHA19ceee8c532772071636be2e6eff9211beee20d08
SHA256c6037ff0986d7a3035ca1bba14c8fca7513103ee00d99f10eb3c1d8f7bd2b27f
SHA51258df959270aa0c02c11410cf981f8d36338cd8d91541e7fde7b0d689eb54f35db1c09b085b92c62cba28bc4456499890b17cf2c7781f09c45a2de01ccf0735fd
-
Filesize
113B
MD57de584b6080af3aa17c6512ea2b1e87e
SHA1f028997dab670d16fc8aac6a5b0cc76280a62207
SHA25695c9f31a21a6a536672e06d8d3316dda0c091ab4488f0772a12f85b653204259
SHA512b97826a32bfdb4e610ef5d10ee7b76013d71a240c4a8753b1ef65cf36f7259577b4317b09127e896c7cf08977c77fe68be5c4b7baf97087f32a4fc76dc185b7f
-
Filesize
196B
MD590b931937d32e99d455650284c6b93e6
SHA11ec36248d63f3f30f77553075e205c72ff543619
SHA256e3617a317ddef34c23598df7e4490c6ff48c87ab837faf04460d94e36b5e5506
SHA512323335c6c57fbdc8389ce88d5f087df956ef85f4544bb1810460e05e91b9af04f858af834bd7b685c15ba4f5994a68516630d3d8d76080228919dc76befda6ec
-
Filesize
279B
MD59d937467ccf1b2e9619fd6fbf08e302e
SHA1b5b63a5a775561e15723f70de4b91791d2f6bb44
SHA256ea82c7b5e5f0b1802c871b2400c713df0a8aa96457c8bc8d04afc12b2e87ab2c
SHA512fedac15f001d41db0bf2c83fc403e657119d1cf6cea762104c4c3f42d725ed020a99e17257f29bad3463807c9502c8d287c4b9820bc553cae7071c4f59e6d3ef
-
Filesize
38B
MD55e35c852bb1cd4d3321c28193e135856
SHA127b0569d4b298eeacb67d0399428c0eae5490b79
SHA25654fe2f86841cff94835c1390c315464e40258c1b2486bda31251e99c29e9d364
SHA5123ca12fb5e47ca8b77c75c23284719ee1aa8edad4d4124ccdb9c9e8fd21b2cdde4e4425ef9a6a31d41eaf0962345dd09ebea0664ad841bb97b9e70db1adb76fd1
-
Filesize
399B
MD5e65a681b2f07724cce3a6c47e2858188
SHA1a8f74835371aa208dd60c38f8f630a1143db7fa9
SHA256e309a2b9da5364ed5f94c47c24c15c46e1e004417f3ab7f41d65808c7057af6f
SHA5127c627f7caf31bee886d93c725ae13771bb7f767c2f4315237657982ed8b05406876e5199f449dd06af507afec486b8a800314dbb0ab256549b36f66534a58792
-
Filesize
38B
MD5dff59ff29dd5ad2f4ca08c045dc126c9
SHA12621d1f07c645a7066cc965b664f2041cf23abc6
SHA2566ac9121199b915351cb6749e0f825368519cba6355b5c1b54c5de9b633b7ae0d
SHA512be44027d1f37679a6dcb529c1945abd2dd6fca0b75b47694c8fa0c0ee42d66bb82b943daff27911e9f474664f89d1e4495ba55d804e4468713c65273d40864f8
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
36KB
MD532ccf88c529feb00f9b87f5ebe85e3eb
SHA1583aca0e4a6d96754d04994866a5a9e2e9720bab
SHA25677169c33a3b780d881dde1f4b480ed0b4c7a521f30def8303c3c3c93981d6d89
SHA512f3fc9804dce19ebb409959cdf85225aac897a62a0b4ba6e9e6186d970d6f832e4b20298aa6187daaad302e9e4252f33e1f8aa50f57923bae45e1ae21c45b2e08
-
/data/user/0/com.dream.recruitment/[email protected]
Filesize6.2MB
MD577eaba6aa2124cd2f2e832ff2f95ec5f
SHA187f88444bc7ea1b900fd2b43904f937cc3579716
SHA2566214b5429a3ca2ad8a4d849fa1db8aaf2fb2c71f27fccf7026a380131939a538
SHA5122019f70985eea24fd1f7812f5ff75c11851a35dda6b193b5ce44b0118e8291e0d92b0d8ee8f8c7bd09fcc6d82894c4ad64f1b722516038ec40fce0d2f4af6bef
-
/data/user/0/com.dream.recruitment/[email protected]!classes2.dex
Filesize6.2MB
MD5a1cddd046acf5c3f09e5cd6a6f460e93
SHA1f7d1259d234214cb205334ed60d4977b988c3725
SHA256978fae90c6616fb3c9c6a463469d854cb699877649ed8400a6d218b2846ac086
SHA5120eeafa5803243813d6ef83d8c9b2903bfadd627a891b40be11b1e6fbfeb422f810bf2baad2b5ec799d3f04af86a95bbd812186010f1b0732fcf6183f2fb01fc7
-
Filesize
12KB
MD58683be218c7f607bf3e2d1559fa8992d
SHA19e9e5c1574c35c1e7366f76d0ebeebd8dc0c25eb
SHA2564fd55df002e0c8b37c2af9cbce3ead639632d712cc67903aad94985cb4a3ed42
SHA5127caaa306c416b5df6282f6535e8f3e4c757ac9e748c5c944e65da5c70e6361e2684c417a3451b8e1ffaccd92fdfaa29bc025a7904fad60a504c85559fe049ac0
-
Filesize
8KB
MD53c291214877b706469786127641d5daf
SHA16a93f3c723dfffd594f93a6577fc8ada1bfacb7a
SHA2569271f3c6447890d42d5dbf1a2bb17bbf062b76abaa08b7c25bc22ccd0d71f319
SHA512909194f6ae2faafbac1d19c787b26a1a6694fd2ac6bd57cc625574158fa104d470f4ee1b63d9f687fe32956eee6a7a38a7fb671cb301d81215e4bc437198beb9
-
Filesize
20KB
MD5aa6a64326024eb67d3d31f8f7bdf9e8f
SHA13180b97c12df443d082faa414ad6709bf704231b
SHA256a943e84d1da0a56f1be0705c5cf2acc5fad7e8995135308ab23b66cee38e6b44
SHA512a8308648d7bfd3d2312eb96638dd7948c30722ed9bec3b4d04d430ac4ac47df36717f8b6ca4468acd482a72a4970874e26d48180aaec0d31bc8cc15282d2bfd1
-
Filesize
512B
MD590a1be8edbdfb32650bbddc5a6715cec
SHA1e4ba9d05fc12ac7f77f9d3fd4d063cb87c74e85b
SHA256792880467da0baa0117fe86ee340232533fcd2717f33ea187138967dacc2c056
SHA51290ab10595e0d4bc6a3b7e7d1f24a32d0da709924eb4502bbee945c5b9b459ed1874949346fb51fa10a9f1ea9f563bb26bde8fc5e1c9b0ae9756c5014995bb88e
-
Filesize
8KB
MD5d9f7165e9cbe38846a751dcaefe43efc
SHA18c2709365fbe7cfac358843e155f1a5510d206d4
SHA25653f98e38304255b3785e5f0d59ea9890c8ec9952058c5790e53a2c89ad5e9c03
SHA512cf81f6a9ebf311151d5740ac59d4886b7742fbf55d206bd1ae4a1ab04178ba22ef86310cb1891f4fa14763bec058699bab81ca4c81baecefbd8b0265ea45116e
-
Filesize
8KB
MD51c4bb52938c8932216ba2ab40b6e8590
SHA1b2b34e2c34f340dce462473f5aab42a05deb881c
SHA2569daf2ff25a224944b6ebcfabfd8381c829947d8f6b6c6d81106e8ea6d208835e
SHA5124c5901ae3b298d7441fb4a1942d3beeee185625cc585e1121f6bdeb33e12064725f590218a3b0436b16c6b9f48082620ec6e702ad8a422e4e2607e5dc9bda766
-
Filesize
32B
MD5eb057b1259a92e6af586375414276f05
SHA1aed3d6a9da3fd529ce322670908af738d1d0320d
SHA256e9d4fa4eddda49769ee2dc1d9ebf74099e8f01aca9a50228b6b8fdb0c5cb2c65
SHA512ade2ceaff12fa2dc5a2d4d35991da0e40ecd33ccf6a2dbe37bc0b02676bbfb1f69312ed882ac74d473ad5945b3115bb64908d90546b3f1b6af8c5b400dd9552c