Analysis

  • max time kernel
    179s
  • max time network
    187s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    12-06-2024 09:53

General

  • Target

    a03bc1695ea924cf5a3fdc673ffcd8b5_JaffaCakes118.apk

  • Size

    31.2MB

  • MD5

    a03bc1695ea924cf5a3fdc673ffcd8b5

  • SHA1

    9c9395ae758376c299ec827b5ef4df16cc3d7a52

  • SHA256

    35db68b82a03f23cbcb4d4e45f1bc6bf80aa0a93c523dd1fe4e7978febd7124a

  • SHA512

    0548e2ce1175a69748e0871232e61d126f6f68aadd0d3adc34154649a4a43b1a52150c46f19c7e894cfa41ca63906587669fb5436189aa452a46c5ea533d8668

  • SSDEEP

    786432:gI/j0cEd62dOebcgl25fV+3JkdkLFbDKoJasV9z5t9y:gsjmk4pbo9s2kLFbDbBzfo

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 4 IoCs
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 2 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.dream.recruitment
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:5170
  • com.dream.recruitment:pushcore
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5226

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dream.recruitment/.jiagu/libjiagu.so

    Filesize

    486KB

    MD5

    ff158ad446387f3cbc1e8f0dcbf30ca8

    SHA1

    2eabde05de79be3fcd535aafb08f33707583df24

    SHA256

    ce714401d6ef068e322395f87b87bdecb28e1ae37d9714bbb84b7151e9242fa4

    SHA512

    2419304d1ae11ba14f997bffdd479ddcfcba3bcf4ef09e997e24c34f16622a4f6ff8279da36011009ddcdced77f628af4d0bcb2ad451308adb8625e08afa8600

  • /data/data/com.dream.recruitment/.jiagu/libjiagu_64.so

    Filesize

    568KB

    MD5

    b7874f194f1cd6b53d5a7cb7eb08a896

    SHA1

    29c28cf753a3c64bc3835b312d5795161dd715a2

    SHA256

    d51c08a11f6b854a5662ea2561dc6dd0ad0135c72bd0e5cbb9e1f912805018d0

    SHA512

    d298930a4996db8ab96346ca389be05b5195f5a920149144225855891aebf580c0717f6a3b2374df63fb56731053dc359c2eb815cd214b6409b32c36b8275e95

  • /data/data/com.dream.recruitment/databases/logdb.db

    Filesize

    28KB

    MD5

    995655d4963744d4f32d85bb40093836

    SHA1

    c5cd342506de1c8d276f8dd8b76d6a509e7a80f7

    SHA256

    7381494956dd65796066c972cf1e0595dbd892ae7ab8900d27e0f470d6b60917

    SHA512

    8b0ad824185172fe59ce98a1729a7b384e140137544fa862fca782d044b0c6fbac0f82e5cf22bedb4b12987bad9457b7856ee90277c458f725478fad941f76b0

  • /data/data/com.dream.recruitment/databases/logdb.db

    Filesize

    28KB

    MD5

    9125c1370ae443887e3295bae7b15b84

    SHA1

    27387a85158b5a2390cd5c0ccd9034b6ff9d6a89

    SHA256

    a38ce2523f9fbc3baa3d03140ede08485e54ef588a5a7b6d20be52af48988ece

    SHA512

    b7098cb83eb9f6027d095d49a0a836b09ec4b24fd68e2a33acd8797b69f3c11f70032d934bb5ff747c14d12607b21d597538cd5d0289bbb14769e4236afb5f29

  • /data/data/com.dream.recruitment/databases/logdb.db

    Filesize

    28KB

    MD5

    0e1d9cce7fd442d1a8b61a19a9d3b86a

    SHA1

    d8959feaefd105d5170bb6a86d852546d36ba401

    SHA256

    c3324bc761a5d5d9bbfd8163c4990dcee48f971e5391cd870f191fe76ddb6828

    SHA512

    777177d9dbcf5d0c6def54b5b0b1cf7ec5882fda03006294481a6df506f6be5b02cfd7741373275dbfffdddcb9c4b7360db5fedd6f7754f01bf7bfe681344ef2

  • /data/data/com.dream.recruitment/databases/logdb.db-journal

    Filesize

    12KB

    MD5

    2c766a9aecdfd32c32de09849e7a2694

    SHA1

    1456e84fecec04ed0b81d867ca82b129d3dfe922

    SHA256

    0b2fd5a0782e36e20430cc450016e649abcec20ce9dd3a83f9ced9f5597faf18

    SHA512

    f80b3760d5f090cfd251584530b009bc0d63b52062bb2e678f0607dee1e7b8d14b117e5e1688fc64c61f0837edb05d251fdbdae5a0529440db59a6459c2f1063

  • /data/data/com.dream.recruitment/files/.jglogs/.jg.ac

    Filesize

    20KB

    MD5

    7920e3648b8a1fa0bc07d51ae66693b9

    SHA1

    534c26004706c4896734f2c6611f96909f63725b

    SHA256

    24a6e6045303cb24656a93871fd70229b45042264405507e3a821e673fba75d5

    SHA512

    f0aa64c8b147e5b10a1520796f8cab1b8323ef80fde4b63fd55f9b38aed452e8a8e33ca139f6c310ffe08acaa4e5c8cfe7ff8bdd67f5a7092c999ae0bec4c77b

  • /data/data/com.dream.recruitment/files/.jglogs/.jg.di

    Filesize

    512B

    MD5

    eb0f0e45397f27c8ebb55195b520c26a

    SHA1

    44fc1d940554eae02b6cc8d3a100594a02231477

    SHA256

    bfd40b5b53f11bc48c2158b85948283c047cbca2d00742ccfa27daceecd0146a

    SHA512

    ac3326cf0fbb89b8275f6ac86cb161595063257c7c1b9b66d092db05e43e58a0823abf5f892095e8d0a61d4787e0252eaafd991fb869743b0c410a27be1b3899

  • /data/data/com.dream.recruitment/files/.jglogs/.jg.ic

    Filesize

    12KB

    MD5

    ea628e04765adaf4238a5dcdff4bbd51

    SHA1

    a801947619ea8c368efe9c006a324dc6339ac60b

    SHA256

    885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

    SHA512

    c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

  • /data/data/com.dream.recruitment/files/.jglogs/.jg.rd

    Filesize

    12KB

    MD5

    1bb9db288a3a769cbf1f5e38602d6444

    SHA1

    bb449d2e18404f6eca2ee7698d1d484a77e64541

    SHA256

    c434b725b55b6799de08dedef2e53f5cd58927968ad0dc9ddc214e79ddb062ab

    SHA512

    c8f896595a7acc371ffba4e178e594d6130c0e4aed07a4dc9b7801e6bfe3c5a4087ae2e91c871163bbf20130b2b65ba66f16442ca437ea7cf5c16a965011ed58

  • /data/data/com.dream.recruitment/files/.jglogs/.jg.ri

    Filesize

    8KB

    MD5

    a1e0c69e8a4827173481ee2e6f46c14d

    SHA1

    37ba5d890086c44fbb61e4cbd588668a0176df61

    SHA256

    6be12cf9a72c91206709ab0f02c9e19eb9a866694b594ab1fd8748cc951ce101

    SHA512

    c938d2683e70d8cf65e468eb31346503525ba757f80a581a26dee8d084f547ef06e18b54fe750bdc3315d17ac44a18b4b3c050f084fcb125c3e2a34d7e3d42ae

  • /data/data/com.dream.recruitment/files/.jiagu.lock

    Filesize

    8KB

    MD5

    be4b89a379cd579b26294679f3e8fae8

    SHA1

    7aa0c7d31b707869a5ca7e13fd933970e841a88f

    SHA256

    619455e42b99dce9e436db63f2134456cdaf707586c599246624908d0010e3db

    SHA512

    d24fe344216d9cf74a2b226718c919fa4d6e699dcd791269e2b2339d1b1df599a6ab1b0fede45606044927c169a67287cff426faa2918910677c85cab85cc3b7

  • /data/data/com.dream.recruitment/files/a/b/0da2cf804c79e12d840a9dd526080b7a.0.tmp

    Filesize

    1KB

    MD5

    e5339592e6f3d53fee9df635f94f3667

    SHA1

    b665604fbd3547d89622f6b149ee972ccd2e229b

    SHA256

    5d40ceaba2e5efda65a205b13487e977a4bbf66ddad30148920e66fc87fb704b

    SHA512

    b8a4600705f4d6fae783e1762feaf4ce00eb63edcb99258a90e97fed1395a9b44d691aa48ac22f2af2ed4ea1f6e8d3b10bce7beb4083e251af05a099a25c0492

  • /data/data/com.dream.recruitment/files/a/b/24c110e1f76093b35c3c2df1927aab79.0.tmp

    Filesize

    564B

    MD5

    b783780e9615fc7123f283ac5240613a

    SHA1

    dae662d6c6c5264a319a2d0d5dd44fe50d966661

    SHA256

    5a73b8d10b0e5810678b3c27e252d70b858896c0d21dd5374a67b340a30e688c

    SHA512

    04aacbec51e57f136f20bc82d01bdca929e0c897ed12839707ac15f7424a34e944e1167e1aaf8b455f4a77bd7cf6736f623fcd919af458452bb2cb04d58e4e11

  • /data/data/com.dream.recruitment/files/a/b/4c984fe24161907e5b5b9423ecec3163.0.tmp

    Filesize

    544B

    MD5

    8c5593f91139a5b6911772e70fdb9ec9

    SHA1

    25cc464e4640f4d20079cd91865e3c05eda12c70

    SHA256

    1dd6e5c6a1d789d70d3e9127458818b8b306525ddbc3e628e076739c80acea9e

    SHA512

    a22b3f0e89c2cd12dc588960fa61848e1c666837f6987740ff6c9475e566e67cf48657b558e0d9a1b1f90e6ba51ee96e65ee5b42f897ecc66aecc077e6c55858

  • /data/data/com.dream.recruitment/files/a/b/5d68ca83713ccc6ff7996977be1496ff.0.tmp

    Filesize

    1KB

    MD5

    2098989cac23f130408070d5ac566d34

    SHA1

    9ceee8c532772071636be2e6eff9211beee20d08

    SHA256

    c6037ff0986d7a3035ca1bba14c8fca7513103ee00d99f10eb3c1d8f7bd2b27f

    SHA512

    58df959270aa0c02c11410cf981f8d36338cd8d91541e7fde7b0d689eb54f35db1c09b085b92c62cba28bc4456499890b17cf2c7781f09c45a2de01ccf0735fd

  • /data/data/com.dream.recruitment/files/a/b/journal

    Filesize

    113B

    MD5

    7de584b6080af3aa17c6512ea2b1e87e

    SHA1

    f028997dab670d16fc8aac6a5b0cc76280a62207

    SHA256

    95c9f31a21a6a536672e06d8d3316dda0c091ab4488f0772a12f85b653204259

    SHA512

    b97826a32bfdb4e610ef5d10ee7b76013d71a240c4a8753b1ef65cf36f7259577b4317b09127e896c7cf08977c77fe68be5c4b7baf97087f32a4fc76dc185b7f

  • /data/data/com.dream.recruitment/files/a/b/journal

    Filesize

    196B

    MD5

    90b931937d32e99d455650284c6b93e6

    SHA1

    1ec36248d63f3f30f77553075e205c72ff543619

    SHA256

    e3617a317ddef34c23598df7e4490c6ff48c87ab837faf04460d94e36b5e5506

    SHA512

    323335c6c57fbdc8389ce88d5f087df956ef85f4544bb1810460e05e91b9af04f858af834bd7b685c15ba4f5994a68516630d3d8d76080228919dc76befda6ec

  • /data/data/com.dream.recruitment/files/a/b/journal

    Filesize

    279B

    MD5

    9d937467ccf1b2e9619fd6fbf08e302e

    SHA1

    b5b63a5a775561e15723f70de4b91791d2f6bb44

    SHA256

    ea82c7b5e5f0b1802c871b2400c713df0a8aa96457c8bc8d04afc12b2e87ab2c

    SHA512

    fedac15f001d41db0bf2c83fc403e657119d1cf6cea762104c4c3f42d725ed020a99e17257f29bad3463807c9502c8d287c4b9820bc553cae7071c4f59e6d3ef

  • /data/data/com.dream.recruitment/files/a/b/journal

    Filesize

    38B

    MD5

    5e35c852bb1cd4d3321c28193e135856

    SHA1

    27b0569d4b298eeacb67d0399428c0eae5490b79

    SHA256

    54fe2f86841cff94835c1390c315464e40258c1b2486bda31251e99c29e9d364

    SHA512

    3ca12fb5e47ca8b77c75c23284719ee1aa8edad4d4124ccdb9c9e8fd21b2cdde4e4425ef9a6a31d41eaf0962345dd09ebea0664ad841bb97b9e70db1adb76fd1

  • /data/data/com.dream.recruitment/files/a/b/journal

    Filesize

    399B

    MD5

    e65a681b2f07724cce3a6c47e2858188

    SHA1

    a8f74835371aa208dd60c38f8f630a1143db7fa9

    SHA256

    e309a2b9da5364ed5f94c47c24c15c46e1e004417f3ab7f41d65808c7057af6f

    SHA512

    7c627f7caf31bee886d93c725ae13771bb7f767c2f4315237657982ed8b05406876e5199f449dd06af507afec486b8a800314dbb0ab256549b36f66534a58792

  • /data/data/com.dream.recruitment/files/a/b/journal

    Filesize

    38B

    MD5

    dff59ff29dd5ad2f4ca08c045dc126c9

    SHA1

    2621d1f07c645a7066cc965b664f2041cf23abc6

    SHA256

    6ac9121199b915351cb6749e0f825368519cba6355b5c1b54c5de9b633b7ae0d

    SHA512

    be44027d1f37679a6dcb529c1945abd2dd6fca0b75b47694c8fa0c0ee42d66bb82b943daff27911e9f474664f89d1e4495ba55d804e4468713c65273d40864f8

  • /data/data/com.dream.recruitment/files/a/b/journal.tmp

    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

  • /data/data/com.dream.recruitment/files/jpush_uncaughtexception_file

    Filesize

    36KB

    MD5

    32ccf88c529feb00f9b87f5ebe85e3eb

    SHA1

    583aca0e4a6d96754d04994866a5a9e2e9720bab

    SHA256

    77169c33a3b780d881dde1f4b480ed0b4c7a521f30def8303c3c3c93981d6d89

    SHA512

    f3fc9804dce19ebb409959cdf85225aac897a62a0b4ba6e9e6186d970d6f832e4b20298aa6187daaad302e9e4252f33e1f8aa50f57923bae45e1ae21c45b2e08

  • /data/user/0/com.dream.recruitment/[email protected]

    Filesize

    6.2MB

    MD5

    77eaba6aa2124cd2f2e832ff2f95ec5f

    SHA1

    87f88444bc7ea1b900fd2b43904f937cc3579716

    SHA256

    6214b5429a3ca2ad8a4d849fa1db8aaf2fb2c71f27fccf7026a380131939a538

    SHA512

    2019f70985eea24fd1f7812f5ff75c11851a35dda6b193b5ce44b0118e8291e0d92b0d8ee8f8c7bd09fcc6d82894c4ad64f1b722516038ec40fce0d2f4af6bef

  • /data/user/0/com.dream.recruitment/[email protected]!classes2.dex

    Filesize

    6.2MB

    MD5

    a1cddd046acf5c3f09e5cd6a6f460e93

    SHA1

    f7d1259d234214cb205334ed60d4977b988c3725

    SHA256

    978fae90c6616fb3c9c6a463469d854cb699877649ed8400a6d218b2846ac086

    SHA512

    0eeafa5803243813d6ef83d8c9b2903bfadd627a891b40be11b1e6fbfeb422f810bf2baad2b5ec799d3f04af86a95bbd812186010f1b0732fcf6183f2fb01fc7

  • /storage/emulated/0/360/.deviceId

    Filesize

    12KB

    MD5

    8683be218c7f607bf3e2d1559fa8992d

    SHA1

    9e9e5c1574c35c1e7366f76d0ebeebd8dc0c25eb

    SHA256

    4fd55df002e0c8b37c2af9cbce3ead639632d712cc67903aad94985cb4a3ed42

    SHA512

    7caaa306c416b5df6282f6535e8f3e4c757ac9e748c5c944e65da5c70e6361e2684c417a3451b8e1ffaccd92fdfaa29bc025a7904fad60a504c85559fe049ac0

  • /storage/emulated/0/360/.iddata

    Filesize

    8KB

    MD5

    3c291214877b706469786127641d5daf

    SHA1

    6a93f3c723dfffd594f93a6577fc8ada1bfacb7a

    SHA256

    9271f3c6447890d42d5dbf1a2bb17bbf062b76abaa08b7c25bc22ccd0d71f319

    SHA512

    909194f6ae2faafbac1d19c787b26a1a6694fd2ac6bd57cc625574158fa104d470f4ee1b63d9f687fe32956eee6a7a38a7fb671cb301d81215e4bc437198beb9

  • /storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db

    Filesize

    20KB

    MD5

    aa6a64326024eb67d3d31f8f7bdf9e8f

    SHA1

    3180b97c12df443d082faa414ad6709bf704231b

    SHA256

    a943e84d1da0a56f1be0705c5cf2acc5fad7e8995135308ab23b66cee38e6b44

    SHA512

    a8308648d7bfd3d2312eb96638dd7948c30722ed9bec3b4d04d430ac4ac47df36717f8b6ca4468acd482a72a4970874e26d48180aaec0d31bc8cc15282d2bfd1

  • /storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal

    Filesize

    512B

    MD5

    90a1be8edbdfb32650bbddc5a6715cec

    SHA1

    e4ba9d05fc12ac7f77f9d3fd4d063cb87c74e85b

    SHA256

    792880467da0baa0117fe86ee340232533fcd2717f33ea187138967dacc2c056

    SHA512

    90ab10595e0d4bc6a3b7e7d1f24a32d0da709924eb4502bbee945c5b9b459ed1874949346fb51fa10a9f1ea9f563bb26bde8fc5e1c9b0ae9756c5014995bb88e

  • /storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal

    Filesize

    8KB

    MD5

    d9f7165e9cbe38846a751dcaefe43efc

    SHA1

    8c2709365fbe7cfac358843e155f1a5510d206d4

    SHA256

    53f98e38304255b3785e5f0d59ea9890c8ec9952058c5790e53a2c89ad5e9c03

    SHA512

    cf81f6a9ebf311151d5740ac59d4886b7742fbf55d206bd1ae4a1ab04178ba22ef86310cb1891f4fa14763bec058699bab81ca4c81baecefbd8b0265ea45116e

  • /storage/emulated/0/amap/openamaplocationsdk/alsn20170807.db-journal

    Filesize

    8KB

    MD5

    1c4bb52938c8932216ba2ab40b6e8590

    SHA1

    b2b34e2c34f340dce462473f5aab42a05deb881c

    SHA256

    9daf2ff25a224944b6ebcfabfd8381c829947d8f6b6c6d81106e8ea6d208835e

    SHA512

    4c5901ae3b298d7441fb4a1942d3beeee185625cc585e1121f6bdeb33e12064725f590218a3b0436b16c6b9f48082620ec6e702ad8a422e4e2607e5dc9bda766

  • /storage/emulated/0/data/.push_deviceid

    Filesize

    32B

    MD5

    eb057b1259a92e6af586375414276f05

    SHA1

    aed3d6a9da3fd529ce322670908af738d1d0320d

    SHA256

    e9d4fa4eddda49769ee2dc1d9ebf74099e8f01aca9a50228b6b8fdb0c5cb2c65

    SHA512

    ade2ceaff12fa2dc5a2d4d35991da0e40ecd33ccf6a2dbe37bc0b02676bbfb1f69312ed882ac74d473ad5945b3115bb64908d90546b3f1b6af8c5b400dd9552c