Overview

overview

7

Static

static

6

a77c62c7c7...18.apk

android-9-x86

7

a77c62c7c7...18.apk

android-13-x64

5

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Analysis

  • max time kernel
    142s
  • max time network
    178s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 01:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a77c62c7c74a47943bb6a60eb725ab98_JaffaCakes118.apk

  • Size

    7.3MB

  • MD5

    a77c62c7c74a47943bb6a60eb725ab98

  • SHA1

    11d07567e3c8a1064a47d4aa33bcba6245e257d4

  • SHA256

    a42047238b06296d7cee6bb2a8a2c81ef76ed83f4e7af3e9564eadd56f3bce19

  • SHA512

    7fc43d73eea1d460627eaafcd0ba5515a44d88a841edce3f092288fe5f0c1b17bc8bdc736873734a6f2d1a86e9a6c79c5e5154902149657726c4b56cc991e1ac

  • SSDEEP

    196608:CAQ2REOh/mYMtsmMvl3hj9zc2eLIhZxDlo/d2Rgzc:rrmxs7vbNreLkZBlgzc

Score
7/10
discoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Checks the presence of a debugger
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • org.vv.homemade.tang
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4272
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --zip-fd=46 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/org.vv.homemade.tang/.1/oat/x86/classes.odex --compiler-filter=verify-none --class-loader-context=& --zip-location=/data/data/org.vv.homemade.tang/.1/classes.jar
      2⤵
      • Loads dropped Dex/Jar
      PID:4298
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --zip-fd=48 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/org.vv.homemade.tang/.2/oat/x86/classes.odex --compiler-filter=verify-none --class-loader-context=& --zip-location=/data/data/org.vv.homemade.tang/.2/classes.jar
      2⤵
      • Loads dropped Dex/Jar
      PID:4354
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/org.vv.homemade.tang/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=54 --oat-fd=55 --oat-location=/data/user/0/org.vv.homemade.tang/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4394

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/org.vv.homemade.tang/.1/.config
    Filesize

    129B

    MD5

    53ae7967a3196d632caf532696685ae7

    SHA1

    cf85eb87a9a348a8973469048301b165f1e116fe

    SHA256

    e2b83ec87d436f1d7d52e0f530d8bb2678ef996199cfe919d3ae5a1c7b08a9a0

    SHA512

    86ea6d149b2d6238a068c7f4d0ec603af06cfc491968439b1a8662113da4ef17b6a7e28eb4cc5e0b689dc552c2a7ed059a78466edae2c0f152affec74628e649

    Download Submit
  • /data/data/org.vv.homemade.tang/.1/1.jar
    Filesize

    2.2MB

    MD5

    50e16858f7a0cbb1e0c6eabc5aa82fc6

    SHA1

    792599403633ff419d129a2500ba438fcbb64fde

    SHA256

    eb2035a612446de0225b400c61cc7ffa02406119ca3f4f67e331de296e3ff7f4

    SHA512

    60778bfb3aee3dafe4e299812e5075ac265b0c0eb4f06668a16ff78a961a7d4e265d137ba2398255b1afd4c6bc8b95c21cdbc7e2f02b79294758e0bab3ed4bb3

    Download Submit
  • /data/data/org.vv.homemade.tang/.1/1.jar
    Filesize

    924KB

    MD5

    a79bd7cf250e163855e2cf7168f12243

    SHA1

    e7b4be187ba8546f87b9a3587dfec70134ffb6e7

    SHA256

    cf37f6ecb79fb320ad8b6964fe8e0f40d016947fd5017eda518323fe71524309

    SHA512

    f7f9b7c92393f197ee1234a0b26fbad5b13eeefab190b375a8742fb80fae8a62708a1bd43a3fedd79a2879bec224451ac17f7d62de5e5b3fe00fa469a5998831

    Download Submit
  • /data/data/org.vv.homemade.tang/.1/classes.jar
    Filesize

    120B

    MD5

    63033848437fb00ae65419d8a25e5827

    SHA1

    aa444c485ca5e95cc15ad635dd52d678dbb98b85

    SHA256

    be5750f154e0e52ecdd6cb201d73daeff2178c6e524e4e9c2a50aa0d46a83e65

    SHA512

    981634a916f1527fe57fd840360aaf3ad9a4a26399085f889187c9af3c33672c100900ea750bf3c063cf504a66b3f3dc62b76297e6e311afda92d945612bacef

    Download Submit
  • /data/data/org.vv.homemade.tang/.1/classes.jar
    Filesize

    2.2MB

    MD5

    474c47ce323aac717be67d302c539f82

    SHA1

    584551e1f93b3f2032b83bfc0aaedf004cacf71e

    SHA256

    ebd9ee9613a036a7a57f37c8177c64e0e14f04e3bd3d060a5b3deaa5c24db197

    SHA512

    79083fb18b4a7cfe38725f9623071bba77ef6d9e3884b91d67b6e5ba211a95c000831881230bf3fc2618f54ae90a0ca43751faf5e3e934925df8b87059667291

    Download Submit
  • /data/data/org.vv.homemade.tang/.2/1.jar
    Filesize

    177KB

    MD5

    ed358896791c2e50a9464869a441003b

    SHA1

    854641a531cb97951b05753fc4bf44ce22524201

    SHA256

    7316f5dc9745c8864e2227f797c874eff004a291033903018a958d83cd485ee8

    SHA512

    eac2a719244ec5ab3551e6ef2dd004b4c3196d671d7c6403b5e6a0a164253338736a3066ec0dc2361b6b0adabad96e7d8371c0cde7cc8dd245123e0f7efc7fb9

    Download Submit
  • /data/data/org.vv.homemade.tang/.2/1.jar
    Filesize

    83KB

    MD5

    6773503fe18e9c5d1a8eae8c9a7b0495

    SHA1

    cb025d884f1a27e1456441b30f7515e1170ee6df

    SHA256

    7a47d97c52c1d03a540e96e482b05841b2cf2896b0cb2e628763f450e1e84445

    SHA512

    427e3f97a8fae9d9211c14d7a3852ab4791cbd95799360179f960b2e191f687fdb0d22c982bd0cf7566be76ca08571a40d68e1fc64081d8e9e3416dc3acef0f9

    Download Submit
  • /data/data/org.vv.homemade.tang/.2/classes.jar
    Filesize

    177KB

    MD5

    c44ecde7b26ad68dc8e1ca7bfe81df80

    SHA1

    50a985625ba45af16d3431f859a746f59e18f51f

    SHA256

    89260271621b671cb58500c714a1fd88b36fae5c1976d83eb36f82f9b88b4fe1

    SHA512

    a8f3ec9535bbbe1b9af4bc753e84b8572c165bddf9ac2d32daafbe9a87022f47de4066bd5f49692ddc9f9a2648c5ffa436d0e3c33606150d4f1fb149a8d1181e

    Download Submit
  • /data/data/org.vv.homemade.tang/.x86lib/libbaiduprotect_x86.so
    Filesize

    720KB

    MD5

    dc0a07f5f30b244af1195bd064c12542

    SHA1

    77ff4db99866b13092e40e1bcc7a95097a66eca7

    SHA256

    348d8af1aa9cfd2f76ab58323a5afb28a5e02d89d81a107fedd4df72ee5be659

    SHA512

    03ce79bb10edbf30ec3152496820430e830ca826f1ede2b1a7c350555f2bd6984cab6b725dd54d020b55153f0e8cc0044d3844df1c53db10791e4e6c2172c7f0

    Download Submit
  • /data/data/org.vv.homemade.tang/app_e_qq_com_plugin/gdt_plugin.jar
    Filesize

    154KB

    MD5

    fe50e038470eb25f973224e6ca586b06

    SHA1

    49f78513677212a23c550ed63c411877f8ae559a

    SHA256

    adce8b6675d87b74a231bdd317bb98cef24e536c48683a30ddbaed7ae6d7b207

    SHA512

    0865e3894fa253b835c322f75930af5d831a055561600555c5042783f6e1a9227d8b6a3263ae9ef67c4a1310e2979bddcf4a1ac1be1370e8a4e56e26b0010fc0

    Download Submit
  • /data/data/org.vv.homemade.tang/app_e_qq_com_plugin/gdt_plugin.jar.sig
    Filesize

    180B

    MD5

    c279dbbd54a414557a4e016e9859de13

    SHA1

    ff2c921090de406118ea776056241922b67e1af6

    SHA256

    78bd558fd3a6a9d297b839aad6b3b9e9ce2e4b94a24f6b92c765b8141c07b42d

    SHA512

    d1f23fd2ff7dfec8d31527003e797bfaba07d5577dbe11db80241ef48655577e11509f9a41c948d3c7993856558f4acca394147fac5dab13769fc075d17ac9ae

    Download Submit
  • /data/data/org.vv.homemade.tang/app_e_qq_com_plugin/oat/gdt_plugin.jar.cur.prof
    Filesize

    231B

    MD5

    9e9d6c5f3ce459b50fa118885b7d7f3e

    SHA1

    e8c398f70b3b68ee178153895b39125173039313

    SHA256

    30c4b884f25553dd57241f25a4e32b47048b99824b320b3d87f537ab6034cc84

    SHA512

    089f0bf364af865f45c55068788e98b02f83304a61987c7b486b33f4fc604bafef910679d3519d056187b8f78bcb37dca0c09a52c90143ff06109aad7a8c5418

    Download Submit
  • /data/data/org.vv.homemade.tang/app_e_qq_com_plugin/update_lc
    Filesize

    4B

    MD5

    dce7c4174ce9323904a934a486c41288

    SHA1

    e117797422d35ce52f036963c7e9603e9955b5c7

    SHA256

    0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

    SHA512

    d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

    Download Submit
  • /data/data/org.vv.homemade.tang/app_e_qq_com_plugin/update_lc
    Filesize

    1B

    MD5

    0bcef9c45bd8a48eda1b26eb0c61c869

    SHA1

    4345cb1fa27885a8fbfe7c0c830a592cc76a552b

    SHA256

    bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec

    SHA512

    91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

    Download Submit
  • /data/data/org.vv.homemade.tang/databases/GDTSDK.db
    Filesize

    24KB

    MD5

    755d1d1b0599d7be973031b5a9ed3373

    SHA1

    3b13cffb97005729fc20cd9b9a8547e0fa32632d

    SHA256

    90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46

    SHA512

    afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

    Download Submit
  • /data/data/org.vv.homemade.tang/databases/GDTSDK.db-journal
    Filesize

    512B

    MD5

    7609130da0fe60b60429b6926eb32c1a

    SHA1

    b601fa8ef022a38840f66a1daae23832666ef38d

    SHA256

    a0aeac3fd9af7216f48126587bae089cf5e2c9b5eb6924f14d2e91780baa7b12

    SHA512

    fa6a0c62ee6304c70c68801d0682292f5f66cbcfa8895d294c45541ab1e7a776477ac5425f0fe92190c05b064728a7c816c6557b15b046645d239f4e89ffa925

    Download Submit
  • /data/data/org.vv.homemade.tang/databases/GDTSDK.db-wal
    Filesize

    36KB

    MD5

    60d7d7dce54af75c0b366cccd5e63472

    SHA1

    fcca821afa9c16770dba477ebefcea02054ce93e

    SHA256

    ef62f950192116503875dc75a1c86eeeb598477ea20f0bafdf40d1e63ed7e1f3

    SHA512

    cecdb4a9ca36a161d5d1e6c9043b00d7e131e4363094acf4cc4856a0bba525ad32abac794c8af151bcd93511323866b002589992c971e3f9641aef423510a336

    Download Submit
  • /data/data/org.vv.homemade.tang/databases/bxshieldh.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit
  • /data/data/org.vv.homemade.tang/databases/bxshieldh.db-journal
    Filesize

    512B

    MD5

    c92622df2251f261a9639240490a832b

    SHA1

    6f410eb4f5723c95c8b5bb14800b14c7b0346079

    SHA256

    78f4993dea07d93292c5a7ec6926f65cce86048bdff16ddaba2a4b1b477f9810

    SHA512

    31319f23baa4458fadae4e60a2a7e9d6af8a2d907e6cc4c0ad29556a0f09a895a3d28d5e15e4bbc7ffd3c3c15edfc9f5fa6f1edd20ed26e756d32dc50f522df0

    Download Submit
  • /data/data/org.vv.homemade.tang/databases/bxshieldh.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/org.vv.homemade.tang/databases/bxshieldh.db-wal
    Filesize

    32KB

    MD5

    e07a15f7c8f92df2a446d6654f41b49a

    SHA1

    ee694627de1c9d7118a4f7cac49e2d9cffbabde7

    SHA256

    604a5fd6ae01d11a959edbaf412ce8c06362b5ab9a253fd51931d573a93c02a4

    SHA512

    22c822440f079b9d37986b86448d9a89b5661e3f376f5aab84b25872e929da63a430abd41f7821a30b948222bfde5ed61b7f3cf1484349c1abd03794e378aa61

    Download Submit
  • /data/data/org.vv.homemade.tang/databases/xshield_d.db-journal
    Filesize

    512B

    MD5

    579909bb72af271841e81dae345e5319

    SHA1

    75ad026f300cf6ed2a91951dd79fecc83fc6b515

    SHA256

    92e4f6a53af1dde0f8392653295269e3b5a6ce9b2b6481a02093fa78f7e21a1c

    SHA512

    1ac34b986f282f56f6d0ffd0e698b08a845440ab516b4e3eea87b15f9d97009297e12ec11b74c0aa0fa0dbfb1a32cf9fd352119b91db146cc5c52fe297bc3713

    Download Submit
  • /data/data/org.vv.homemade.tang/databases/xshield_d.db-wal
    Filesize

    68KB

    MD5

    3f35d5043ef1bac1e7492cc30bbe823f

    SHA1

    004aa6805f3fc0b1ae9ac08d8f21c890487b3cef

    SHA256

    c60cd84c814d3019efb68a7b4687c16601344a1292193679a7ba823c1dca80e8

    SHA512

    584b5a00639a5b9dc0d9e9523f92379f020b919c3cb38340b57738b3b35b70563a19159d31ba8a65af1e0be165cd568ae60f3ec1523e066373110f26ac6d11f6

    Download Submit
  • /data/user/0/org.vv.homemade.tang/app_e_qq_com_plugin/gdt_plugin.jar
    Filesize

    347KB

    MD5

    a279ccc3cfc946ebb41a0df2bb4de3f4

    SHA1

    916892603c1713ad2d6be270fd7c6bfafca0b96e

    SHA256

    388977dc0405f850a697773f311919eb9716bb9b5c6582ce2f851ca6ba884394

    SHA512

    0e0f40213d7cd68deb82eeb9eb25e5a16a5904da3a7f6fa8b4897ac088a6d6c749c9c8b34e131807e18b66d5feda1f7a33dc2fef6c1f86cd833dd83bf751cfe9

    Download Submit
  • /data/user/0/org.vv.homemade.tang/app_e_qq_com_plugin/gdt_plugin.jar
    Filesize

    347KB

    MD5

    39497151382b5ea3c871783702d30804

    SHA1

    b9ddc58a20909b4047e705c37a1517ad85cd51c2

    SHA256

    05e4aece3b01a98e87c9257a25dfa485c886d80a85d4051ec719a73398d2f944

    SHA512

    9774e83f62ff39fa38c3ca47441ab1708513bcbd3dace3e460461dddc8fae948c467a5b765848706492b3fc9450731ece409905a583100778b851511ec4f1a4c

    Download Submit