Analysis
-
max time kernel
116s -
max time network
180s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 08:38
Static task
static1
Behavioral task
behavioral1
Sample
a8c629c108d7cceccc5fb70966897663_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a8c629c108d7cceccc5fb70966897663_JaffaCakes118.apk
-
Size
1.7MB
-
MD5
a8c629c108d7cceccc5fb70966897663
-
SHA1
f4062d631132c34a0103bbd3843296dd7bb625fd
-
SHA256
89a4ebdc297524416fe1899b593dcbba0a91f88f96c3b3fb7b1bedcd83b53ab2
-
SHA512
4ec0293aa8138bf74c24c39f428aae26ec84b62f9a60cdb5edbf5903a536c3a8d6e2f0d711548fce65e143b8de348a75e0e920c64d983036bcc568312526cf32
-
SSDEEP
24576:+0DR/pGQ6CaZ4+e64uMKYEUFmoAUJ2sJqqrUkKvVT+CDj54m4Y0xTCYt5YI2GsK3:zRyXZ4964dKYxmojVJq8jWDum4TCbUsE
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.yas.kgkgriioc pid process /data/user/0/com.yas.kgkgri/files/xu/ZRBJZvKAyB.jar 4163 com.yas.kgkgri /data/user/0/com.yas.kgkgri/files/Pdd.apk 4163 com.yas.kgkgri /data/user/0/com.yas.kgkgri/app_dex/utopay.jar 4163 com.yas.kgkgri /data/user/0/com.yas.kgkgri/files/yl_plugin.apk 4163 com.yas.kgkgri -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yas.kgkgridescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yas.kgkgri -
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
Processes:
com.yas.kgkgridescription ioc process URI accessed for read content://sms/inbox com.yas.kgkgri -
Reads the content of the SMS messages. 1 TTPs 1 IoCs
Processes:
com.yas.kgkgridescription ioc process URI accessed for read content://sms/ com.yas.kgkgri -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.yas.kgkgridescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yas.kgkgri -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yas.kgkgridescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yas.kgkgri -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.yas.kgkgridescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yas.kgkgri -
Requests dangerous framework permissions 17 IoCs
Processes:
description ioc Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Required to be able to access the camera device. android.permission.CAMERA Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yas.kgkgridescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yas.kgkgri -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.yas.kgkgridescription ioc process Framework API call javax.crypto.Cipher.doFinal com.yas.kgkgri -
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.yas.kgkgri1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Reads the content of SMS inbox messages.
- Reads the content of the SMS messages.
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
getprop ro.product.cpu.abi2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yas.kgkgri/app_dex/utopay.jarFilesize
30KB
MD5eb6089c1acfa9f12535e533aebee845e
SHA1165e39ee07dcd9ed00fc2dc1ff466bc1d6b813c9
SHA256b825cde84e3dddfc147c71265d2259c422d51a7e56d1dcdba1321e3119b1df07
SHA5125b1bc26bcbcf05fc331865fb4dd572b673a52650d68ab4d9b028ea15219e0d93c1ec17996953436801913388d78e25c67ea33aa93544d65e96a799eb06cc70f5
-
/data/data/com.yas.kgkgri/databases/740410100062013-journalFilesize
512B
MD597dbba713fa24745c5807c57cafc1626
SHA1b019c8d105999fd82098033146f0664e99c952c2
SHA256199b474ece8cb0710e9a73e371876836c8d420da279e9ab49f90312335407f9c
SHA512a5f85aa832e528ff936b24181d7e007b24b0fce492b4982045f15f46dc1e782c63dd615e4cc14b4c7418ebcc9fbe1ed5b0a36a4ce972293898c2b85875cd9bf7
-
/data/data/com.yas.kgkgri/databases/740410100062013-walFilesize
140KB
MD59def1809071e9508090298b2acd87279
SHA1f17d875ff138439af3ca40eaa647867aef8194a0
SHA25600dbaa75fd22513838a839dc046f6f07e445dea8761a37580988d235b97fd3e4
SHA51288a91acfde0540b7ca13015c395d2a39889a0ddd1b06d890be3018802a0d7c5bf08583feaaa9216e780615ac4d3a40d27bda5d8f083d36b04a57b5bbc3dbe280
-
/data/data/com.yas.kgkgri/databases/wochi_v4.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.yas.kgkgri/databases/wochi_v4.db-journalFilesize
512B
MD5b9714128ec933d42dab0a3d7eac6c758
SHA115b4922eef42610a4be2ce5e8b8f2ba716194be6
SHA256e9ed78d5598d336053837c7b502a4d01824282ecf28d63f3349de4531e33ecd0
SHA512ea49b08b1d4e38bd4864316308fe8132835ac523090383549f1b57b49dc1ab7b5d152f83e0145a7c75eb0a6c032c8789f34eb855482ae326100e10ffd56e43c0
-
/data/data/com.yas.kgkgri/databases/wochi_v4.db-shmFilesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
/data/data/com.yas.kgkgri/databases/wochi_v4.db-walFilesize
20KB
MD5b89a13daea44abeff1331f0924e2680c
SHA1c4b6c4ce484f75d4a2320b658c7bcbce4f49784e
SHA256d4d7c9191c0e20a1540a7649899c0a02c878fca2214c315f06f36543d611cbc6
SHA5126f4620d4a9766a8357bfa1061010059b2efd7d4979de3cf256d5fce2d01c09a5be5018f72d7024ec2f374c904689e39fd2b3dc4aab4d548ba2c74dfe8673658b
-
/data/data/com.yas.kgkgri/files/Pdd.apkFilesize
99KB
MD5e8fbf92c750dbd6fb316be82a6b7b7ae
SHA12a6ae9568698807cacc8cf4349556446c996b136
SHA2562a3cb93d0ca14a1d0b0820c2a26df502a461fb2546ef4587524087c130553f10
SHA5127848191878b5b8ba2d5020c7be953e70ccc4d392d29e400a65a57cd3731604933125de1d81b3732d251b3450fd4766a814ccd01f3975beda2499a9ba585a26e0
-
/data/data/com.yas.kgkgri/files/log.datFilesize
221B
MD5ff9229f8e7c92d44d48e25206d43b021
SHA1be3d75050c16c5b7484652ba292fdd6510f205d3
SHA25677fc3599be409f7e73e643de843c0ebcfa20662964c498fc59e245c7f5e003a2
SHA512be7b3aa8d670a2873c6b7bfd4ca93121fd2450723cbbc36d9d06d152fafa3ce90451f0a60ab56bc96bccb81cf5aae0167b404073db14dc17b9513ac73d455c58
-
/data/data/com.yas.kgkgri/files/xu/ZRBJZvKAyB.jarFilesize
768KB
MD56702be0f0ee71898a32d61f0b4c6247e
SHA157a9c39405c1ffaffcbd3d8998715c24046bc16c
SHA256a036fb5e2f073a58480e28eea6e8ea9c0134ce274937a91f1fb43dcb83132e24
SHA512d16eab1b0239264a24147d1fd8f553a080ad29615469cb5da0fdafe0566967edfc637f775f023b95c9edab8d683e706573f8bbbabc36a8b1c1a8bbaa109bb66a
-
/data/data/com.yas.kgkgri/files/xu/oat/ZRBJZvKAyB.jar.cur.profFilesize
216B
MD547c26d1a10cf1da0b740792e5a6f47ca
SHA114a6c5e5396cc49496e61d2b55166f3eb2413dd0
SHA256b8c3e968d09e7793aff64bc2525dce3fe83f0b480ec235c5009fb8a35e3b476a
SHA512af010ee8d883293dd58f66ecf424ad0279b51474c24cfcff5323c33931fc5e86ab0c400ae20278ef1a496e509764e979083a78fbd19a1646b84ac4678af86cbc
-
/data/data/com.yas.kgkgri/files/xu/oat/ZRBJZvKAyB.jar.cur.profFilesize
330B
MD5ce36f4ad05eab57bb727a592cbc4a21b
SHA1c13db8fb0cdece7032f64260c1b99d5e8246d610
SHA256f65d31d7692e9d5651ac093029538c27bad999912042e7b700743b4209c189b0
SHA51292b5d4398b14410f9b51c4062e6d9ffaabd7d212a4a4f1cac68df4324afab0f6aedcddceaec18b67e0f79648907a5473fe1a7246baf2e08a54de6f5b652a006e
-
/data/data/com.yas.kgkgri/files/yl_plugin.apkFilesize
58KB
MD55a4c666b43ee7f2b6995aaf3527e4a4d
SHA1b205bcb022797f3b16635db139c7524c0c388adc
SHA25605eb3e1ca331b8c6a1f60f92abb2bddbac54a7b2c229ac07bf26c756297fe72a
SHA512c84fceddbf9928110fc3b85e0989b9cedd06383007ff99dea5a25096d8f892ab52d30ed9b52b72211449041f1274ead85bb42929ec269b58b6b0e616a8545e17
-
/data/user/0/com.yas.kgkgri/app_dex/utopay.jarFilesize
67KB
MD55220524411d0bacd600da60814d1ee9f
SHA1fef7210ff44e757328bc0ff7aae7bb2191cbf634
SHA2566286a800597b845785eb664710253ebd20771737dddd5b80067e0e9d37c804b2
SHA512b2d8af5019c176d682634747d83320e609fb6122ef850f4069a0c78c2415d242087099cf60ecb03039a9ab71902a4e3b22e9cf144de89e506991fb93280f6a5f
-
/data/user/0/com.yas.kgkgri/files/Pdd.apkFilesize
201KB
MD5a4237ef36f11c2db307f6d9701da0062
SHA15d11008a4b9275034db8904e538f7115a429ef0d
SHA25632f697f7444c79efe23be55fdcdab52c8e6f5cd43474cd1735602675feb5639e
SHA5126921b3cbb4e6a062eb9408c06e46e6d6cd7554f6e485b8f6275d8df3b7a8d23b26220c0cb979d3fe919fb6622d5d49160769b0567eebe61488cc4c7708f3b34d
-
/data/user/0/com.yas.kgkgri/files/xu/ZRBJZvKAyB.jarFilesize
2.8MB
MD55087284b2c59a2df8c2f6c61d24497e3
SHA13805290096bdb822e2d694e264dca90302b79e8d
SHA256df95c902513c3744ad209e102d1f9e0cd2b2d43d482b1bf6446422301ce12743
SHA5126bd901b7764827e9ac3023550a6bf83319b5570323d2af6588b1260b82cb63a7da4b4cd122eb4708046f6dcee20dfa755d182ac9836f44f1cc32140e4195d7f4
-
/data/user/0/com.yas.kgkgri/files/yl_plugin.apkFilesize
123KB
MD5918890b3fc5a3dc184a57d027ead24da
SHA1c638f375f49bc4731b633bdc001aeeadf9462039
SHA25657d03ac2189851d5069515da6997e12ca307c145aa21679da001477df5f81836
SHA512fd9bfe41ce4041dc8c7db17df2a2164a24ea96372c212399c499f94d1fb7d95d430b8a7eb86041b9b2db88dfca0cf39e53cba2dad1e346aebed29e4ca5deb2ef