Analysis
-
max time kernel
178s -
max time network
187s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 11:42
Static task
static1
Behavioral task
behavioral1
Sample
a97de98f9aa5a99315210d708434d0fd_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a97de98f9aa5a99315210d708434d0fd_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240611.1-en
General
-
Target
a97de98f9aa5a99315210d708434d0fd_JaffaCakes118.apk
-
Size
6.5MB
-
MD5
a97de98f9aa5a99315210d708434d0fd
-
SHA1
5c9a29ab53f522f119dac643e891c7a39f894e04
-
SHA256
4494e65662b78006d923a46ea75e8ea4d119f45e9fe4fd74ff29b3bbc2fc9fdd
-
SHA512
c423d14bd5d610b9ecdd8b3b4760a31610e19a500fbde028c332d8c35e6cd0cc9ebadb96f61e72054ccccca2de542cff9e52b677e26492622f3093cc832473aa
-
SSDEEP
196608:5T+4z11vzqp1jVbrGKDYZ18msAT2ctXFImw+VZ:5hHiVbrGjXZ1XvVZ
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.dengtadoctor.bj114/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.dengtadoctor.bj114/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/com.dengtadoctor.bj114/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&com.dengtadoctor.bj114:multiprocessioc pid process /data/data/com.dengtadoctor.bj114/mix.dex 4274 com.dengtadoctor.bj114 /data/data/com.dengtadoctor.bj114/mix.dex 4373 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.dengtadoctor.bj114/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/com.dengtadoctor.bj114/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.dengtadoctor.bj114/mix.dex 4274 com.dengtadoctor.bj114 /data/data/com.dengtadoctor.bj114/mix.dex 4443 com.dengtadoctor.bj114:multiprocess /data/data/com.dengtadoctor.bj114/mix.dex 4443 com.dengtadoctor.bj114:multiprocess -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.dengtadoctor.bj114com.dengtadoctor.bj114:multiprocessdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.dengtadoctor.bj114 Framework service call android.app.IActivityManager.getRunningAppProcesses com.dengtadoctor.bj114:multiprocess -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.dengtadoctor.bj114:multiprocessdescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.dengtadoctor.bj114:multiprocess -
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.dengtadoctor.bj114com.dengtadoctor.bj114:multiprocessdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dengtadoctor.bj114 Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dengtadoctor.bj114:multiprocess -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.dengtadoctor.bj114com.dengtadoctor.bj114:multiprocessdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dengtadoctor.bj114 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dengtadoctor.bj114:multiprocess -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.dengtadoctor.bj114com.dengtadoctor.bj114:multiprocessdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dengtadoctor.bj114 Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dengtadoctor.bj114:multiprocess -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.dengtadoctor.bj114description ioc process Framework API call android.hardware.SensorManager.registerListener com.dengtadoctor.bj114 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.dengtadoctor.bj114com.dengtadoctor.bj114:multiprocessdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.dengtadoctor.bj114 Framework service call android.app.IActivityManager.registerReceiver com.dengtadoctor.bj114:multiprocess -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.dengtadoctor.bj114com.dengtadoctor.bj114:multiprocessdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.dengtadoctor.bj114 Framework API call javax.crypto.Cipher.doFinal com.dengtadoctor.bj114:multiprocess -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.dengtadoctor.bj1141⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
-
sh -c getprop ro.yunos.version2⤵
-
getprop ro.yunos.version2⤵
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.dengtadoctor.bj114/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/com.dengtadoctor.bj114/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
ls /sys/class/thermal2⤵
-
com.dengtadoctor.bj114:multiprocess1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
/system/bin/sh -c getprop ro.board.platform2⤵
-
/system/bin/sh -c getprop ro.miui.ui.version.name2⤵
-
sh -c getprop ro.yunos.version2⤵
-
getprop ro.board.platform2⤵
-
getprop ro.miui.ui.version.name2⤵
-
getprop ro.yunos.version2⤵
-
/system/bin/sh -c getprop ro.build.version.emui2⤵
-
getprop ro.build.version.emui2⤵
-
getprop ro.miui.ui.version.name2⤵
-
getprop ro.build.version.opporom2⤵
-
/system/bin/sh -c getprop ro.lenovo.series2⤵
-
getprop ro.lenovo.series2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.dengtadoctor.bj114/databases/bugly_db_leguFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.dengtadoctor.bj114/databases/bugly_db_legu-journalFilesize
120KB
MD565ff893164dde0046ed79257b7e057de
SHA1fcd9300190eac9fc095ee21a09d142ebea727b14
SHA256c4d008248a9f879c5cfef2aeda45931c94e945022385d1e2f7f29a16a2ad1f06
SHA512751bddfb2ee852fd23e3167a666a08afc024b682ab2da83bdd44d44d6827229bd301d758b7d87a98764f6083a5e09065dc3840c6541456877e469c6fc5b8a2cb
-
/data/data/com.dengtadoctor.bj114/databases/bugly_db_legu-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.dengtadoctor.bj114/databases/bugly_db_legu-walFilesize
92KB
MD520d8e8299297cafdb77d39792a1c4ae2
SHA1386d49024fd4adef677331ff2584b7ba247c50bc
SHA25621b101fc49cdb81665fe4325ab213aa6772cbbd2b670893a560d50b5345c70aa
SHA51204c42c62a8b9846239d005ac7ad66ea9f1385ed5f26367e0c11e511ace6a5fba6b014301df01fa379bfe0a4d0c58cbfef3afd461f0494f00a0416f8bc7097aa8
-
/data/data/com.dengtadoctor.bj114/files/libcuid.soFilesize
163B
MD5bae69091a51fa6cb42b0c31ae07bef10
SHA1391e8c09c93cd7a9350a3952c400f47de41e26ed
SHA256c87ce3011855ef3f896295810ec5ba6d010a53e5ebacd7144a870d8e3f7eb0fb
SHA512c935d58582ddebcfee58eb587d4a3868fe40271494add43635a518a5f4c10b80344d651bda82e610ef8b09784b1012366a049d954df48220618dc3c0267202bb
-
/data/data/com.dengtadoctor.bj114/mix.dexFilesize
292B
MD563f77f99bd2c2b772a479923bde11974
SHA1c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA2564c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA5123aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c
-
/storage/emulated/0/backups/.SystemConfig/.cuid2Filesize
129B
MD5d5215843444fa370fcf4397d28be9292
SHA120080faca1da5079deea7f69a5220a939bbb9da3
SHA2568085314c7412b753ea7632b5064078e3a80ae1032074808a0a0683e6c40da271
SHA5122292a82f8af41aaa088ebf72448a85d24357e04695fbef72193990a3338229e78ac1da393006fd0b90482cf0b289a8971d934c5f59f8ba20c5ca8224e7eb19a8
-
/storage/emulated/0/backups/system/.confdFilesize
20KB
MD5249e034c9703afc1fd6062371c7f3da8
SHA19ca489179488e0fe5a35f7c0d5887f163e4890cd
SHA25618fc5cf216b05487a87be99a662e7474bd54120f214e034b3179f40ca989352a
SHA512b819b152548431c7892678ecdf23abe44cbdcf80e8f22707ab32a2aedb5356346b27e3c3e750665ba893d602af1c7dcca97edbac3c820859a0fc20714c22c0bd
-
/storage/emulated/0/backups/system/.confdFilesize
24KB
MD58c7f6e3b52e6e841b895bbd13644ed43
SHA1ec8daf46a7eb99c75ea1ce8582ef77b2df8455d2
SHA2566615188d5d8fa77b44fbae7a249d073b3623316e7489c5fec95fe53188ea467c
SHA512cffafd628e62fa915872796ee02dd8119cfebd6811291155acd400986ee5d34b244ab3b5d0bd386566724205771f665571bcb04950d390c5c60072fdb90c5280
-
/storage/emulated/0/backups/system/.confdFilesize
24KB
MD5fd53eb4e05605a31b7b0614ca3ab9981
SHA1e5e27d1dcdce2da5957bcd6b6fa1f4957b1b2af6
SHA2567bb7eefc88ed8ed3d3848155c214f6e663a91ab957372b129a378697c1ede39e
SHA512981a29e3f9e585f97568e157cb2237771d0f77d6770a6f383dd36d287cc90cec4c13e9484d05baaefb46fedd4e307707cbe349988a3164aa91b7fd170181bfa1
-
/storage/emulated/0/backups/system/.confdFilesize
40KB
MD5b8e8f88fc5ea9ea95db64c4e5adc1fd5
SHA19d7ff0813ea5f76174f448db86d5566a0effd513
SHA25696a8e6face561050aa672eb2667d3aed339272ea009d998241dfb3f098c8f4d5
SHA512b224d4cafa0b70125c39ad83f83514cb3f31c90fea2d4a6c6cc4af039ced5a0d73f33936850524806a6ca560d0a17ccb38258f30bf9a666188ec9affd0b52375
-
/storage/emulated/0/backups/system/.confdFilesize
32KB
MD53cf0b2cca44766a777344a7db75b25e4
SHA17fc401b85dc45a618793038f1a4b48d7096e8474
SHA25674065d4179a3aab04328718e0e04089e93d2b4b28bc6ea3c1abb046a9d687fd7
SHA5126f5dcc38a698f9dca903a544d857f294a9ee3d865d45a1799d68098f8a30ea7a6d3803e1b3ba03768efae07bc19669c5ba6cac403fc64fde8dc8c6004cdc9348
-
/storage/emulated/0/backups/system/.confd-journalFilesize
512B
MD500d5b51d5969af50baa47708f357201c
SHA102e39e21eb5840179f0ef7a3852dd2d2a77cd8a3
SHA256a84a1877bb7cefeef0a062ae080ddabae45bf10594eef0d55a788e9e7ea54ca1
SHA51209f861546e931148d0b690709440072abae0f382996cf4e06bc90d4935ab1e8abae5134e341a971a9fdf418d0df973e5a30ba8775d0c3331905d239dc2ae7c0c
-
/storage/emulated/0/backups/system/.confd-walFilesize
36KB
MD580f3a27c248045115c2e52a5430191c4
SHA181c1d478a7e7fe38e631cb57c0b28068fcc9e832
SHA2561c8607e91ac62e0273c23bea9fd2645a7b8f799d721fb6e0b95cb32619cf5bdd
SHA5127828b900c89f321871b14290316c4ba9035e6f3cc011e38eaa5ccacc9a8e1e308585e8434d7fbea94fbc5ecef92c77de0f79ae72b471e9782839a2b1e5331eb1
-
/storage/emulated/0/backups/system/.confd-walFilesize
12KB
MD5a22e1ea07ac04063e394861cf96b39f2
SHA122380b45faf2e3a812a31b9bf8082701f63b4e7c
SHA256d8ab57f12a3182c5afb3fe97739c0088ee333ab80d6ca220a89528351b009c1b
SHA5120f08212e8c007411973430a77e699ac459bb3e73541d851b6f3ce3a95afef0400915c4fa929dd0ce80987d2424a5469646a8e7e17fffe2429c34c38857a97d66
-
/storage/emulated/0/backups/system/.confd-walFilesize
8KB
MD5dba5e50cf18f864573f09775a0ef59f7
SHA16346675e1865de9dc66f57c097d7084f7fec356c
SHA25640f7904c8b3b7a755e88dc6a371954db309ad8de87ff2422de4120e5ea4fdc67
SHA51254270b3ee5194daa095f91e9492d1e356667ad09a288bf79fc64fcd0cd8cdb5352421fdcf3665332659d428086886adf91c68339bffde561456bd35ecc916367
-
/storage/emulated/0/backups/system/.confd-walFilesize
24KB
MD5011a1af1260c774a647ca8bcc3bfb8d9
SHA1e0dd7527863cb64e6e8cb0481fbf9dd8c6213734
SHA256c6c55c58ba7a517d16d7417b3a3bfe11109de02fc8748809f671c3177fd87a41
SHA5124397bf521112b95751cf177cf060c3dd9dc055385a578cf976dd1206b59142f5b0552f133ba1cfbbc2d0a3acfe8dfca58c1dc4f23cf3517089118a2a0901ca50
-
/storage/emulated/0/backups/system/.confd-walFilesize
8KB
MD5da64d408088d5510a956b469ad2bbd21
SHA12c48c7500aa48c50e36cf31c87557e94f67b9b21
SHA256364b97fc408c7f404c4fefd8c58abf03fd3119c4a60c8a6b1b446f5f3188121c
SHA512cbba2cc5490b4be158888f5e0e70e4616bee0706f8888d0818c2e99087c9931b65d470e08456f905dcf4a55655bc526c34299e617deff9651de90128c6bfaaa2
-
/storage/emulated/0/backups/system/.timestampFilesize
25B
MD52dc247fa1dfdb02ab2e0d3143ecd00ea
SHA1c3f058fe9371c1d425ee516bba2cb87eb644cf49
SHA256ef5f569dcbb418a9521167e1caba64c4891704c2bc25cf1d30b1e19840dd57f7
SHA5120ba5a6af9442735766c1b58f63d84a16b69afe011ee8dba4cddc056ba3fa5892b19999af87f71d5e931662201490e9c83047914941412925429b2666c3185d24
-
/storage/emulated/0/backups/system/.timestampFilesize
55B
MD59f3f6f2a24f2a6ba854219098d2e32ce
SHA1917cf1fe543e4b85a627946a3cb76d46f2bb8848
SHA256a848846533781b0e56b906577c8716ecc6b70b357d0d36548571102c1277900d
SHA512ef2ce02d54e507f60e91431d74d21c9c1228b6fcc30183b914baf06ef4bbe093e4c913854dfaa3458c7ee6e93de22391072759d0bdbca6da8a8413221f5e543f
-
/storage/emulated/0/backups/system/.timestampFilesize
84B
MD56a27375f01526080f8d6f4796cb4f105
SHA1fd3eb37a24ffa1c7510e2679ca94d432bfafc81e
SHA2569c0b91d9c9388a5a7917eac36a084d3737ca75162c9471527c42fc10e788107d
SHA512434501aaa55d2ed9653d577ea044c2a5fe7eec29c7ac6a907a5981c53ab64adfdc961df309f638b421044fb85e959a771d1828b6804bda47915b20acd8db54e3
-
/storage/emulated/0/backups/system/.timestampFilesize
114B
MD547bf2433ed891512b8508bc0ac694eff
SHA129f1a6b9513d7deb1409d72750592101413324c7
SHA25604e3726f98768e26c3ca37a3efe4c5b3e01dddab8d09806ea5286794256d37e5
SHA5129fb535ccac228120d85fe5b55938ec8d35992a6dd5874797ad6aab139994a4605cd42f2473d14e507e93c18e1d89918e83be2b0a31800fd636ac9b25436820ed
-
/storage/emulated/0/backups/system/.timestampFilesize
138B
MD502a2c5e214dd24160a1589951d155f68
SHA135c8001ae8ffdb9bfd0c7b9a3d49b0efd32b014b
SHA2568a511d119644ce2e82708a03c01f90741dca6d7de825c13f900e06cd3f4ee0cf
SHA51286e630956f1ad749720e7c318d3471417dbd5578572f20e65f805de5bceba62df336817f218a348c1d5374212c4b5cacf9423f82fb6684de90d9b530b7ed8852
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD55941c7a42bea265f96d3914507f874df
SHA19e8d573c106e6176d6f768ea3fb1424643f518ef
SHA2565b286c92aee862ece0f761c1c81777ab3df5620895887fd989486bf284162b5d
SHA512db5af07b0ff79abb5ddef4d09d89078e8f3b69c6ac444a999588751ecc5c564d53e6e56ee98bc5bf61fa34f6b1df82e27e61fbd56ad434bc2b3ac8a357d7203a