Analysis
-
max time kernel
179s -
max time network
169s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
-
submitted
14-06-2024 20:32
General
-
Target
ab556e65ca96f69da7977dcad91b20bc_JaffaCakes118.apk
-
Size
691KB
-
MD5
ab556e65ca96f69da7977dcad91b20bc
-
SHA1
9344cace6478eee71c30591409d3decd2a605bf4
-
SHA256
bfd50d7a681ebbe18fbbc2b375737e1f2a54e8d7a28ceef45deb1c301020aa8a
-
SHA512
5bec995d32886abf77795b506a33203b32848af6cfac389476c06b13f881dd1ac3d949f3ce021ee2a3a3a74c0309cbc63c7955e2dd5255aa87c7e4f3a5de8bed
-
SSDEEP
12288:0G21aVgCOxF9EbZWF4+NZPMjQzdVvbKdN57Q5CvvkffWgFuQ:0b/eE4+PMjQzd4dEfWuuQ
Malware Config
Signatures
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
Processes
-
com.kdneyuiko.xrwxr1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Reads the content of SMS inbox messages.
- Acquires the wake lock
- Tries to add a device administrator.
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kdneyuiko.xrwxr/app_pxwdy/qxvnrw.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.kdneyuiko.xrwxr/app_pxwdy/oat/x86/qxvnrw.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.kdneyuiko.xrwxr/app_pxwdy/qxvnrw.jarFilesize
78KB
MD5ff264728847ded68d9f24c9bce4686e0
SHA10d1e7c3793cbb624745dc7e9500676c6cf0f7b0e
SHA2568c56b566cc4522764cdc8755d7daa098497fb6c9cc74146e4399777803273dc7
SHA512697926138d8bc3de9cdea6571cce8b15b54f24ebc3f9afde665dca260d3e01d128a4a28254b8e395de697ed038fd5650e7916d9d873d5626a7c965508d1f7b49
-
/data/user/0/com.kdneyuiko.xrwxr/app_pxwdy/qxvnrw.jarFilesize
179KB
MD5a7251a2c56502de0292795c545a0b98d
SHA11831a16bf6f063ca32870e344aaff5c83dbf0f58
SHA2565b8c194b625af412b2fb6f59d47d4723fe9cc4ca851b0654059bccf594734486
SHA512de14465bb9dfc2f212bc7c5241dcee748491a5cc5fe669541b4973943915607f01ce045c6b6ca24aa5720fb948bd3afa91e984cb6ba785ea8eee04f672625b79
-
/data/user/0/com.kdneyuiko.xrwxr/app_pxwdy/qxvnrw.jarFilesize
179KB
MD5e9e233438d90689dd4214e8a0eae6200
SHA1e27d14532d63f24c635005ad8eee609100161d42
SHA2568c538b4cf04b73b168eb9ee1b52c6c393eedeeb6736b6e53df1cecd7c7e549ec
SHA51257070ce9e281942f67d2396566afa91542d4af55834b024856bc43b93adbc9967322a8ec46dcc47e9b14a8dd908093aa9fee5c88e651335bc7d42efd57d94610