Overview
overview
8Static
static
6ace22f6605...18.apk
android-9-x86
8ace22f6605...18.apk
android-13-x64
PlayerUIApk.apk
android-9-x86
1PlayerUIApk.apk
android-10-x64
1PlayerUIApk.apk
android-11-x64
1bdxadsdk.apk
android-9-x86
bdxadsdk.apk
android-10-x64
bdxadsdk.apk
android-11-x64
gdtadv2.apk
android-9-x86
gdtadv2.apk
android-10-x64
gdtadv2.apk
android-11-x64
Analysis
-
max time kernel
7s -
max time network
140s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
15-06-2024 04:27
Static task
static1
Behavioral task
behavioral1
Sample
ace22f6605190d1dd03d9e251ec9d795_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ace22f6605190d1dd03d9e251ec9d795_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral3
Sample
PlayerUIApk.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
PlayerUIApk.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral5
Sample
PlayerUIApk.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral6
Sample
bdxadsdk.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral7
Sample
bdxadsdk.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral8
Sample
bdxadsdk.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral9
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral10
Sample
gdtadv2.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral11
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
ace22f6605190d1dd03d9e251ec9d795_JaffaCakes118.apk
-
Size
15.6MB
-
MD5
ace22f6605190d1dd03d9e251ec9d795
-
SHA1
d464bfd65598c5361cbbe241135ccf434a61e76d
-
SHA256
348d26ac2267c9785208b205ec6389744f63ae9cc464f51048c447103345a412
-
SHA512
d4555b9ca4af76acbcb5d6696d179311ae0e1fd5fb6b00ef4a3dcc69752bcb64010d25f8d42318bd03221e63b9822c53297e916209cc6df10719fcff767017e8
-
SSDEEP
393216:yohNc5bN74KW0WKADcd6CAi81lai5XJt5QG9isT4LCoDOtfbpNP:rhNc5x74KWrzG6CYvaiFaGw3LEzP
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.kidplay.bbtgsioc process /system/app/Superuser.apk com.kidplay.bbtgs -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.kidplay.bbtgsioc pid process /data/user/0/com.kidplay.bbtgs/app_plugin/PlayerUIApk.apk 4218 com.kidplay.bbtgs -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.kidplay.bbtgsdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.kidplay.bbtgs -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.kidplay.bbtgsdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.kidplay.bbtgs -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.kidplay.bbtgsdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kidplay.bbtgs -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.kidplay.bbtgsdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kidplay.bbtgs -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.kidplay.bbtgsdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.kidplay.bbtgs -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.kidplay.bbtgsdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.kidplay.bbtgs -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.kidplay.bbtgsdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.kidplay.bbtgs -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.kidplay.bbtgsdescription ioc process File opened for read /proc/cpuinfo com.kidplay.bbtgs
Processes
-
com.kidplay.bbtgs1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4218
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
125KB
MD54c300a61d0d96ebe8a74cc1219c7d489
SHA1851cd913f1c6bdfc18d451197120369c7235d8b1
SHA256861d63ed266c4f63f3061a1a05fb2076615248534f400e48216e67f25e6be92e
SHA51211288c439961a723ce68499769e9c14a4bedf2047d1609b204d2ee0776f81ffdba1b474d169c4e0c0c52c1fb43199893701fffef7b682d6c25adf557002868be
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5e0c55a4263cb0d73fe1630052e7fe966
SHA14ee5142dffd725f03785d9f300d413d539fd14e0
SHA25666f2ec80d403ff224126ff6e99be337b6e33df891208bff72fb7b49d1ea9af2c
SHA5127c29d6f6c8d21095f2f1dc80e6e0682d0770b1b5d969fdf49856e8cb2e015bdbfbe326a43c188afcc95b69275a62b6e18521c0ac7e4a2d8fd93fd4e02ebb0ada
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
56KB
MD5a3c200cb1b384ba262b093cd7e248a55
SHA198aee39b97db679cd2b4be5a8eb5393003a14ede
SHA256a007ebdf2fddba922bffbea6ec721197e04be25f104a4cd2b2e1265e5998cf22
SHA512f8a5038f2f771a184dfd7c0b82f4f002086e00da2584ee93c4146f6e3e1b9fb5ae01f09f6ec706f9bc6eaed03085963f8a1720d479b261140ef851d9aabf1a91
-
Filesize
512B
MD5489d313cd66390641eede4409ca32262
SHA14c6b9ed277994221f7d2ad609668887f7a1e8563
SHA256051dcf929313fdc7dbeb2fa341240a7536555773a9723c272694411af32ad1b5
SHA512998aca7f350c9f7f446f7ed2c7e9ff02ade57b22e4ccc1d30bca7d853466889d732482223c4dc76de0954965b165504bdd00629701412ca9df13fdd58b9a2ad2
-
Filesize
68KB
MD530b877046479ab1944bf58af4691d826
SHA11019d4da6770a069b9a112c5df03d77e32f5df17
SHA256f46a3c25616ca0b2e0dc35ade0ac47bc75901c5fbc32ed57870d2f33019c6f2f
SHA512b5d3d8864ea50b64321e02933f3703b02a9b524347fe00767b1ded574c727dc33a4bfdcf208bd6efa44dd46627dde6c01e3a4849bca97b450056708ad5b42d37
-
Filesize
512B
MD5854be3b10ca25a6d5e043d7f64226a16
SHA19ae89748847bd83eccc585adcae8ae472a41fc59
SHA2567ef7e6246427c0e7e09d1916e8bcd0e91aa1d308d6188d1ff058207b4c742c63
SHA51254fa48f65305397c78ba179deb628c823d0777d5d0aa8a09a91b4e3dff8b2d5dc38f11c0e174d92534ed369af2020ade411dbfa693751090f39c5060ec0f8484
-
Filesize
32KB
MD5f36dbb2791d6b5852d656acba1d3b629
SHA16412c522ea22f1951df1bf9c33f1503a2acb3f2d
SHA2569139eccf943e7d93dca180a24d65e2f91a55e7029769e240c5cc2f6181e91868
SHA512bd4560a35c3209d42d894df2f7377698aaffcc5944d11fcec501618c41be58a84b6f13a6a01bb2e6990c28a220c4955c54ac41e557c920843dd82f22fc69f319
-
Filesize
36KB
MD5ef6878e55b39d82d774e9d212bcb6f17
SHA10c860b84ffd662266c074bb2854c4010a2befa2e
SHA25683ec92923e7fa7c9e7276ee8a7f0f5d4dfaa615006252dad0d4a6932a93119f9
SHA5124365974602cd29411543798ea4a8afb146151511952fed263e300cd44cdf90b558a4f23f7144e98de8492c9b00bd4e0f52c3e2a73bb7c3111ea6593dc71ce5d8
-
Filesize
512B
MD52aadc766c69d778049930737ece24dcb
SHA1428aec6b861ee8d2bafc947aa76325c0e3cdd144
SHA2561f7a360263fb5b9217d0f86de29fa1d0d0bdec3b66b1edf4bba8ef8ce871ef07
SHA5125e53ca86fa3b7c070492ceb24864baebeaf12f527dfe315ee7a3762f4e458ff5023bdb098b9ccb0a9b5f74e7bf2c60bafe7397700f428e832a3451be360a1ed2
-
Filesize
56KB
MD5e13c7f50b492a882e7b6651c109ffcca
SHA13c765930b2828be276c566935bde984526f057bf
SHA256c9a928b98d29be885faf378fd2b25600bd266dceb734c252ca23c1fe9a0d7421
SHA512604ad64a9a66726b6200a9a8c84c50c4a85e1a911b34181db87f708f8fba0220e2c302bd61237042f9c5b04b0af70a162e58d0f21e08ac87bc5a2383e6333b9b
-
Filesize
257KB
MD599e99c9ee2184a722ca10b850b221516
SHA15a946d7157a028b9356675950e189a2e44c06ffb
SHA25618120f8875cdf7bb542337748fb8998bb3be5393ce27165db56ed163954211b3
SHA512fd8bc479b18e8310931f6285ef8e8834e94ee7a4b042e8fe67581bef8c35edf0bad09515c332cf383d2737eea1ee05b5770972d91703cc50a9db894bfb577313
-
Filesize
111B
MD5b04789083f6135d5242536c06afb5f6f
SHA1a68e3368319190c0ea8a604f7c23f34edc9c3bf7
SHA2567a65cc366074d4344e7b90680cb263a67b2609bc0e9b678a7d3faa26ae770d3a
SHA512939e6cb9799b543752850b0aa76188852fed947a52a0b3fd6aca2188430484632de1ebb69fc58ebed03182ca080eb61a08294939125d771bea080e6252e11608
-
Filesize
213B
MD55b1f75f4d0b149eb43039f327b8365ea
SHA1f9d73f87bc0f4b7bbb3c0b4d1ddb01b1a57d4d4a
SHA2567d2c519ad438f16a7a339c2285e31f4ed3c8e1be99ba40c8e0accf5193dada0c
SHA512d38ae8c881b7bc17b9ab91e4330dfb34a4f23cb683a3e63c9b3de861ed90c280e04d033a5343f88bc95811c9dd154067037362d51ef520a4604a62ee80933617
-
Filesize
111B
MD5c3e6ed45023a0bd17abf49893417cba2
SHA1105ebe6b9d282f87ef44f5e21f05462ce249448a
SHA25630624d8d44d2932c4502c690a82e67972d9f2fc013a3527088ca34e34fb2ebfe
SHA51213f379f821f337c1fb87e6f41e2a7bed494b96e8563e2485be8ddae7247f0bd68afeeb95bc00ace949591dac1c04e0df7a04038b32e2184b21e6a71b5408fe18
-
Filesize
167B
MD5f85df6052af13f1cda677758723e25d9
SHA13607374920f108bc6d7a20d6544cace5b87258fc
SHA2567df0cbce3f8c11af55685dfae7fa3986ebaa53cd4c4481b05fe3e4cab90a547f
SHA51275d8de42e16cecdc916baa9b0145dcf62ff9bd02fad21d96a527bbddc2118c5a29c287a677da1a3962b382a79f9b646c155898fe1838084f401252d6a65f9ec3
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03