Analysis
-
max time kernel
56s -
max time network
138s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
16-06-2024 19:18
Static task
static1
Behavioral task
behavioral1
Sample
b4c6b383e262e14182ad09d91bd7e70a_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
b4c6b383e262e14182ad09d91bd7e70a_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
b4c6b383e262e14182ad09d91bd7e70a_JaffaCakes118.apk
-
Size
5.7MB
-
MD5
b4c6b383e262e14182ad09d91bd7e70a
-
SHA1
4b5940ae51498243dc8cbc371ea5563a8f0f1c3a
-
SHA256
29b48fb0b4dbddb296a29db4d170a0db8b0292bbb54d3366be692de4e6024525
-
SHA512
774f6f2326fce794735ab415a54fe63c70272e82dbee139bfe6182a31574856296d47387c7dd755ebaddd139ecfcefeb8348a5054a39b7e1d8ae6c9b5d2cc310
-
SSDEEP
98304:hrN3jgDXGmAVDGByJBuIOGYmwUypXRf+/GS4aAvCQhnq9hIwDDZ4uv4L6b7v:lNUixcyKvmwUypXRfWVAvCsn+WwXrALG
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 6 IoCs
ioc Process /system/xbin/su com.kevin.videoplay /data/local/su com.kevin.videoplay /data/local/bin/su com.kevin.videoplay /data/local/xbin/su com.kevin.videoplay /sbin/su com.kevin.videoplay /system/app/Superuser.apk com.kevin.videoplay -
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.kevin.videoplay/.jiagu/classes.dex 4237 com.kevin.videoplay /data/data/com.kevin.videoplay/.jiagu/classes.dex!classes2.dex 4237 com.kevin.videoplay /data/data/com.kevin.videoplay/.jiagu/tmp.dex 4237 com.kevin.videoplay /data/data/com.kevin.videoplay/.jiagu/tmp.dex 4283 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.kevin.videoplay/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.kevin.videoplay/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.kevin.videoplay/.jiagu/tmp.dex 4237 com.kevin.videoplay -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.kevin.videoplay -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
flow ioc 19 s.appjiagu.com 26 b.appjiagu.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kevin.videoplay -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kevin.videoplay -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.kevin.videoplay -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.kevin.videoplay -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.kevin.videoplay -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.kevin.videoplay
Processes
-
com.kevin.videoplay1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4237 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.kevin.videoplay/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.kevin.videoplay/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4283
-
-
getprop ro.product.cpu.abi2⤵PID:4337
-
-
sh -c ps2⤵PID:4375
-
-
ps2⤵PID:4375
-
-
ps2⤵PID:4401
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.7MB
MD5e35953ad80f4c415af2d91291ba183e0
SHA199d07afe283a5a42c29d5914614eed9504d9d930
SHA2560277cd5e6846e76d59b9c56ca461e2f67c5d51743a5fbbafdfffd13020bead2c
SHA512b49a118a3708229b56a7056e42f51a2f16e033ca1c0d1b8032912ef2c6f3af58b723fdd2d6733a9d1a2b5105e8116d11f875784d8305cd072fa6c32668af10de
-
Filesize
4.1MB
MD5537719937e6e68ceaa123d06e4d78a04
SHA165ff9fc8be81f4045768c19e769e68b0225a56cd
SHA256308f2d300f5c47210325633bdaa1454925b68bc8d293cc62307d3ff17138d4f2
SHA512e71427cb8851982f960014bc27cf7e55eaf6e270296f97c6beb2fa913e33c24615a264b7c73fab8a81ae89a42a59aec92ae41d0f692effa9f0f7d53fb516fb03
-
Filesize
480KB
MD56e8ea47d2d8500b7fb8855394fdf0526
SHA1d3c719bda605cd787c4acf30507edb76b7fb6070
SHA256cc3b55086867ed7136d474a21b1359f49e6afed3b74fbb4ba5f11b36ce1f4d46
SHA512385241f905c46ead517e4e0bcaf2fe00160ba0f7f40c6926ba288bf41d46e77a8bd63ec0a97d57a5b65cf6fb1f93b5f86f51d9cb24809ae934ebdb2fd49c0b70
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
56B
MD5e532aa977ad7048012d02fdc8fb8351d
SHA11b4e5e338c27786c2084a63c1f265ff474eaf928
SHA25678855308c2df38cc389ced5574d4193ff5ee8b4ad4c5bd7eabf0cb9d582f5390
SHA512df8bf0eb8459acc079c0c51601b04c641c95fad09f325db7c743348d998caa17a3944e00902f57c0a76ef526beaff7955df1953d32e6bdf5c7e3b935ba9a84c0
-
Filesize
56B
MD5d55d1d2a35e2af4b3b5e0a4da66a19c9
SHA10caa25a62148a9d952ff84ae1d4ef0545bc5dd77
SHA25651266e40bcca1c86bd4b7fa3c47497c0e0498b7bcd46910c6044359b30c78f42
SHA512bf8a08bbc6d686c5676ef90a9d15e72108b117225dfb5ffbc6ecb6514541870135d7073458ce8f92ac25101a509339875b7091e6af081b4f66183da099b196cb
-
Filesize
84B
MD58547bddeca2edd6eb56baa42e7817e88
SHA1574c994964872d4ae3ebf4d5c3cd15b6e7dd0263
SHA256338f0c2cef10d7841732630bc34042a643cc4d0fb053196c375255ac5708a9d9
SHA51298400a62b0cf5cf9813277772184cd4dda53c6317aec0530df2d886754eb5ea04835b9a9888f3df21d081957436b17551f77ae253381f341668a8ca94b7ab2aa
-
Filesize
84B
MD56821635dbe08604039726989b5492bca
SHA1ba3be64493a8de47b1455408a5f3866e9730714f
SHA25658a028fa77d415e8b64bc5a66bb87d2471e6190df5c283bcea44ef6045d95d46
SHA51292031dfd9b3672d217d8b79a5c90f9ed3fc21f1761053fd1294a31bb29bb378723c7631ee4dd2de07b7aa38e33e2e3540eb8e2e0a7ce12264e138722efe57302
-
Filesize
84B
MD53f0450c64623d5b744d8bc15a7ef73b1
SHA1589999a8d019e7725c97388ba5fddaa038304ba1
SHA2566d0bab52f0aacf47956f57ca46980f9284f338c6af7dea52dffa3d9ee0e2fe6b
SHA51234ab6107cba574ec7a5101a7c9f62301882d8d65c0f737b5b6009aca5cb44010109221e57be168c0db594b2f3ae310506206a1b4f8b85f5a8e48808c7992d371
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA40182-0001-108D-14C84936EF4FBeginSession.cls_temp
Filesize77B
MD52bade6e140912ce1df6fdb9eb5d40618
SHA1f573556ff12c29d9ecf8aedad8de0493abe926e8
SHA25679f543f643aaac7001f90598845da5d48f111ff01b4b84fdf7918cba89b739d1
SHA512523d908c85e12d2ea71baf88aed513701346a4b99c7935e4253063f70590aa7a11169e6dbcd70b9880eb999cb77e752f7958e9887b2362a52336a9115768f9e7
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA40182-0001-108D-14C84936EF4FBeginSession.json
Filesize132B
MD57870ffe13b24aafd958864229794ee0d
SHA154981bc1e2a0ecd931fab5c5a68aea897b757a9c
SHA256d8f6c038dedcaf0bf6eb6e69f9bee4324d00c90a395288ee7da7cf628b02c70e
SHA51252a88d579aef48c640d552d4bb9daa3156f8e67ea09f55141ad643e845f5da4935c8de571ca58171cb5c62b6ef724c14605cb69cd9be49e21f4a37600a292338
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA40182-0001-108D-14C84936EF4FSessionApp.cls_temp
Filesize120B
MD5d759e1c261a48e4b58e930307f9f7d6f
SHA117aaf8a1834ea0a131369819a6b9fdeb71101741
SHA256eca60a3b63e4bda07f7a623b53d62ab619596c2b01521e2f6e6fc28ec0386a9f
SHA5125adea8156a916e3795ea2c945e3851c51c2deda23f22722b507092d304b7cc41375705c50b13e5726cc7af63974f1482930d37bf7d24ec1e0d8277f145e94b7b
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA40182-0001-108D-14C84936EF4FSessionApp.json
Filesize234B
MD557076a5d5112f6a527d0e92be34e9b38
SHA12601015e57210a1ba8c2e0875946b11ea991e7d6
SHA2569004929620a5a197b38b40f3a557d5561c72a08c2405b6e987afd00e7773b6e1
SHA5121641dbe3dc3f5a59924d33fe6e64ce7f57126ebff60856187c9c54ea4d97e86e6f844ed9a76286a042b521954de20d3d6a71bf441dfa83201ac218f6e4cfc991
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA40182-0001-108D-14C84936EF4FSessionDevice.cls_temp
Filesize48B
MD5cf9cb0612d588a1f71b63084cea67316
SHA13d035bb92fd3f8997160cf8025c40239af74d3ca
SHA2560d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9
SHA51270f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA40182-0001-108D-14C84936EF4FSessionDevice.json
Filesize202B
MD575db92d50c80a89e068550028c62acec
SHA1d78ea55f5dc682e4da456d26383249f608fe894f
SHA2561dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2
SHA512dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA40182-0001-108D-14C84936EF4FSessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666F3AA40182-0001-108D-14C84936EF4FSessionOS.json
Filesize54B
MD593023624eb8dff5c20050da136aaae0a
SHA1acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize437B
MD5f8cfbefe41792ba68314185e94fc35a6
SHA1d3e538e88c80f0a80b98cdb77ef1dba3e4c9edd8
SHA256d29704458ee48b14b65826a3135788120247c58f9df029951c4ba5dce7429454
SHA512ea1e591887b2af30bfd1b5ea7b7cf637da69a127e66f2d99d50e9bca4197412a65c55a421478775e099e5b0dc933602a3afaf874358831056e9fbd12ac871f57
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize897B
MD56971dcdde66d74ddd4be74a76d9ba11a
SHA1c37a99d1902a7849a1fea1214ef2908a081b1820
SHA2563dc8b2ac43310cedcb9810dd28f283e3f7eff3c51f537e29432943629e48eb2a
SHA512fa4b3f29fcdda5f655c57cabaa35e5fbd5ba35217ce3a72499f3499689ec888dc8c586f29ea7dd7d865ff1de631888af39d9bdcb642a412f7315a67e386aa524
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.kevin.videoplay/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_d7b71948-65fb-4070-b82f-0deaa242db47_1718565540731.tap
Filesize347B
MD530e72b4f685fab9722c5ccf29c7899b8
SHA1549c7b9251152b4551fa74169ec042a21f87d864
SHA2569d762fb04707089b97c1a09d7690939966108289334e230449ddd3e05c1ae30a
SHA512413ad314ad413102748ff2e8510eb04995c31e3d2b6ea5e4fc1d633383142efd745c4a536bb119ac5679faebfcd7b70de298e234047cc244017394a18d2fd125
-
Filesize
40B
MD51c05f0c150032ca47a982392d0303aca
SHA123d2dfebd80fc3a308f91685ee6af6595abb365a
SHA25688596ff524e6eb149511d8b9b00ccbeabd835a5040bf7d01cc71b4fa3af066a7
SHA5124071ba8f3b3e1235bece92f0532c61ba7e4322eefaf7f89f9666370aa26bdce8ca165604d4784e2510619b6180cd3621803192ed5f3b185a19740c7a37b54d39
-
Filesize
40B
MD52bd73a6218967d79fe092700f01637a1
SHA191d914c50932fcdd719c0119bd5d2fe31dbc261c
SHA256e19ab9ecf32821c854e497f4cda9ce8fd50735b486d989b06a564019bd667cfb
SHA51245cc3a6f9ea76b7139764388f87b2fea771064d3667cd74ba184adbbb486f44d9e70645014cfce6eb0c346ea475fd172c47565cc0e3cb0a2c911360fc7171cfd
-
Filesize
340B
MD54d304f7ed7971ce29d17470aaef65718
SHA1010ac56cefb56398d44ec8e1ca3d83026091d0e9
SHA2562f08713349d1257e422b6197a33873c7ec45918e2043d3fe8e2438f4f1ed65fa
SHA5121b2d8ecb60c77a6619fc2173452fe8f501f0f404d813b2aaaf04f6eacac701b2ece4221aba86d5e7a9ca6529296feb70204b4f6b888a67ad4d7a8a97dc6d05b3
-
Filesize
340B
MD538c05f22b11c90df01e497c928e3986b
SHA1c441721c7f63722eca305de1bd4995748c470d57
SHA256898b4465344033f08f36633fb7f0c11427f0e70ad2ada12cd35b20c1dd87d998
SHA512838921000d266cfc64e36d8e33acd5a58f87168e38acf9d3d4fd3c0583a89456d8b9a7e050d3ec0b200a22ea3f490362c6496ff60f682f98a51fb0a6a78aac61
-
Filesize
40B
MD56dc46aed34fd53b969f27ad3bf9dcecc
SHA10de2e9f964a16ca0aeb6bf818dc5797dd9f067f3
SHA2565a0273b0861cba688818af475fca957cc38b0ef441d97a6c26bef3d246caa953
SHA512c966c05427771e05b24d6eb3fdea8e87fd6c716a2c21dc7365dd4e11de1e4bf8855d11c48063f94368771d90c532143cb6919b258fa2d31c1f8a42838f3314f2
-
Filesize
73B
MD5acc2318af595ebe949d9e850813517d8
SHA16e4b8feb8e9fb73d90ee02b512746be552962bbd
SHA2562d1044c2d349cf6dc4756a962cfc8e439fd6dcbd8338176a074317d7d2810f43
SHA512eaa4cfc829c664203ec63308c7abcc8cd22df5fc2b5e82fe247bc369dd40e21641946284f4b7ec962e51a4be2aa329888d201d33b1f4e8e957bf75724e965789
-
Filesize
314B
MD5c61227911f334efdcf6822be72015a5d
SHA10b00203e578d9d8ba2a098245e05cdb922bbcf14
SHA2564670dbfdee9ad963cdbafde8d01994e45a8da4dde3315a85f597d26009c38735
SHA512548da7b713b00b5aa4633fff242910cab952bef375cc57f20f3c85c49096817ffc59ef5a5d9d894892a45deb1c093a47845c9354396f936b44443374609fb84e
-
Filesize
127B
MD5e9401c906741d820e677d6ebdf03a5f7
SHA153eaa064236e43fd91afab39b3a49058e3e2484a
SHA256213f7df887c52fb83c5e513db901d6c19eccac1ead598443907342667229d517
SHA512112c68fac4176ae81b30583b470c515ab89e3b3aa37ad092706fe19f2e5130ad42992b8d1848222bccebe0b6afaefa30a9a188b89df78d028b5beb66368ed2c8
-
Filesize
32B
MD5448e391c59eef34ee1defbe4dee4c41f
SHA1df1f890987371d7d8e6963c68b787856e42bc146
SHA25655612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549
SHA512ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7
-
Filesize
27B
MD5477047c2f9e7c45f19d0066782be4697
SHA1feb0cafbd1245e04faa3ca5e34da957ae42af4c8
SHA25695dfe12e4c5a64908044e0ae9db887efc18aea85aa1cbecac184390370c70efe
SHA512035e264a00b8968a665fd42ee77bd3a4c5bd7eb8437d7014f18e07a637f500f6ca54fa026baeb07d994e32309b05033d5342dfc2585f119c71de29ff6974bef2
-
Filesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
Filesize
32B
MD5b4627efafd7c9bceb8500e4158f7d9db
SHA1649b7659807a927affccb9e4d0bc1fb6335a7d83
SHA2569bd892dd6ec37ab4d3b80b786f980ffc0f41824d680bc56dbe8e55c5431e4199
SHA512e386227f564692c672ab81d2a9c47867465d6554b4ef25cc5e86a30fd2beddc1bc3d5cb8a98c53f313ee4ba3daeae48a71bcc2a5900ac028d092ba8b92763c7d
-
Filesize
20KB
MD573c1a320435139cb1b595dea2d7255df
SHA1b39da0e0725900da307cd83e93adb0c17791f375
SHA256ee929eefe6724d87be38ef4c2f0b0c1a9a253bfc0b9be1935316558496b3717d
SHA512aa27663a7b95463327d1eaaa14fb17a01621a7b2a930f62077068121bfd47920108cc38219f125a17abcaf447387670ebb6309656bc2b9242138ab605055c5ac