Analysis
-
max time kernel
10s -
max time network
134s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
18-06-2024 09:59
Static task
static1
Behavioral task
behavioral1
Sample
bb57dadf7fe0fa3c7dc37cc913af429e_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bb57dadf7fe0fa3c7dc37cc913af429e_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
bb57dadf7fe0fa3c7dc37cc913af429e_JaffaCakes118.apk
-
Size
19.1MB
-
MD5
bb57dadf7fe0fa3c7dc37cc913af429e
-
SHA1
f0adae0270c2fe983d12615a635eb318a8a21d3c
-
SHA256
2a341703b9ed7bbd8f91d9a46857773996effa7346913ee66f90075fd6cd167f
-
SHA512
28c3b075b4e8839f5c583cf5dc9110a73a4a523485755a86c37e9efb085df550fd3a315fed92b6744a306d4199d8f9bb3bd175ffea6e5d017663606d61f3eadc
-
SSDEEP
393216:Cbr3McEuuZmrVJWLgwcxQmfXV9wom1zKTZwM3tnm+dZnuTddg:ecVmrbeXmfVSoo+TP3A2nuTzg
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 6 IoCs
Runs executable file dropped to the device during analysis.
Processes:
cn.nemo.video/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.nemo.video/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/cn.nemo.video/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&ioc pid process /data/data/cn.nemo.video/.jiagu/classes.dex 4268 cn.nemo.video /data/data/cn.nemo.video/.jiagu/classes.dex!classes2.dex 4268 cn.nemo.video /data/data/cn.nemo.video/.jiagu/classes.dex!classes3.dex 4268 cn.nemo.video /data/data/cn.nemo.video/.jiagu/tmp.dex 4268 cn.nemo.video /data/data/cn.nemo.video/.jiagu/tmp.dex 4301 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.nemo.video/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/cn.nemo.video/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/cn.nemo.video/.jiagu/tmp.dex 4268 cn.nemo.video -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
cn.nemo.videodescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses cn.nemo.video -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
cn.nemo.videodescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.nemo.video -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
cn.nemo.videodescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.nemo.video -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
cn.nemo.videodescription ioc process Framework service call android.app.IActivityManager.registerReceiver cn.nemo.video
Processes
-
cn.nemo.video1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4268 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.nemo.video/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/cn.nemo.video/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4301
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.7MB
MD56bdb8a6ae2e7080f11a78ebae416f259
SHA1107edddf6e930be10ac34a4da64b508f0f90a823
SHA256e948e189fdb4b455b564209a2992b075d3d6457482ad23d9a5d34f33aefc6d9d
SHA512a88b6d143cda0e6812eccb269a6120c060d5d0030bc4b8c5e6c64d6ebb4bd713e068f1fbb63a393b984c9185f2e2cf5fb8dc341a6f8b2a6d15bf744c45fbeab3
-
Filesize
6.0MB
MD5c75c8b35441e2c758c26784420d65528
SHA13cc3b2d553acf10426e9a554878370aae93d1aaf
SHA256381f7a1e8f6d0ca1e97bfecb7fcd68e2d10edf5b990a621a62aa448ed75688a4
SHA5123fe026fe8901ad66d9220209f7550440ecbd0be3f3ee0c9df21bc17f542a00e56902ceb5222040132e2a7a040e585158fd8bf92d7157e58b856451662443b0db
-
Filesize
2.5MB
MD59f570d08e489ab7baac6f0a2282391c3
SHA18d0158c012f87deced934989760bce1e77e7412d
SHA2569736f47d880b6ba1a30e3921c2796c54a82bd9116d79f65f75d51f34491be46f
SHA51289793409caa7de063f42b07ba327ca193cc3876e5aa4e738e926e7d4141b70cff6ad2139fa97076369d95734c6758f3c011bc622ba474f5db5fef8dbf0c0ecfb
-
Filesize
475KB
MD5f0f9ef36b67807a253b5932f865eae7b
SHA16a8d66c6efa2750b54cb763f4ad044bba4154e0d
SHA256646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75
SHA512e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
222B
MD587a750ded08309e398aa58e5fff7cb3a
SHA1ecc4d1ffd2f89ac04fd4e7209236f76ab3cc0220
SHA256ddd912705b726a4b4f7a5fb2c59f6e548968f6c86aba2de11a3ea6c84f75e86d
SHA512940b0f178f0f142af240bf619f5f27d0b0a50e7df481db9edb093270c2b1456ca721b82ead556e6971542cab61ed4dea6d239db695b989398b7b7907540d5c88
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5065f344ce9fa043ad436fc4e3f6232e2
SHA1d463acf6a6b516e187c6eb7211dcda3084e2e15d
SHA256647fa01d1531536bed3a1dba8914df097300d76fe856be4c330706231c750328
SHA512e23ff6f9f73ce2cab055268e0cf1c2e6576aceeda10f32ea94beb764886b5653b06a66d0aa7937b38b65360b8b52ee6deb3f7df42cf7b212a1f36dea4f952519
-
Filesize
68KB
MD5f5429f48a4fae354089bef25be48f66b
SHA1e80c69e3333bfe5cde455cf98c79ce8500178d6e
SHA2567eaf7436c31816dffc0c5a113928e379f7574fab48750aae2751c503faf122b6
SHA512c638800fec82e7c6d4b1e8c2dafddad26033acf678628e2de99a234fbf7fc7b867c45972f47e0b7915fe43c8110efdaf50650323e047016978780b46f797e1c0
-
Filesize
32B
MD5c827813d03100a06126d2c96c281628c
SHA180b891050eae61521e51245b39431e2f4b560355
SHA256b10695dd25e6dfb188e5987930b68b4de6f82de38dd5ee0d1757024f87e8fa34
SHA5129c36308db5cc11be1ca631a8912c6720b791d7e155fd51c8a0e51da3df44c26b7cd865143a5f2a3e82ecdbc96c84fe3ac98947e1fad88e89b1ea9196dbadd3fd
-
Filesize
32B
MD5997c17c78b8044e1f246e94b177fa433
SHA1202d324da949bb65d90b4c269338735bb8148ed8
SHA25683dc5a3b75b6aa9826ef48b760910f0a0b5388f9aadb98b11521e345e5d27d2b
SHA512555cf6b2cf404189668d21866668da76fb3f17de981744cc2298a9bef40d74d5a7e621301220624a62f2b2df353046e8378b3a1c640f5197bcbff8a696792d94
-
Filesize
73B
MD5e9dd5724b89823f0d18fe0559da47015
SHA14255013aa9c6f2ce471d54f3e75d6e234b0760d5
SHA2566933ff556876c098ec931a83192d924bc47ad9b7cde221eba40a401cdfcadb99
SHA5127de25d23ef036aeae8f32e8255639730e58094d3908ce4fbba38d681aa02f40356a8036845f0a916cc8824f6bc3e2e1675d71ca006f6fb21dfb0429e0dc3a1c4
-
Filesize
307B
MD5f7bc4918c40bacc811a3952104e6f3f9
SHA1bf2963dc4508e123d51af8990be45b43918c3a8b
SHA256d0dc6345709523c671b806b7e23e7c1c3616353af786f7cc76c1ddda5956155f
SHA512ffe43402a5f80418165a0fc3b13688dc36baa6c45918489a75114c22f41d0cc7d4206aa5ffaa4a56e8eaa511c78be3da7538550a90c858d89bb9322e3aec0e40
-
Filesize
314B
MD5bd35185e77531fbb4617d61879c76d59
SHA13de1b46a911ae928c3fdeff83e64773269d10e6b
SHA2560c147f8b67c53c69270cd45e96390ccbd97ab33792c230fe5b602910d7c732bc
SHA51291c521dec94ce2616f042ade62688b8b3c2a1c897156ffb783ae424b11f4c291dfc26d9737cd74dc6b1a2e60f88988b8cb05c590cf3278aca537f780d60acbe2
-
Filesize
32B
MD558abb42959f81635e0633dc003aeeab8
SHA18f1b845cc7153a04536ae5389a30777fa5c201bd
SHA256a81b9386a1288e9f5188b9ef09835f15f26de198f13dd186e373a87d724bf8c9
SHA512fcea0cd494d54453d268fefff606264b87f29c553593b74e90d86f2a7219f4d7b7b1130c62360030fa99170a628a4bce71746fa5ccf1e7a0bf52f60b5a06c938
-
Filesize
27B
MD5746467234bd4a46f9b19fb2db9a136ac
SHA1ccf366a166cdce24a28f65c2da01295ed3f668a2
SHA256169f6b8ac05ba555ae8fdf20258b2396096268dd283fd45226c64e44877adf75
SHA5121c2b858fc2953a23437fb136b6c9cca55f09f8789accf042990a747bba108ede4393930deda59ff697b318fd8aa86c9e58ea9492ea8ec504489a106ae8442a63
-
Filesize
32KB
MD5a64ed0db240d3914f2690223fd92d8ad
SHA105611a85274356de18c74747de7f30df7f286ba1
SHA256a0a6b263087fa8fb9d8d85ace11c0391b7cf399da8b4471c62c8b05cab975813
SHA5122ea50db3f02da45df15f983b0edc5ff060468f250293d09bd1bd9cb5ea37cf282a57cb69cbb6638dfbf5a161dcb002438895449364b636fa7849e5cfc883da13
-
Filesize
512B
MD52b440a80e43498ea014f805970ae1c71
SHA177a656d0200f367913d05b17760d90c458a15a2d
SHA256fa3dcd1ef6d7ca858c774a9472ee8000971ea4da62b2399a064e272c6b166330
SHA512a583d729a6b9aba9a79a9de2724f2b9223b6157646b5fd25dc8500719ba82dfb9e8b99b4322976ab56e161bcb931d7ebba56f84aaf9970b2d4f0dd9de275d073
-
Filesize
72KB
MD5e4af7ae316831d5524a64386b5519cc1
SHA11d190f77486909d595373ffe73a641845c0317c3
SHA256c2ec9857d7e319a456edc2205971283ab9248fa0dfc77dc8d4914f7fc0809ae0
SHA512dd1ab8bf85abc681791d0d8d18a1d2a8c498b311c25b4407c329cb21daee40d5277c46808c4379498e450f14be37a697bd9b08757e1e569f9220a20afac4a2b5
-
Filesize
56KB
MD560676ddd81ca171fe877178ebc276785
SHA18b215665227943f07fa57d39c096c1c1e081b57a
SHA25609f41bd9b4647e87d2886cdaa6d6bfe45bcd91ae8e80a73907cf74e11f41a7c5
SHA51235a4941fd0343b5ba6060fca872e5c110107d13a37ae223ae90930abdd94ec545a7a3f0a49604807132e7e455a8c022dd2339768f07e3b817456a96461fdce4f