Overview
overview
8Static
static
6bbbcee06e7...18.apk
android-9-x86
8bbbcee06e7...18.apk
android-10-x64
8bbbcee06e7...18.apk
android-11-x64
8com.jiuban...rx.apk
android-9-x86
1com.jiuban...rx.apk
android-10-x64
1com.jiuban...rx.apk
android-11-x64
1com.jiuban...ix.apk
android-9-x86
1com.jiuban...ix.apk
android-10-x64
1com.jiuban...ix.apk
android-11-x64
1Analysis
-
max time kernel
158s -
max time network
191s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
18-06-2024 11:40
Static task
static1
Behavioral task
behavioral1
Sample
bbbcee06e7c07e0c045ec97bf53e3602_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bbbcee06e7c07e0c045ec97bf53e3602_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
bbbcee06e7c07e0c045ec97bf53e3602_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral4
Sample
com.jiubang.goscreenlock.theme.marx.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral5
Sample
com.jiubang.goscreenlock.theme.marx.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral6
Sample
com.jiubang.goscreenlock.theme.marx.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral7
Sample
com.jiubang.goscreenlock.theme.rix.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral8
Sample
com.jiubang.goscreenlock.theme.rix.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral9
Sample
com.jiubang.goscreenlock.theme.rix.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
bbbcee06e7c07e0c045ec97bf53e3602_JaffaCakes118.apk
-
Size
7.3MB
-
MD5
bbbcee06e7c07e0c045ec97bf53e3602
-
SHA1
0e5421869446ecec12e8a654d1633b7a04dc4cdb
-
SHA256
e7e7590cf0d0829520b1ba03f07f44ee5f77890a271596b6875fc7c4fcb78cc8
-
SHA512
ec8a7ab796d1b5564c554d4e0b753610a3564e96d85f33091c4274d5b4f61641ec49194d49d9d53eed8bed56dab85ee18965b55915ebb6f27ced9d80d496c2f8
-
SSDEEP
196608:TiIGAhei5M77rSVC81t4M2ICUPC410JpPRtVixpXw37YQ0:T7GC5M7nFwB2IrPC4CJFRD+XK7YQ0
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 8 IoCs
Processes:
com.jiubang.goscreenlock:previewcom.jiubang.goscreenlock:pushserviceandroid.process.acorecom.jiubang.goscreenlock:com.jiubang.commerce.service.IntelligentPreloadServiceioc process /system/xbin/su com.jiubang.goscreenlock:preview /system/bin/su com.jiubang.goscreenlock:pushservice /system/xbin/su com.jiubang.goscreenlock:pushservice /system/xbin/su android.process.acore /system/bin/su com.jiubang.goscreenlock:com.jiubang.commerce.service.IntelligentPreloadService /system/xbin/su com.jiubang.goscreenlock:com.jiubang.commerce.service.IntelligentPreloadService /system/bin/su android.process.acore /system/bin/su com.jiubang.goscreenlock:preview -
Obtains sensitive information copied to the device clipboard 2 TTPs 2 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
android.process.acorecom.jiubang.goscreenlock:previewdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener android.process.acore Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.jiubang.goscreenlock:preview -
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.jiubang.goscreenlock:previewandroid.process.acorecom.jiubang.goscreenlock:pushservicecom.jiubang.goscreenlock:com.jiubang.commerce.service.IntelligentPreloadServicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.jiubang.goscreenlock:preview Framework service call android.app.IActivityManager.getRunningAppProcesses android.process.acore Framework service call android.app.IActivityManager.getRunningAppProcesses com.jiubang.goscreenlock:pushservice Framework service call android.app.IActivityManager.getRunningAppProcesses com.jiubang.goscreenlock:com.jiubang.commerce.service.IntelligentPreloadService -
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
Processes:
android.process.acoredescription ioc process URI accessed for read content://sms/inbox android.process.acore -
Reads the content of the call log. 1 TTPs 1 IoCs
Processes:
android.process.acoredescription ioc process URI accessed for read content://call_log/calls android.process.acore -
Acquires the wake lock 1 IoCs
Processes:
com.jiubang.goscreenlock:pushservicedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.jiubang.goscreenlock:pushservice -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
android.process.acoredescription ioc process Framework service call android.app.IActivityManager.setServiceForeground android.process.acore -
Queries information about active data network 1 TTPs 4 IoCs
Processes:
com.jiubang.goscreenlock:com.jiubang.commerce.service.IntelligentPreloadServiceandroid.process.acorecom.jiubang.goscreenlock:previewcom.jiubang.goscreenlock:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jiubang.goscreenlock:com.jiubang.commerce.service.IntelligentPreloadService Framework service call android.net.IConnectivityManager.getActiveNetworkInfo android.process.acore Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jiubang.goscreenlock:preview Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jiubang.goscreenlock:pushservice -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.jiubang.goscreenlock:pushservicedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.jiubang.goscreenlock:pushservice -
Checks CPU information 2 TTPs 1 IoCs
Processes:
android.process.acoredescription ioc process File opened for read /proc/cpuinfo android.process.acore -
Checks memory information 2 TTPs 3 IoCs
Processes:
android.process.acorecom.jiubang.goscreenlock:pushservicecom.jiubang.goscreenlock:previewdescription ioc process File opened for read /proc/meminfo android.process.acore File opened for read /proc/meminfo com.jiubang.goscreenlock:pushservice File opened for read /proc/meminfo com.jiubang.goscreenlock:preview
Processes
-
com.jiubang.goscreenlock:preview1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Checks memory information
PID:4641
-
android.process.acore1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Reads the content of SMS inbox messages.
- Reads the content of the call log.
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Checks CPU information
- Checks memory information
PID:4680
-
com.jiubang.goscreenlock:pushservice1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4787
-
com.jiubang.goscreenlock:com.jiubang.commerce.service.IntelligentPreloadService1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
PID:4967
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
Process Discovery
1System Information Discovery
3System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
873KB
MD5fe26335326e5a3caa7448cea3db8b2a1
SHA185aaa1b8cd6ad9184f9e96ab2cd5f2b55f702be4
SHA2560a0a8d2821b8cefab00aa2f5d76323fbd59b4176ae1b10f1fb3dec461301f9f9
SHA5120192d7c83b14abbf23b6b7d01e781c307f0400a76c0d314dbe6479271a5f21078ffdc855d002455c9e117d1dea70baf7020a8410325cb04680f5288c289861b5
-
Filesize
578KB
MD51de5746cab2f87e4e8a3eee7bb614dac
SHA1bb615bb0f761e38b536c7454c5e6a8d3616ef8c1
SHA25607b72473f39a4a369c46223b25016f1b32ff0b483552db08c536cc2653e15df5
SHA51255e3b27bbf714adae8349687c64344200e05aaf1f172ea60a926b0a72a717e8af5f27fd9a19abc7adceb0ee17b7e8c300d69681aaf53875af5facf428515e17f
-
Filesize
512B
MD54a9c5fc8213fcce21ed3997356cbcc5e
SHA198d2a0c61ffea8324a656657ec8334e2ef186c0b
SHA256dadde5167606f9ce6b2521604c5f8bc1fafee10fd74f39249bea0cfbf88ee721
SHA512a6c3bfc1f818ec93f5352c48032c283429782585e26a8a1abc31c22671df4ab73ae5a0f888cb937a16721ba964d92a1ca9322a15953f7bdb439e179e64ba7c38
-
Filesize
8KB
MD597bd01f16eff57da7fb033382c1fb695
SHA155b610ddea9742004d55426bf568c4029420f8b1
SHA256b4d32bc6f3fab2ed74453ad0ccd9afd3b9b17980e9de36ea5ba2c206719a1ab3
SHA5122c3cadc6c7937b5d0af344baf87dd3b811a49ef999da4f8c3f4dff8b1411ca573a252743d88574f398d1eaf9f92fc89988bc6b7af711894090d391a2395e9b40
-
Filesize
8KB
MD541c148f5fca6dd9ccf2781707e56ba18
SHA1f9526ffc3a66c2e00b7a5f9e272e352db8c6d29d
SHA256a60304d851ee9545fda52b991fd9aeb718dd7ed779e2ff4715e81a281dbac5b3
SHA512c093f19df33a02a766ef64dee91af38ce01ea6caea704b07fb56bf008a41d51ebaf0177cd7806e2323114a413241a8e59a2f1d5335ee1bb91c5ed4e7dd449738
-
Filesize
36KB
MD5c6bdfd2b17db8796274e2ca1bb6f0e03
SHA1f58c5420756dbfb47ebeae751d972dc4fc564669
SHA256973e82508a04d3f42897a8d6acff84e47c91ec1b8b9b89fa44344cbb41aac8d4
SHA512c64adb907efe9f6edfff679425dac124f364b2bb8cd0632a23efe65dde2f6cb270661d33d090f199d02fa413c4582a8b642afade441b823d30bb6ea62821191c
-
Filesize
512B
MD521337aa475325bfc39b54b7db76c4e7d
SHA124fc072181a630becc430adf7527a884d817b1bd
SHA256699bb7f79403c4b8cafa73b8ba60db8e024f43cd7c186929944c2ccd9c5a20d3
SHA5124397c7fca476a515da4c78217d9f5bc176204d067470634f1de027b3b5ef2d558d9de65fe4ba1eec7aeabaf1e8103435eed66e82dc9e50e8b8a1a6267324952c
-
Filesize
48KB
MD5b16a2ea07661c4be8b3d6deb02d08b99
SHA1ed942de6f22322cfbd423537b59fba8a7d1d9494
SHA2563220fdb213d94327b8cbc8f5751f141192ac827658c3610e6256061b42cc42fc
SHA512d75c5ad5a981a1fdb67a784baf74284c545bd1a41bebfe06d842036a0998f3adf5eafbab7c87be5479fe8bbe1902c3be35f6a33f7c95aac3a32c5a4aacdc3b42
-
Filesize
8KB
MD59cfe1e66c221d2c9f759cb330831061f
SHA136f36b6b6b5cb04096f4b57ba0fd929e3e9cbcab
SHA256432d84afe782157b2f02cd6fc441e2310356900bb8519e97d86449fce7cebaa9
SHA5128b3c490f7f40f49c559a6e33bb1e1cfe351efaf20cf4af8eeaa36808b06cf2cbfc5ec35619aa08d50b904648826d63ad4549355b0c5bc6bc7fd1cd5a1c9ed47c
-
Filesize
60KB
MD52ee73ab702f103dc797dafbfc9ded4b8
SHA18d47d332819df3437e25dc495ba81617d7cededb
SHA256e9ccc2f18e70824836ad4e4176136257627036cc0c64695ba765d3915c9ebfbc
SHA512fb2df010cfc74fef4562e48296345c7d7e1f113b370380efc6910b84750121c9d4e8628d3c6ae04ab9a5442deda41f674b13c27a6e82644c0ccdf65a2af782b0
-
Filesize
512B
MD526d30de49324a1acfd2bfaa84e021243
SHA1a4a88b108c637aa75545c444cef8252075e0d1c0
SHA2565c650a57bc682a9d5d4072ab882618f6f10afae340376a0f722e1e00166e5df2
SHA5121e74443fb3491ee664b51f4fbdef3cf8408ae4a753ea41bb389d034ffdbc1c3667d742e36a4d4eb01218f05595ef425059eb968a9a3b6ae42e86c9c6cb582cfa
-
Filesize
8KB
MD564bb0a50a02cd7a327413965841d274e
SHA1204b100844953a1ad38f6aab5ea3031cb8c32b25
SHA2560daab1460e6961c25c1e5a26502698acb20f0fb37e9cc96b94130dfea209c98b
SHA51264e3e8fd36be153473627264785118b017d170cffab20919fe2fa4d1e7c006df7e72f9f05c1250405a6015c7f7092aae9350f8fc2e612490a141efd4258557a3
-
Filesize
8KB
MD5b06235d8dac3cab9cdc58bb1a9acca30
SHA1c29f17147cedcef2568ba9c0a0321bc56387ce74
SHA2568cfb2a5e8d92dffe1305f9f469672a9773d6f819b800de12ba0af25f23fb2496
SHA512d13888cde7f25b1ccf8d781f70c2790e70939d55ddcb22e5578f9e42ebce37887a6ccea546ec11feba57c746a6fd7eae28d337ef4da7f1a2e0cda8de8c6c79d5
-
Filesize
28KB
MD5dc64e08d286f52d394eea00fce5b2d3d
SHA12e326709b34915408c94783ccfdbba5cb53e895b
SHA256ab4cb4e81d33564acad24818562619d1d0b9dd9abb961f6615b17855ca210cb1
SHA512d78ff5c607215d309cade6a73eb5441b692cf69ae68828a7f22333209eadf3b5f71f37922a60520ccae85076d26fa2e6d3062ba09876dd557eb015ce46fc7474
-
Filesize
512B
MD5f599e6184355933295df92e2cee86ae6
SHA1aed195f6d0ee9566d7623a5841e1a2bf4f8bbe7b
SHA2562280bc252416ff982d40d937784ba880f2d74ffe65b0b71f5b4d9d27f2991771
SHA512deadbf6f542a6f745c3a13f6391ae5e68d05118c5e0b0edf6c5a4fa335518b071831635a581bb3f78a609be89a56bbae729bbd03920bb0658a96af678aacd7e5
-
Filesize
8KB
MD57498ac2dca4aabc41a713774699a2bad
SHA1410550953a9ffa14cb72657599143ebe75e28ec7
SHA25671f752f362509bc49eea8f241903ed8c8b1caf9a0289c9de4741b197ca4bb349
SHA5120eafa32cb0badb364d5c0420ca134f97f620864b9ccaa004d11202ff019b44ab4c511abc62b25c7d1a47ec55ce024d942c9271069cadf52237c857f3865c8d89
-
Filesize
8KB
MD52eda4a753adc41c51495303c116a2239
SHA123456b80d8dd10a3a2f426c21fbcf671df8d36bc
SHA2563871b10b7ae74eb3d57bffa61e997b0a5e191b232a48c3819726426dbce50998
SHA512aa8a3cedb730defe99d21bdbc292a84134679e83d383dcd75cf11d8bff997958bbbbbc676275430166dcbc137a36adf25fef16e16e85cd27636fb69783ba7ccd
-
Filesize
8KB
MD500fb36661b96d352251cf54ce783e216
SHA15e0e7ef455b81adae86d8969d07e9940548b9932
SHA256e3f326b9507a353d484216763b8e4e2a025336a22044f778757f3acf6aec2e91
SHA5124cd008b2e0c016b8ebe6356da9a790a9ccede6a27e27aae8d083a8b181cb705ca992a9fa4194c6641c2b1694ba3b0f9e386757ae28865e100b9651e93f64b442
-
Filesize
8KB
MD538a07355f67074b5bde68be0244043d1
SHA110d8de346b0692c6c861ce64a3d905b0dcee0aa7
SHA25652d814097d88373ddf1636827dcecf6e90b9fc02e08a33a25a7113f1e62aa5d4
SHA512a1286ee6496c552ec1067240a6c5ba8bc3cdeed41a79f3ed5428958f45c24567d76b1390b5166251b8b152084d3b3d56a1e03ccbf739bfe94221448f1a2ac414
-
Filesize
12KB
MD5d7cabe55727619267da5dcb4a519baf4
SHA1812736ce9d909a46d6c285b1063be758d98d4042
SHA256f643d00e5527ee3570fe6662d8bb12db7ea48ea315d903b401022553b583143c
SHA51293dd89c727c6de0c966ac5567f7f66ea29c13645a8591fcc253cac94252129fa5a7e84a22ae038d41e02574026a6338b342f82bff1ad2f8b8fab5208455daeb8
-
Filesize
20KB
MD53df75b0b38333175c41530da7fd9e50f
SHA1deabf85d46f3e370cee5d18ed3c41e38bdcae473
SHA256455ccc77445f90c819578bace2f863da6fb605a60d2200ca95e3de8afe947828
SHA51266f2746b9a1ee25cfe2205a8b73104ce56323991796256311ea75cd03d4c28373d1b5852759629ca3df8f7cfa5408d9a09f5a406667ce88d088e887218e332ff
-
Filesize
16KB
MD50d721f2b47515005e799f73eef369a25
SHA1ab88e26b2dcfdc5f35872f74a01d84e6c0a5309e
SHA256f72474c98771c2f7e5c4066cdef9e820de233157edad7f7d2c1177633ef74b3a
SHA512fb96ade32e1c41318b01b2b12e0e28786c9f5d6fe9ab6af071ea8bd7a04f8b23f10046fdd2ed339dfe7b615bed935fd29475577a91296ecac9fdab596dfaa5dc
-
Filesize
8KB
MD530f49b07478f3c89572114d5d0c64977
SHA11615173c68d5b1c4604d2cedb48995fb655c3bbd
SHA25614f13452738f5a5271471be8d26f1b1cf86f8b13a6a4b73232c608090bdfdcb1
SHA5123ed5c436de3e13e43b49be8f66b9f4e7fe206eec824bd863be87effd5ae9ce53803395b746acb594bed9efe3456f6e3093193f00fd70ce18a261149b12487ce2
-
Filesize
8KB
MD5a8f45e97e0c5db6b91a7b3cfb79067fd
SHA103a91fa2b9766ed16795fc2e1c33834f874375a8
SHA256c974c2150a7be23d16bd88e9449692e9f5a24de4e75d694840494973612c174f
SHA51231b6a82c7b1ab3d9a2436b7e297d192bb9885a98f4e300b7211f90f4ca50944e777669540be0dbf60b80b6a77c8990fee48f63b0036273a264314df9d1199b55
-
Filesize
20KB
MD51c0b52a1259a15e3797558c57b7edc2a
SHA1d396922ffab0f4f67d9a958515feeb1e16a54b3c
SHA256d63114c96e80db07b1fa1efcbded9611449012bd7a1375d8095856a1e8121a4b
SHA51268573b6f8129134da98e45f0bd80fad240a596f8870e4c888fa0ff86637f5f5b52a04073b6783c0e7f5be4108ee341715e130d1d5b32e60f005ebb53cec5b902
-
Filesize
8KB
MD5c4d04e63385b02b5aa8a10dab3d3522f
SHA172da7fbd6892ba2bac0d7450b0353a274eb5b425
SHA256a0065ffb8d376b1c27f6a1576d7214e80037fb1772413aaf9ce80a8eb7a941f3
SHA5129103513c36361e2c6f837c5b8aa3a16ebe0adbc15ead6cc31c4cadb3f5a5bdaef12296c6c4221abe9cb76130ec5939cf443da928fb835552f6a518d380898dc6
-
Filesize
8KB
MD5695225bdbcd6abda644c14ccf460f315
SHA17e48d834c6664d1db183706c8e3084ace90c5265
SHA2563997c36508105aba5c8384e38731335fdffbf5ecf2aecbc804dd7df10bda3894
SHA512605652dff6ab6f8f44ebc7571ef74f129f7d339968dce3dda65640646c03fd0f2a1816387cb8ed83ab769c616a947b2ee78f3aef05a6180714439487015eed65
-
Filesize
8KB
MD5a77b2ac407f70e6e84da592836304edf
SHA1ca3df1f57897f473124cbcfbceafd8041d542472
SHA25621095e77003db2a8c9565fdd1c05d4c857ae9a01374250c9acf51a4734dae318
SHA5125ffbea6cc9e7d66042fa24da0f3bf16110dd6790164d6e655627ba401fbc68384364bb56877be90fd517e9c34068337106df58aa51b7405518b8820bed6c3cd2
-
Filesize
18B
MD53ce08b9ffd0b5dc9ef46bb1bd99bf104
SHA1e93376a0c03727f7a4da59d9f5a92d7ea07e3829
SHA256988b4de9a903b2bf01acd7f4b43403d6b01d6f56dfbdbe59b14da95be2932d42
SHA512916304d5216f2e68607891048db97b14e8671346565cad7c96ede8bbe80f4f271fa5f011e5325fa462c3e6399602bcb66b84e15d27889b9b3d81d061b32babb9