Analysis
-
max time kernel
149s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
27/09/2024, 11:57
General
-
Target
fa5c8a8999b1152146817779d6565054_JaffaCakes118.apk
-
Size
30.8MB
-
MD5
fa5c8a8999b1152146817779d6565054
-
SHA1
48180767b76020f6821e8b9846213bcf14e6d275
-
SHA256
ccec8fef747a2d395bc660f607232a5a282b64ddf05a996495677029a432955f
-
SHA512
4a226186e05e67a237b4071d5f769d75d40b238ab25a77c99f50206e873a07e235445365560d77a6562a34cbc833ee3274092b86eae484eb1ff5902330a29618
-
SSDEEP
786432:GE2jDwLHPyh7Y8yFxdosPL4ff8ZU+czy5U22DpMkQixUoaBX4b2No:i+vIY8mdoOLEgUlfWkQMUplNo
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 13 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Requests cell location 2 TTPs 6 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 3 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 3 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 2 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
-
Checks CPU information 2 TTPs 3 IoCs
-
Checks memory information 2 TTPs 3 IoCs
Processes
-
com.wanhe.gstudent1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
sh -c getprop ro.yunos.version2⤵
-
-
getprop ro.yunos.version2⤵
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.wanhe.gstudent/mix.dex --output-vdex-fd=50 --oat-fd=59 --oat-location=/data/data/com.wanhe.gstudent/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
logcat -d -v threadtime2⤵
-
-
/system/bin/sh -c getprop ro.miui.ui.version.name2⤵
-
-
getprop ro.miui.ui.version.name2⤵
-
-
/system/bin/sh -c getprop ro.build.version.emui2⤵
-
-
getprop ro.build.version.emui2⤵
-
-
/system/bin/sh -c getprop ro.lenovo.series2⤵
-
-
getprop ro.lenovo.series2⤵
-
-
/system/bin/sh -c getprop ro.build.nubia.rom.name2⤵
-
-
getprop ro.build.nubia.rom.name2⤵
-
-
/system/bin/sh -c getprop ro.meizu.product.model2⤵
-
-
getprop ro.meizu.product.model2⤵
-
-
com.wanhe.gstudent:pushcore1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.talkingdata.sdk.TDAntiCheatingService1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
sh -c getprop ro.yunos.version2⤵
-
-
getprop ro.yunos.version2⤵
-
-
logcat -d -v threadtime2⤵
-
-
/system/bin/sh -c getprop ro.miui.ui.version.name2⤵
-
-
getprop ro.miui.ui.version.name2⤵
-
-
/system/bin/sh -c getprop ro.build.version.emui2⤵
-
-
getprop ro.build.version.emui2⤵
-
-
/system/bin/sh -c getprop ro.lenovo.series2⤵
-
-
getprop ro.lenovo.series2⤵
-
-
/system/bin/sh -c getprop ro.build.nubia.rom.name2⤵
-
-
getprop ro.build.nubia.rom.name2⤵
-
-
/system/bin/sh -c getprop ro.meizu.product.model2⤵
-
-
getprop ro.meizu.product.model2⤵
-
-
/system/bin/sh -c getprop ro.build.version.opporom2⤵
-
-
getprop ro.build.version.opporom2⤵
-
-
/system/bin/sh -c getprop ro.vivo.os.build.display.id2⤵
-
-
getprop ro.vivo.os.build.display.id2⤵
-
-
/system/bin/sh -c getprop ro.aa.romver2⤵
-
-
getprop ro.aa.romver2⤵
-
-
/system/bin/sh -c getprop ro.lewa.version2⤵
-
-
getprop ro.lewa.version2⤵
-
-
/system/bin/sh -c getprop ro.gn.gnromvernumber2⤵
-
-
getprop ro.gn.gnromvernumber2⤵
-
-
/system/bin/sh -c getprop ro.build.tyd.kbstyle_version2⤵
-
-
getprop ro.build.tyd.kbstyle_version2⤵
-
-
/system/bin/sh -c getprop ro.build.fingerprint2⤵
-
-
getprop ro.build.fingerprint2⤵
-
-
/system/bin/sh -c getprop ro.build.rom.id2⤵
-
-
getprop ro.build.rom.id2⤵
-
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
-
-
com.wanhe.gstudent:pushcore1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
/system/bin/sh -c getprop ro.board.platform2⤵
-
-
sh -c getprop ro.yunos.version2⤵
-
-
getprop ro.board.platform2⤵
-
-
getprop ro.yunos.version2⤵
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
253KB
MD5c3ae5f71da595bfba6fa815f3098fd3a
SHA1091734f08c7bd92bfebc1380e2c2e987e007984c
SHA256a9df57cb9932c0cab86d8a565e96b622f1b2f84a090d0c1e4a5342ae4f9c60d6
SHA5127343167df3772295f21eea0822722b7f6ecf1ea61428853d7ea1fd8ff96bee0b7bab551d62a200896ebc86df3926c9b7844bc8eb839557bc399dd7042ecf5635
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
92KB
MD577170fbb509f810ece44f0bcf5b75f05
SHA18809fac9017236cf027926a7d7e4acf49bc7c9ed
SHA256e1b040d3e66a6b470d88ca14dd55e370a615f59d3ba596cde842a5a881493fe0
SHA5125f0a255566af8ccfd6875da5f283fc6f08c6203c3b9b4ca3c2e1ea06998ec4a27a0daaf67fd4c6943721ca3dd704f1fc841754802ac8c3683115ac7025284939
-
Filesize
1B
MD555a54008ad1ba589aa210d2629c1df41
SHA1bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA2564bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA5127b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339
-
Filesize
2KB
MD539046881f86d632ced417f76279f3e18
SHA18159c4f97c64e66e66320715f4ed4792c7ac01d3
SHA2560e195c85c38ab3747329da9c710344b95294d308eb57f58e49c27bd3686eefd1
SHA512cfe3cd55bde534a6bf669467e8fbb3a03c01f2caec65183f50a87cf844f5a42fb2c05a1cbb9fab061f5b5d33651ef3021d5935fbb3dae46a708c063914386bfa
-
Filesize
2KB
MD5df20a22e86e024d619b6de481356fe16
SHA1403cbb51b29cfea42457efb5ab3f6d657d0a8ffc
SHA256a6e0a9af5ac390f774a4a6ae6fe9cdf19013f73bc90fefe1162f4d1bb48da3e5
SHA5120ae4ffe999544bac4945e9cf68b79f843b897aedd7dbfe0d2af616ff6acb2bf4150f0e2b7e06ae2d5ce58e1902164c27191542c6506c0a7c1eaa88162caabf03
-
Filesize
2KB
MD54691b73c60a38c386d01b8c66137cf4a
SHA1a4cf9de516779c2451da4ebdc2ca7a447e7e3784
SHA2568bcd3afb4351e23d761960aff5f701a26fda3f3376ecac2036bcd574b1a2d074
SHA512d9e4e3dfe23bbc33f8de2a5f5ca46c4302ca9b4c75df1ad6f7bb39bd265fe00801c34f1f57813137710f4a4f275a758b4d9992ce7b28c075762aa98ec7ef6f5e
-
Filesize
4KB
MD5bfad6c359b7353b30931673c4a232d00
SHA154126fcd83374eca8896a8db2ab0b915e0a9a327
SHA256ffaee23719ee26bbbab9a25d59057ad9e14aa1b447335934b970e9a04d3f6ce7
SHA51206f3b6f36e7e8cb22d0a1393512b26f270d3ff61945d8e027fe93c889d9bb9c3223cade6bbbf2e809212d7e25d83a1e21ba3aaf9d549ef6186de6b03b0f03f33
-
Filesize
3KB
MD5c1ccf869430de70134d8d0038b41bcf6
SHA1c0e7d55bce4aa8ddf2934b6af1d56e34820d253a
SHA256d816dba8bf7d717b7d95f046d93a5574c4edf8a8ee8555bbbfb852bbcdb5795e
SHA5129750ec00f537637dcf631a03739952daa626f4733b56d8d2e15c7eaf55cfec59fda9bd7f6752524f6a763058301d76e663ce69732d7a905f9d81978f61b4fd7b
-
Filesize
2KB
MD56d0d6274d69afa8972230cc8eab06cbf
SHA15928eb525622cfe208b09f37769864082b07c2c9
SHA25640a31f9cde45be66a40e7f8421d1e4e97afd260a33ce0e90c1d81fdf94ee16e3
SHA512da4248a83a7c3599ef48320a18e5bf7523135e566317877e20c733e37281cd1e69467c15a4228ec99414a92702ed154706ad5a6f370dd8b5f509101be50a7ec8
-
Filesize
2KB
MD588e7467f6b521dc6d6f1c1fce394dceb
SHA101c3fff194e6b3ccd770ddd465670e431c8a508d
SHA2563eeaa4a52e53f580ca3c7020b0e9683da5c24937c73035c8952dd0ed3b5a12c1
SHA512d2623f826d21f8a9e26e362ab3bbc905b9a02c7d5f84dccb5fb1c91f269b96acae75a953a78ec947fe353b07440574dad75b0044b51ec22081d19edc029f5db4
-
Filesize
2KB
MD5fe2298e03455e468c3c3cb214e21fa6d
SHA1ddd10b073d7e79a861dd7339dce03a42fdbb2d8c
SHA25664f340563f581ec3d6dee6c9b48d11ae2115bbfce474f68683fc3a1ae448a05c
SHA512ef555dab3ab2e903642626fe8b17868c47be8d984fbc2bd64ba8956b35bcd4fdb51919c7494a135fa9e5ab001d6bb30b8ad159da1e8c0da4fffc137799cc5dcc
-
Filesize
2KB
MD54fd6ec0d356289c7a56b35e8d5ccc82a
SHA1291a82710f12538ce04dd37c40e51e5811ec3812
SHA256f46b536870fde1bd4ecfb9c535f4fbd60fb3a88d6ccb787d87a31e26539dd3d2
SHA512807adc407e36d40504452418aacaa5300d3110d37cb3c6f4cee124984ce37da41f14f9a41f948b1311f7d156ad8b03cbe9a91df8db28c8a9eda8c56b8cb0b5df
-
Filesize
3KB
MD5c58126ec9ef37336d6b54065a2ea9ddd
SHA1cf0cc73e787e2325c71529148a9cfb838965783c
SHA2562f11da4cd36d7f108c99e9687471fc83eab62b3458d93a56d47f0edbf416c648
SHA512182ae5e1737aa2665c64eb198c7b05bef5b1b231b505345ef4ae2837d706c50d241b7953868bdf79a46c7bd6af8ca3e4d2594ce0e6e66d64c76c3337e5dac992
-
Filesize
3KB
MD5e9cd2ef747e6db6da203911602be84b0
SHA12bf672854708caaaecfcc0960dac2ec1783f1ff8
SHA25683a3f98c1f341027d3545a40c7ec63b00f11fe3e2647fd80ffe73181bfe14bb8
SHA512acfc17d552b91b6bd245bbcabc4146851cd8901766ed12722c4eb388c7ce2a17d21e6d91ce307402451bc5cef9058c4e61cd4e2b9bb9d9aa92ff93a7269b9dda
-
Filesize
2KB
MD556fce8a1f604d33914b3cdd21d88276a
SHA14d0747ef6e7e17d1380c3a1b3ce430eb389e636a
SHA2560c78c21f8713b5a86d43adaeb1203af51337a1125b49250a14ce39b4520e75d9
SHA5129fd026a9dd977965974e2954cdc0d3c1518c551099054346170660bf8f75ad211fabe74f0b98e78824105d9c77ee3592fa1fd205b318d9433822a9251a3c3c36
-
Filesize
3KB
MD5f8cecc8519abc0d4d5e13d778092c075
SHA1ee1b02956cfa1dad4cb8a0dc0d98a062bb3a12e5
SHA2560df445b9cca66de1c75f1fd5480a8c5d71e38b835ca7451dc9b7edc75a920706
SHA51233e621120ff5569b5276d4a205abb4ea2128895bdac5a367535271df3c90f85a03fc4cc81b6870e7418f9a98bc8ba51ee2d4db0dfde8defa552f0d7909282b87
-
Filesize
3KB
MD505522e5a276d51fbe472ae9bf33946c7
SHA1d644ce367f9c7dd7a80ac6b3092f8078bf06b349
SHA256f3a29909d77dcf3e4366a2bd0a31b98489713792f5ad114e58de45e44c19c0b3
SHA51277c6032cbd69fc7ecd914c79f15cee7456bad4545190bf90f269c4a22fd00a24f4324940632cb438e1a47573f82c128e6e25909f42f9c113dc908d1876d395bf
-
Filesize
4KB
MD53d5751e89e51544d5526b36acf38cdd0
SHA17af91badac72103723c36289ba0f33e0d512447f
SHA25636596d903e7032fa542e2fac8ee6a9bdd4411130cbc980f7a83b4462fa8429e1
SHA512a1a26f71ee8cb71977b9f1df362b3406ce96db53ed9b28b678209daec9fb741cace8912dbd555ae2474fcce3ca6a4e8c3e5a04ad211dc125631fef41f84eb9ba
-
Filesize
4KB
MD5de84ed5a94c975521ffc6798bd567b23
SHA102cdb67bd5604f5e62a85c3ca1c015a18decc953
SHA2567e0f53cf2a08b6095d90aeb94182dd75a9cf26e16ab1e64d2dc8889bc9d28abe
SHA5124bb148d0517d37399de4351e9613c395e0e6e8731b156fc3ab4e4f34e7246f8fb1260842cd4096d8e3561f470da18ec8bb9f3cfe190c0f1ebe39e2d7bc89a94e
-
Filesize
4KB
MD5c9d421abe6c7ffba3386c67c9ce52c7e
SHA107a77961101d16fc9e7ed8f7ae87b55505721c89
SHA256a042311e074dae1d200699ee3eb6f09283bc324e06fc561fd162b91f6e14bfdc
SHA512954775f0a0b15a5e5ae670782d360be30a70dc96a295ba993760e813a8f79f2b904e079e420acbe1e7e0cab216426c24b1798baf54817b1c8c36fb59a48192c5
-
Filesize
46B
MD54028c8b91f544d6bd51a266683ff791e
SHA1d8bacd93b5724c8500f66cc46632704115635afd
SHA2567cda4149bb95d3c082f01b19b365228fd339ce4fcfa02969294e13bdae41270b
SHA512a8fdcbe785c7f9eabff76f227db4e8c1d099dc8adc81a41283f8fbf118fd0fbff93be1aaacd3c966888f30f247215125317efa56495f022486f5262cd2cc3831
-
Filesize
1KB
MD50d512b7981b66069802126493eec824c
SHA1751bf303d7ca13fc9baf4e90956cff0205ddae20
SHA256e8397d222ecad49a2c39647f94fd95a2b6f33a300199d74692aa8061282a0af0
SHA512cb309bb006406a3b7539d8f88796b7eaecc911ede62a28612448a158108789fa0c89a0e75f07869bb66fd4ca63102cdb454c922c93da8266e157f393a01932f6
-
Filesize
292B
MD563f77f99bd2c2b772a479923bde11974
SHA1c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA2564c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA5123aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c
-
Filesize
33B
MD5fcbe672718279e7aff63eaaa7a29dcd1
SHA1decf1343b917871e6681dd663c55623e221c62a4
SHA256248ebb60be8ab170b77d2197f05f8280b4d24e401b7e1ee66d3a0119d65a8f57
SHA512637beb134c1cf4435fb1ae4e32f2eff54a8d228dbd143fa50a22d1088a8c9888dc02f3e0c5d3337e363b767974f6d01e344aef70aad6d90da0254cf8c82183c4
-
Filesize
1KB
MD5bad2b8043eb6da1a0e3f205b5158f2ad
SHA1d5ebe82562f6905d47ac210f0a319479a86446a0
SHA256ef476885aba06d26c135764abfa481a5e7fca0ee45e2451a9e2af757795d0048
SHA512243fe410bbca89c69013b658cdd320bdd62b6fc82a47138a8ac12f99b9afeade55dfd5548a3cb01fe7b4869f15390f807a88b5014b550e5aa9250d96464839dc
-
Filesize
561B
MD5e6c696a9af0180582e3194d7f6ca66df
SHA1106f1923745bb0cd3a895b005780427db990ab73
SHA256b2f606e4a93f241b0221794c4aba5e47aa1e297228e5d097730f5f96ecdd02d4
SHA512a0efe5ba07b9538178b7f01ac0b1316b5fc09d4b034bcb47e196a27bbb21811e9acd735ffd5d8bf284bca173d7cda77a157d3ae89bff81e8eb0887beb48f2b48
-
Filesize
2KB
MD5dbe90345a287d6b335b6841ec1756144
SHA1e39e43f7c4a53fbea83216e01d9e3d03b159ca44
SHA2564c9294eb843ca6dcd18a412dffa0b8ff8ebc068b81ab9d1ceee970268a91ba80
SHA5125e9a54fabd672cd10156a906a7590a780d771b03b133d7966c02164f45aeb338306de4c0851ffb6c358f3829356c8026dc8c7963507e0995322ea0cfe91d15b7