efacc34d4167e108a7479f596c7239ab8b754e172d35f031e5df667477ffd0e5

Analysis

max time kernel
8s
max time network
133s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08-10-2024 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26f95fc97a13553eb7997ae729269502_JaffaCakes118.apk
Size

6.2MB
MD5

26f95fc97a13553eb7997ae729269502
SHA1

bd1749ea4237b9cdb049ed2d0abe8c066941cc21
SHA256

efacc34d4167e108a7479f596c7239ab8b754e172d35f031e5df667477ffd0e5
SHA512

5d5e5637bc30c63b574c6868d3bc7e3a5645ff6a98d6c6fb2cf4829b5e148cf5f60cb4b10d2997d4849ce6aa2090509ff8e19ca153ea9b961c4dc6d695be1fff
SSDEEP

196608:do1RUW8e4kuSWgiuvkz/T6xhrAQDRsVL3p29/pCkH7L3p29/h:dovUWF4ku4iP/T6x9DaVL301H7L30h

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/io.dcloud.H5E23214C/.1/classes.jar	4274	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --zip-fd=46 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/io.dcloud.H5E23214C/.1/oat/x86/classes.odex --compiler-filter=assume-verified --class-loader-context=& --zip-location=/data/data/io.dcloud.H5E23214C/.1/classes.jar
/data/data/io.dcloud.H5E23214C/.2/classes.jar	4298	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --zip-fd=48 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/io.dcloud.H5E23214C/.2/oat/x86/classes.odex --compiler-filter=assume-verified --class-loader-context=& --zip-location=/data/data/io.dcloud.H5E23214C/.2/classes.jar

Checks the presence of a debugger
evasion

io.dcloud.H5E23214C
1⤵
PID:4246
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --zip-fd=46 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/io.dcloud.H5E23214C/.1/oat/x86/classes.odex --compiler-filter=assume-verified --class-loader-context=& --zip-location=/data/data/io.dcloud.H5E23214C/.1/classes.jar
  2⤵
  - Loads dropped Dex/Jar
  PID:4274
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --zip-fd=48 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/io.dcloud.H5E23214C/.2/oat/x86/classes.odex --compiler-filter=assume-verified --class-loader-context=& --zip-location=/data/data/io.dcloud.H5E23214C/.2/classes.jar
  2⤵
  - Loads dropped Dex/Jar
  PID:4298

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.H5E23214C/.1/.config

Filesize
129B

MD5
53ae7967a3196d632caf532696685ae7

SHA1
cf85eb87a9a348a8973469048301b165f1e116fe

SHA256
e2b83ec87d436f1d7d52e0f530d8bb2678ef996199cfe919d3ae5a1c7b08a9a0

SHA512
86ea6d149b2d6238a068c7f4d0ec603af06cfc491968439b1a8662113da4ef17b6a7e28eb4cc5e0b689dc552c2a7ed059a78466edae2c0f152affec74628e649

Download Submit
/data/data/io.dcloud.H5E23214C/.1/classes.jar

Filesize
120B

MD5
63033848437fb00ae65419d8a25e5827

SHA1
aa444c485ca5e95cc15ad635dd52d678dbb98b85

SHA256
be5750f154e0e52ecdd6cb201d73daeff2178c6e524e4e9c2a50aa0d46a83e65

SHA512
981634a916f1527fe57fd840360aaf3ad9a4a26399085f889187c9af3c33672c100900ea750bf3c063cf504a66b3f3dc62b76297e6e311afda92d945612bacef

Download Submit
/data/data/io.dcloud.H5E23214C/.1/classes.jar

Filesize
2.9MB

MD5
540e9b85a9d18094eef2008f532b1aa9

SHA1
d37ee2a7a9cffd3cd48fdfe46dadc604a9b0a9b6

SHA256
8dcbcb1e8e4aca83d7e7e76b83598fe12c77785bdbcb856c5bda216d774067cb

SHA512
9a4630c71c8a3303511a9bf67684265537f4ac8e42246e8ee0aaed3b6e0434622ac032697b0ac21037ab0e66c218a9b5862252ada4f0b30be66457958b7a37ce

Download Submit
/data/data/io.dcloud.H5E23214C/.11.jar

Filesize
2.9MB

MD5
fef036cd5687a37807a2223ccc2e62d7

SHA1
f9e5be493cbdc3dd1a814bf22fee25a8f221356e

SHA256
e60cdb91dc1af2c8d51b4a8bacbf0d96aeb82b65b4d6d7d21b42c218c77bf20d

SHA512
cbf613b8ff3b2331b54ebfd632def54e6d401b9e278512c96c76470fba7580cb647bc1685c724e84df4401885b59f37f3fab02786485b1b32e698e334ec31032

Download Submit
/data/data/io.dcloud.H5E23214C/.11.jar

Filesize
1.3MB

MD5
cfdec979e45cc5d77b88a3e97a98c2c4

SHA1
fe671eb15b9a4a2ddade814a6fc18db784e14c8c

SHA256
d91e702c18ca00a577affe0db04468d84eb029367bd9f61ea80c6745a35a2b6d

SHA512
c4280b25fe6f2947ca6232ee196825872d0403881648667662a19df803b312f08656e1f444370a8e8fa665118da939751dffe4a6b3769a1febea3ccfb4d971a1

Download Submit
/data/data/io.dcloud.H5E23214C/.2/classes.jar

Filesize
177KB

MD5
11fc891b3a26d516bc9697f15e5ed0f6

SHA1
99a7327a0b2dbd85d3180de9e5f652e6485f3c08

SHA256
d39ae6241152515b05fc1255e1080a282f4952261db06f06e2b4bf1ce973fdb2

SHA512
89ec2d5d995f8194d9aeb898ae5c7f92a47b94fa8c94648e75d412051396d2d0c0b436a743b6489a8d56a832b85041e814eca8012a992126bf7554501ed3c9cb

Download Submit
/data/data/io.dcloud.H5E23214C/.21.jar

Filesize
177KB

MD5
3db0da2c51a9d0fbebb5f737659930f9

SHA1
9d6d7c612daf9d5e8a9cf0c8e7fde683eca3d846

SHA256
2fa940b5240bb8ac96833e51e236dae7088ab6f5442c5f230a722eca969f7652

SHA512
4fb37eb93788e0bf45d92ba8fd4e2f866ee59fce7efcc935bdfdbd1640f1ab6010956995fbcf949535f7c45a9afe25078e23195cf453c7b69499aff0fd1ee85f

Download Submit
/data/data/io.dcloud.H5E23214C/.21.jar

Filesize
84KB

MD5
c8c148647f6d37752513015de64d5db8

SHA1
b7f3e8f3276c5a4da35090d1cefad877f4fcce85

SHA256
91593a909bc6f56736e774012fcf7266243ea2811a4d4924f82008441731926e

SHA512
364d6f3c86bdbba5aaa515ce69fddf9f15e072748a51493a367e5c4b5a8f8693c544d9ac43e0bbf467e1ad97793694a15cc71e168498304a6bfb98e1500be3ea

Download Submit
/data/data/io.dcloud.H5E23214C/.x86lib/libbaiduprotect_x86.so

Filesize
712KB

MD5
c9893cb762dbd6834fadaaf35cb201d1

SHA1
5c627990e60986bb2f12e5fb3325f8691ed8ec9a

SHA256
1cacdac32447cb0641c8c83e9a850ce74ea846e5dd8d8d652abcae5352527a71

SHA512
03992a19cea5a290ef0bc84ac31c3508db6a3c5661ade1ad9d27dade060ae3f1f54fecea360ddba8a496c85029797891665f6e2049798170102e0d952725f5c1

Download Submit