44d192ab5d1265a9815e61939ff2d25d731c5e4787b77bfae9cd3a76bd62f57c

Analysis

max time kernel
132s
max time network
151s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
12-10-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37a7279ef458a5a52d308742a9951736_JaffaCakes118.apk
Size

1.9MB
MD5

37a7279ef458a5a52d308742a9951736
SHA1

5887413c609541b6a89b9eb0bab2a238103bc533
SHA256

44d192ab5d1265a9815e61939ff2d25d731c5e4787b77bfae9cd3a76bd62f57c
SHA512

1d3ff0ae17386db0dc64cbe0dc751637f3932cec0364c01ff70c9b86a6e5d8f2838cf24e085a9a4044ceabb4e3fcd656794489bdba127615f5bc29814ff39369
SSDEEP

49152:yoAnyEEUPX250BnRb619xu1g4SoQug3SLxv1/VsJyiLs:q3X25snu9xsxSD9ifVGtg

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/sxj.rckfqi.im/app_s/lncrl.zip	4283	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/sxj.rckfqi.im/app_s/lncrl.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/sxj.rckfqi.im/app_s/oat/x86/lncrl.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/sxj.rckfqi.im/app_s/lncrl.zip	4253	sxj.rckfqi.im
/storage/emulated/0/.tpservice/sxj.rckfqi.im/download/jar/atddhd_40001_5079.jar	4332	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.tpservice/sxj.rckfqi.im/download/jar/atddhd_40001_5079.jar --output-vdex-fd=67 --oat-fd=72 --oat-location=/storage/emulated/0/.tpservice/sxj.rckfqi.im/download/jar/oat/x86/atddhd_40001_5079.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/.tpservice/sxj.rckfqi.im/download/jar/atddhd_40001_5079.jar	4253	sxj.rckfqi.im
/storage/emulated/0/.twservice/koeqha_2003_2109/tw.jar	4480	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.twservice/koeqha_2003_2109/tw.jar --output-vdex-fd=56 --oat-fd=68 --oat-location=/storage/emulated/0/.twservice/koeqha_2003_2109/oat/x86/tw.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/.twservice/koeqha_2003_2109/tw.jar	4253	sxj.rckfqi.im

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	sxj.rckfqi.im

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of SMS inbox messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/inbox	sxj.rckfqi.im

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	sxj.rckfqi.im

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	sxj.rckfqi.im

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	sxj.rckfqi.im

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	sxj.rckfqi.im

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	sxj.rckfqi.im

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	sxj.rckfqi.im

sxj.rckfqi.im
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Reads the content of SMS inbox messages.
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4253
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/sxj.rckfqi.im/app_s/lncrl.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/sxj.rckfqi.im/app_s/oat/x86/lncrl.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4283
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.tpservice/sxj.rckfqi.im/download/jar/atddhd_40001_5079.jar --output-vdex-fd=67 --oat-fd=72 --oat-location=/storage/emulated/0/.tpservice/sxj.rckfqi.im/download/jar/oat/x86/atddhd_40001_5079.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4332
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/.twservice/koeqha_2003_2109/tw.jar --output-vdex-fd=56 --oat-fd=68 --oat-location=/storage/emulated/0/.twservice/koeqha_2003_2109/oat/x86/tw.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4480

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/sxj.rckfqi.im/app_ixlwmjl/libfrmmel.so

Filesize
8KB

MD5
2129c1e10768ab92506f4df68c9b4038

SHA1
c4ff8a3dbc31956b0f95e5a55b423b604d7d7470

SHA256
63700ada9d8616f7f20d85d88074d4c181feb70926a19c71e0978081bddd2876

SHA512
dd870735fb7ead92660af11e152d8c8aa0e234a21fcaa40bfc3f49055d2ee5c717c585aac8bd00070e947bfd789f3a4fd4acf6affcd7f8fc08a857310878c211

Download Submit
/data/data/sxj.rckfqi.im/app_ixlwmjl/liblocSDK4d.so

Filesize
33KB

MD5
8ee0606436c4603953e16ce8a645f5b9

SHA1
24c2f73ec32323d8f0eac88b58731ae3336e4c93

SHA256
91622996adda5085c3c4952d77168adb53024c7eb7e958b0df01d7d64f70b25e

SHA512
4a9fdf82d154e0409f77b6fe2debc8fbe5c2a578f4d6be7f8fd5798ef7464f362c50241d8658bb61576656609ef8920b6bf4db5273c8853f18c7f1b7ecddebd4

Download Submit
/data/data/sxj.rckfqi.im/app_ixlwmjl/libmegjb.so

Filesize
37KB

MD5
4228cfc244dc839c149bfe74708c4580

SHA1
617184cf5d8601aff25d1d2e63b49264ffbebd3a

SHA256
4861a6399611942ff7484ac03bcb30637d37cefd22273b2ee614c5baf6cb12d2

SHA512
d83cd61293c340442592638b1b4e7c5ec5937df25dae3cb0b6b0807939c44ee0059a802a55bda8da963addd3dad6a6f3cb036b62b80598469da3d7171318215e

Download Submit
/data/data/sxj.rckfqi.im/app_ixlwmjl/libzimon.so

Filesize
21KB

MD5
26bb110ac139d4350ddb3bcf2e8cfd6e

SHA1
88dfba8c0bce7229cb5dc031af78fdaf326ac0c6

SHA256
655e5fc476cd09a8d25fab167042683a0569386bdf95d7c0d6b79dcbecd38add

SHA512
c9bc801b7ad6de01e8f8f07ae62218cb158880c7928e193ddece41357b8424a4abb270101f218bf4b7b597fb6ba67c5b5c9f15dd3cba579374857a734a99b871

Download Submit
/data/data/sxj.rckfqi.im/app_s/lncrl.zip

Filesize
1.7MB

MD5
e1853b7c4d535ff71995d373adf12a38

SHA1
1a0289befb2ffaaa0748f453de3241988a3c6001

SHA256
10394eed7a897030cc078b7ba1de433a5af83f19f5b800171fd29e7397801a4f

SHA512
0160f831fc7a06e4e2b443abc9ac9e3994afc6e676310d239c5c617c5476f87a24d20c649fd97d4608e07519ac73a9c8e72307e3ed5aa61304a9eaafb318850f

Download Submit
/data/data/sxj.rckfqi.im/app_s/oat/lncrl.zip.cur.prof

Filesize
762B

MD5
890844995c1f4b05a0d84d4850c68bb7

SHA1
bb7fba575ed745fe3d1c9bd66d8f45a32dc8fd41

SHA256
49c6c45dc14dbddf64e6c5940dc6bbafb14171bc305c961e05361cc0fa929489

SHA512
148173d4b148e6804ae840a9a1dd1a6932428305948a499a6e3b354c924960905487ccbf768e4fb9967978b96b6fe6657246f992015ee49775677b79897a6cdb

Download Submit
/data/data/sxj.rckfqi.im/files/INSTALLATION

Filesize
36B

MD5
8015fb7bcb074be378e64a7454cee637

SHA1
1672b6ebd4f09fa34586393dfb6fdeba3a100d8e

SHA256
8501c91551a10262ce3105b2a3ebbac6c83d8f1b2d046024f258af3b767cd04e

SHA512
3730836fd7939d5e6bffe18a27cfbf9e79bfa094e5878946dc7f624b17b3c3ec292fc12aa31dd34dcd0fa009cef25c4f32b593c3c2c9747ed0209fe92de1f51c

Download Submit
/data/user/0/sxj.rckfqi.im/app_s/lncrl.zip

Filesize
1.0MB

MD5
539d107bf49f6f444f90eb2271cd6b2b

SHA1
7779485a175f2888b115c87b024fb71d78417c90

SHA256
5bb6252693e039c47045be278efb22b97e65b8bcafbbb41f8fe03a2ffa15e89d

SHA512
eb92efb8c63819dd074b9ecedf33fe353a5b36f76c32f14c828d10cb92bdc6537bb5a2d361d2824aef50c1e2959b8dc4330555ab4237be69e638c21fec59fb53

Download Submit
/data/user/0/sxj.rckfqi.im/app_s/lncrl.zip

Filesize
1.0MB

MD5
c52b72d8f03bebcf8f3e275b1a09545c

SHA1
fde7e50ebd85fe38c19271a0bb03f566eda09c14

SHA256
44f7fb160c87044a86e6a44fd33dedf257d79b7c12fca70f5c3b896b70be8b24

SHA512
59616e8213795b2602ef768ada9e62dc22452d366c44d6a28cb89b67649bd21cd099b9f6a5794bb1badd878e95e75b4d822261cfd6d8704aec2bddffd57e9bd9

Download Submit
/storage/emulated/0/.tpservice/sxj.rckfqi.im/download/jar/atddhd_40001_5079.jar

Filesize
155KB

MD5
120ed5afd6ea9e5210add82e48c5c034

SHA1
f8494d1972ee56665529ea09341635846e09cca1

SHA256
964bd6a100373992249a4acd7b2597eca2c2a691559353d8d5137e0342db8913

SHA512
e0a10120d67fa56857727da5fa6441f08813c63fbe88d895f0e05eabc11e9f1f0ccaf625debc868a8def3e2d2ae6f9485d56d4a9eb6f4dbb8b94a00e653da6fa

Download Submit
/storage/emulated/0/.tpservice/sxj.rckfqi.im/download/jar/atddhd_40001_5079.jar

Filesize
371KB

MD5
42000c6c54cd1a7adf3c8a75ee40fa15

SHA1
35ff904dbda7eba056349c19fa166386fa5a14a7

SHA256
3bf5fdc5f401b589acc21562bc6d777d8b4406def8ec0288d9a3b90094f48471

SHA512
47308c0e0f34d34c21e7b32688efafd5b90e1439e90c0dba1b093caa5a7514f6c622b2e50180aa0a248f49d97a9d8a0bb67ccb106940d03571bc55cd3a2e40a0

Download Submit
/storage/emulated/0/.tpservice/sxj.rckfqi.im/download/jar/atddhd_40001_5079.jar

Filesize
371KB

MD5
4de70fbbe1fad8496ed2c89228e622fc

SHA1
204bf73d9768a5d1fd7688636cfb74d4848f3787

SHA256
e24d0e8f093b8ac119d301c41a3044cc47862a78ce7f6ef873828fa6f8b8226c

SHA512
87c7e7fd1dfd1aae1ba09dce40d7b6126b5b5126b8e2c9f227d47a64a8b55e86f62fef76ccbebe82949277aa956a4e2b6e8fa2daf77b5917813b1301b2fd5c1e

Download Submit
/storage/emulated/0/.twservice/f193580c0a2a941455e162c31ab27ad2

Filesize
37B

MD5
0f55235e837963c0ef4a6b0a9ea16e37

SHA1
b9630a9754a2b797cee755ab467d275769749ac5

SHA256
def34754a09608dd2287d9f1963a94ee11641ba495b4b246b5f19dc4782625e2

SHA512
89b99d5719788f807799cfab804f5297ce4ed76974ed6bf169547bd790473aa0478cb783ba148726d4f0ff5836353a926d7f606415b4682417949147ff1879d2

Download Submit
/storage/emulated/0/.twservice/koeqha_2003_2109.zip

Filesize
180KB

MD5
60cbc97b57457b515c6c5515441e7dcb

SHA1
af3f69d3d138617626d640cbbe69ba645d851732

SHA256
f7d61f59429baca4b0f161be1829ba0803fd086851b44083bf7f958d6a03ef80

SHA512
7922d659af05d3b2abea591ae4c1bc1dcae71c6d661bf3baffae4140e4796d74a24b79ce75755646f75c07fb27cc1c215a1069aff85860152bd5f59688cc0b05

Download Submit
/storage/emulated/0/.twservice/koeqha_2003_2109/libyhcore.so

Filesize
25KB

MD5
b56f701307e7f6872258fc24b0dbc83f

SHA1
349976b0373b5d84b000ffb82df0574af9e18bd8

SHA256
be0697abb4d95b3fd9a9a9b645a670c63174918dc0f7f74ed544ebfb3d4c8f92

SHA512
41bd1c75d1473bcb8ed4f03c7054bc256408a412299db6f8903dcd35c29cd27ef4f3012e6d66279d608216af6de5d4e7199534cad331a66257df8a7ca7d8f292

Download Submit
/storage/emulated/0/.twservice/koeqha_2003_2109/libyhcore2.so

Filesize
25KB

MD5
5ca335960ea4b40adab1b9d9ebf2fee1

SHA1
411f765912f37372e52185bbec66dff6f3d2ff05

SHA256
ccc9e188c5e50476d072370046d0f3d7fabf610f64b5dfaa6d874b339690b9b6

SHA512
396910f4a124bd6e791bee3489befb8f6e7b9d8481f9becd138f54e0e29364d3481618f704a2f7967f13dce381d744f9e833d71b31b0656b11bd369b9b36b173

Download Submit
/storage/emulated/0/.twservice/koeqha_2003_2109/tw

Filesize
153KB

MD5
56272293fa5516c255dafec9ee7bd69c

SHA1
7a5737d850e08b3cf77367f85958aa20f3e9825b

SHA256
760b1c1eb245e0c319eb3edb157d5a0fb523f994fabf63be1029551486dbfbb9

SHA512
0439ecc03d416ee83e3dfa6c9d4a0d4cd569fc440e8b0daafeba7ce85f88fdd70635bb8105ebfee80cd5340f3eccf2e3560074176653404e2ffd55dffef18c39

Download Submit
/storage/emulated/0/.twservice/koeqha_2003_2109/tw.jar

Filesize
376KB

MD5
b58ea7e3f2145c90958cc76dafa92678

SHA1
00ca75b50af57ff70ace1df5de58c3d786beffa0

SHA256
9bc0566e10f173bf6794d78af81608b78d844b3a5c10cea1c812d78921bf8d63

SHA512
ffbb8ae30f0a0fe532b136e4dcedfb014fe82a5f5754bfb79af6236386886ed2f7b3692359bac1bec530cc995a5fe337d040d38720fa55a7aa1608260cbbdd47

Download Submit
/storage/emulated/0/.twservice/w_p_f

Filesize
12B

MD5
69a737e2cfc41ece1ae721166d97c37f

SHA1
4089575fedf1d050b851c1f027293585d607041d

SHA256
74bb1b5ab3bf774aec22cf766b928ff189fe7baa2ae0c0f6e69184b015ec89d5

SHA512
fdf44096ff7ceebe2f70d4675bc8b2297f38e1ffbaf9b866f6a98917d8aeeb5d55c839deb1b60382bd77e10a809472987fdc9500c33233be38dcce57d028d884

Download Submit
/storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.main.apk

Filesize
57KB

MD5
353a2705bc42512db09ee6d6eac9170b

SHA1
1bb3975ccbca1e89f6527fe3f0891499936a1c4a

SHA256
84f10e9ab587ddb9a59641091eeeb42688de161ee572f51cea878deb98515290

SHA512
f5b0914141d79cbc8fcde8dfc48b6619e101f55846aba21fbc63f7c63fe5259742b6e475c7beb27ab2e0b8ca375aa1f6c39e8f2ec0408955dc5a5fa737e9af37

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads