Analysis
-
max time kernel
113s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
17/10/2024, 01:05
Static task
static1
Behavioral task
behavioral1
Sample
5006765c0d98565d96dade82dc43e72a_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5006765c0d98565d96dade82dc43e72a_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
5006765c0d98565d96dade82dc43e72a_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
5006765c0d98565d96dade82dc43e72a
-
SHA1
9d4616b151aa4dbd0293025a62f9c43c3f65490f
-
SHA256
0bc5658a8cb733bf27176836a9cf34e267cb79d4aadd489c62984a4a52559212
-
SHA512
511b7032f985a5f6b5a31bd81c3938aef1c247e68469fbab313294a0cb4f062e793b0d9d22aa3ac03cf713220ef7f886cf9f6efa85c013b441cb24243be4f290
-
SSDEEP
24576:wBnNz0PoJrUmt9Zo+ZYjVQXq/13tdHbZKm51Ob83B:UzRUe9J6jVQXq/1XHNKmjbx
Malware Config
Signatures
-
pid Process 4211 com.rbar.bxtq.qosf -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.rbar.bxtq.qosf/app_mjf/dz.jar 4274 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rbar.bxtq.qosf/app_mjf/dz.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.rbar.bxtq.qosf/app_mjf/oat/x86/dz.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.rbar.bxtq.qosf/app_mjf/dz.jar 4211 com.rbar.bxtq.qosf /data/user/0/com.rbar.bxtq.qosf/app_mjf/dz.jar 4309 com.rbar.bxtq.qosf:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.rbar.bxtq.qosf -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.rbar.bxtq.qosf -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.rbar.bxtq.qosf -
Reads information about phone network operator. 1 TTPs
Processes
-
com.rbar.bxtq.qosf1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4211 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.rbar.bxtq.qosf/app_mjf/dz.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.rbar.bxtq.qosf/app_mjf/oat/x86/dz.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4274
-
-
com.rbar.bxtq.qosf:daemon1⤵
- Loads dropped Dex/Jar
PID:4309
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
MD5656eec0445b1ac574b87e1bd3a98d969
SHA1fe3e1ee6bac338416e47e90ed249cb82aeaf6bd4
SHA2560817449409b55007ece8d2d25f6d4b075ebea09c7feabee79636176bb0794792
SHA5129a2737d22a9e647eadf4752513df79fe960cb69ec9563a2d7f504b3e91a95a6081876ab068355b8db49c44ea8627a33ca94c0244c2909668bec2620dc71a27fd
-
Filesize
664B
MD542142ec7935c88403db679e3312724f8
SHA100d89ed3350a52dc601d1116d9ed0de8a52be82e
SHA256c0b8f1c9ba49c86d0b2404383ae5b14935cf336b9f7fffbf25589ad7c2672c98
SHA512d9895a5d99704ba1e56f6179800a1e0f354ecd23767eabdf8815f4d2d203387781cac56fa8fd090ba8db8819180f7134bb0c81c0b9478d895a60e9d47d8a6016
-
Filesize
104KB
MD530617d6621bcd972fcea53d04f3b2a55
SHA1a0a51f60773e3a1eea2f929c8f1df896b6d71e7e
SHA256157b006e48d74dc023d671b5a7e9e61f96853be434db43efa8754aecba50e12b
SHA512d7735599a3186ba6ca0c6151299fc9353495e4cb4cf1b3a8aebfe6e0901e839f1027013aebb2d168c8fe2ace65fac6bbc89b56b8316e546bda879825febd1ad0
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5fbbfc8d3364d114ddff02c63d537b19e
SHA10900ff047e85b49d95a3650f35a08d3e1c094a37
SHA25622dc3fd3979e94bb94841e2ce2adb95b204dfa6c3c7d7d0d040e2245b4844629
SHA512197ef6b9030890f6641683f5cd3a676fa7262f96aeace177f404f31ee9cfc4c6fda144d21e12be73afeecd2b1412ed9cc6caa41caa36fe811b4815656d595ef7
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
60KB
MD530ef74d44d523edc564a4ee0bf4177ca
SHA19c5435d68cf21c5ec77bad2fcbb459b762f605f1
SHA2561ce34a0852b0004af5e4c24a923c6cb08c356cea4f2b61930c01881ba76e5349
SHA5121afd2ce0eb9857ce8e41e80172499baa6c16fcfedb2ee0e6e2ac80066e84643b7bf7147d44004ee2e1087dd28c109ff46e0f3988816ac038c5c0ae77d5c466dc
-
Filesize
247KB
MD5daa884f34fd8ae9dd3bfb6b119ff3aff
SHA17de35d394619e09d959ed996ad265702cb8b8efa
SHA256c9c157972fb88b6be615c55598c6dd7bc36a518c2b24e8b6ee5fd48f532381a8
SHA512dc316772998f61131936b0cb6058a3ea7f144b31da11bff492408fb03ef3796604a2f887670d160e1302253d2ceac4e1621f6d26ee4293e21856a862b4f4125f
-
Filesize
247KB
MD518cfdb00841ddceacea677d69a13ba5a
SHA1df15b27afa69a8f4e0e74c250e56df55e5701172
SHA256676ca8a391c823e9a3fdd7df70a1fc30f8ebd4680db0daff3e057cc401c9ad83
SHA51283886e59ac0462888e9b82475ebaeca79dcbabc8a2a01a6217c0ca122e41c1d373fb878bf6e5e885b8459f259e834df91f2c8bf30a2a52824e298a65d6dda86a