Analysis

  • max time kernel
    26s
  • max time network
    143s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    17/10/2024, 13:23

General

  • Target

    52354a200ce30fb3090681a62757be30_JaffaCakes118.apk

  • Size

    3.1MB

  • MD5

    52354a200ce30fb3090681a62757be30

  • SHA1

    14c32b32947f5cb5ecaca09b7fb73fd45cb7274e

  • SHA256

    0002604f9aa167ee58757e61d3cbbd1052c71e57d5258ed1f315f540a2feb3b5

  • SHA512

    df687304d320fbe03eb7e218d532c8f5d75f2cfdd61513e88128da740aec31f50e24de0997bf84e8f852924ae5392df841e1a0d89f7777943a5d32009427b285

  • SSDEEP

    98304:FWOhK2Th2h1bhWR2SandOODS8Bmmci6KT:p9u1bhbtTDzvEQ

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • uUcYa.MRSx.YaGiNfF
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4239
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/oat/x86/WkIrrol.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4266
    • chmod 666 /storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.main.data
      2⤵
        PID:4302
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/oat/x86/apk.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4320

    Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip

            Filesize

            53KB

            MD5

            e5c7a2493cfcc1b10a320783c64829ad

            SHA1

            5d5de62c4e6452edd09943657565f42dc8fc43c4

            SHA256

            d89d8625402783e416ea5225d1cece21136ccbe725a639f33ff1778971be3202

            SHA512

            c6dfee50d510bce6e413aaa2dc81849964ec80c90def49d993842c9cd0a8d2d53c90f348e21839402718ae971ed035ebfefcd0083973d850d44694a5897cb58a

          • /data/data/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar

            Filesize

            1.1MB

            MD5

            0c2e19956411d8713c5e5f6d48c5f61d

            SHA1

            0452c731f9998952213187a199e949dc110f34b4

            SHA256

            4e1bccfbc5dced4cc24e4640573105b1d97e59b5fc23d5d8bbd1b136cedd22ec

            SHA512

            d985afe4a06e274175461cfc3af73a4a0cac0632c9bd47e22057c7739a7aee20e6a2daaf292e635a6adeda7214fadc3a9c39615f99b3cf99340d376848f5c372

          • /data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip

            Filesize

            122KB

            MD5

            7a641640f741fba907ae2cd40dcd6e7a

            SHA1

            4480dbc586c07a8ce2d08181e685db60639c768f

            SHA256

            6e788c4501f82820a6c4032f830eee7d4d3c7096092bfa31b466da83c3a4d3d3

            SHA512

            68c30f03b7a98de5e7d2b05d195981fd8dfbac87e1c601360b87e95d80046aac5bb36736b62985e3a62afb454098375e60d3714ee7eea2cd270082f864529ef4

          • /data/user/0/uUcYa.MRSx.YaGiNfF/app_workbench90962/apk.zip

            Filesize

            122KB

            MD5

            4345f43f2fc52fbe20e12b82d8e31bf0

            SHA1

            dcad5abd9cfc51d2f464fbb87785030502f9d6d5

            SHA256

            7cf51ec8e9adddbb737bc9cf487a7d4fb3d9f0a274a9c5e7ca785289736cd302

            SHA512

            c2b1ce1a623453eb35646daf1f794589974ed69510e1a8a0c956419217127290db1ca04a7cd1d0d338b4ab2156b2e9e4aa4f77d4d5a7e72be3b41c20e4a2e4f6

          • /data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar

            Filesize

            3.1MB

            MD5

            7c5010549bad81bb14068dae5e2de47f

            SHA1

            84ae0f16756a173c8762b0c2c890db6b2f1c6d0e

            SHA256

            5ac746dd35fbb18a7f6f84c7180a2bb26c85cfb6f3946489b5a50015e768ec68

            SHA512

            0307195d8996ae081682d340b5db9504d261b382fe64fe4f59dde6fc2338d42edb9afddbb58f7c9b4b43957a98145bcf0b30ff1045b400ce1757692aa5123b77

          • /data/user/0/uUcYa.MRSx.YaGiNfF/files/.ca/WkIrrol.jar

            Filesize

            3.1MB

            MD5

            eccfaded8c2391e45d60188f4bf19d60

            SHA1

            c3bfa41bc912ba9dd6f623d86e722d84fa46c17f

            SHA256

            bed93afb93828d884106a47aa40971b879a5e63ecba267c9df53445dfcbe9d82

            SHA512

            f95cbb22270e4ea54c080d2b86eaf648592f889cf06b0996889f351e1991c20c96f34ba22676550b447e678af85713547f30667aa73757382dcb9199f45e1485

          • /storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.main.data

            Filesize

            59KB

            MD5

            4fe57f0dbc1364a52f9616aca9623ee8

            SHA1

            d3fbaaafd79ff09ec88ad343e46258cfbda4139b

            SHA256

            c4a8a02e900f4fb066a0e8d4c9e2976c9a0f252729058b2915fdc93eae65af49

            SHA512

            e08aec2c36ccddc5b16409bf2d62ed6aa5e2ef468025779b400997f86c0b0943fbe16012e21be8e99685e743b3ef77adfa74b4c7bc03d30f6a506520c0edf17d

          • /storage/emulated/0/Download/channel_conf

            Filesize

            5B

            MD5

            84650374b6526aeab39b489f2622673a

            SHA1

            7f8e6a153c28f94d7bcdab583678fc097d3fb37d

            SHA256

            b4e7329e133808103bcb5b336735976bc8548fef1e3f66f823733dcdf74df5bf

            SHA512

            60f6ec3ea7b42df365b103417f95561812bbcebdfae135d57d1aaeccede2c0bcef9624dc36acc2dcd92ddcd01fc848ba34915882c44c6d4748f4a31c4d09b789