Analysis
-
max time kernel
14s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
17/10/2024, 16:54
Static task
static1
Behavioral task
behavioral1
Sample
52b859941aeae463735336b3f243ccb2_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
52b859941aeae463735336b3f243ccb2_JaffaCakes118.apk
-
Size
19.0MB
-
MD5
52b859941aeae463735336b3f243ccb2
-
SHA1
29c0c6fd81f191cf73e539d7fe0c4fccf83a6b0b
-
SHA256
abf89b6c6e932dd3c580b43aee510008b933b8eb0283d386814345ded146440f
-
SHA512
d44390c4e8aeac793607bddaa415ab89cf28fdfe8b3d7ac18e89aa01f7c481e602477d6f4ffa9a84f1213be1398c474bbf03bf0c943bcb0d3afe4180aa6f46f9
-
SSDEEP
393216:1sQ3nJGc8Kvf16RLnzpeFFUS0HqmKnNeQ9O5ql20CParw8IXdxxtHcefjxBzvS:WQ3nJGcXvNULNe8zHWzI5f/Parw8GAWs
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 8 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/cn.kdqbxs.reader/.jiagu/classes.dex 4250 cn.kdqbxs.reader /data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex 4250 cn.kdqbxs.reader /data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex 4250 cn.kdqbxs.reader /data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex 4250 cn.kdqbxs.reader /data/data/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex 4250 cn.kdqbxs.reader /data/data/cn.kdqbxs.reader/.jiagu/tmp.dex 4250 cn.kdqbxs.reader /data/data/cn.kdqbxs.reader/.jiagu/tmp.dex 4290 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.kdqbxs.reader/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=45 --oat-location=/data/data/cn.kdqbxs.reader/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/cn.kdqbxs.reader/.jiagu/tmp.dex 4250 cn.kdqbxs.reader -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses cn.kdqbxs.reader -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.kdqbxs.reader -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.kdqbxs.reader -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver cn.kdqbxs.reader -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal cn.kdqbxs.reader -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo cn.kdqbxs.reader
Processes
-
cn.kdqbxs.reader1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4250 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.kdqbxs.reader/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=45 --oat-location=/data/data/cn.kdqbxs.reader/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4290
-
-
getprop ro.miui.ui.version.name2⤵PID:4342
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.9MB
MD5b56a9cc7959c83320d8959410536a0cc
SHA14f53d0315f423388922f92519d098c80eb6ddbfd
SHA2561f222e7bb3dc330a61f92b4cac80c33b1bada95ac056b4c03fdcea4669753cb3
SHA512e4021001775a04f1a68c9bccdebba69a296092275c3fc69c3efcc29843301f875ea1ffdc0f03c0a23e23bedff9ebc9a397c1ee9709f6e2aed8c15a26327fa8af
-
Filesize
6.6MB
MD5997d48c2ba922daf248d77bf26d7542a
SHA158a331ef595a2c45b4095de79c9fba8999a03da0
SHA256e807cec8c47d423ac8f8a2b940f9838aca2ea211643a5e31466a0c14575923ed
SHA512cc61f976647c0c0eb6cc20a42985f35e4788d97c00ea770658c4f0754614e945088de4ea446c004b863ffcecc5c1dd467e67adc3b541c81e01bd960380a7f832
-
Filesize
6.5MB
MD5dec515f498ba570f8f7e30fafc2359a2
SHA10d9407fe32c8a73dce7e3c25922892afc9ab16f1
SHA2562da1291a90a02db081e8c160f3396f91c8894daefc33b76414430077d6a72f7f
SHA512836dae94edd4f398a980b9b97ef604332ed6368d579b66429fcaf1fb7891033b65fc173fdf34aeee07e8072bb20efda491496f0fddca0934f111586bbb5e4968
-
Filesize
5.5MB
MD556a527f3e94a53ae0f021d0185496655
SHA1be9db47d587baaeabc9b725d5bcc0f4f91cfe0c8
SHA2567069314535348a22f5ae2956967d9f208a974012773430b8d5ef02ee316f3c22
SHA512481ed46130f5fc83d9685891bc53e6f2585c3f9c51c2def8a7970f738ad3614af3f062069f2d712936d44e4ec926d61001425486fa07db2d36ca6e33545ec869
-
Filesize
453KB
MD59fa85329d3ebf6f29973463360e91caf
SHA1536749548ba5b5697feb596bba8f9eefde9d478a
SHA256062c3998177ced6c5f7c033a408bf0d3b14577cfe7ce97da9a0e421956074de2
SHA51288ff3f07795515c2f3d854d27fb6b3e19ea0a6b86e43a1d06188bc332f9d3403dd98f8e93787dea7f3df52a8cd7343bc792b93a975bfb155d7cef99d06e896de
-
Filesize
487KB
MD5610a895c4a71bbeeaea16eddb1422bbf
SHA19f919de42ed1e80bfadfef48f8202b202166f869
SHA256baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217
SHA512ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5889d248709f303d9de68f70e1d3f8129
SHA1dc1742144d4597e70705bf528f916a7331867891
SHA2563ab9f7efafea3ae2f9db45133b408f705c7dc0e279bbc7b25e67cc562ee3ceb1
SHA512a772c3a1383fd91b6b4ec6e02d780986f79283273e440741ab5f64af5d06a2a08404907dde92dbffe249a806574ba8f0feb055a59b251528e82457f2d74effa2
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
48KB
MD577fe8b60d6c112e325e67be43712521a
SHA1ea92f1048beade12154400a2fe7e1d5760937d48
SHA25604b7add4615211deddf929c1ef6248c6a263e121dbc3e00c05e9633f15709b85
SHA512be537e103c66174ba028fcf60254a657e57aac0d7bf8518df2dd1c6e4cd52e14995ec0d777a44a8f10be7041419fff19f1ac835eb9bb88659caecbe3bbc864e3
-
Filesize
512B
MD5bc664bba47a9b239a5bfe7538c320ba2
SHA188f5a8335e3f27b67863fb37ee5593acd7d76547
SHA256bcd2d420a1387af3c4cdf6659f1eaf9b0c45170a6b5783a713e7e22c89720397
SHA51222cfd78ef53e9ef3ffc7110a81ea12d16d7b2a17df5a084e85689b9ca707f52dd37186ebd1a6155d0c13dc10a6e73646d2f4b57b29cab36530ffba245de683dc
-
Filesize
68KB
MD54f77a8f4b68074247c864253c428558b
SHA11f2408333e35b7ee025227fa050067d8d0b0cc32
SHA2569a07bac52dcf04f13984ab7894962c8de614ca26b1e4746ea840fa22dd82fe74
SHA512d75a6a9981b309e32c444825f15f002cd5320f84dcb4e08ffc28a699cc3684a2d79872373e353eb6e6729c5970e75380132880c34f0c234510f227a9c7df64e9
-
Filesize
52KB
MD5c671ade807411a8430bd4cf1c9014f28
SHA179710e2afdf672fc59e80112ecd0d2813069de41
SHA2567e2f32b9bcffc68be31f2b187c9358d87b1544090b2429272cc59170412038e8
SHA5122db470d0c67979235eacd7e504b6e93cdae1b6c186b98c396cf6ac6bb132bed727fb4b8dd8c4d0e9e6bff292301e07015e7690af92fe4526c20361f10ab82bf0
-
Filesize
512B
MD5a388e4104b74236bc25ed2125f9cb595
SHA10c34320c9bc5620f9ae70fc80cb2a6ca80a3511e
SHA256f75fb6745a8f07456224f08e3b15046a9aa8c6f8b0d0a00412ecd2bc1b277541
SHA512e5d44ffa1eeddfd9ff60fa3be4ddbbb0ba54d119ad28c55ef6e07c1233f8726412b2846ae4804433c96ddb1556d8849fd2b6a22aaaff2756775e953925e2f007
-
Filesize
64KB
MD5c1baf2a1fdcdf45d61ebf7fa7901cf58
SHA19201d72dadbf78f8e7b3f3cee446074224b00bdf
SHA256e9d9025d5f801221a1519128d2c6e25f7d884e5fd9e1cad715b080ff7d904cc3
SHA512705f69efd9ccb80893f96470efc6fd7efc13e5ae93028dd62878d4313cdfbfcb0794b7d96159adb25755d777969273bac322a37e464e12caa3a6d2cfa4bf87e7
-
Filesize
512B
MD59c3ce5870f83a7e354dca9476f15ca7d
SHA12b16cdd86ff5557943ea1554d9aca923ee016064
SHA256e8eaf121b33c5fcba20cdb766a6e107572b75eff8bfdacb0ffe6d2753206e30f
SHA5127f2f2a55c18ddf0dd430d367e988b9fa1caf30f6059ee31b8646022c2e24d67eff29be89e0026be2ca3757da65849d5994bf23ffcc3dea964e2f889493c18382
-
Filesize
16KB
MD58e5e2a0932dc917928c99406eecb8213
SHA1646d19708734ce5ec7dbf77be0d79eb16ba3d285
SHA25646e4ab3829b54884841f1d97ab7659d0f03c8ed66c4546ac1f6eda4d963e8ada
SHA512bda4cbc2f32a831180d0510b25d90bb476fd87fe10f9ae071126bd55839fa34be4bc4cc50e3119e63e647f62c78d6a43c16b30cd2e22e2669bb946a271c07f19
-
Filesize
32B
MD59e4779dd8be3db6e1922d8989548a2dc
SHA1f71feb15ba0ca843701e49c2607aacf2b97096d8
SHA256b903967369c088093df68e7e1bddccf0b7d14b3e9a2d9378f949e9cab73278e2
SHA512c960363480ec228affca748855271de2613f1453994dfd938807dcc4752c4343c19dc0e7cbfa9b9bd4109de2011d3b44454c813dd02b726385769359e33f0ce8
-
Filesize
32B
MD59fc813a8c45c1f55f38093aaa52f2bff
SHA1c4d6e80d1378a563a2f2b06b6e3147a327edae38
SHA256368569eb5be82b89e7e74b7ea7815d4f0f2f94d90c2100bffc22eac3e152681b
SHA512c66cfe113a055a10c84d79f1313805c62e0dcecab1042239b59043b4cb69bdc493b9eacdc1a1220a864a77bfde58d2eabd350c92b1560c009195e88e38615ab2
-
Filesize
73B
MD5681ee7fa67e3fa26a4557a1e89b0fc42
SHA115a16058032d96b958d9d1a570c48f35f574eff7
SHA256e9de3db4ce237fa4086aa0260551917437ebd0289f7d7eee52e7d015e631eb8f
SHA5124fbde098423fce3e43a974b3e06b5d60e9d4580357a141cf1deb34425a603dc740878564165fa20cf4bdc74d897df5d74f3f86e90e0ac2c25d29b37f7a2120c6
-
Filesize
314B
MD5e9377267430ce8e367e1cc5e16e57a78
SHA1cfbba6c0e652bb99abc7530a001ec03e0a0923fc
SHA256d69b6bddbef70700efb55f74a3fdf93dac3df89c7a5328382134b55ebedeb063
SHA5128f86dee2771dbad0b2aa780342f80405461076340a1ac8c227e2a16eb40b02d959c0bff095f4e5033514258476bd1f6f84727c23b2905b33cbc67b6c8c239b4b
-
Filesize
307B
MD5e4775d8c2f2677d3ae2f503e75830f18
SHA135c47904eeff0db9705a908dca7c008e09ff6d5d
SHA256ab2d2778956e533f629b1d45aed5b00596e9a126c92e7b5614afadfc344248a6
SHA512d30fa6a9f16bfb3727585f0a71a7922f9479b2f18b1d709693334a6c494efdb51f4eaeb33ebb474f92985628d4c1ca8463d35121d6198d65f28f5b6349bd10ca
-
Filesize
54B
MD5ad46e889b9e9a71187d2d2dd22bbec3d
SHA11bea5bca0c200e29353148f452b333e1ed830160
SHA256629c196194e33bc6a373fbb2664b2d66739f37f0816acf85b312b901173dcba3
SHA512568dbb953a6aa571d7b9f1eff877c3ca8121f267f44497c48c11e320ae7ccbdce3266906d7862a73d34b4ba09f91d39fe43952835b7ce4e0da453f817043772d
-
Filesize
32B
MD54fcc5b6271584282e78df0b93a0b2e24
SHA1fc13b87ecbf1c3dba06bbd9a2cb0896f84a33300
SHA256842faeaf8fe448b98bd976f4924b8cf4067ad818607bc8d5bfc131a9b9d0ecb4
SHA512824272eeb15c53a78ce5a1d05cbc7b0082b69ce4fc14b15665a01b1a1ff4fee76bd3faab2f617ed82d5a1df75e4682660491e336698e66e186b80c31b6916c7d
-
Filesize
54B
MD596184b863cac97e8792e5a8cb8e36004
SHA14256f7cfb44857404d4a65d1376c4bee1faf50cd
SHA256ea96c5deee3b5195840ddd485fdb1a1e4522ffd40d21ff3a7b070dc12a6cd868
SHA5122b5139bcb687c350330b09c0fe8b919d4bfea293f3e99ffa3ab4042f5a6863078a0e3a9a212304fa513f33da6230c4fcf60b6e4288951eae6c490d4f58ee94f9
-
Filesize
32B
MD575002e4a4ba837ecc4ff778aa07da527
SHA1fd19585b8ed955d204693a037ebcf2a063a9f31c
SHA256603a877e8b09f0fe1380d45d335a63d8cffb7bc9b0a6b19c06f4f08c0e4e9c63
SHA5123a1b9d7488081b3f362d2b27bb5ef07b08640af6b26693a31de63ec4e190e4148b1c68566cad7408580e4c2acd039b22a6aa156cd72d97b352265c9444a1f8fd
-
Filesize
27B
MD5e32cf1dd56dd5060214bc850f6282731
SHA13c55fc0b96db118b4e7a6cdac7db90bc29c01c92
SHA256c639c626207f67228a8cf527c401102bea6f33180f2c3b05cdd0c2782fa194bd
SHA5129d525d2a0b04c1028871202975972fd6c110596109bf6e9304782e44c1b74162b13be67498ec67db8f6e7e90b87983825838f63dec26bad7515ef22d06ee7e3d
-
Filesize
109B
MD510996a33bbf4a5047ccb9df222f00858
SHA1e7ee91f18de17d2a20750deb4bdb88b8af4ba1ad
SHA256309d2ef12c6e1e3cc157616608893f99233bc86b78f76c73f2db1752eeb4a85a
SHA51298a39f04da842581ede4d213f702ad042c86a516e23aac77afd5a2d32b00e4d5982dfc93c5fa6b52d9e8b9ae67c6124aa6bfe4a5358663186b574e0dbf83fc59
-
Filesize
32B
MD53e0d16da939a6209bc179dca066a851a
SHA1c01d679f7d436db98bb92130e6bd23bae031df0a
SHA256711a5c9ef2ca0cd2af4b8c70568111d109d525212e4d254f62a5f97d8cfe11cf
SHA5122374ec898a706b5afcd66bceda86a8818ce180ab89df0fe656d425d3d7d7b0eb5698d5e178ea524070b530468b784b61f01740f9f7ae0a853c077a5d0068d4cf
-
Filesize
32B
MD572f78481dfa00bcb442f4c73c873d952
SHA16c3d2738d0517912d5693dfbfd9ea68363e3e71d
SHA2562d971e1f45690e03c870d7e95a1970752e5de4b637754953981ce2d31afb949c
SHA512fac6a9c3ac7bef5226f81567ef75f07c150a2e4ea8e371c8a832254ef837be99f8fafdfbc590d34d42d3c43db1c554760e184d6da4898668f0d9861edc22b94d