Analysis
-
max time kernel
146s -
max time network
157s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
17/10/2024, 16:54
Static task
static1
Behavioral task
behavioral1
Sample
52b859941aeae463735336b3f243ccb2_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
52b859941aeae463735336b3f243ccb2_JaffaCakes118.apk
-
Size
19.0MB
-
MD5
52b859941aeae463735336b3f243ccb2
-
SHA1
29c0c6fd81f191cf73e539d7fe0c4fccf83a6b0b
-
SHA256
abf89b6c6e932dd3c580b43aee510008b933b8eb0283d386814345ded146440f
-
SHA512
d44390c4e8aeac793607bddaa415ab89cf28fdfe8b3d7ac18e89aa01f7c481e602477d6f4ffa9a84f1213be1398c474bbf03bf0c943bcb0d3afe4180aa6f46f9
-
SSDEEP
393216:1sQ3nJGc8Kvf16RLnzpeFFUS0HqmKnNeQ9O5ql20CParw8IXdxxtHcefjxBzvS:WQ3nJGcXvNULNe8zHWzI5f/Parw8GAWs
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 10 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex 4310 cn.kdqbxs.reader /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex 4310 cn.kdqbxs.reader /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex 4310 cn.kdqbxs.reader /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex 4310 cn.kdqbxs.reader /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex 4310 cn.kdqbxs.reader /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex 4645 cn.kdqbxs.reader:channel /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes2.dex 4645 cn.kdqbxs.reader:channel /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes3.dex 4645 cn.kdqbxs.reader:channel /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes4.dex 4645 cn.kdqbxs.reader:channel /data/user/0/cn.kdqbxs.reader/.jiagu/classes.dex!classes5.dex 4645 cn.kdqbxs.reader:channel -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses cn.kdqbxs.reader Framework service call android.app.IActivityManager.getRunningAppProcesses cn.kdqbxs.reader:channel -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.kdqbxs.reader Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.kdqbxs.reader:channel -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule cn.kdqbxs.reader:channel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal cn.kdqbxs.reader Framework API call javax.crypto.Cipher.doFinal cn.kdqbxs.reader:channel -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo cn.kdqbxs.reader
Processes
-
cn.kdqbxs.reader1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4310
-
cn.kdqbxs.reader:channel1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4645
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.9MB
MD5b56a9cc7959c83320d8959410536a0cc
SHA14f53d0315f423388922f92519d098c80eb6ddbfd
SHA2561f222e7bb3dc330a61f92b4cac80c33b1bada95ac056b4c03fdcea4669753cb3
SHA512e4021001775a04f1a68c9bccdebba69a296092275c3fc69c3efcc29843301f875ea1ffdc0f03c0a23e23bedff9ebc9a397c1ee9709f6e2aed8c15a26327fa8af
-
Filesize
6.6MB
MD5997d48c2ba922daf248d77bf26d7542a
SHA158a331ef595a2c45b4095de79c9fba8999a03da0
SHA256e807cec8c47d423ac8f8a2b940f9838aca2ea211643a5e31466a0c14575923ed
SHA512cc61f976647c0c0eb6cc20a42985f35e4788d97c00ea770658c4f0754614e945088de4ea446c004b863ffcecc5c1dd467e67adc3b541c81e01bd960380a7f832
-
Filesize
6.5MB
MD5dec515f498ba570f8f7e30fafc2359a2
SHA10d9407fe32c8a73dce7e3c25922892afc9ab16f1
SHA2562da1291a90a02db081e8c160f3396f91c8894daefc33b76414430077d6a72f7f
SHA512836dae94edd4f398a980b9b97ef604332ed6368d579b66429fcaf1fb7891033b65fc173fdf34aeee07e8072bb20efda491496f0fddca0934f111586bbb5e4968
-
Filesize
5.5MB
MD556a527f3e94a53ae0f021d0185496655
SHA1be9db47d587baaeabc9b725d5bcc0f4f91cfe0c8
SHA2567069314535348a22f5ae2956967d9f208a974012773430b8d5ef02ee316f3c22
SHA512481ed46130f5fc83d9685891bc53e6f2585c3f9c51c2def8a7970f738ad3614af3f062069f2d712936d44e4ec926d61001425486fa07db2d36ca6e33545ec869
-
Filesize
453KB
MD59fa85329d3ebf6f29973463360e91caf
SHA1536749548ba5b5697feb596bba8f9eefde9d478a
SHA256062c3998177ced6c5f7c033a408bf0d3b14577cfe7ce97da9a0e421956074de2
SHA51288ff3f07795515c2f3d854d27fb6b3e19ea0a6b86e43a1d06188bc332f9d3403dd98f8e93787dea7f3df52a8cd7343bc792b93a975bfb155d7cef99d06e896de
-
Filesize
487KB
MD548e09a984647c0dcf75452e24d62806c
SHA1dbb3afc5495736331ae9618a14826b09ccf540ad
SHA256c7dfb3480a4410f14c0a86dd2a554a7c65f127d2daef76cb6f206b955f1eca66
SHA5128a22f26f0223f1aa120f2f2809de6a21a623efcc0cccc5306262c442c38808384985d5f86617aa6826d0357b6a80a7948d1dbb50c69a0ed37445b7e470611db6
-
Filesize
525KB
MD59473b2918dde9f4a5210f6d4549d3c6e
SHA1419e14a83dee73410576c0d3078cc42c3aa6de4d
SHA2563016fe961fd1bd4a16442db1358240e2a666c355d47c40133ee5a855d9fdaca7
SHA512eac5aa65fa0ec5aca6900617a5715c7f7eb9eff5079bb73aba82a58323b348ce4fd9a92afea7b289a0e5652710e2f6a403425b2f1a8b606d3b5b4d6894adf190
-
Filesize
36KB
MD58667c540902807cb0150ee8fec9f07c7
SHA11a0cc595caaee104b2209d5e3f6757f2aca8b4c0
SHA2564cbe86bf14b5cba7e82b4c126ca2d7b4e10fb1760936c3a785dcc360863003a4
SHA512665e0106bd09c25d061b77acf933db23d8a4ae6a2f608a41a0cc1eeaa4842605e96b60dbbda1f5fb85f0de5523a15280a593e1f1562ad8e2bface32ab5ec9c62
-
Filesize
4KB
MD51b892888ccbbe6a101e0d0bdb2172a7f
SHA1e7f5269d6b59b3c98c22bf90d4111aa71835e367
SHA25612a7e7baa6dc9404a5f0d940be52747e55a03af8beae24085c95e73be0a8103b
SHA512d1d3a132ba614f9a5e5cab9f9cc709cb6789eadf40ff9b0bc36860e98f20f2592f493caa933c147db4233fbd2e9fe118025a2c56126a65cef80ecef0c8210f84
-
Filesize
512B
MD5816f3ff1dbe736e9ff64896a39219cc9
SHA18b63355139e9152eed047c3329b64e50e60fd377
SHA2563b460832a99c96956d931903e2f4ac336a90ac98d1205bccb5b56a161704d032
SHA512f187cd59826c076892897bd3e595fb676965f339ebff0f7b5391fccb31127763dbdda465e06c3f4b825b7b04644137cc6e78c50d04e98b0d323d7d35d26c8d24
-
Filesize
8KB
MD55edb1e7c279e2784af9a7deafdd4518f
SHA1bbeb81b8ef144c44a38dceba7c06f7537b38cf35
SHA256f0c6102d7525ad488bdaacae9c2b82d5cb7fb96d9fb51971b525a424d2fe06e4
SHA512e2121302588e1f7b16fd4c1f187593ea892c1192ad1bcec216d6f4f22068670939927bfffb2f51fcb5d601fe4347cd581557add4f4030b3ffc7e9636bc436749
-
Filesize
8KB
MD5b2572e4f5383a17dc3f96b100a7d3cd2
SHA1ef0549ab98f47009b13c4ee1acddd5f0131f90d2
SHA25688b1738b2f89583067bb1d209ed90219950436f0c5d2394d935319801be72d77
SHA512594d0a2055b9cb973aad1211c6ad0f45fd61990be38aac3c51aaaa969efcbedcc5f9155b118b958b76dc0011a8b4bb7fbf08ce2713cfe71fadb08e75a4a7d0be
-
Filesize
56KB
MD512a7d379e17bbd9dfb425607991f4814
SHA1bc7c5ed79c42863755432f9adf05ffc1848b0a81
SHA2566e9e6f531496fd3cb33584bf4a1303845743589d5527bf8e96e27e2264b1e90f
SHA51218d678715f1712f8baee18e23487af449890a4130e304ea10d883dfc99b33b7f88f0f1e0b4008ac0c8f1ea6c19f5460b0510d5372c579b039a96785529d980c4
-
Filesize
512B
MD5cf1251eb84f4f8db280a7c4b071fd097
SHA1134adaf194ad132fa24aad9d02e374da6c7004f4
SHA2565ae7fffba6bbb8e0e8be892db86df1239fccbe673e47834d903d4791077ffaa0
SHA512aa647e8eb8b5dfbdd3a88f4c5d93ee3c6509e18b18eb25b22ebd64edf838574b237b24fec04df0b8c4938dfb153960deb43d596fd10abdc376336274e673b2e6
-
Filesize
8KB
MD5f1beb451b264ad8da3caedaabf2f93e5
SHA1ea2d59e099d88b04e5f2ee8f1cfee74ee3896e7f
SHA25602f3842fead56d3eeb99fcdb340a256f4bec8c3d3782bee629d2d3a89e34c5f6
SHA512fe5f01eca248e650cb89b784ea530d673c292be7662f4f6bd4fe50b81a00aeef8ba3c7145865efd645b3d206d9836ea257e142897856914aa0abf5ebc73f9c04
-
Filesize
8KB
MD5f6d64a717c6df17e331af9af5e300e54
SHA170793bfa959775c2f7cf898315d86e0b41ad798b
SHA256f85a3f24036b5a06dadba2422152b3cf6f81f0ad10ed03dffeddbd5d57330ae6
SHA512ed0de34b05d1d3647e997674da733d7d423390f80061a5839a47468eca686b0774523b3fdc2661ddf580debdd7b829e541883188489539afebd78bbcd2380797
-
Filesize
52KB
MD5904fe475406adc29a36b6d0bf5c5ad6b
SHA1d92121b5f631bbe545cdc22e294d9fd66c5eba23
SHA25697f503c25514610d75a1f8ee56e5727e2d390e9fccf56885c5aadcd02d6c95ee
SHA512699e8bdb6bd065f04ac49ab052ad65d3320be6eeb781df03654b4e41261f936d14428db582ac96100446011920395655ec720bd1e7cf99013069cd437883bca0
-
Filesize
512B
MD58fb8d39fae6783545efe935639f48889
SHA1cded10697afd976255f71b617d364e360a5c8d93
SHA2568dcd48e1ab9528049fcb3f7a21833ea0b53aa4abeb80a07c73580bcd9084f3d5
SHA51217f10cdd21bf1d7e009b9cd01dbbcfdae4e206e66c587ba7efee0356764929806749c657192110f618de967cb47a1397faf39348fa1d1d3c0655dffca2e31ef3
-
Filesize
8KB
MD59ab56a21fdd1b3adb545b0b408b49d0f
SHA1bd4545db92a009c9ab1a3cab25f605fbb5042240
SHA256b95c783d3977bb83673733bf942895eb999336f794be81cd58a2c42ad5ce3f7b
SHA5125e83e6958799ea230882a4bb7a3f4b4a18e1538b377173d7df38c739ea8d5169fd4d8dcb08dfb8de9ad7380468d9d6a420b3ad7e0c85fd08684d92b47fe6c524
-
Filesize
8KB
MD56c76fb65eb5bc3f28b07049599c2bc05
SHA10e6a1b6d7b00c9eb1ac2e865215464a4c94b9408
SHA256f9fbc78882999f19ad7900e060a0c817304778a767f9fb2f086ca55080125eca
SHA5125dbb74c6987abaa0ab0e252b88ce24b7dca915eaed2e11323a0e94e9da06436ce4eaa1619431b37f1ffa333f8d6d1172c16d94799e4fef8ab9f420628a5bf625
-
Filesize
4KB
MD50eb157e1a86d4d00aa601dd2f6ff3ee3
SHA1fee434f784e73cc7916322e949f727caf8363102
SHA256b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4
SHA512b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8
-
Filesize
512B
MD518cb9a96e30b56af853fb87dbad9aecd
SHA1c37cdbc1ba30516918619ebeb7ce38b2fa1aecd6
SHA25663a4a2df5331a0c65180afc3b90c9891eb71e7bc4d6f8e23bd2597fb321a5228
SHA5125aa7d8d2c68bf59ab818e9f9efb569a9ae3016972248805f685e0b76d801b88c9a7e50a11b32c4f49ad1faa4e95f67875d6759293982d16a0f29df2e7f95c73e
-
Filesize
16KB
MD5e0d3f5c99906d8d8857b6a16b14e21c6
SHA133928aa261d832ede69168ef3521f9019e427536
SHA25631e410038b82a94915f7edcd6c23e51115094f7a1f730ebfccc9fa65a70b4529
SHA5126fd17294db0a5acce1a6a6d68f6c81da273b9ef014e464e4dd97be99ac997ca12bcdcc494903f390ab5e140305aa6b68c847283dd37a6c8418756f281b4aa81e
-
Filesize
40KB
MD5dc460e5de45ecd301866999afacf7de7
SHA1b42dfe5f89994efe0820014571f452df9eaf046e
SHA256d4b4e515c854434d746599edf2b31631a0d8d5b5af558dc92d175191ac0a85ff
SHA512d4434168f967592c4f7895d18c66f1e84c4631112c38d395f1651ad811ad5291f3924a0c0ed95152f333051f04c3a9d50611eb8d493dc9204daee985ab8dfc1a
-
Filesize
32B
MD59e4779dd8be3db6e1922d8989548a2dc
SHA1f71feb15ba0ca843701e49c2607aacf2b97096d8
SHA256b903967369c088093df68e7e1bddccf0b7d14b3e9a2d9378f949e9cab73278e2
SHA512c960363480ec228affca748855271de2613f1453994dfd938807dcc4752c4343c19dc0e7cbfa9b9bd4109de2011d3b44454c813dd02b726385769359e33f0ce8
-
Filesize
32B
MD59fc813a8c45c1f55f38093aaa52f2bff
SHA1c4d6e80d1378a563a2f2b06b6e3147a327edae38
SHA256368569eb5be82b89e7e74b7ea7815d4f0f2f94d90c2100bffc22eac3e152681b
SHA512c66cfe113a055a10c84d79f1313805c62e0dcecab1042239b59043b4cb69bdc493b9eacdc1a1220a864a77bfde58d2eabd350c92b1560c009195e88e38615ab2
-
Filesize
32B
MD58d466402b1901e7c58138a09cc6d126d
SHA1c33843c7fd0f453d58bb1c4676aac244932577c7
SHA256016b41721ef53d7a8e6989bcaa23b25953d352dead9f5661cad7fb7e43c3f5b9
SHA5126f92244452a9b0414b18dee8281333059889730bbf56742a6af04afbf009129ccecd13dac9f77060b80e9fbd22bd914176a99b36e819e515f42dac1b324f97d7
-
Filesize
314B
MD547ea7dc992ad444b602a1dc3907f6244
SHA1a7ae690bd03823111b9fbe2f3670f6581b4a21c5
SHA256f090fa776261656e4f0f2f83a9eeaaaeb09e91dc92b159aa1fcf9dce62299970
SHA512629e45c1adfd4875ea6bff5330925774a3eb624855bc4606c700a1cade5b9ef43ab664e7998557913650a2f8d4f496ccd3957423d5f3c2962cdc4ebad2fd8db5
-
Filesize
307B
MD5e4775d8c2f2677d3ae2f503e75830f18
SHA135c47904eeff0db9705a908dca7c008e09ff6d5d
SHA256ab2d2778956e533f629b1d45aed5b00596e9a126c92e7b5614afadfc344248a6
SHA512d30fa6a9f16bfb3727585f0a71a7922f9479b2f18b1d709693334a6c494efdb51f4eaeb33ebb474f92985628d4c1ca8463d35121d6198d65f28f5b6349bd10ca
-
Filesize
54B
MD5ad46e889b9e9a71187d2d2dd22bbec3d
SHA11bea5bca0c200e29353148f452b333e1ed830160
SHA256629c196194e33bc6a373fbb2664b2d66739f37f0816acf85b312b901173dcba3
SHA512568dbb953a6aa571d7b9f1eff877c3ca8121f267f44497c48c11e320ae7ccbdce3266906d7862a73d34b4ba09f91d39fe43952835b7ce4e0da453f817043772d
-
Filesize
32B
MD586525c841591ffa90c423b3aa3a8ba8d
SHA15574684838d0d6e0a26714c02c9e8414fa6c5d36
SHA2561cfc7e6c25a0754d26bf6ad466c34f5ae48a9130dc33237ef9ae18013987b4fc
SHA51208ba4a3598dc30b917c558d8d98c5d34100c6fb0912ab3da7be3838560eb88e240cb7c42353647127998f01598b008a18ee537fcd875e1dc8278a34bd6affdc6
-
Filesize
54B
MD596184b863cac97e8792e5a8cb8e36004
SHA14256f7cfb44857404d4a65d1376c4bee1faf50cd
SHA256ea96c5deee3b5195840ddd485fdb1a1e4522ffd40d21ff3a7b070dc12a6cd868
SHA5122b5139bcb687c350330b09c0fe8b919d4bfea293f3e99ffa3ab4042f5a6863078a0e3a9a212304fa513f33da6230c4fcf60b6e4288951eae6c490d4f58ee94f9
-
Filesize
32B
MD575002e4a4ba837ecc4ff778aa07da527
SHA1fd19585b8ed955d204693a037ebcf2a063a9f31c
SHA256603a877e8b09f0fe1380d45d335a63d8cffb7bc9b0a6b19c06f4f08c0e4e9c63
SHA5123a1b9d7488081b3f362d2b27bb5ef07b08640af6b26693a31de63ec4e190e4148b1c68566cad7408580e4c2acd039b22a6aa156cd72d97b352265c9444a1f8fd
-
Filesize
27B
MD5aec54b120ec5b78c75eca4bf1a3fb7a1
SHA10779217fb852ac055fb8ea1666a3e2dae3dd2299
SHA25693c044731695b363a9969ca645181af4b2d5a0446a6235557f224f10f2c3c4fd
SHA512c93f89e7b1401d4fcf6503dab82742e276c6284b6bd6c1e41b3134dde3b5391a50f4b201d53f70bd51fe0ad3c4f9f3deb7a233b99d13568c786138fc5c9c56d2
-
Filesize
109B
MD585c06b25d03fc4778558b6c8f4bfc898
SHA158cc64764b4ee2ff5eb5089c00063ca8dfbbff76
SHA25640da112d652cd27bd43ff03a3ad6b36692f07334ef7193156b453c7551cf9989
SHA51246184013a9a469235eef617959803ec40d3d2b629aff338c8251e7e05f99ad38e62b735f19befec36711296ada9b6695bb950af898fa11f14bae21967068eab0
-
Filesize
32B
MD562278edcb129a0ae2d8fb433205237a0
SHA1e94c951412f12e20f1f0fe5e20afa082fb8f975d
SHA256a929d2d13c3fac13b33eec5ce29e81de16c1f189a461d05e93c27a7f2f9c3de5
SHA5121137112a8251911942785c5e4646403ccd81b6278935854caf1654ba21a305658ec9e1b6f00ec148d7e2d769c98c14b54678a1edfdc605928d7eaac0e5b6cb37
-
Filesize
32B
MD5aea851d092b2ac708df5eb62a1fb5db5
SHA1fd085015b5ee80c3dd92c732cbd9632c565f725a
SHA256551eea9bfd51c0325bc2cf1c520ad131ff54478a29b1aae73c590ab4fea17ebe
SHA51285a2901ffdd5d3d0d71690070a68ac39ecd8bcb42c14a6ee68f9fbf0e81ba6b98cf6c200ae77b92159296b4a6f258d95d41abd740cfc6ac6a7fa636fe0336fd7