Analysis
-
max time kernel
3s -
max time network
153s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
17/10/2024, 17:18
Static task
static1
Behavioral task
behavioral1
Sample
52d067cb22ad6ef2b03e4f91468920be_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
libWziMfB.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral3
Sample
libWziMfB.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral4
Sample
libWziMfB.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
52d067cb22ad6ef2b03e4f91468920be_JaffaCakes118.apk
-
Size
375KB
-
MD5
52d067cb22ad6ef2b03e4f91468920be
-
SHA1
d243f4a4a7fbf0b52abfb897a4482ac6b2a20115
-
SHA256
cda975fef4ea0ef0f218ab99dbfc060ed2b807c2b34f25b8bd63414cebade0d4
-
SHA512
0aaca096f7d2d39c21a5310c6107683331ce7f0bb139c795a77f4b4c82f2413a3397a93a3397a12182f81f7dd89250e92f0e05d9be6b267b8a10d58ed600a55a
-
SSDEEP
6144:PTXy9U+kuwFrX6LgCfffe1ueffZixfw3ENHgURiw6n7BvJcVYCnMbB4/fOt6gqMz:++Ff6LgCfffheffZsNNA1w67BvJU/Mb9
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/esxfxca.qd.bp/oko.jar 4219 esxfxca.qd.bp -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo esxfxca.qd.bp -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo esxfxca.qd.bp -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone esxfxca.qd.bp -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver esxfxca.qd.bp -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal esxfxca.qd.bp -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo esxfxca.qd.bp -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo esxfxca.qd.bp
Processes
-
esxfxca.qd.bp1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4219
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5a8469352bcab1100e621f71e85df5f2b
SHA12876a9fd6a9d646183c0f389c97a8730422e3bc8
SHA2566e01f1d316dd6282c4f5d812df0dba21b28f3df8e38b8e65388301d437f1a91a
SHA512447e472f090588d4b43f2a8356971222975a68a3f7a77f11bd4bd2573aff3dba469eca45f6ed9f3be798b22913d7989cfa6c3c432e1f966c255a070fe72f12de
-
Filesize
512B
MD5b2e1d7f1ba1a5918c68b67cca0894b41
SHA1fc70100209969888defdeae4b84aada5152c29cb
SHA256dbb24c4d2f69fa9c2e056f859e129c34f07354159b3e6f65d1e5309658c78e2e
SHA512476b3f8c7c1cd9c61d270ebd21c09e308e239b19c666d945d5c36da9e4cd479d0b995ffef381931cdd4efb7450c3ef31a41f6959735df7411a3be5b0098c3d0b
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
32KB
MD5d8dac81cdefa8d63926479588bb7dfe1
SHA1e31846df7d5d8fb51a16db04e7a5ec2aca70c0b4
SHA256240418365eed49e5ebc4429e1afc611997c35565a1a5ffaf587a9b1abe675266
SHA51257ff8dc10f765b68bd1c877e8bbcb4021deadabc9b494599401a66f13fd638fba291f5e905e97ad231b681a70a38d6cfd608f11f412830915a9c9d7e2a54c44d
-
Filesize
20KB
MD54d271112b02d0ef90b36a24a6b1ceb43
SHA17ae2004a73e1ee67c08ab620fae7a3f6c10e30aa
SHA256d39982077825dc257b9258dad2b9011ad0bd286fbdcce24f4dacb814d24b0676
SHA512f0093461ea915e5de904f16c40c941e8b74492b81cdda9c8f53109c44eb2498986dd763a12f7ae81fa435f9c488b1c0edc5b9e3fca4b1fc06875d90c4f0680ab
-
Filesize
20KB
MD58a6e99c5d0023705adb9d397d2d5b434
SHA145b7dff87441deefbcd3b9c864bcd1987595e24a
SHA256d91e754a8098a6ed7e1f3713598cb067a89ffaea6d52a8c615521340fc00d205
SHA5121f92827f3c999c8289a34a0d05b82aee8c3dc95a0993afbfd73428329a3bc1023687da793414dbba8abe08feed6886d7121ee8047da0d1ba34a8f346b51f07e0
-
Filesize
44KB
MD54821a760a00e3eee0fa594232a74d482
SHA1d968db780a779d2ef3d2e8b6872b0a0d36952131
SHA256b8e371291b4a6def026b736fa8ef72cb60a19e8a8957ec1a2cd6f433f773b9c2
SHA512fee4acaa652779d51f1fdda74f105cb103caadc1e95ab8a598726efe93bdb90c283a9549aa6333b4df993657e2cc0933b27f7de8d4022438ff2e01799956f4ba