830b23672a3d858d253fccb49087a52d5e9f21fae654f683eb34d833fab03d99

Analysis

max time kernel
149s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
23-10-2024 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

705aa748a83b9ccb2142e6293a079c55_JaffaCakes118.apk
Size

2.0MB
MD5

705aa748a83b9ccb2142e6293a079c55
SHA1

de6fdeb0e1cad3bfefaf39ea9129ba62e7ced66d
SHA256

830b23672a3d858d253fccb49087a52d5e9f21fae654f683eb34d833fab03d99
SHA512

ce2e7578dbf9fb7067fcaffb24f2a511272ad7067b676fc4c4bd4919274c683f760895fd8d5d3bb3ddb45381e4a4abd2a41142cb855e34c633eda806f2b6ddc4
SSDEEP

49152:K5npY7LBrC4T+l9YCF4aJFQCA3TQEENbEJPf4AyGGWa6jAJuekhxe:K5npY7FmG+lGCF4aDQCADbENbEAkbjAn

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.happy_world.nesemu.n30.nes/files/__pasys_remote_banner.jar --output-vdex-fd=98 --oat-fd=99 --oat-location=/data/user/0/com.happy_world.nesemu.n30.nes/files/oat/x86/__pasys_remote_banner.odex --compiler-filter=quicken --class-loader-context=&com.happy_world.nesemu.n30.nes

ioc	pid	process
/data/user/0/com.happy_world.nesemu.n30.nes/files/__pasys_remote_banner.jar	4515	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.happy_world.nesemu.n30.nes/files/__pasys_remote_banner.jar --output-vdex-fd=98 --oat-fd=99 --oat-location=/data/user/0/com.happy_world.nesemu.n30.nes/files/oat/x86/__pasys_remote_banner.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.happy_world.nesemu.n30.nes/files/__pasys_remote_banner.jar	4366	com.happy_world.nesemu.n30.nes

Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.happy_world.nesemu.n30.nes

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.happy_world.nesemu.n30.nes
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.happy_world.nesemu.n30.nes

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.happy_world.nesemu.n30.nes
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.happy_world.nesemu.n30.nes

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.happy_world.nesemu.n30.nes
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.happy_world.nesemu.n30.nes

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.happy_world.nesemu.n30.nes
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.happy_world.nesemu.n30.nes

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.happy_world.nesemu.n30.nes
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.happy_world.nesemu.n30.nes

description ioc process

File opened for read /proc/cpuinfo com.happy_world.nesemu.n30.nes
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.happy_world.nesemu.n30.nes

description ioc process

File opened for read /proc/meminfo com.happy_world.nesemu.n30.nes

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.happy_world.nesemu.n30.nes

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.happy_world.nesemu.n30.nes

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.happy_world.nesemu.n30.nes

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.happy_world.nesemu.n30.nes

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.happy_world.nesemu.n30.nes

description	ioc	process
File opened for read	/proc/cpuinfo	com.happy_world.nesemu.n30.nes

description	ioc	process
File opened for read	/proc/meminfo	com.happy_world.nesemu.n30.nes

com.happy_world.nesemu.n30.nes
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4366

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.happy_world.nesemu.n30.nes/files/__pasys_remote_banner.jar --output-vdex-fd=98 --oat-fd=99 --oat-location=/data/user/0/com.happy_world.nesemu.n30.nes/files/oat/x86/__pasys_remote_banner.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4515

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.happy_world.nesemu.n30.nes/databases/P15pKIjsm64m

Filesize
24KB

MD5
032abd6bc70ad7c9484f10a7daf57bc7

SHA1
12e3c03375192814883d5fd1671e2b0c64b0ae43

SHA256
9cc41eaf3228c605583528005cadbf69eb145da3943e09e3732677423dcbe976

SHA512
aa28b2d8e87dd6364e15b1c99c52758f937585c126cda7db38cd2b4e5fb3c3e5775a92cd1d5ae68b03a6c59e7473766d670f03e3ee30e8ee53c2bba1b73f243f

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/P15pKIjsm64m-journal

Filesize
512B

MD5
8155da5a9bed7e5f543497afd2077510

SHA1
515eef6fe077ef9f3d2a30cc9c1e08ed418c3862

SHA256
cef3903decc9e7f9e6b52abca0bd6551085eb36822455e390c08b82adf171fb0

SHA512
0b48c43965c6d8301f36cce7e8cddf0cccd1f37a5e2826474b6d71aa61b4ac8ca71b78b14d639611464cc1bd8b340237e1b5c4be1f8ccc4691fffc3056e85101

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/P15pKIjsm64m-wal

Filesize
36KB

MD5
b3f701b911f3804bcfc966ef9ef4ba60

SHA1
024cb3cb4c4f23483109ee834a3bde5b7e2f21e9

SHA256
c01a161e379aa4be3d2a3edacebea74c51b6de58b54135c653589d84ef0b4b02

SHA512
65147ef37fba78240e5d74fcaf04fab95851306b259a1d5776b241603266bfdae8a71ce470b395988204801947ccc7234cd7e684d8282a9ad63dff3b668b49f0

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/T1oX0rhhuXWt-journal

Filesize
512B

MD5
3abb07a557c36efb5af9513c1629aa36

SHA1
b212bf18712034a030fd207617e83614c41e854a

SHA256
0af2fe9eb1b2c0c3a01eb4576f3863c4148ab6a16fedece17d88cec720d183e5

SHA512
6cd1d00baaf022ad26cb96ad1a72c8804a093048ed82fb4a0eab2e1a0f0f7d49cf144bf4879b1192328be3a14dae88e674ecabca22c5d1a7940619f5bf9c42e3

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/T1oX0rhhuXWt-wal

Filesize
36KB

MD5
efc554eb07a871e9baa060a220acf91e

SHA1
f04cfbf6df33ac8ca03ffbff41fa27e96a979619

SHA256
ecec54caa49387b8b455f868aec65ac4d6b1d7ad3719062f2d00aead36a538eb

SHA512
84e95526ac7aa143e8b61e3e1eca43f804e623284b12678c78881d07d4ba8d9b9465a7eb2f609cd799e5e54b57ca8fa1f9085f100cf665bb20b33a1a788d6b5c

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/XKwVoK0huy3R-journal

Filesize
512B

MD5
4b836331ce60b2a834c3108490b5bda9

SHA1
86710aee2cddb21ded45447ebdfda800db71908d

SHA256
f9cb80801d483f1644967b8d9655ae7dbbe6cc6def62db7dd0800fd0ebff43cf

SHA512
356fa8d549f834de46f45e5db3950a6ec06280f7287c2633bfd970eb694c93aa821e7cd615a61369e5bbb1ccec3114ac04304419eea836e0b231d97285dd1d64

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/XKwVoK0huy3R-wal

Filesize
36KB

MD5
49e21b971203182c16e93b1f61678dfe

SHA1
3b5f27983c17a451d8cc3641b0402cbe18ea60f2

SHA256
1292228db02746dd83e957e2e2e896236b8623d7c7ffbae8b693ef6904444cbd

SHA512
ad698a3056fc8506895dec61afd8b234071a955f434c6b73cc0e42ff1db22de0e015d926c6ba02714907495a6fd0e46c3986016baf591f9c3f5e3103f9a072b6

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/jqIqJYOT3JpT

Filesize
24KB

MD5
9c37108c041a67252d4fb5059436eb9f

SHA1
f65bdd652f9b2a098993d2aca0be2578e8eed20a

SHA256
f4a3fc85419d0e98a0312af88fdeadf75bd9969460820043559d6ee45e7ace55

SHA512
d7b92b0b4900439a28552339cf7e80e2937887c7de796e10df0bec393d136bdcdeae47991133a5c144547ac2ffe484b9c99e60280246858f6ae9b8529c5d8548

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/jqIqJYOT3JpT-journal

Filesize
512B

MD5
0bd6c1b59a4c5d7a2ea7eeb0282a28be

SHA1
c2c4e01104a5f7057a36d2861f97d5c908f6ae97

SHA256
953da717ecf8345ff59a57bf4d68ce3217cbb448ee21df8d2231914aed16154d

SHA512
55a6097b5f5b451339a77ca74728c7a4634d788a13b42faead22f69a717476368b8c7f58cf917a5202ca80a2abd8d8bae1261355c2e4efbfc0b172809d1bd3e6

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/jqIqJYOT3JpT-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/jqIqJYOT3JpT-wal

Filesize
36KB

MD5
2b037fa73db703e3e2e7b9b17630acce

SHA1
6b1ee8af2b170076dbeff9b54e30daae26d37ab4

SHA256
11f33a98516c8e172e10c430eeaee5bfc313dda101a20d06217165371f2f6a97

SHA512
2549bf26c47766d14ce2f26a58cec4a0c8e0c65ea38642454c3b32569bd5b9c6fc7d483a4e812061a6becb033e7a9c874a0d28ea7b22582db325e12f8374e5e1

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/wIU6pTyUBYWX

Filesize
24KB

MD5
3f46387c5a9161a06c35918e4715e9e4

SHA1
f03b4527b29495a3f50be85d6afba301e9e3f1c1

SHA256
687a930724a6054924254f945ae475e34ae87ebdc2054881c34317cd91d46ca9

SHA512
614fa11f57f1ddc2750185eb908a580f1ae1ea53d4f4ff6881610942a36554b918138af7103859821d90cef12ea68bcab1ca0e4548cc5a78ee7a3c658b37f3ef

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/wIU6pTyUBYWX-journal

Filesize
512B

MD5
e1c2f7454662883329ba60af1068f38c

SHA1
ff8122e2e986f49953fad40badcda2f7d10c034b

SHA256
0863b47a4c597c9e8a6a64c5d9b617442d484cb858c39d142abd1aaab3f003bf

SHA512
8356b39d9deb9d4d27bb342fa12ba4fce4459ff7dc58d9144b5cb5c2845b5a927c6e6fdb5570ffd484e41a8aec11b6e57ad8bb97e2e050287822ef80724e64c7

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/wIU6pTyUBYWX-wal

Filesize
36KB

MD5
3909de7b89ad2e6f71a4cd12f8b3b5cf

SHA1
fd2773ca2e526c3f2fbb794084bfde0c2fa23071

SHA256
c6e5d740248b2235ce511892b3f6b6050cf52aa37beb6ed7f7b78ba599bb2bd6

SHA512
5dd054c0f1e0b435b9a487b1e75486c7f5193b5460956fbe3bbda7aa3b78f95db5fde7497ab9998b06fe08c25aeb87d7da5f76387108123b5412dfc621827587

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/wsUL1uCdKvjD

Filesize
24KB

MD5
59413190ea19211285b5c0fed44c19c8

SHA1
ee67b7590047c3c17309f6e6eed48556aabe4c92

SHA256
3511c95f09883c65de19c3be645faa921aa3baa92d21b5c284133da349158e2d

SHA512
6a65fc51ea3e163ed1da558c2f4e911857ab4d3b15bc27135a4639e8fed9022fd6d89b4dd39a39b3bcc69060d7565f68ef23bcde4e622a2dd823e9fd217d314e

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/wsUL1uCdKvjD-journal

Filesize
512B

MD5
aed77ae64b10703c319724a66960be4a

SHA1
e95e99c921a65b2768fa93f5ca826daae349dbc4

SHA256
b985e4ad14e308558b963e012c475ef066cafaaeb726a49b1b6edf4b78212137

SHA512
acfceef41564e5a4566458311ef062904504a985fb74528dedd7f9e6f71e90f1aa1aab5782160122bc104876438523f54bc105e13a7a0bf2fe3f3633c5576af4

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/databases/wsUL1uCdKvjD-wal

Filesize
36KB

MD5
aa49ec8d24960e879b561681defaa97c

SHA1
f69cf8d7984bfea5b4bcafe39160a864555c2907

SHA256
62334e921e0cb4f40fbf11ffe105e74d4bc4cbe623c644aed747993b1acd4c11

SHA512
f7181f7c40bd4496f3d9b53e3f3c8bf2d36f971e483b49f09602168c70a07fee1ae0e0784752508d08aa8606b391c924b09ed53c15c72a182d229e65331dc3f2

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/files/__pasys_remote_banner.tmp.jar

Filesize
136KB

MD5
f945bf7e55b1108861607301de8e3d89

SHA1
c7b7b28e85a8f5eb253258c5654c4d683d86fcb6

SHA256
8b16d50151c9027c2a62c5d929b79ab1af53331ee8726d861d44655ea39e0e7e

SHA512
4eb42ffb34d130a1b78d628983d780a394d2eb8b8f0f4b03bd603e5fa10f1c0659deefa768a8a6b5890a5eb312e944601b445d73a00493cf54804a1bc2253a0f

Download Submit
/data/data/com.happy_world.nesemu.n30.nes/files/d929bb76e8110d1a70260af57b446eb0

Filesize
24B

MD5
bc51a59f793204e53617040d713c7232

SHA1
5920db5e438f7486bba3ed204dddf9206f24d388

SHA256
4ca23b0af17845231164e7d8531b7177f1e27afbd3e0f9b6fd4c2aae457363e5

SHA512
5ff5ef4057e87b6e8e2f0048694fb56eb86c81164ebc792706a0f328985c54f8fdc3851afe07559af875e9d108c608e03d84ab4c201b6d750ddd8c5008ecfec8

Download Submit
/data/user/0/com.happy_world.nesemu.n30.nes/files/__pasys_remote_banner.jar

Filesize
233KB

MD5
478b158bb4c3114e3f848a39d56f1caf

SHA1
b68941040736df9bcffd0c10af7b8c80507a61a1

SHA256
9fcbea8ae23d750bf84c2da8551f7e382c8030447dd6906c0b7a47090fa096e2

SHA512
aeb45d7e4c74f35dddbf08d1e1a9e699cb9d381c6f2d40edf081374b0931ae9e7ccbbc9fda54ba982ef6426de08679fa92d6ac4327b08cca682c06ad4625e2a1

Download Submit
/data/user/0/com.happy_world.nesemu.n30.nes/files/__pasys_remote_banner.jar

Filesize
233KB

MD5
6e995a48a2d00c149ba30dd551a8a1a2

SHA1
58203d41130291d6d90fd6f6cddd075d11126e76

SHA256
8c47c7797454672ae5634e911194063809df0c728f9291f19d85a34f18b5c0e6

SHA512
0e2f62d3a1a7cdea53f35b8630fcd81893b888bc842edaddf85304d145a5855238e264a65f6176476af19ccf9cd95e5ff99e2fec21e2f78d519dc72d95a98c6c

Download Submit