Analysis
-
max time kernel
4s -
max time network
137s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
02/11/2024, 23:10
Static task
static1
General
-
Target
885296e8bcc1272c71bfaba29d53822e_JaffaCakes118.apk
-
Size
2.6MB
-
MD5
885296e8bcc1272c71bfaba29d53822e
-
SHA1
f22aab2f3ba8fc843a987b40f2d0f5e0567f2259
-
SHA256
d0ae64254cf57c871171844a3524118debf769b4e9cef071eb45e00f96750f66
-
SHA512
d18af9ea0a68d6d08938256a5aa34d66d26fbb33e4992c63ccce4f436521cc4aa4cf2192e1f52bf649a5c9e8d5f20c287465d0f46fdea11cd014c5502c513e5b
-
SSDEEP
49152:NP4gjcD44kHMwezgW2mC3xg3jtRpzNOfngFrgQnQPBR5UMoV:Z4ScDEHMweshp32AgFriBrm
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /storage/emulated/0/Android/data/wu/cu.zip 4245 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/wu/cu.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/storage/emulated/0/Android/data/wu/oat/x86/cu.odex --compiler-filter=quicken --class-loader-context=& /storage/emulated/0/Android/data/wu/cu.zip 4220 com.android.erqiwu -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
Processes
-
com.android.erqiwu1⤵
- Loads dropped Dex/Jar
PID:4220 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/wu/cu.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/storage/emulated/0/Android/data/wu/oat/x86/cu.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4245
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.3MB
MD512d9b38e85d542f5f0610fa92b71ce2c
SHA1800abdeb5c83cfde70ba248795bded9037bf736e
SHA25683ddc41be3975cd18d2e1c9bcee7b2e024396e93ca109d72e392bdc40ab521fb
SHA5124e33929bcbfcd7110a14d386f7329baeb22009b03a663b3ae922004ace9478b216fd07b52f94f73bea317cac591f7d7ae2e69c1b57157c1b800a2d4a4384dd1d
-
Filesize
1.5MB
MD5173fe4e906168cffd0260cfebe58e979
SHA104a8bd61bda158d453aea084cbf9d8e75cfb5f9c
SHA256f5ce1e2bfe5af7cc9ec1e877cd4f1f85845444e2cb79945187e4f5d794419c1e
SHA512273e775d5ab3a92340269ee130c2be4d80a0791a060d3ad404d6cdce902e250978631c1d55339e58ed1a9e319cf0b4b5638eaaddf9b8936a0db0f057128dfa44