Analysis
-
max time kernel
15s -
max time network
127s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
02/11/2024, 10:45
Static task
static1
Behavioral task
behavioral1
Sample
85101d383ba142e9b6fde15e8b4c6593_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
85101d383ba142e9b6fde15e8b4c6593_JaffaCakes118.apk
-
Size
6.3MB
-
MD5
85101d383ba142e9b6fde15e8b4c6593
-
SHA1
6107b4921247bf206715d95f370eff8be98840de
-
SHA256
552a6d3dc1b6c2b5edcdd1252e5bd5993c5e6e73e435a4ab791d04de7f7601d4
-
SHA512
a3ffd59e3edc168d6d3b5acf96ac7973fb2a92bc673dbf2742d09b2b893269dc716c334009cc2227386707757c63067d5486cf5c8cc3e63ece1fbe4f0c6f3cef
-
SSDEEP
98304:XHwzSJfRC58Sf/9D/v7WqT9ZXqv8zA399e5KdoljZEx9muMN+t0YCnu:XHwzsRC5X/979Jq0zA3m5Ky5qkN+ePnu
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.xmxxxwev.game/files/bewq/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/DzYuRXREEQpbBBIP.zip 4247 com.xmxxxwev.game /data/user/0/com.xmxxxwev.game/app_zhifulibs/zhifu.zip 4322 /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.xmxxxwev.game/app_zhifulibs/zhifu.zip --output-vdex-fd=57 --oat-fd=62 --oat-location=/data/user/0/com.xmxxxwev.game/app_zhifulibs/oat/x86/zhifu.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.xmxxxwev.game/app_zhifulibs/zhifu.zip 4247 com.xmxxxwev.game -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/inbox com.xmxxxwev.game -
Reads the content of the SMS messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/ com.xmxxxwev.game -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xmxxxwev.game -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xmxxxwev.game -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.xmxxxwev.game -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.xmxxxwev.game -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.xmxxxwev.game -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.xmxxxwev.game
Processes
-
com.xmxxxwev.game1⤵
- Loads dropped Dex/Jar
- Reads the content of SMS inbox messages.
- Reads the content of the SMS messages.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4247 -
/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.xmxxxwev.game/app_zhifulibs/zhifu.zip --output-vdex-fd=57 --oat-fd=62 --oat-location=/data/user/0/com.xmxxxwev.game/app_zhifulibs/oat/x86/zhifu.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4322
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
129KB
MD51207a3edcf8e684b7e97342a243a8bc8
SHA1cba0ce2e88395c7733b9d62cce8a3d6ea7df9ae1
SHA256d581f30214e19929f55ee8f6c6b996956007a025a8eb21890767ef11cea14681
SHA512f15fa62f2d588e37dc7dd2232cdb82636ccc3e408a74dc673692d6202af1f90b80738b9a3c222ff505dc1424b1d33d4f099207f4de0190902768b0b905aa5c5a
-
Filesize
135KB
MD58a3198c5ee6c420310455daf8d54ce67
SHA1200d1eb3e30461bd70bd0f04ec7b0c7c64dd5188
SHA2560f514a231b675d8e485165ef4feccf8e293bb872760ed1e2fd808af3dff4521f
SHA512a93a639df99d01cf48a6d1a420702e2dcbba3e717bd628dead4a64e0140e1c390c651edcc1a5bb0acf853afcca5805ced20bc605ab52b9b05e4ec0fcf981635d
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD58c0f6e48f21049170ae0211631a0754e
SHA19bda6e16554feb4ef62272b081fe4e1d48dd8070
SHA2567930486ed9e947c8c948cf89fa70920bf0db43bf3f9ba20407bc19b9e8513e56
SHA51250c85f2029f4b55fc9eee2c0fdbb8f17ce3d57b9f4f31a3ad9fc8ef8368c205cab8ee6081854eebee8e842dc017eb97ebc320de277298bc140426e15a60c01d7
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
36KB
MD507efd5118bcdb9c91c751397e2ca5437
SHA123066387fda9fd0e546a70c6b289d06d62b3caab
SHA256fc9090bbf9d68762720d812e005218d5c7915ed9c90d5a78ecacaa4690f46f22
SHA5123893776abe490eb3366aeca098f0a4750b1872b256a4d645bbee92e477dd128331107aeca5bc0ab2f1e8d01fbd746d5eb55b9536da999d49b3daca427c78f2fd
-
Filesize
512B
MD51715cac2db579814d3734673c9d215b8
SHA154b58d1fca8436ab411f530187ae8fbf93c66c77
SHA25632743ac529262138d92a819fd99fca82b90074603f06ab6637784af1fd2f97fe
SHA51229273d30fcdb978fb0c19351be63d50e8b0c0d86e702efcac5abb9476bc0d78ff98a2a78a37d39f67193aac822e192519c190ed813850dfbe4cf868e20a23264
-
Filesize
4KB
MD5620f0b67a91f7f74151bc5be745b7110
SHA11ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA5122d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d
-
Filesize
40KB
MD5a6a1bb0a5b8a93bcee1b8763bc68a06e
SHA166984f4090393ed83a18f4ff55bd367d514e87a3
SHA256302471691e4267bf0bfe38aedb52c1f1327d38f7c28024efc888f6f775f7321a
SHA512f9f558305d6370c0c52c01761e51ab06b674ad6b2837d77a941e357767cc39758f06accc0560bdb9ee839b9b76ab6f107a73cd8eaed93512b02474b54205331a
-
Filesize
1KB
MD513319dd0a80faa5d98511a675b21f424
SHA19cf235fbdb097e4d64d5034d3b0a74a64784aa00
SHA256794c233958c32c016b41e2a7610c0101aa007328b739db057dc9b1b108f8f510
SHA512133fb09188955c102267d72df83bbc050f3bbd351f8c3cf38277b888506a4517c4063962bc6460232de21c2aa5c26b36a8472e666681104b3a52a27f7328a365
-
Filesize
300B
MD5bd98e722585164b54ba0849b965f78c6
SHA1af77b0be380a1f1f949298d8b961f9a39c221b74
SHA256df1476454b8a091794f42c80dc132dd6ca8bd7ae77a8e2e36d3c622c1fa0a502
SHA512af231f193963cb2b23da4afdea6921af0a35dfa3c98e26c9d57be7047302812d3e60b4ea9905b79c557f5d23fc78bfe9e0b0dae7ebf2e623f9fda58e1f70995d
-
Filesize
3KB
MD53127bd37a95cf7387f0d637eab8496a4
SHA1e74fe25515320946aaa88f53742d9aa3fb31151b
SHA256485470b822c0b70c8582ca920df14df88ba00c8c924f5ffe947f33598482f40f
SHA512b6e73663f4abe88254a880233aacba26e5c48505343fae923ee160c254a3150294295aa05ac84b665a7f9064f8e0a0be972681678f1e5525e3b841bd404cdade
-
Filesize
381KB
MD511f5d336138d0fe4cb2d939c00356941
SHA11f7cebaba76b4c98e793e23b594e66aa6f5f7c2a
SHA256d442c57a3317657a4d4bd52e780383058289f0100b4b139ecfd8ef5fb8d49231
SHA51269d437c284921a63f9d4b18908c466905e73523b4599a31921e9ed3210a01aa73930626b4ce44e1c01f6f337deac678fdbdb5ebf5cdb40c9d5613fd450665281
-
Filesize
351KB
MD55c4515cf14a135427926dfedcd358e99
SHA1b13ba705392fea93492d68b072bddea58083a52c
SHA2563c3b33267d0f051cc4a3d6ccca8d75092c4ba22034b15f482473b10b185fe9b2
SHA51216f55aadf37a138f8c37309762b86ab8abfffa7418657645b69adc72018e7564a0090ab0c338745127643e71a24570839d1a0bd634b92fd2c0a1bcb5d44534c4
-
Filesize
83B
MD5d6f83149aba37ca51bee591ec398ae7c
SHA1fc537d230af5aef1ccf07c015c661eb5a880e6bb
SHA2566ed40ff43fcda7417ce9b2d3de00458cb518a71b70831cd6cbee0afff01b59af
SHA512c6548af43bf39e5c1ea7ec715bc384a6b80bd97d3899502cb000165b0dd455284f98ab55388160c50ab2de24d97934613642a5a3994b33d2e833029d8078aa1d
-
Filesize
94B
MD55a7da1043c7a9ada800e80fb3b327eba
SHA1980a181b63afc4eaed833bfd59377965112748c9
SHA2560ebe72bd43cdcd5b79e6df063608f07190656028c7565c8721eaae7c8f161e10
SHA512ccd2093eb21143d320774c5e73559d8e797ecfa060cf08211f69a4f2723afbfe4cd9e62f2a284a564ca72b1678bc5ed22fa7fd0ed83328f93eecef198cc4ca5d
-
/data/data/com.xmxxxwev.game/files/bewq/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/lib/libtt.so
Filesize11KB
MD539b6ac5154df77bcc92c9cb4c76560d0
SHA1b985bd345461490ee6c62548a87d648413faccda
SHA256ab50dcbe107ba99a5065f674f1b4b48bf3d83ff3f0b256e68c502ae483dc72f3
SHA512cb1dc48f50d9ed016f75b03917e9a66d2a2a9ac751e069063a9cbccc8c76f5c32223795c77aeadfc21989d700fcedd718c9c70e878a8a3962e1152bbce005e02
-
Filesize
55B
MD53cdadf4f051a185250b443193904a553
SHA12f83348b6bc0a809d08a672f60ddbdcdb885cd40
SHA256b41ddfdcae059af0742b31541fbd7a0e6d50f561db2a9a8fe745c30238cad51c
SHA512d72fdf082fb08489beb83780270db3d2223b10bf007a6ae637e271d69d5191ba40c238f95fc291db4bd2393d81c97db0f1b2831325e57f5d31fb19d3f310bcdb
-
Filesize
398KB
MD54bae3d4fcb996fb2d0a59c824e9f60b1
SHA166ba946ad0115253e4f3c48f8c2e20f74ed66420
SHA2566cbefc6f144374e24182b148a8c03dfa797af9827cb79d46388044d35f31e0f2
SHA512f50da5bdc8a428ea482ff0ec311ee8ca26199b615b90fa5f171650d2dd4d621bd0b4f2e254c17456b9ccabdbab028f060a6da960e74555e971c9fa357dec2807
-
/data/user/0/com.xmxxxwev.game/files/bewq/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/DzYuRXREEQpbBBIP.zip
Filesize616KB
MD58e08b2043b87bc0b45b0e8fbfecf0639
SHA177ab3061ae96c8f28a6f4c75c4fe63926a63dc8c
SHA256a81996c9134aa61051dd666ac936bf32febcb7b7afc60fdec83874edb51b420a
SHA512d8b0bbd6e63588c38344b35efd4ba51f798cc0db1bccc47c88ae9597b6e1c350cf3ba1754e3226d2fd5ede1e3043d5f60b927332e3d8caf0c4b5e8120baf3ac0
-
Filesize
89B
MD51258a52ecece7f0fd201c6f4687e5d44
SHA127b59c2bbaaf1b75deceb4316b67466acb5269f6
SHA256705238abc79d36033b5b4916c0495239e9cbea4f4b44f95bbdeb9d360656ad32
SHA51299e3963a417400faa2c10851fb9d9d4ea5d2adb43ca552c6b56292b1d507d4b0d823e1e6bd9181dd72f498c8eede13f3f2e8cffbf5d49c026954c78b3a6e0112