ef17ca3f86dc95a6a33ea021e43409b035340ac73f8bd829a6a865b961e545a7

Analysis

max time kernel
145s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
18-04-2024 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f812d71460d7e7c545904c8c865ae372_JaffaCakes118.apk
Size

18.0MB
MD5

f812d71460d7e7c545904c8c865ae372
SHA1

9a9e3a30888f08b78b981a5319803612ad0c6098
SHA256

ef17ca3f86dc95a6a33ea021e43409b035340ac73f8bd829a6a865b961e545a7
SHA512

3da3e784d383fabecde38bb640a207c18d7ec81388c2716e5e33f3bf8f53c8fa183f4aac89eb2b45f59c82d9f52a5d73b29e511d370d7606b049f89adf650c04
SSDEEP

393216:+NKMf1mAplwBcHUcd+r2tF9Ya3g7gf/dgSRYe3uB:+NKMf0ApyqHLF9Twc2SWes

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 10 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

ioc	pid	process
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4188	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4188	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4188	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4188	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4188	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4269	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4269	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4269	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4269	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4269	com.xgbuy.xg:pushcore

Queries information about running processes on the device. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xgbuy.xg
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xgbuy.xg:pushcore

Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.xgbuy.xg

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xgbuy.xg
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg
Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg:pushcore

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xgbuy.xg

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg:pushcore

com.xgbuy.xg
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4188

cat /sys/class/net/wlan0/address
2⤵
PID:4291

com.xgbuy.xg:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4269

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xgbuy.xg/.jiagu/classes.dex
Filesize
6.6MB

MD5
af40ddebf367d3418c410ba2bbdb34a6

SHA1
9a5c0f557da523fb37d3ea9f1dad84e45b78b8ab

SHA256
fd4c1d3b24b0138f6f355235f35815ff43de7e73e5029854ac0581f6d5b4cb45

SHA512
6ca004321a8ef7f6a08b5be12833971bf017ff58c753ebe73d682abcf5633f084b9b1f5c3453432894f8ce8c9b306963b345cc0d6503450667d9ef66d3ac0ae7

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex
Filesize
6.5MB

MD5
56a56032a56816197231ccd2c1447841

SHA1
42b24c7723619c5bbfff5625ee1f4ff7a9afb34a

SHA256
920b1975141f98268ddde30a18db00a3c92776c8472763640b06009b90ccf039

SHA512
f47a2ee1f15a58887d5158bf141277a7d6488fcd31a9c85ca0d6706a4252433b812e8a49e956fba313393ac55333bee777394d300e136d489a484f5e883e3165

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex
Filesize
2.1MB

MD5
63eb01b23dce33b6abd34b5693031ca8

SHA1
870abc96ae069aa034b1b647244af5465a881ddf

SHA256
3798ad86a5974af83d89bc71f1737c1747ca4561beb07f74a214675efab02629

SHA512
eac344e6167fc50acfca60a177bccf404cd0eb595b0b3e948f88af21ac3d7c14a49d0d7162bc5ef529b9107132c8ac3d0242186ac1b0ac231acc31e8f969311a

Download Submit
/data/data/com.xgbuy.xg/.jiagu/libjiagu.so
Filesize
486KB

MD5
50750315eef281575611bc425174b939

SHA1
acaff02526d7b4c257e00002ed09af364f66a401

SHA256
c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef

SHA512
60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

Download Submit
/data/data/com.xgbuy.xg/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac
Filesize
32B

MD5
1264f30db5bc978090c891fc9ba97820

SHA1
22a1664ca5bac8af36bdaf8e4098c02c7fc9c1fc

SHA256
6383110e70c2cf20a67539bbf759d99229ac2dcd214cae6a3c5de840497bab2c

SHA512
f3ec53223344ea4763479b39ae62a3dde4b83e0db05d4707c9e2c914725943063706c6c53e6fc043ee13640ac98242775c901b84ec76eb3edf11615bd0084488

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di
Filesize
340B

MD5
25d9e840727e05d61bef2150f565579c

SHA1
0d2b5fe06fbe1acfc25c3dce62c03fc8cb463b24

SHA256
a73221ad81204d7d85689fb8612fac669b5c779672887136b47e4e9bd3916f3d

SHA512
463a01c5a90b3a99f2827313917ba47a7fbfd256b113131290224bbb491d4d44c5d9ae6604a0cd4022a644215249af197646e991f708232c61e14498077a05e3

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic
Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.rd
Filesize
73B

MD5
1a5d276d1e61ef6ab8262f83cc23eeb4

SHA1
d0979b7b2304f4a8540b132a87ce728637359431

SHA256
54b74f17e1010d576783577bcc52009aeaae6f9c58f3b29f6becd0bbd248091d

SHA512
dc3ab8cdd7c8b549601253ecc5612c6efbd8bddd0fc26f7a463e94eadbea5c8c42e531996a3826bfa6760fd9676f5ece376d8020dda0896f024cd5427fa62f05

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri
Filesize
314B

MD5
a6efdfee352bd906e6c5ad9326550144

SHA1
4defc46ad75840c05ec161e0e6b656f4a63ce0f7

SHA256
8310eaeacf68a694fd06c06d9acf6b480c1cd2fba226a56446c5857723f543fe

SHA512
e73864aac439691e8e06ca6e0e3629e4af035f11ebfeb708d79191d373d7802e52bcf533ce2a9fd2d63eb81ed477ff6a99b6722bfa97f892d493fc82cff2c302

Download Submit
/data/data/com.xgbuy.xg/files/.jiagu.lock
Filesize
27B

MD5
8eddf5e159854870be1805da7e44bfa1

SHA1
b70072a660edd85e4f1469af4a4fed5fe4317829

SHA256
75a5f63c9fb70106d4570da3b2512b15ba21b20074e5178a5de93cee51f70c66

SHA512
8e80b49225a0ec6f0e63a1cf48e294c2fd62963271035fe6c75d4f97cd5939607cfbae31cacc14bf08e29f6ddc98389090adf5b6eb8dcbabbfcc041ae4041a2d

Download Submit
/data/data/com.xgbuy.xg/files/jpush_stat_history_pushcore/normal/nowrap/198baae0-eea8-419e-b98c-3c57e692f8d5
Filesize
202B

MD5
c2619fef0bed11b09cd42106c92d76c5

SHA1
1af0604370937d5499c1f082b7cb3109ef1b7370

SHA256
a7e57431b7397968fc6d9fce76bf5f6ced65c88e28e14edee00f1e8e9c49d441

SHA512
5d3dad583af94c9fe1e35da184aeb342c369fd2baaa1208228856d1ecdadfb87983c06d9131b6793a8b108e243213f71499c2f6ff67b25d782f0b8e633a858f0

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
c1705c5608397d256bce0989418c7862

SHA1
ff9145c50909fc1dea7752d186fbf47fc2928f4d

SHA256
528d457b96f9900504b424489df3fcdf8f241494a697ddc05d773e392a35d175

SHA512
ffe44b46b4e81853406319ae2e993d014cb2410677c1f1b0c2bd2b347652a6ff6c67bc7745d9a24a927dcd4638ea054b2af6017355b30f47b0d9974bb47748e4

Download Submit
/storage/emulated/0/Mob/.slw
Filesize
66B

MD5
19402718bfb1c685a726b4e1d846ad98

SHA1
02a7e30044a67085f2f1da24e16e4ecfede65b72

SHA256
079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0

SHA512
25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

Download Submit