9d621ce5d25e72b87b7e55bf496b56d5c1ed5de3c05fcb493db7e5fc5ce402ce

Analysis

max time kernel
150s
max time network
159s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
21/04/2024, 05:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fe97e4285fe0bda32450a8e9e1b0fd61_JaffaCakes118.apk
Size

7.4MB
MD5

fe97e4285fe0bda32450a8e9e1b0fd61
SHA1

ada2f6b1cd7dc05119bf6186288dd50d4e4ca0df
SHA256

9d621ce5d25e72b87b7e55bf496b56d5c1ed5de3c05fcb493db7e5fc5ce402ce
SHA512

3328974be582048ca863d5ee050fd02e3db310ef7de768071bb15fde39e2a94f81b388bc283de23926d51d8f7e83da778d5d097e492354c6565bbc1293382253
SSDEEP

196608:otRduNrIyRoORWFwaeNk5CL3Z1re2AExNeEnlBi38:uRQ4UiCjZUE3His

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.bjcar.news.bjqczx

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.bjcar.news.bjqczx

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.bjcar.news.bjqczx/[email protected]	4293	com.bjcar.news.bjqczx
/data/user/0/com.bjcar.news.bjqczx/[email protected]	4400	com.bjcar.news.bjqczx:pushcore

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bjcar.news.bjqczx

com.bjcar.news.bjqczx
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4293

com.bjcar.news.bjqczx:pushcore
1⤵
- Loads dropped Dex/Jar
PID:4400

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.bjcar.news.bjqczx/.jiagu/libjiagu.so

Filesize
497KB

MD5
e102893683a16d223c852ac584155d58

SHA1
5560d79d71fb1951d6ab0a464af87429a4933c2b

SHA256
41c76fbc6aabf843f22a1cf49a457bb99a7579b7260e46b2841c30afd82523c8

SHA512
3129498f917661361bc9a0eaba6b7b6490c2216e19dd7cc802b1f2f22fc16ae43b86a7ca97273cd2e2504a7e7e08a173daac34f5085a21ffd4ac1d84e76cb8ab

Download Submit
/data/user/0/com.bjcar.news.bjqczx/.jiagu/libjiagu_64.so

Filesize
569KB

MD5
b1863e639e6fdf0a1e36fc5a3bda35bf

SHA1
b0809bff74eb482bfe687c026e4595c9ad210a20

SHA256
82c2dbfdf2dcc3364d1616185d218f6471100f9f1feaa74420a2bce852981650

SHA512
a29de350e977ae51aa57bec536335631a4857e7ec75c82ab1e2a4a8de605569a8bc892b2dce272c723ae46c1de02c7e9f6a8d8808b4f990e513ca8140a0a69a1

Download Submit
/data/user/0/com.bjcar.news.bjqczx/[email protected]

Filesize
5.3MB

MD5
49f08f311d2d13f7323650d17724727a

SHA1
4df27d619e28bc1291516a2422e3affcb50df6fe

SHA256
b854c149c6833ff856fb581ae596cc9b841c2f0a79c96984eccab0604ccc94d5

SHA512
4156ca231dc7b1833dbb8259a5c28fe92d27ca51b359a070a1977fd0e2fdf151cfe3d058eb3943dc0b552a332535e96df1c1526bbc275ecbb81e32281611da0f

Download Submit
/data/user/0/com.bjcar.news.bjqczx/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/user/0/com.bjcar.news.bjqczx/files/.jglogs/.jg.ac

Filesize
40B

MD5
8962e0cde5fcb5fc38438100e3f37040

SHA1
0095582916cd50fd16030ff3146b20266c756a90

SHA256
64819e34af8be0ea4e470d2871b644dceb0d94ccfecdcacc9f4e9ec20b150008

SHA512
66f733b32b05df7161f979997b348a38a48d21eff34beb1f82d0f81855be23471061ffc85baebf79d5a87c96b7250607788505ee603559745af8478415107a32

Download Submit
/data/user/0/com.bjcar.news.bjqczx/files/.jglogs/.jg.ac

Filesize
40B

MD5
31ff74f59f8aaabc49e1940e9d6dcb2e

SHA1
6d0bc592c7c37214e5eb26a0d297a02e58587ba2

SHA256
d594a7dc1ae0c57896db6f313c3f0e36a46062e90d6ec54ddd1ddd57509aec83

SHA512
a2c4d8961670cb2429e6efbfe9690120679a8dda2e16b7768548bfcd22c85c89d2b2a54d14be9c68d298d615daa5457f909642138458269f0d46714d1ef9977e

Download Submit
/data/user/0/com.bjcar.news.bjqczx/files/.jglogs/.jg.di

Filesize
348B

MD5
7aa4808f574dfbb164e8ff87d609907e

SHA1
77bb0861cccc948664d2cea39e4be3fc8c12d746

SHA256
83abd84406b0ed1e0e9b43921b8c45b572d2bd5f721da44e701c31cb0a163a2d

SHA512
864afbd0bc44b2a630c658cbcc70911b8aef4b6f854e69938f815c6f24586ebfb3bc4ddd0ec023bcc3316924c761ed9984b978c02d93723de8e68171903b461e

Download Submit
/data/user/0/com.bjcar.news.bjqczx/files/.jglogs/.jg.di

Filesize
348B

MD5
3bebae139a00705e080cc766de854f44

SHA1
e58672803cc3dc896d620a0e324cde90d81c6a86

SHA256
b7cc43057f7c409a1ed65698d23961474c71582ec7d680a5e5b391d9bf5b802c

SHA512
4005252d9292c92566913844914bbb5186a783bc8ecddcc7c9a8701e0d41bf581cc47c6b7de291d98636cda76c6c182b2ef2728557b6419779d84d46b6ea20af

Download Submit
/data/user/0/com.bjcar.news.bjqczx/files/.jglogs/.jg.ic

Filesize
40B

MD5
69728a5205409fa8cbfb489eeb0f13d6

SHA1
ef2164a236139b9e20ec5531d373e7684c94f074

SHA256
373df04174fd9d24c9a2ec5c5528a50a63c218c96e4786823209c498567fddd5

SHA512
66f85e7f98a3e287d19d95fc66b94b49a17cdab6ad8ab3def41bd17ddfa5843d360c38c40b3548185388ee4387e6bf07ff02492ebdfe233aed4a5ad126fffc25

Download Submit
/data/user/0/com.bjcar.news.bjqczx/files/.jglogs/.jg.rd

Filesize
32B

MD5
62e9ac1349cbf0d647456286d427f459

SHA1
3209d7ee91d3deed33d8ed9931bc0a5e370e346d

SHA256
d6fd24496a2d02eedf0036042dc6f9eaefabfda5796612eec008cf397fff3582

SHA512
734f2eddb2cfbf2b8289ca16bb550b4a8dcff000bf19de696d7b62cc6e54f6d546d441ea750fe2f4b48a3ed26271ec33e5b0ca71a5a51b1ba79ad8cda7a93280

Download Submit
/data/user/0/com.bjcar.news.bjqczx/files/.jglogs/.jg.ri

Filesize
314B

MD5
62af65cd984ef9deb7450768d6db4e9c

SHA1
2063df3abc6be90236f93febc7bdf5f2d9b42ac2

SHA256
908e2c7668feb3012b99e0e5eaf1bb26eb470c7648d3d0344851775792e7c619

SHA512
3f2fab4f8986e247a5fcb2d80ae2d66f55e8df5de6767f187ec40f3aeb9133e1ca012994de2b6bf6834cff79c4a8d11bb784ced768a833fa7db686ca706573c7

Download Submit
/data/user/0/com.bjcar.news.bjqczx/files/.jiagu.lock

Filesize
27B

MD5
207e7d4a67cd5915dc3d2ff40c994c02

SHA1
70b774f0a6afd915284b7684e66f709362c07e76

SHA256
7d5608e5da6c97d4d15262bc86a499d78efdd3813f79e22ead67d43761884194

SHA512
ed8fff7af853e992f016eaaeb8dcc56aa4b9678a82fdfa613e2f5a7548ae4d231f4bd7101b694739330f68b4df40fa5926e31e2362ddbf662a8165a354cb82a1

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
d55c76ffbf89b0cf2b52e1cf02a4a501

SHA1
f9fc505d6c74f8c94126cdf1efe305ca9450d1a8

SHA256
4189dbe77b03fbe2eca4edf63fd238ca5ab05904d5fe75d0a91883fdd7f35e21

SHA512
4a5faf83101923af9b2de892807e98356d209cdd0c9f43fe0a9ab3bbe33a9cb44776fd849a173843de8fc1ec0ff624a5e222ef92296174617428b9a9ed7ceecf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads