5da900f210699ef491b05acd9683242b563bff2004291ad087ed0db4839c2b6b

Analysis

max time kernel
57s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
27-04-2024 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03c1c59b43a10e50da2973c067d2e30d_JaffaCakes118.apk
Size

30.8MB
MD5

03c1c59b43a10e50da2973c067d2e30d
SHA1

b1c4e42e65f1863e6f7258aa2cb4e57fd0aae91a
SHA256

5da900f210699ef491b05acd9683242b563bff2004291ad087ed0db4839c2b6b
SHA512

5bbaa308ea3a92eb5d829efe75d1c655a404038343b0284c1070c77c68a13b7228a622ee0c7110b64e18453c8386343f7f6856877cc6e3fc10dfb7c2574ad1b5
SSDEEP

786432:7jFkE14CkH6i2QbFkH6iE2m/7smkH6iQr9g8Sb:7jFkwHkHlFkHKd7ZkHQHSb

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 7 IoCs

evasion

T1633.001

Processes:

com.cmkj

description	ioc	process
Accessed system property	key: ro.hardware	com.cmkj
Accessed system property	key: ro.product.device	com.cmkj
Accessed system property	key: ro.product.model	com.cmkj
Accessed system property	key: ro.product.name	com.cmkj
Accessed system property	key: ro.serialno	com.cmkj
Accessed system property	key: ro.bootloader	com.cmkj
Accessed system property	key: ro.bootmode	com.cmkj

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.cmkj

description ioc process

File opened for read /proc/cpuinfo com.cmkj

description	ioc	process
File opened for read	/proc/cpuinfo	com.cmkj

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

T1633.001

Processes:

com.cmkj

description	ioc	process
Accessed system property	key: qemu.sf.fake_camera	com.cmkj
Accessed system property	key: ro.kernel.android.qemud	com.cmkj
Accessed system property	key: ro.kernel.qemu.gles	com.cmkj
Accessed system property	key: ro.kernel.qemu	com.cmkj
Accessed system property	key: init.svc.qemud	com.cmkj
Accessed system property	key: init.svc.qemu-props	com.cmkj
Accessed system property	key: qemu.hw.mainkeys	com.cmkj

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.cmkj

description ioc process

File opened for read /proc/meminfo com.cmkj

description	ioc	process
File opened for read	/proc/meminfo	com.cmkj

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.cmkj

ioc	pid	process
/data/data/com.cmkj/.jiagu/classes.dex	4189	com.cmkj
/data/data/com.cmkj/.jiagu/classes.dex!classes2.dex	4189	com.cmkj
/data/data/com.cmkj/.jiagu/tmp.dex	4189	com.cmkj
/data/data/com.cmkj/.jiagu/tmp.dex	4189	com.cmkj

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.cmkj

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cmkj
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.cmkj

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.cmkj
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.cmkj

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cmkj
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.cmkj

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cmkj

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cmkj

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.cmkj

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cmkj

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cmkj

com.cmkj
1⤵
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks Qemu related system properties.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4189

chmod 755 /data/data/com.cmkj/.jiagu/libjiagu.so
2⤵
PID:4214

sh -c ps
2⤵
PID:4288

ps
2⤵
PID:4288

ps daemonsu
2⤵
PID:4314

ps | grep su
2⤵
PID:4333

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cmkj/.jiagu/classes.dex
Filesize
5.1MB

MD5
497d198b1d4ea6ec5306c7d722ffa9da

SHA1
65ce372f8233b66379a5f653c64815c97212f592

SHA256
9c6e4e175f60d5131cbe846c203594c49889ece83f155bce525b6f23dc9f9379

SHA512
8e35dcac040ed4b45effdb8832dcda3569613864782e2a77de865e4408e8f7886f60373e8f75fd66bac5529dc2129093441f49fc309604e575280b6395e1987c

Download Submit
/data/data/com.cmkj/.jiagu/classes.dex
Filesize
6.9MB

MD5
a8cba55e0dd1c4eda8d02e9c71cfca32

SHA1
0ce4c6f164a6cbfe0c059fd66256d09393c1ced8

SHA256
b4290af4bc5917439756826b867c4982620198232aca26dda286b7b3849c9882

SHA512
5ec6947396f9a60db1b767771576cd86662bf2a17350ad62384d874565080189e0d2345a4bcfb9e2a0eea1827f76cdcc664720eba38306f3bb88bb62bb080100

Download Submit
/data/data/com.cmkj/.jiagu/classes.dex!classes2.dex
Filesize
3.2MB

MD5
0d71064ba5fcd55666c11809b81e9114

SHA1
c9e70fd5f26476d53137543e9846691fd74ecb00

SHA256
dedcc1b0d40273f9f2a5a09c7a66c1263245250b61bf4790cca83687429912ee

SHA512
3fe4d90b13aac6c8b68a27fb8cf17e886d0b16926bdd0b900c63c19bae16c3685eb8a7e062e14a056b687f7cc5877648e481d835c7de4ab38b9007d0d3eb02ac

Download Submit
/data/data/com.cmkj/.jiagu/libjiagu.so
Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.cmkj/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.cmkj/databases/download_file.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.cmkj/databases/download_file.db-journal
Filesize
512B

MD5
dd09637a25517becb423005c87bf0ef5

SHA1
fc09b892c0232e33230c035ab81cad42ec8ea07e

SHA256
5c376f2426a0e32133587657aa81528938fd9ecfb9982d4d64bb67272db66b45

SHA512
b165611fd7367ce5ebd4c42b880048a9437a2609280b6d81462a646d628537209584e5fa0577b2a5239d69381a663ac54d198ef14a7170f4974dc2b2cceda5b8

Download Submit
/data/data/com.cmkj/databases/download_file.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cmkj/databases/download_file.db-wal
Filesize
36KB

MD5
e5a0f6837a6fa94685e1933786252e65

SHA1
a86fea38ec6e58d223d532655d8f1e338eda1c62

SHA256
e6d9f7745afdf88edd95ead4b4729f892db44360ce9710238a90ad8fb7e27920

SHA512
af3e5aadd02e0db60c9bfb155db1fe29b6718dcf824da439b8a3e28faa47b59bce2ca164cf3773ac7c2e0d735742dbe36493cb96c533161c9b138bfcb9402d8a

Download Submit
/data/data/com.cmkj/databases/dream.db-journal
Filesize
512B

MD5
310cdc76772a343978fefc93bce47fc5

SHA1
92a4aa41a078cdff6645788051d8fc014ac61506

SHA256
89e4061be72449789620aaa431b5ff890cc5223a307dc7f6389472e726568e7c

SHA512
d6c0dc18d3dc617d00af48d14891f8cc63604707e0d9df5d8d5a1282d5fefee1b7026793d0d4d52b97491319223f2d7b3c267898bd0a9b5bb993a6bdd3d6ef92

Download Submit
/data/data/com.cmkj/databases/dream.db-wal
Filesize
84KB

MD5
03101fc77950a3c0d7e7a8ca5fdf547d

SHA1
a5a6aa4dbd7a22b89d47a62b0166b9f926b4646f

SHA256
497f22332b1d3712b46865f5d8c3bce8db5aed9a19ea3e702b216398172dfa85

SHA512
e8fa53752579e5fa4af82e9a4e2597755158b0b6958b1a2fb603ba48251dbfa2a2ed5a5f85b4b3531c7bb48fc4fae97d25cf8c755974917a3be66ea0429184b2

Download Submit
/data/data/com.cmkj/files/.jglogs/.jg.ac
Filesize
40B

MD5
f006a6d3728e5e793c91ba9c1db39b1a

SHA1
36a27deb9cb9bb99aa5b0a0489c5f188f92990b3

SHA256
c2ba693e2de4a028f24b095f1d41fdeba23d79eeaa7a72858f45a004a4a8eb62

SHA512
9018e8fccea9cc25a99e45bfe368b3e0d1fe445d5fe47c27f82794f9b346963bd5ae8bde8710f932e80749d6701552c215e9d5f8e72399ddc7155a46cb59cb9c

Download Submit
/data/data/com.cmkj/files/.jglogs/.jg.ac
Filesize
40B

MD5
0570562c4b09cd0083ee2d5aa2e926a2

SHA1
17bad75700d0f9a1501133b0172695718b23092a

SHA256
c5468b35d8f820df9fe4b07201fa0ec14bcca3c68626b6d55b181260fddefebf

SHA512
4614dc9d26939a077acaf909c7ed748923503b3aad3402bc2a416280811019ff641367ff0a1cfd31c877d54cc1598e69959f3309bb9906c28a295b4e714b8529

Download Submit
/data/data/com.cmkj/files/.jglogs/.jg.di
Filesize
340B

MD5
c65e577416f8f41edda54d11f0d7356b

SHA1
46e399005c20c3fc18249d062302832162df929c

SHA256
64b992edd385ea02c0f71cd11e13938441aa4c277103df2e8afea76f0c820a0a

SHA512
27b83eead0e34a8d2cddf8fc0622668f3599c01a2567d4eb5a5ca5deb277afdc9aa2026655bfdb0cf845d6e63806519c9156e422038d8237864a2427a8b029e2

Download Submit
/data/data/com.cmkj/files/.jglogs/.jg.di
Filesize
340B

MD5
520de4dacd661e0035c7fec1d93153fc

SHA1
632c3e475873f514bf85138481da2cd4c29fb1bc

SHA256
fbd5ee42fe5019dbdd5f0f5694374a5fc36a0cd286df0754e3d94df83aa6fb59

SHA512
dbc23088bc2f1a256f95f77b2d2bc3a6a383be942475d28f7ee9cb44f98d7a7cb02b449c00ef45f413deb292132207b2b0b9eb1b542dfcf89ea25afe59b7e490

Download Submit
/data/data/com.cmkj/files/.jglogs/.jg.ic
Filesize
40B

MD5
1ae51ded33f634de20616aa68b006fc1

SHA1
c2390442bb635305723fbfbc15affd2ff29546b6

SHA256
eb1dafad6df1d8c90fd03ffc1210177cd490bd1aa6c6569ed9d740c21350bdce

SHA512
ca57cb1b57061993791c422d92dabe9e019d7809ea5a047501ab9bcc5f19127b9b0c33a113c768a0823534f72f76e51beeb30fb33447fbe59c78569afb9d2168

Download Submit
/data/data/com.cmkj/files/.jglogs/.jg.ri
Filesize
314B

MD5
55961812399b77f553db237e39941bf0

SHA1
0f3b352bcc6be720c71a6cac4041283eb2e47cb3

SHA256
16f1bac0c2d82d1fde0a0d886ab2ebffdfd03c29a75f1fdcca0154982f845713

SHA512
ca7320add356b50d525ac658f453114c40bf9291a3fa03a51e23b43d98edb79b1456be8b1b5e9e2dc9ece19d63e33db54ff982301e5ea3d3ee15f96f21868f2b

Download Submit
/data/data/com.cmkj/files/.jiagu.lock
Filesize
27B

MD5
4256b8cc94b20af852bc5f8fc3bba778

SHA1
8a40fef0a9beadb24258069e3c1d1c0b2e85346b

SHA256
74521bf7b1c6a7edc6ae4c5037bc12890d98b88a9c062beef61ce9185fb3e7c1

SHA512
51ae4ee92e2633cd39a3baa53a7baef5021f9a1af2ed1de643b20c9e299cbe89e90ee5f6368e92062be65cef0541830ba210ad5364e33cddf21988c15eca0359

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
d57aa46029872f4d1ef64bd8f2cbf446

SHA1
db288e0f1bb72d4aa95c259cdba607b94e44fdb4

SHA256
c92e070ad212e96758f88d2b94d3d24fe5da1f972d2257c5398fb8524fccec68

SHA512
d54d284b1af73c7105f31aae88bf40a5779f8a610d1ae954eeae752f45ac35e43745bce345ea79c09305c23eda02fccb90381279ccb8da953b09ecf4ee2d9d0c

Download Submit