d356138273d1388cfb2f814281d11cd4fa74ac61f03d16ef8768fe80752edef8

Analysis

max time kernel
10s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
28/04/2024, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0550b053f02c3b20cf65efa64313db03_JaffaCakes118.apk
Size

24.3MB
MD5

0550b053f02c3b20cf65efa64313db03
SHA1

2a23db00947345e3c7ca96c7eb2fc2ee3311dc13
SHA256

d356138273d1388cfb2f814281d11cd4fa74ac61f03d16ef8768fe80752edef8
SHA512

1581e13a7cbf15e1075e12f8ee1467a89e032f522427ca94b71a5225733bc50cabf638a508133380a875cded66d4a66f194cb825c47f5bed809ed05b1134bdd9
SSDEEP

393216:fmhvJGwPZRUUTuqqw4tVwPXEY3oNOHBOGx9W5HOe4sh3tRLGCC33Ig5BJDggkoTR:uhvJGIZRUU9qwcwPX7Y0H90bl9Co03TR

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 7 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.kongfz.app/.jiagu/classes.dex	4250	com.kongfz.app
/data/data/com.kongfz.app/.jiagu/classes.dex!classes2.dex	4250	com.kongfz.app
/data/data/com.kongfz.app/.jiagu/classes.dex!classes3.dex	4250	com.kongfz.app
/data/data/com.kongfz.app/.jiagu/classes.dex!classes4.dex	4250	com.kongfz.app
/data/data/com.kongfz.app/.jiagu/tmp.dex	4250	com.kongfz.app
/data/data/com.kongfz.app/.jiagu/tmp.dex	4283	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.kongfz.app/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.kongfz.app/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.kongfz.app/.jiagu/tmp.dex	4250	com.kongfz.app

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kongfz.app

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kongfz.app

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.kongfz.app

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kongfz.app

com.kongfz.app
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4250
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.kongfz.app/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.kongfz.app/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4283

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kongfz.app/.jiagu/classes.dex

Filesize
6.8MB

MD5
713351087bc622758b4fb5ca4de90c46

SHA1
61b0e1a2b3c1482bc25f93e77323e45a6ca7cc15

SHA256
26d9f70106e85ed4d437b6c5370942091e9ec822d76ded34e18e1674d8e30873

SHA512
6140e235c9acc59a537c55f6b22bb61bb1fa9a6007212e5e1ac91eb18f8a7578e9a0b44dce7ea77138376509e51e12112a81478f9a8061cc63562f69c51132d6

Download Submit
/data/data/com.kongfz.app/.jiagu/classes.dex!classes2.dex

Filesize
6.2MB

MD5
74c0b3437803bcce0baaa479cdddf1a5

SHA1
15dbc86790a1d1d9871016b4e38cc9e134035c95

SHA256
9229a9c5b9e7f08c05c076fe7044cd5f7bfe5dd7efc58735219d4483f251cee7

SHA512
17868c314cce1a9fbc19f996f507c1c762efab505811b7390dd5ed9c3dfcb15ee93091a377d52c24f3470ed80f9231566ce46ebb3a62972d1e912ab174a5fee4

Download Submit
/data/data/com.kongfz.app/.jiagu/classes.dex!classes3.dex

Filesize
5.4MB

MD5
fec05c3693c1d2f75cfdc1feeb3bc874

SHA1
33076fb25d15336bf26cafc90b0044c321675132

SHA256
4d1ca6656bcd66f2c3c60d4cdcdfa9ef49899ed451941f386f35db32c0cc0975

SHA512
b70194edb0b0de9b9c770d8bc1a99aa562c4a500980bb48a17f5f9124f2d105a68a0c73c114055c845d9cabfde926e4a10177ae59ebc5108dc42b4446695bd7b

Download Submit
/data/data/com.kongfz.app/.jiagu/classes.dex!classes4.dex

Filesize
1.2MB

MD5
6fc1e9074c1a3fe9150e57f965ec5924

SHA1
eda560b6d5551f1d665d17cbfacc868e7111d47e

SHA256
dba3b36a568c00872331160288e7ffc40a66df156a3fc2556d16faab325e8a58

SHA512
57ddfb5dd37549465a0f2ca132ff6be519e07cb60e66beb42020ba043907cf314ac237c1986551fad9791b01dfdd2a12bcdc35ad4b95abeaa768ef5aca194e9e

Download Submit
/data/data/com.kongfz.app/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/data/com.kongfz.app/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.kongfz.app/databases/addbook.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kongfz.app/databases/addbook.db-journal

Filesize
512B

MD5
b24a3b3c4db7ff573c2bb91d88e575d1

SHA1
5ce0f283e61e719e911ad765a77561108d4afff1

SHA256
8c0139a3d82f4d63f52a03e7ef93efd57014a65fb0ea3d54efbf499f227a2186

SHA512
d4b8bfd0a8252a5b3a9a355c8bc6966809d83c9c5a5fe5d85056a4162bac428c244ff6ec472f305763a87feba04407caa401eb7fa7fd5954862fa8409fad2920

Download Submit
/data/data/com.kongfz.app/databases/addbook.db-wal

Filesize
68KB

MD5
1274abd3e8d5498063d1cd04b7cdad04

SHA1
b0a6277177d6e60b310bfa2f5ce86157c4faf607

SHA256
954ae42576b87a576e2f7743363335fd61453c3abe2d101699d5e3198c1ceb24

SHA512
08f37326647a0efa2eeafe9769142b756fcc2658f0cb3091945e5ee08e2e74a849e07475b68f962c8c580106a539e25e4869f48be7d47e541be4e00adeedc29d

Download Submit
/data/data/com.kongfz.app/files/.jglogs/.jg.ac

Filesize
32B

MD5
00dc701f75e469b28e3456acaf032476

SHA1
2d90c0a7e31bebd82cf1b191ea160a89dd9f1b32

SHA256
8f0310da8a34f968820f32c20e338b1686be322f75d488e6dc65dcfc198f6701

SHA512
4b175e8273e0188d65fd2776ab9d5ef630da28e20173429fd21abc3b85f09118dd8ccce945de26cdfc08448aef792e7ce368d09efe596838d32d6accf97ebde8

Download Submit
/data/data/com.kongfz.app/files/.jglogs/.jg.ic

Filesize
32B

MD5
420084100e04f8b5db5d33f2303a889f

SHA1
64fbc8daab0851813d55edf995cc9669b8566d3e

SHA256
dd80de05265373e5a7c1497e9bdbc0fe11ee70368e1a3cb211d22eb068c0c8de

SHA512
f88527c924e1424bd63726673d9de6f89c31f53dbc8639a3db76d9b41fb294e00f10485125a1ffd430184c9b8554f6831299717b316507c7da8e93e03ef5b864

Download Submit
/data/data/com.kongfz.app/files/.jglogs/.jg.rd

Filesize
73B

MD5
78bb691d21d5be3dc36452c619887c9e

SHA1
60fcb1e855195d54df12eb5bb88503a4eb1f84b5

SHA256
97281d78d70b0cf2deea0c456e0ea2655e0af8845056d101afac748e3198a6cc

SHA512
45acbb1e22245afc2b58a6e7985817b1f90eafddf5d50d40826cd3a22235bbe04be25959632c60b841c23dc9ff7f9e2fc85850dc16535e1abb6edcc113c1500a

Download Submit
/data/data/com.kongfz.app/files/.jglogs/.jg.ri

Filesize
307B

MD5
31564fd13f81f38230f122d440ab2d12

SHA1
e82d904eef10fc41f8450e6bee3df91dcd0bd4e1

SHA256
694b1359afe2de804c82ef3b555fdae0669836943eccb754ffd750447c070537

SHA512
9c3d9efb398fdd5adc79b56a5ed6a54ab59ba0226d92493dee193e36c15d03c8c58af0024f3790614a9226b8763bad0e74dd0f781c00321952f5f207a18b0423

Download Submit
/data/data/com.kongfz.app/files/.jglogs/.jg.ri

Filesize
314B

MD5
4d944faa7a9626c8d2b914c9786f8404

SHA1
106b1eaaf64e781be5b91208e8e0101730c68f53

SHA256
6f9cb4dac4917b35437567679234a3935e476dd87a2544ecca79652edacca9fc

SHA512
b5f862ab262b7cb80eae3995bb87d0d629c3124fb3d8a60c40199b6b428688f0d29416050aefee6fb9c55db347dde437fd37127260db135839581505039f48fa

Download Submit
/data/data/com.kongfz.app/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
c5b1548a22d101dd73749d1433ef9ac7

SHA1
e1f0707608e94bdcebe5e53e822c5142fd10b998

SHA256
5ae628621337402a7e83288c07cc13b90887a7bb6c0a7dd4c4f9fe847c582482

SHA512
27b19774d358c27402e684c779bf1e3bd2d665aabb4204e5a0557a4f4d8001217aac67bfc47c74911ddf5380c3211669f644f7bd946d7783d0861d9260619c0f

Download Submit
/data/data/com.kongfz.app/files/.jiagu.lock

Filesize
27B

MD5
cb1f27748506a62131269fcb56f89bd1

SHA1
f010cec46466cb152b3cc132d07551432723c159

SHA256
3002ce2030229c1ba5bec2ec98244fbcf3ef9d16991d309940e22543b55484f5

SHA512
ad7524d05d53c8209ddfad80c5e170e9d882f846def625498c60a79cf3de4c97cdcf993ef80a93bc5d10e7e235839caf8834896278638987ba4c8ef0adb70a8c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads