Overview

overview

8

Static

static

6

05b5d3a2bc...18.apk

android-9-x86

8

05b5d3a2bc...18.apk

android-10-x64

8

Analysis

  • max time kernel
    57s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    28/04/2024, 17:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    05b5d3a2bc1838a826e25680de20577e_JaffaCakes118.apk

  • Size

    20.8MB

  • MD5

    05b5d3a2bc1838a826e25680de20577e

  • SHA1

    c5a230fc3bd93c4412850a24aee5180651c23b7e

  • SHA256

    c6856030710b78b3e020078b98bb1e696d687b2d0a3214e05a6a3b8715679eb2

  • SHA512

    9981e4f5b41339a3f1d691d77750be04eda58a3a74b072ac8d86845a195b630d96e17762bbfdda3bf653fad8cc74201211e982fdd6524e4209c7831f6a7ee150

  • SSDEEP

    393216:SyrWLFzKe0SZdiSCIHmZLx1V2XCBGk8dY0B2vbFGeKPXQWmUotZxIF2iOXK:0ue0SZdiSCIw2SAk8d8LmQWb2xIAiO6

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 9 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.glaer.android.xlxt
    1⤵
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4181
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.glaer.android.xlxt/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.glaer.android.xlxt/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4272
    • sh -c ps
      2⤵
        PID:4427
      • ps
        2⤵
          PID:4427
      • com.glaer.android.xlxt:pushservice
        1⤵
        • Loads dropped Dex/Jar
        • Queries information about running processes on the device
        • Queries information about the current Wi-Fi connection
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks if the internet connection is available
        • Uses Crypto APIs (Might try to encrypt user data)
        PID:4343

      Network

            MITRE ATT&CK Mobile v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.glaer.android.xlxt/.jiagu/classes.dex
              Filesize

              5.8MB

              MD5

              8f12177f1eaadb38efd125e4e2ca4909

              SHA1

              1d2a2485ae6286526986415df005e49c54fa3294

              SHA256

              a1b2b478142aa858e169a8037d994332726cc06c0600419a15dc60d6abf2afb4

              SHA512

              0a0b3287b33e7ebee02e7df122098215b32324c9b33a1fbbb8c617fabe7f08eb6039ac3a0710b6dec6723a9ec4d4ef0bc5f366da285eace7e36d42a5e8308cd7

              Download Submit

            • /data/data/com.glaer.android.xlxt/.jiagu/classes.dex!classes2.dex
              Filesize

              6.2MB

              MD5

              0cb06d33759808be95a2602795500b7c

              SHA1

              748262e340d9cecb2417c6f22b85e7bcac7d7da7

              SHA256

              9e79bc280be3fb2b18a42278605e31227e50e0799270715b20c8abc09d11a014

              SHA512

              275ee97c001177a64dbf875ec979a24e6caf6ca97eab3094539d598758c742b6d3eb6c249713088937824139b1dffba65df96e04e89b024cafeb83c6c0494c25

              Download Submit

            • /data/data/com.glaer.android.xlxt/.jiagu/libjiagu.so
              Filesize

              496KB

              MD5

              f07656a2f51ecb23edc102003c32b764

              SHA1

              3ef18f74b609313887b9e825c56a54b5a9eef20e

              SHA256

              f6847402ab69102f8495aac58b9beddde9a71dc52470c5de17e382eec2a6b913

              SHA512

              34b337d2cf98ec3009f80ff299e43984a1c911e5f9eb5942a915915cb7b5b591ffc9f1b79a7989534c2583a703a3f0857e74be68cdd71388f68d5bef354f7238

              Download Submit

            • /data/data/com.glaer.android.xlxt/.jiagu/tmp.dex
              Filesize

              284B

              MD5

              f1771b68f5f9b168b79ff59ae2daabe4

              SHA1

              0df6a835559f5c99670214a12700e7d8c28e5a42

              SHA256

              9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

              SHA512

              dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

              Download Submit

            • /data/data/com.glaer.android.xlxt/cache/image_manager_disk_cache/de85be4a1ab4f1864d491067f72d409d55edfa26ae4c58a44668a8e38b491366.0.tmp
              Filesize

              22KB

              MD5

              c91021dc4aae9c3070a572208cc90ef8

              SHA1

              8350b13182426ff4c0128b3d8546c6af341fd95d

              SHA256

              44f0bd854bdf547e2b0cc6f4d7d99221d079608afe56c513e3e296edb57c919b

              SHA512

              5c2e041d7e173a9a0696aaf6a3031c77a25e13254d985d3d37d8a7489c59585ba136b8467508e50f7956edb2c25169eba60a047c9eb6329f4d27c70ee5944fef

              Download Submit

            • /data/data/com.glaer.android.xlxt/cache/image_manager_disk_cache/e74b8c619d1f17ae9d8c779756f8873d7d9e69f1a77d995286533c6dbd7d80c8.0.tmp
              Filesize

              12KB

              MD5

              c6069cf0da706bbad25d094d8d4c5d50

              SHA1

              2147dbe1e0a7a5fe953f2318f571642789cb50fe

              SHA256

              5097f992cd1360469b397fe25c3d2dca86ab4f7ce77457529ef63b4214e144cd

              SHA512

              6bfda325a86e924250b36416daa387bc784ef595f79c9ac634ca7fb7f2d0ccb93507dc0420ef6f48212f6945a16c5491f436db3506d828846b860d63e8b5ca2a

              Download Submit

            • /data/data/com.glaer.android.xlxt/cache/image_manager_disk_cache/journal
              Filesize

              327B

              MD5

              e250cc21762bffe448ccf74c42a38e92

              SHA1

              e5cb80c4d61184d461946f24b89f3c952654dd03

              SHA256

              a1430852666bb0933e056f2d07b6e794bed233f1d7cc1d06dac03c41ef95fe89

              SHA512

              533c7eb5ab1131bc50b20f7ee91431ed195f2da41bcab005bbab02be65e8da5ecc91b72e1a4250e6e088f4b8023dad44c8c0f5bddb11f9a24e4617bf23e0e4aa

              Download Submit

            • /data/data/com.glaer.android.xlxt/cache/image_manager_disk_cache/journal.tmp
              Filesize

              31B

              MD5

              8c92de9ce46d41a22f3b20f77404cc1d

              SHA1

              8671a6dca00edb72be47363a7071be65cf270373

              SHA256

              68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

              SHA512

              30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

              Download Submit

            • /data/data/com.glaer.android.xlxt/databases/geofencing.db
              Filesize

              28KB

              MD5

              1deb6b895a2280f63ea2f3783f0a5ebd

              SHA1

              c01eee51a200d2007d3972b551e2515fc8f96d95

              SHA256

              c14b81f1de9ea7414f9ab576df19d63c1d4f22750ab37f0800a7a0ee6a15a70d

              SHA512

              269affd56d83a323141c44f786128a60d501d4e0ede0c4b7d9b5757a2e40851872c801dc1355c62c0607b95b1e42e2bf0b824d0230e1455655d1bb020c6a45e4

              Download Submit

            • /data/data/com.glaer.android.xlxt/databases/geofencing.db-journal
              Filesize

              512B

              MD5

              fd4f6d2036b780c28b2f942909d36ffd

              SHA1

              2f7de0f30a41a5b83ed9c1a6897fe7057acd6211

              SHA256

              2b6a23ee54177845da21d8215ebe65f21211683a2414af124c7f8cabd98c8ad6

              SHA512

              05a55797009e7087f9ce45849789c3fee09ec83d212392a0dfdc5c1e8b7a30d0454b0e5ab532bebb59f2e7367a5c83533cafcb423492193c71b1b7fe238ed70c

              Download Submit

            • /data/data/com.glaer.android.xlxt/files/.jglogs/.jg.ac
              Filesize

              40B

              MD5

              b875028ed9fc6f57209b7740be9bc5a0

              SHA1

              f9a78391ff469a6e689bb8d54fc75084a546923b

              SHA256

              12dd1614a019c849b78234d373e56b213cd0b179b6621ad201a474f53d70de1f

              SHA512

              873b8bcfd69537b6535c2766fab0f6d275a04fd502eefa5b9743a3cb32c41527c02e8edc2d371027c723ccca7c09928cd036fd370f783141f0a2347be2a96b80

              Download Submit

            • /data/data/com.glaer.android.xlxt/files/.jglogs/.jg.ac
              Filesize

              40B

              MD5

              02a21a9e353749be95da7dcb77fe5aa2

              SHA1

              5c44c14eda22008b6c56c660e26f5db067cb772b

              SHA256

              557e6d270a492b64cee4f04f47fe5b6da85eee6000e3999093135c5b64c87695

              SHA512

              8dbc0dcc997d16b3d52eb87336bf280c3c934f64be3c0222b04688ba7e8808afaa5f49ef3e8daf822904f7756cbe3efab848b89d6aaaf3a0ec78817614265e75

              Download Submit

            • /data/data/com.glaer.android.xlxt/files/.jglogs/.jg.di
              Filesize

              340B

              MD5

              58702c736af2c76ab6df54a6668904f4

              SHA1

              9e9279e0402c43ef8b192f1607e8e0d2e9969eec

              SHA256

              7c5a88338c84cce818f0cc917dddb88bf2dfe56939a210742399322fde76b2a1

              SHA512

              3076f41377606beecb6a5bf08616de08552a0db3bcf7fb56b0b35a052b0d8c08da6780cc36f378a5e50de8a2c53a03bc6aa304b4a33172619cf12bf8b7c80dc1

              Download Submit

            • /data/data/com.glaer.android.xlxt/files/.jglogs/.jg.di
              Filesize

              340B

              MD5

              f373a534d6ce60f84e8ce7679a8c4916

              SHA1

              a2f771fddaaf375a6c6d02c32e60589c6a397bc5

              SHA256

              fc9f5fdfa4a0eb56134e5ff241c3f66901756aa71e394d2e311fa3927f4f07d1

              SHA512

              3e18836305ddac54648d5f89a7d7bb07c87f593c8b76e82e9e17e77e0bef86a083d980ba2ab0a8754da44206d138a58d4af0bfefef837708a56305d100e69873

              Download Submit

            • /data/data/com.glaer.android.xlxt/files/.jglogs/.jg.ic
              Filesize

              40B

              MD5

              6622f8d66c1c068cce09e4d5e7f86e41

              SHA1

              f7829d6b6152836fbaa2fc635175ce007ab5f9ce

              SHA256

              b4f54517dd2043a97537a0f243c6b97097589db01835774e243c1f52c0f9d416

              SHA512

              f8b28dd47c57016254ce4579bf4f0b98b6f10d6e76a458f58af8e97bf2e750a67fc9f656a8207c2078a9e097fca23a0f9a02cca1589be1ce30ac2c4072f44523

              Download Submit

            • /data/data/com.glaer.android.xlxt/files/.jglogs/.jg.li
              Filesize

              100B

              MD5

              8d47185783f06bfbbbb33b3c878039d7

              SHA1

              f168c4d758e2e785267b373c7ac4cdbd87d3084e

              SHA256

              ce9e79c79d923e7cc269d4d0942ce797ad4fdfb6ec51b68bfbaa071d5cd981fb

              SHA512

              b6abe159db136695ce2cb4e49cac92e9f287954b13b41789d330435b7eb18473aa77cb41add0622daab29552665198ac7ea898db3e7e7f15ea43b2d66f5bfd23

              Download Submit

            • /data/data/com.glaer.android.xlxt/files/.jglogs/.jg.rd
              Filesize

              73B

              MD5

              ee816d9f3708f3456b74ab3e038d54d2

              SHA1

              7ab8c1f10195cec57dea8a3f773a1c2e2c7c3b99

              SHA256

              850f3b703c6f52070064947ad5080fe0d76e0ca977cf3476b0de0f971c1af5d7

              SHA512

              0ce3b812c406b3ccad6d56535d41c59b9f40172f80a067e904f3a1129913bfbae3407aa9d8f6b5a8156f73c2095ae324d9b4fb036dfa4cdc6259a18372b49d8b

              Download Submit

            • /data/data/com.glaer.android.xlxt/files/.jglogs/.jg.ri
              Filesize

              40KB

              MD5

              1ee06715812def403e21d98e5e7c8571

              SHA1

              2403b2013fbd9752f2e3ca7fefd9e7a877b62c33

              SHA256

              63a22b6a12c2216b2a2189d66c454390916432a2d98406effd9d0fe25f9a4d47

              SHA512

              d865501fb5b1f9f090f4b41de2301abafd4931cb4b914ad9313d8fd93edb205b5c26ed0d6a0adfa1232661aa38bd986bee7dff03edd4986ca47fe2117f55a25a

              Download Submit

            • /data/data/com.glaer.android.xlxt/files/.jiagu.lock
              Filesize

              32KB

              MD5

              3a7714831a9c92d151373b7e3974d520

              SHA1

              a0177cb96451243960583cf355a43652e1ffbe3c

              SHA256

              12a18900036096cb0abd7f78b96242d5858a82ff434e7178abb23b0dca004a91

              SHA512

              d3b424e44fac562dedf0b0505679e41405f899e26362ec6d09695cb5df2db351c77b08fd16e8edaadeaf7f14bf89437115e853c0d469c266566b26c90b935add

              Download Submit

            • /data/data/com.glaer.android.xlxt/files/tiny_data.data
              Filesize

              196B

              MD5

              5f847f79175e52bb8fc1771f1d620488

              SHA1

              68d620638af444f74ca0c53822c02cafe0aa24be

              SHA256

              21dc99427313e3d005825be141b0178a396a5e2ff33174ae323136c0ae6abc62

              SHA512

              cb7dba6edc5cd7ecab0f612687872199efe0b4aec884598677d3709144f9c8c6257ad196338f41004e66ff372eee438232ae7d78caf769ce9fb651951117f00e

              Download Submit

            • /storage/emulated/0/360/.deviceId
              Filesize

              48B

              MD5

              1d8d16c4e3b19ebf18988530d9b9a757

              SHA1

              bc94c1cce05cd848a53271ecb9c5311e27ffebf5

              SHA256

              abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

              SHA512

              4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

              Download Submit

            • /storage/emulated/0/360/.iddata
              Filesize

              32B

              MD5

              ca5799f0ab8eb34b3eaeb4ffc72d8abb

              SHA1

              97650bc7a4f49fc642642b10a870029f46c71538

              SHA256

              1a652a0f9eff2a883e1c438c07be0c70b407e723b5f72ed402195c59b99a947d

              SHA512

              0f5c0f0d6daf5b3e905a893f1df7a2fc2f2fda5d6fdcd484d77d77af385482ab4efb8662d63a49a8abe050d03e1b9c9eef99a4dee8279d67ccfcaa82184fdec0

              Download Submit

            • /storage/emulated/0/Android/data/com.glaer.android.xlxt/files/tbslog/tbslog.txt
              Filesize

              4KB

              MD5

              7d3738d270d8301ccdba29dcc755df1d

              SHA1

              6d4700ca6d7530b3a99d1509f87b8fa1575f6700

              SHA256

              49b42730f86b7f77b29cd5566e4dd732d976578ee35b7455e29c5d0a111dea3a

              SHA512

              c1bd7c1e020aca5eec7f1380bb2e76f4c053282590f288d45eccc8c923caee932ae755049d6b5f9767de1fb74fd62c6651ff2357b66605f8326e1997581581c9

              Download Submit

            • /storage/emulated/0/mipush/lcfp
              Filesize

              40B

              MD5

              60c4ee0c4f71f91d98d391e9cb3a4431

              SHA1

              eebe7fde6bed072fc124f32fa9efa9ab5b75aeb9

              SHA256

              60f0b8427342f84e26320f850b0f23ebaa1cab7b309e073f6f59d33ceb55995c

              SHA512

              eb563aa80f24cc0e73f1fc62c601e2a0c42ac2d529b5fadb9e1b148933f4486710efbef48820829a32183cdde08e2cadde1227f867b39de3f60f073ec0c326e0

              Download Submit

            • /storage/emulated/0/mipush/lcfp
              Filesize

              40B

              MD5

              e10cf6a32bb9043c5598bed32842f037

              SHA1

              9d345ff8c5df61121ef1b2b9791b6bb381c07b4a

              SHA256

              2c20d19c5e4c7ca2151fc271d95604290489b9172ed6ebb7232be9195946b3ab

              SHA512

              f37a6a6a84e1673674b1eac19ff52e1bcda8a1ce8f93c2f634355d4439273f10d03dbe4a2a00fb17be0fd072657a2023e5233ced05c7471f8204ae4df3257c00

              Download Submit