e34b589cba67eceb6752f60ac761fb2ba4c9138cac0f85d083098b7a15cdbe15

Analysis

max time kernel
151s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
07-05-2024 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f5127e4369a2d0a48ba52d82ea40704_JaffaCakes118.apk
Size

5.4MB
MD5

1f5127e4369a2d0a48ba52d82ea40704
SHA1

38984226ece1c5a01d0a828bbf5951cb0f0e8d07
SHA256

e34b589cba67eceb6752f60ac761fb2ba4c9138cac0f85d083098b7a15cdbe15
SHA512

287126c8f212b4ea665a24ea8d5bf73e7fb0996693d466d3960c9e4a0b008cb57fb61769e0f41ba4ecb67ae2950f57a65103d4d431511af1b7d69c6b364ee93f
SSDEEP

98304:A7wvvzO7pgAu6eczkEeammlqPAqsN9M9Z3F7dxiuVBhlW7jpD:HK7feczk5Aqe9StFhxiuvhlOFD

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.zhongxu.jiashequ

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.zhongxu.jiashequ

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.zhongxu.jiashequ/.jiagu/classes.dex	4247	com.zhongxu.jiashequ
/data/data/com.zhongxu.jiashequ/.jiagu/classes.dex	4325	com.zhongxu.jiashequ:pushcore
/data/data/com.zhongxu.jiashequ/.jiagu/classes.dex	4493	com.zhongxu.jiashequ:remote

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhongxu.jiashequ
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhongxu.jiashequ:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhongxu.jiashequ:remote

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zhongxu.jiashequ
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zhongxu.jiashequ:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.zhongxu.jiashequ
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.zhongxu.jiashequ:remote

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.zhongxu.jiashequ

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zhongxu.jiashequ
Framework service call	android.app.IActivityManager.registerReceiver	com.zhongxu.jiashequ:pushcore
Framework service call	android.app.IActivityManager.registerReceiver	com.zhongxu.jiashequ:remote

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhongxu.jiashequ
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhongxu.jiashequ:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhongxu.jiashequ:remote

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.zhongxu.jiashequ
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.zhongxu.jiashequ:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zhongxu.jiashequ:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.zhongxu.jiashequ
Framework API call	javax.crypto.Cipher.doFinal	com.zhongxu.jiashequ:remote

com.zhongxu.jiashequ
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4247
- sh -c ps -ef
  2⤵
  PID:4579
- ps -ef
  2⤵
  PID:4579

com.zhongxu.jiashequ:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4325

com.zhongxu.jiashequ:remote
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4493

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zhongxu.jiashequ/.jiagu/classes.dex

Filesize
3.7MB

MD5
f3e74283ad354dc526afcc456dd1aa33

SHA1
a6949d38779878141e15425f71e48949051886c1

SHA256
f978abac903bd3377d1b20f379af3d9e96ecfe29367f1bfa2812e44c65563b06

SHA512
14b08c78248a63f4d56fde7e3fbd7c08bcbfbfd5d5d30db37ab0872d8dcf5205662d7163b2baf55da838df1db7d7baa10e48f599fa7f50422c8a961a4022efa0

Download Submit
/data/data/com.zhongxu.jiashequ/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/data/com.zhongxu.jiashequ/files/.jglogs/.jg.ac

Filesize
512B

MD5
4b0cc692bae6c26a7b4d2856edf08571

SHA1
23359423ec99bc800a5a32b503235d3d3f37c816

SHA256
2f215aa630af2f9b8e59d47cdb59638f8a445a1e9d337e30abdacf190b67ff76

SHA512
30a2ad1bac58963946ef33e303ee72bbf0c210b703745dd3ae900650b573e65ac710b7b38bd22943563b77434d480153595f3c1206f61ebfb89d6d59b9630476

Download Submit
/data/data/com.zhongxu.jiashequ/files/.jglogs/.jg.ic

Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/data/data/com.zhongxu.jiashequ/files/.jglogs/.jg.rd

Filesize
32KB

MD5
28ca2c7d4272b4d7b9763b9172722b5d

SHA1
906f700f6cd39e6b056ea156f6db400a657529dd

SHA256
2702be1e323586c7da3eada7372b8ece3f81cf83e05ddf8aadb3a3511239190f

SHA512
71943bd58ad7cb64722cd01d5ffa87bf72f7237567ec8a9dd4df63f6c23d52aaef704715cf4d4306aa7e793666a51d6a506e9ec1b381c127739b4e90b1a7ee00

Download Submit
/data/data/com.zhongxu.jiashequ/files/.jglogs/.jg.ri

Filesize
512B

MD5
2c53b500fbe009248b0afa66f4785e03

SHA1
1e7e95a3a2b83bbe986eeea72df41abf9ee0f739

SHA256
f157ae61f15230b8e5843d7b7ce887d4fba2f9c453361e03a4cfa1558042cb35

SHA512
eded21672a7b1885025602a209470a2ac793543888a35a4e1491c8185a084f2d209095b7fb0b59b85080d9e1a359aef8c173b0ebb59a6bb7c6e2d0c7561f753f

Download Submit
/data/data/com.zhongxu.jiashequ/files/.jglogs/.jg.ri

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.zhongxu.jiashequ/files/.jglogs/.jg.store.report_pid

Filesize
159B

MD5
b05d764d494854011a34d85c764ac86b

SHA1
d358287b3d8b78e46fa7b7a0aaa9ee4c154c2698

SHA256
32928c52f146315267524de56125763a71c6f7738ba978ec186a032f9943ad96

SHA512
a2fa682fc3e3677cc9300fdfc4f84a5b871079d80ea03f90ce05015bd325c8fdec844ef3550123499925929693983dbe67f157bca1681292d7f3ab1e61e27a67

Download Submit
/data/data/com.zhongxu.jiashequ/files/.jiagu.lock

Filesize
36KB

MD5
a5527eb7c5ff8cbc77c0f942bac0b675

SHA1
18aaddb028a293ee6476d5ef9c4b4b9d918c23f5

SHA256
832847702167836ab6a2668478318ab3a5371df5ca037b259181ae34f8a0caad

SHA512
f6e72d0616cdc4e7077925deccdfe30b97e5fa72d7f61cb108ecaaa0a50f41bb95c61b42137cd502c85dba709808c0e8f334690aa21119d424e55f4038292482

Download Submit
/data/data/com.zhongxu.jiashequ/files/libcuid_v3.so

Filesize
129B

MD5
54dbb3078f5e98867da33ccfd4b4e2af

SHA1
531884462c5014ade848483a6e3b8dc7633093ca

SHA256
cc133196126c684e179dfdc621aa15ed7f20c63f0466704bd98d68bdb7f5b0b1

SHA512
b7cc954c957dd45837f302457643f11755427153ee32fb6119ef76407dfef7d973eaa4e1076e53642275a5ef47259848118ce687bc8b3e49b844ab4ce475b299

Download Submit
/data/data/com.zhongxu.jiashequ/files/lldt/firll.dat

Filesize
76B

MD5
5a990577fc08608c0e53c539e34b282c

SHA1
66891d855064680ba0fb9953306f670f72442077

SHA256
3544c30f597fd166ba06d69b1c2fcc7f25f7b7c5b319f344dfe9b48dcf2c1138

SHA512
4e40deeb10a8b7a194ef3327ebc3e943b4978066af0f86ef86878cb195c1d8000923ee9f22f90c21c39e4292aae20445b66d326c02eb51746d6fee9bab66683c

Download Submit
/data/data/com.zhongxu.jiashequ/files/lldt/firll.dat

Filesize
16B

MD5
df6d5b27cfd51c90dd3f59cdb2e2ccf9

SHA1
71bc2e70adae013786b3a331524d6e1b3c0df274

SHA256
4327e06909039be549d8940d76cf7c4ad3a7f4ca15a65b38503d480d2e59a0d7

SHA512
36f9fe8cdd7c1024eccbc27459b53b1754a7fb3afabc8ca9c8082b4f98cff89ef8121e5a3ed59f11e33f3f404ff7c024b855ce88c5d6bba235b59f4ee89c7f7c

Download Submit
/data/data/com.zhongxu.jiashequ/files/lldt/gal.db

Filesize
4KB

MD5
35add26363f5972f85ace77c1c9026d3

SHA1
ffffae89de75d0309479a855e875643b9b4ffe1a

SHA256
7049e20369cb9144dae62d8fe82d6da7ef5fb73cae0d157d05260e340f8529a3

SHA512
8a04ee217401517bacf6b2b7ee6f377a39aee60b4b7ec852501da02a2d17aab480107c82dd1ff0cc8aeb739595537b7045185b80b987a25c08da0d1b94232810

Download Submit
/data/data/com.zhongxu.jiashequ/files/lldt/gal.db-journal

Filesize
512B

MD5
e4c4378c62fc28abc51128eb84a9fc5c

SHA1
79838a9fbdf27bac633377e567ca51ff95a20dc4

SHA256
8a6575fa4570ab95048e2800423d9f389680dd55c3d8b86b295db0deb380c297

SHA512
8e7eaeb55e508f8eaa087698b8004ecc3b897617e7e44593d53604a0a0343b5c5e7084d9561f6ebb0982f1c0ce62d092d743420e90d63cd358eca4ffcb01dba6

Download Submit
/data/data/com.zhongxu.jiashequ/files/lldt/gal.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.zhongxu.jiashequ/files/lldt/gal.db-wal

Filesize
52KB

MD5
0406d38fadfe9db9ddb1aed6ca4b4dd8

SHA1
e36becd1aa76f2b5b81d370bd6bee1834d19f049

SHA256
6265f3b91ea3a03469e41dea646dc7879d05b14d9d578bf8066b5338d89a8f7b

SHA512
5fdb26ed87cc35bc09221b3d55900f44c4e2a07b632c56132dca8f31203552da90bbd4fb7830d57cedcb8d89e7e365266b04b9fde7a1d2c345bfafcaebb0f09e

Download Submit
/data/data/com.zhongxu.jiashequ/files/lldt/grtcfrsa.dat

Filesize
206B

MD5
6d613136def26031e18f3f404299bb7e

SHA1
14a7a4a3309b932512dad59dbdb35503845e60c0

SHA256
58e28d4defb46364dd0057354a4a89f8cb726d3b696c632de04b1a707803be18

SHA512
89ac70f36ec3117b631a56d43700b4d034d6d269d4632933fdaa8cd9675c57af1df95f15271d0b45b796f56b4f89ec3d6bd4c9114d7cdd24e3a25d30e24e7ca0

Download Submit
/data/data/com.zhongxu.jiashequ/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
1c00dae332047dd8594f5e2cc4126b96

SHA1
c0912013f961fd16ff6579e2b80fed76662340a7

SHA256
c39942591737033ec584d436b866c62beef41763aa53ff375e555e0f0daf3396

SHA512
89628f83b84de5fc0af82aa5b18840767813e133a0ba6177d316048bb5bd9c113c49586adcbed5f96a0ffabd3c7471ee0897419635885d94228accff5bda194c

Download Submit
/data/data/com.zhongxu.jiashequ/files/ofld/ofl_location.db-wal

Filesize
48KB

MD5
f93c00e72cac9aac0a57625838105662

SHA1
db33ddcd4f00d69abc3c3835a039431ef31124a7

SHA256
7d486c2f084b54f9cd33e4e948791ac806924aa7d4de45a241ddbe76a5fe3b22

SHA512
1599d2c7f97cb7c5df5c175defd95a316a93a8155ad866ea1460cefa7465cfd59bb90ac53c94574d21ed6132c905c5415d08abfc4b1f091f508a7ed29ec9476e

Download Submit
/data/data/com.zhongxu.jiashequ/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
4e6ab8676ed3aef259637d2336b32fee

SHA1
9f20324e2f49512a60e4cc83bb7f3de291e21dd5

SHA256
49b29e77a1ee75bf41b64833610cf6f3e70e1c359092a6eb72bcd36e17331e13

SHA512
11316b0f29cbc19e23167606f755eae8bb2cc695654a7eb820bd46e726b7553f24f4221a2dcad0949ea62bbe95415ac8fe49c895036af448b62935537914545d

Download Submit
/data/data/com.zhongxu.jiashequ/files/ofld/ofl_statistics.db-wal

Filesize
156KB

MD5
8074ce7c6df8ef885184da9b1287c708

SHA1
572ddf558fde70e46ce0312648fd13897860278a

SHA256
a6365aebc0f6c8b317b22d6b06c0605f39d112750f9c134a40a07e9a02ee75f5

SHA512
a09d01d03ff334892971fe5ba6477e911b3009a06e4f1c999bea5355ca968f73cab04a90c49ecdbc99886269b8b6ed1238495e09f99bd48f58a5eb6965003aee

Download Submit
/data/data/com.zhongxu.jiashequ/files/push_stat_cache.json

Filesize
32KB

MD5
78c1d9ff853849a053a72a7fb0da264f

SHA1
b3ca8983a020bb04f7abe32ffae4c80c46aa6869

SHA256
53240a81f7ac77634323a06a2beb940ecc11de8e190e7a2d9ddc8289e2d12ccb

SHA512
ee6ffddf11a95c0f0cba9f5ab52545a6e466f5a0aa7ee8c7c41d93d208d2475ea857502eef412624689e7ba3292c38a507235838e1b6100cba2619ade500fc6e

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat

Filesize
157B

MD5
8296eb39638f92eb196f4c5b28cce1a0

SHA1
2ed6c80b517598f0fd514a4d90942614c6e5e2ef

SHA256
b29fd9412fc93b92737820c93aaf185b30c00b10599834811997524dff7b5fac

SHA512
3780152986905af41553c5aa878026c7134fb2b94fbe36d0eb2007a7bbea8f43ef52c599f9226de8f6495e0da98c0fa64f91f95134c9ac8313600f254864ee20

Download Submit
/storage/emulated/0/baidu/tempdata/grtcf.dat

Filesize
801B

MD5
7c366ea8f849e91e3f0f3093867b5c33

SHA1
88bb005e5643134f8719895233047017afe39800

SHA256
d759d062f4eff809dc55ecf5cf8693b0e062bc1bf3301f11d907f555852b20e9

SHA512
4575109c6e7330735b5421dc6f32abec26c5e9a92fc6ceb5b0b0f360ff97ab42f6001e52ebe63199d17ad27c053deb04b26e18af0025c0462886c9576c1d63a6

Download Submit
/storage/emulated/0/baidu/tempdata/grtcf.dat

Filesize
2KB

MD5
a173222343b8350b35706562f60143c5

SHA1
d08630f5078f5233050bc990796ff5d3ed88818c

SHA256
f009b3e9bdc6d5165f2143b3bd8080710425f1aaffc67682f6f5b53187b6391b

SHA512
754de45c7c56996793da71f627f19772dec0872b3df333d86a1f4175764b60eff81a431d88aa966e78a8fa94195aade532d5be9ac482210efbc0fcfd46e8c695

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
02d5c9a5f7611431a7eb48ff3edbfafa

SHA1
0f57c5695e3655a70d26fffb00544f90407495a6

SHA256
32ac8e6858fb3412fb85e5925b6ef258ce6f8ed5b228eacfdb33e2b79e2d5ee9

SHA512
15758095fc0dcd991b5bcdce1b684ea50c34791e42d9e1c27731e74cbb994c985f3695540121a96a367602f3988b42df5e8ade1ae0ec75f51b92d1ed0828b525

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
52KB

MD5
8be1d6a52dee6df3d6d8e2e187f009ab

SHA1
c843637897b04f5be641d46a2d14edaf3748e176

SHA256
daab21e5ea84ab6af8aae327e44f37e7364adc3e3d53dd56cca9cbd10e3d173c

SHA512
5a14bdb7a8096f27f7eb102ace39b3095704e5963c918ac261ca74c34857564941e31cf5a07a99d6a83affe65029f8cbb7c133ee65c70a4cdc024c82f555fb7b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads