c72deb3061ea52c1832b31c93bc3d6ddc40c6841eae8657faa3cf433b396c855

Analysis

max time kernel
13s
max time network
140s
platform
android_x64
resource
android-33-x64-arm64-20240508.1-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240508.1-enlocale:en-usos:android-13-x64system
submitted
08-05-2024 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26eddcad91217d40a32f53a16ce0a67d_JaffaCakes118.apk
Size

12.5MB
MD5

26eddcad91217d40a32f53a16ce0a67d
SHA1

591f9ccfbbf9ae992b22ed803025b0de550200ab
SHA256

c72deb3061ea52c1832b31c93bc3d6ddc40c6841eae8657faa3cf433b396c855
SHA512

2d07bfccc56685caf1eb91918f0dd8d2331c2b571f485b7f55e46fc44da411b35657c709ae357db59d2a3e3db8beb3e1c4cfa96fac217247f6413a43f3af456d
SSDEEP

393216:bQ7+MchTuZu72B+7utiProxj5nkrNvmVz:bopre7u8jox5nkh+F

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.yek.android.yemaijiu/.jiagu/classes.dex	4248	com.yek.android.yemaijiu
/data/user/0/com.yek.android.yemaijiu/.jiagu/classes.dex!classes2.dex	4248	com.yek.android.yemaijiu
/data/user/0/com.yek.android.yemaijiu/.jiagu/classes.dex	4344	com.yek.android.yemaijiu:pushcore
/data/user/0/com.yek.android.yemaijiu/.jiagu/classes.dex!classes2.dex	4344	com.yek.android.yemaijiu:pushcore

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yek.android.yemaijiu
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yek.android.yemaijiu:pushcore

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yek.android.yemaijiu
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yek.android.yemaijiu:pushcore

com.yek.android.yemaijiu
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4248

com.yek.android.yemaijiu:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4344

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yek.android.yemaijiu/.jiagu/classes.dex

Filesize
6.2MB

MD5
8dde2f8487fdbee0aa5da97df90e751c

SHA1
03e6280d8219e0bca74d8e40150eb47f8fb572dd

SHA256
010a133265cd0cb639369e5940e045d6f9eb59d2d3d6696eebe0b11c3b855065

SHA512
8e7b9f583465bc6e7b63ca6a3e89b979a90322c983a78d2cf7e6c31204aa345d35cee1cf437c8314803e336889b7ec6a6a1198ef888d0524652cac40ab724fe7

Download Submit
/data/user/0/com.yek.android.yemaijiu/.jiagu/classes.dex!classes2.dex

Filesize
3.3MB

MD5
fad91536b275bfb5266b289884d42a00

SHA1
a98ed24aa77dc6bf5d5e8f526f9ef7bf8ada6f90

SHA256
ac4b1a09ae6a0b49bc12c1b763a7f3a1b902aecd8491add41a0a84ca43551830

SHA512
59819fabd3b2036317eddb7c785f3826ee2836264b3ee3708e3a8cbb91f593d5f0f29cc806dd463c8c7405c131e74450090fb7cb1ce60976594c9bc4d009b242

Download Submit
/data/user/0/com.yek.android.yemaijiu/.jiagu/libjiagu.so

Filesize
475KB

MD5
f0f9ef36b67807a253b5932f865eae7b

SHA1
6a8d66c6efa2750b54cb763f4ad044bba4154e0d

SHA256
646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75

SHA512
e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548

Download Submit
/data/user/0/com.yek.android.yemaijiu/.jiagu/libjiagu_64.so

Filesize
510KB

MD5
c26350f8b4709f13c7adeac3c1ec791b

SHA1
0d773039deffff4f2bcab5cbc2ac04c4a2e7de9f

SHA256
947093725142dabf77b01a8c9020312dc4544403c0a86e8a55d0174e6808e87f

SHA512
56a1d1b7255a311317757850bfc7f5b4e59333c386f1b17555a2f03090a5bd5db66b6da2c59e90ed674f9bba1c991956877b95da8d2a75fcc1b8f3f6b9a979be

Download Submit
/data/user/0/com.yek.android.yemaijiu/files/.jglogs/.jg.ac

Filesize
32B

MD5
ddfad569626f29382d4b4fa8504e1782

SHA1
adc5f1b72f57054fa779a218637bed147097f508

SHA256
a959b6c6ae033db80e275f9358ef385f5794f6b566e579ff8198d0a384993d39

SHA512
5d523f16382cb3ab316f25034b450246f10f6373fb7f62b5f79e8a2886b728c668a7eec3df6a423d4e37137eb0ea6dfbf1a20f27aaa29fb38e2c14030b2fbfee

Download Submit
/data/user/0/com.yek.android.yemaijiu/files/.jglogs/.jg.ic

Filesize
32B

MD5
f0db34ae7096a5bc7776046e6f1c8383

SHA1
e297fd59e1548d475d7fd78a430dbfed5ce07526

SHA256
fa812bb76007b14bdbcc27a9ca75d884e38555b05232beb3d21c2e14c539d175

SHA512
f3248508b881984a706650ed15ad2745c88e1c2e40dacf41535fdce2ec750afff63b0d2cf9eb28a585a929a3dae684c962d4e1bdef0caa9c77c44da8131eaeea

Download Submit
/data/user/0/com.yek.android.yemaijiu/files/.jglogs/.jg.rd

Filesize
32B

MD5
748c9d8945953ac79fa74adfb0a4f325

SHA1
0c917d7ed0efeb63b43383e589cf5f170933271c

SHA256
4d338deea6c6ad67290431fc52469be2f2687fc608d7226176814f8ad3b751a2

SHA512
2a17a483d9d832c730e7e44838df75eac486c716af4ffd3a8b28cd804d86a627a48cd2778a173404ac83e668754f3bad90eb6476cc86e62443ef7daba35ffab8

Download Submit
/data/user/0/com.yek.android.yemaijiu/files/.jglogs/.jg.ri

Filesize
307B

MD5
251ed2dda479d33b7ff00f676df09eea

SHA1
2ea63d97fdf828a63875f8be32444242abe5893c

SHA256
6204611b7e44edac19549a4a0e2cec668cfe022b0c09805c07e2481d0d1f7ca4

SHA512
202b37ac7b673620d24f3dd71879a5428b065e4bc78307fe9c6ff7cd5b3da328e6edb1064ec6b1e4cd4ff92ff307a9eecd545d11874f758d53d1b1fccc277bba

Download Submit
/data/user/0/com.yek.android.yemaijiu/files/.jglogs/.jg.ri

Filesize
314B

MD5
75f45f8fb009eee561bfcf9b8d57cd27

SHA1
972801ffe72fcfd939db9ec1868152c259d9737d

SHA256
d50c5f75a782fc0e1eb627a5312a7e4724f55da7c3364824bcef62f5c22533ac

SHA512
2a9ff0cef747030582d7fe24e033f221a220577963b90b16e0925839ea91b897c41caf0332340262986b40ce10a127e192e7008dbce525aa759b930530a876ca

Download Submit
/data/user/0/com.yek.android.yemaijiu/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
fcfe8f4d9169d2de584e2979f4c08c22

SHA1
2ba0eacf6ecef8045c76348e54c9121c47e8feb0

SHA256
f0afc364ca23b9ecae89fae14a95020111e2caf5025c0c7b58c0a62dd2f542dd

SHA512
03b91fd291a9f314ef5982b73051b70b838fbb89ed76b856c0cf5b797960e332a8b71ad8f7859770cb5c6c75f10191d76eb1396d7fce3191026a90b462fc0fa9

Download Submit
/data/user/0/com.yek.android.yemaijiu/files/.jiagu.lock

Filesize
27B

MD5
1e8c6f830835df7f3c81bdb4d991f26f

SHA1
fd4da77416ece7bc9a3710caee4cbfff7931db49

SHA256
904b87bb11d909465921e44f17e3fc7c7dd152446c9faaccdd2bfdc734b323ad

SHA512
fe281886aeac9d9a2ba4a40339387dbd689430ada4f9b26f9002c739f7db86f7a433cc0652cfb33f7dc6bd86e0de02d156ae5c53499b232f07bd5a48d58949a8

Download Submit