047843420a597820fd67d7b1f80358bc854bd4910ba2905ed5915f9ac42cbd40

Analysis

max time kernel
10s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
08/05/2024, 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

242b02d87036fbdf2906de91c30ec1b0_JaffaCakes118.apk
Size

27.2MB
MD5

242b02d87036fbdf2906de91c30ec1b0
SHA1

c564ea3dba76fbc38a548a010761823c14f6e0de
SHA256

047843420a597820fd67d7b1f80358bc854bd4910ba2905ed5915f9ac42cbd40
SHA512

057d7225385c0399c25e6b4ec6292a3ef7a553f79aa5a816de238d2471a7b08a17cdab068c1be172486860e9524f93a8c39818678618c9a06d8a49edd55ecd33
SSDEEP

393216:F7aHMc0auZnmeOpodv5JpcNVMVGyt6ItZQbdYT0MbdYT0iBjZOmWQue4caCPP/gn:4sdnmeOaFd0586IUSwBjZpbcikwOnb

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.piggy.qichuxing

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.piggy.qichuxing/.jiagu/classes.dex	4238	com.piggy.qichuxing
/data/data/com.piggy.qichuxing/.jiagu/classes.dex!classes2.dex	4238	com.piggy.qichuxing
/data/data/com.piggy.qichuxing/.jiagu/tmp.dex	4238	com.piggy.qichuxing
/data/data/com.piggy.qichuxing/.jiagu/tmp.dex	4303	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.piggy.qichuxing/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.piggy.qichuxing/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.piggy.qichuxing/.jiagu/tmp.dex	4238	com.piggy.qichuxing

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.piggy.qichuxing

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.piggy.qichuxing

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.piggy.qichuxing

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.piggy.qichuxing

com.piggy.qichuxing
1⤵
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4238
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.piggy.qichuxing/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.piggy.qichuxing/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4303

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.piggy.qichuxing/.jiagu/classes.dex

Filesize
6.7MB

MD5
3be670d7fee07326c7eca39483b0861a

SHA1
4eab99517ef09526a98caa82ea12065cd994efa7

SHA256
b8ef200ab297bf5b43079ba73199ab48b02d798510711a848168116367f941c6

SHA512
cc86a068c35d40ab9bcb016abeccc50abf6306205354a09e6c479ddaa4c97066f78039308a5ca48936eb7a7bfcaaa506f1765e3dd4a0e38e5146d9d026e790c1

Download Submit
/data/data/com.piggy.qichuxing/.jiagu/classes.dex!classes2.dex

Filesize
4.7MB

MD5
ef05eebc9faf4d5126a152891c3b1d12

SHA1
a0f4b7f794e5134d5924cd5e35f64b4d9ee0d57b

SHA256
fc4350ecf1eae15aecb8134afcb0f6f0471e2f0886b2ff4baaff5cf288ca4b3b

SHA512
69aa618eaf606246dd0a1027020fd0fac38c2f6f9033cfd539abf82d7f4b4eba08b325a0d7d1483e4c850ec54887cee7b682f72bd471056b37e0bf314e4d5393

Download Submit
/data/data/com.piggy.qichuxing/.jiagu/libjiagu.so

Filesize
475KB

MD5
f0f9ef36b67807a253b5932f865eae7b

SHA1
6a8d66c6efa2750b54cb763f4ad044bba4154e0d

SHA256
646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75

SHA512
e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548

Download Submit
/data/data/com.piggy.qichuxing/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.piggy.qichuxing/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.piggy.qichuxing/databases/MessageStore.db-journal

Filesize
512B

MD5
d837a3161862621aa0d98cb11a11c70d

SHA1
e33df9fde78d4dc13ca2db45185152b3c5476970

SHA256
5c18993a252a6e43629363cc147174239f2992e9455555776bb3c4bac5681217

SHA512
b0c9b0aa89441a05450a97320da7291e24f740eded5c592c54d5889e1aadf23b7ec139cd5a47e79188078d9f0af99139af4205a8eb5b6776e47c69c2990fbcee

Download Submit
/data/data/com.piggy.qichuxing/databases/MessageStore.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.piggy.qichuxing/databases/MessageStore.db-wal

Filesize
56KB

MD5
0997d73f6f37f9317165fdee07087658

SHA1
4301ed3ef7059e5c0b0119de446919cec40879c1

SHA256
5ace34a82e0896b680dd62eac5ef851d10baa6dbc3f908423285f96646354ca5

SHA512
7d0b4a3472abc3eb312ba201f78d9f7fb2dbca2617e7143a2c50295ea20073d06d6b4fd9a315153a40a113812aabef2104e13f7bf34c366a8cc2885b3b261d0a

Download Submit
/data/data/com.piggy.qichuxing/databases/MsgLogStore.db-journal

Filesize
512B

MD5
bb49d87e4f610635609bf12ce49b501c

SHA1
6c143a423dfe50cde57e7a2cfc6acc568bb6968e

SHA256
168c9859bc5ab3f8f8941177588152e7181e8086044f071b57a8cbace7691978

SHA512
5cc3d2cd84cc45aa0553ea9c4a0ab521b5fd3d3270663b9b948850c0acf80b7afe984a6e7ece3eb6583eb6bdd61f476eb1bb9df239be61aea791d8f5b2dc3d70

Download Submit
/data/data/com.piggy.qichuxing/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
6ff4b3aefc7f3991d3c0bd96def40115

SHA1
a0182c1a6bdbc91a1b4d47be6dbc95645fc28bff

SHA256
9b730874ce2bda48c9b261efa218b8aa5f2054c404f2bd392df15c76ea742542

SHA512
67a7e48a55cfb3814c98d350e2ca5a44fba700c9f36ad8b1c2fcc4df43aea18ff4d6fd295b3049d85b302a62075e28feac0315600670a8cbecd9bfb7f8cebfca

Download Submit
/data/data/com.piggy.qichuxing/files/.jglogs/.jg.ac

Filesize
32B

MD5
2eb57f95638a5e35eb9daa4df0955f30

SHA1
e884fc59b6e75022d0036ad9b94ce69a711a1e84

SHA256
b83a47beba1eda868ad283fb2d1f99965b85d16458cfab5eecc89fd7d9cf8f91

SHA512
68dc24130de592751cf448aead227f07e087b810bcf72e1665b7c87d599998ee9295bc5982fde1558a271a64c08e1277341a89c89a25411b5dea122648b1f625

Download Submit
/data/data/com.piggy.qichuxing/files/.jglogs/.jg.ic

Filesize
32B

MD5
d2bd09e36e84882a3e6b2587f440ade7

SHA1
51367bd0eb89021e32969971c1a5afca39c37232

SHA256
99ca44b739f76dffe4c9194633bbea38cc7175f1e689332abb5bae7aae037091

SHA512
309885ed58789a25fc9ed53959caad118dbe1e61768392ea38ca2b8c223f45ffbb17ab8855304704d13acab5a21611a2f72ed2ca29460dfc7a22cab6f60f87ba

Download Submit
/data/data/com.piggy.qichuxing/files/.jglogs/.jg.rd

Filesize
73B

MD5
72c37616142703693125e5a60dc7f203

SHA1
eb0c3230b77c0e41850f6fb7d058f8a7984a4cb1

SHA256
9a95ddfde4dfc90e5e2f1a9ee2750d4007a1e31d2f7be290c623bb2675eabee2

SHA512
53ac48964e0ae1c8b7dfeb57d87fd2c9bad15f181973e0a97d4df3f56b6ea003dc9030f330a1d7e7d38b00a3697fdd45570df2aafba586cd28c40d3b3b161b6a

Download Submit
/data/data/com.piggy.qichuxing/files/.jglogs/.jg.ri

Filesize
307B

MD5
6084c70c6d336853eebf4157abdddaa4

SHA1
bb671512b7d8a7d0f303af6dbdd4837ed1c274c6

SHA256
a0fd83f8a65fc6aa659d44dcd23f09bec27de9bb18c0091684ae4f5789cd1682

SHA512
496e89d1ec34a5839e74a914a8ba04250b6f487f6145db9aefa5d3bc4a02769f5d53dff28afe9378eb55b178aea6e93e85e1c64948c151b41aa21a5f0174c348

Download Submit
/data/data/com.piggy.qichuxing/files/.jglogs/.jg.ri

Filesize
307B

MD5
be3145f63b3c6ba29a77fa3fa19b233f

SHA1
a4ec57d771cef4fdefe28f2223c23925e9a43385

SHA256
7b282fe89c4cdceeac912f01e235e097f2753046cf446f6d984b421a652b1457

SHA512
787689fa6df9e5987142478d4f49be1a74370bffee016f40a0a46eaf3fb67beddf525026ae7525bf4b1e8fa1aba2b78dc86a514964a7dcb6989581d2ba345e43

Download Submit
/data/data/com.piggy.qichuxing/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
c293ec9c24d4a0864ff23e7dceb7b260

SHA1
b6489be7cb1208f6b2077852ec2d2e738080cfa5

SHA256
51e6996c7cd0ef54fdd3ff444942e53fa765e8adce1d4e358bcb826e6a665c4a

SHA512
dd2711da6189698149bd224e8bac8def4e5cb63842b17a3c36e901876d81082239ed9608c667330ab31f9bf5193a1adaca7845ab5e8fe8bbf6b907910550c799

Download Submit
/data/data/com.piggy.qichuxing/files/.jiagu.lock

Filesize
27B

MD5
83a1db55c49c24937f725fe007b5ceb7

SHA1
263d1685936b68c1540dbc26dd339d1d65f6bf9a

SHA256
70c4984cfd18a380f215d2f41f899bd222ab0125dcdeb4775817e8f33c57eb23

SHA512
840bdf77769208fb0ad1daa049c50fec8cd962d41a8327af15bd3d4efe10456e0f1076d7721f93d91c7a4c726fcc597e25e2ad83fe9d98eb5fd80db10f8f7bdd

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
f8ef80197fca60681a338a999d8d2cc9

SHA1
03fa8d29b1ae33dcdeb05ab63b0d4163acc9a31b

SHA256
e70a0655d0816d92b83d4ba2106607e99c9f531fa6f57d01f412308979823e39

SHA512
83f81caba8f6b3fda7ee5118d2637f35efbd291081fc3c3fb85207d451769a5688c8d797cf390e9f03c6139d607f014c34283f5b2134d50b77150f0cefa31ad9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads