Overview

overview

7

Static

static

6

2a41793f7f...18.apk

android-9-x86

7

2a41793f7f...18.apk

android-10-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-20240506-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
  • submitted
    09/05/2024, 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a41793f7fd54659432a9e3120252a7c_JaffaCakes118.apk

  • Size

    26.6MB

  • MD5

    2a41793f7fd54659432a9e3120252a7c

  • SHA1

    44f13d84278aacb3ed853f33b6e1a1c5eeca7bde

  • SHA256

    fbeca7979fda386f24c91de84102facfc3a8ddea0580b9d6858407b781accc70

  • SHA512

    fe20ff1ef6f71bafe427fde67ad34879291422b7e3392cd563e6aef72ea9a87563ac685b7a6a11bd7dbe6f157c88ed9d99caf94e88e0119851969584bedccdbc

  • SSDEEP

    786432:46KwbZKicGMQ2v9zUMxLE814KAUjdOAUKdGlWw:4bwlbNMvmuE048jdiZT

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.jxkj.kdvedio
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:5095
  • com.jxkj.kdvedio:pushcore
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5154

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.jxkj.kdvedio/.jiagu/classes.dex
    Filesize

    6.2MB

    MD5

    8789d443589cccd6b3c70c1af1d9fdd5

    SHA1

    ca1221653a863b87d295dfc2bebad07540a50e9a

    SHA256

    e8c56c42fa3eb87b85ea9d55574825d30eeb33fca95318334eea7fada6d97297

    SHA512

    309ad2a765927f96a2d678e830da144172d47f9e1ecd459726b3984f29b910c9ca77d3ff342f33e2921238f0080b153270927d35ebdc80601d3c307122daf23a

    Download Submit

  • /data/data/com.jxkj.kdvedio/.jiagu/classes.dex!classes2.dex
    Filesize

    3.7MB

    MD5

    10a2215bbda60a8cb5a0374426668749

    SHA1

    1f389c95b409922640d5ecfea55498aa7ef0c275

    SHA256

    9a7e89ee872a19b2585bf2b82dde19067ee64a3785c4ff37a8c62bcb68fd5136

    SHA512

    85b6e0c53e8bd537da62c01640595066379f6844baa2424bbd74f1ba8d8641b3d27efbe6667853bc74364fe04a34596f293e9eff8377f69e7a548e9460cde48d

    Download Submit

  • /data/data/com.jxkj.kdvedio/.jiagu/libjiagu.so
    Filesize

    475KB

    MD5

    5aea02f4e4c77fbf2e7a27f7ca9cc06b

    SHA1

    522db1748608e9173547b29b7aa82ddc3542c534

    SHA256

    5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

    SHA512

    5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

    Download Submit

  • /data/data/com.jxkj.kdvedio/cache/cache/journal.tmp
    Filesize

    36B

    MD5

    37e8e716e0e2f4a0b05cd9571d95b84d

    SHA1

    f8d068f6931707bddb8cd69f706f2224ad1fea3c

    SHA256

    7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

    SHA512

    e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

    Download Submit

  • /data/data/com.jxkj.kdvedio/files/.jglogs/.jg.ac
    Filesize

    187B

    MD5

    09a5e9b8f71b4a215e974cf00482b446

    SHA1

    b5839764bab0e71b3cb0c4afec1becc68534aa47

    SHA256

    4c3e481e908c1bd68ec4e62cb3512c871340e80a019b104b994bbbafec070ab9

    SHA512

    2950d2eee987e48dcc2878ed909d89fc971c2d43be2c4e71e979dc8d4bbfa5f12bdf2cc5a13686a6c022de3b2044ba916b074a41d75659cd143a05717bf6f48e

    Download Submit

  • /data/data/com.jxkj.kdvedio/files/.jglogs/.jg.ic
    Filesize

    32B

    MD5

    c532c1eb035e8c966a0707a05c022cfd

    SHA1

    c9bc28547ac25462782ad43ce27d26b2d38cbbc6

    SHA256

    d45ea61232a7a09f530982af1ebcf9d7707c55244eb93d21529c07153ed3150a

    SHA512

    da7a1825e5a5b72531979d26da2ed48bbe15792b468b70f0d88b4d5e024f8cdfd221431da77a6ddfb88af33eef455b77282cd9f5ec3619e1e8cf6bd08d695517

    Download Submit

  • /data/data/com.jxkj.kdvedio/files/.jglogs/.jg.rd
    Filesize

    32B

    MD5

    0fa4f6fcf4354cb11a20a8780d57e958

    SHA1

    a2e52fec60ab793ec88084e6b8511766f7b3dcd0

    SHA256

    5a57084aa75fe8eedcb54d784c30a088822b76b9a3abddf48f39a6af8a3bae90

    SHA512

    8fa82debe7616c177e9774604b0d79a0f5b2bb558a4ed130bc54803038fb7e12ff8447001c74824dfcf063852fafef66115a54cfe152ef8e16fb3f8e31e17110

    Download Submit

  • /data/data/com.jxkj.kdvedio/files/.jglogs/.jg.ri
    Filesize

    307B

    MD5

    824e0ccce68a13173100cf3f4d1f3c11

    SHA1

    f70976022674084bc3dda9d47aa261e4b6d12b70

    SHA256

    4ee1450ddaa9b74b205f2e170f0accec5705b5b0e399a43edd4d9a8f0b1bf990

    SHA512

    d9cfa9746156fd4bb195dfda0a1f34324336fc35dae2eda650a9868138313acea99ef91f56250466a4932d89349b555be5c26e52fd1fbbeff6aa631625679e62

    Download Submit

  • /data/data/com.jxkj.kdvedio/files/.jglogs/.jg.ri
    Filesize

    314B

    MD5

    ad5af6fd166f277d0681c376b37c9fac

    SHA1

    24ba8ffc5d3d57eb7bb40058951a3923b8c7ebec

    SHA256

    1fa5954bd16cc51e698b54244c63004d2947798b94510856b181ed24531f8e64

    SHA512

    4cd1df5dc357f60f4e3af38dc062fb286123145f8882bed5c43a2dea18e1b44cbc9aa018eebd267f84f7587256f178ba4fd0959988b5439a6a65564a49659102

    Download Submit

  • /data/data/com.jxkj.kdvedio/files/.jglogs/.jg.store.report_pid
    Filesize

    32B

    MD5

    b97b2a31028b13d54296046c10c64f64

    SHA1

    bfcd9937d69d8113df1fd470394849640de2778d

    SHA256

    e64d54b45e398730fa89ce9b1d062e67e2edb94b64f62b5510ab132e98793d19

    SHA512

    f360ceb904f4cd79c22ab58d6e90d9001d403184d25cb72ed5e8876f890e59bd6bae376b15e5b2aab99056dc50ff7a8b99f0331b6341877ec8a62c83a28e6cda

    Download Submit

  • /data/data/com.jxkj.kdvedio/files/.jiagu.lock
    Filesize

    32B

    MD5

    c1bdd2a4078ee5a61b4a5b3657c00c41

    SHA1

    69bec3aa081dee13fdf6f0539f0e5daa958a4d4a

    SHA256

    1e6e6a5890731a89acd024c4e2e041550b560b081abd4692df97b291a0af89f6

    SHA512

    9b7cbe2c280cf9971bbba1f38aa4cb19b1f696cd5c7499f54d855f84301d3fd5adfb3da9ec1b652dc41f42e513973163503cab01e34870798546a4d396b8ab44

    Download Submit

  • /data/data/com.jxkj.kdvedio/files/jpush_stat_cache.json
    Filesize

    119B

    MD5

    ddb2ca4888a9c9bd055d988f9ddb92fc

    SHA1

    e75ee97c3aeaeab4fbbd63d254c4f92700612910

    SHA256

    52dba62fb36c200c68316cc251f79f6b60c0536dfa59e850cee18461f0c977d3

    SHA512

    7f4d92b3cf601cf9a71302009bd6ce48e9679e765c1870408e0dd46efeeb60e19f03a9bf4e643fd03541f67b819d63cc26c6e23c7168c01048edcd9058c8f744

    Download Submit

  • /data/data/com.jxkj.kdvedio/files/jpush_stat_history/active_user/nowrap/13691f48-7996-44b5-8b9a-b746617839bc
    Filesize

    159B

    MD5

    d3abb6492d4dc126de0737818fc1a812

    SHA1

    5310ec92bad4f1bf32a5f3f141e9db0f5c863980

    SHA256

    e0c34a795e06b26fba79580d7413025eade99b9cad2dd430f710e70aaf433b17

    SHA512

    a268c2f9ef963f60768cf7b9c2cde02cff4ee8d8b0bf47a112c4608243e75175e22fdc1be439f881d35010acb99c15c1cea18cfbe8e2f9907a961d8ed3c162a2

    Download Submit

  • /storage/emulated/0/data/.push_deviceid
    Filesize

    32B

    MD5

    e9a173c75eb7b66e63e6f646994cb499

    SHA1

    32641c6078fd90a3a294d77caae439ff7085325c

    SHA256

    968a228301edd5e409b039201d4fcf7ed389d54323db171fa0d3fad4b0424b2e

    SHA512

    0393f7ece5c46f804e3312c625ed6b519095492d7f33b28a9beab11a90e238beaff5484f0450ea89b3c8d02fb9d48553a486c0425f03ee3a14c0b2b91cf786ca

    Download Submit