Overview

overview

8

Static

static

6

2b2dbe91a6...18.apk

android-9-x86

8

2b2dbe91a6...18.apk

android-10-x64

1

Analysis

  • max time kernel
    15s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    09/05/2024, 17:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2b2dbe91a612bd20f15e2178eb2805e2_JaffaCakes118.apk

  • Size

    20.9MB

  • MD5

    2b2dbe91a612bd20f15e2178eb2805e2

  • SHA1

    821c7eefe28a54644f3a9fece7ab0baf7c22afd5

  • SHA256

    4a4b84463a773c1e800c541a69bef8c6ce182af7cc8a69e23725b42d2abcadd4

  • SHA512

    ab882875b82b3bf8440c2b407e1c7eff1f6a4b2c1629027803c56b3a26ceafd3d75152735e9987ceeaf4d0bb0c7b4ab469980ee34a741866ddcf02eabb91ddf7

  • SSDEEP

    393216:EyKCuZ+7cQTiO4utWaTrJV8NQEauzXSXmFMSkBmFpYSMmQmDgLF/b:EvV+z0utWaTrJVGQEauDE6MzSMmHDG9

Score
8/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 9 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • cn.ctcms.amj
    1⤵
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4253
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.ctcms.amj/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/cn.ctcms.amj/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4315
  • cn.ctcms.amj:pushcore
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Checks if the internet connection is available
    PID:4370

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/cn.ctcms.amj/.jiagu/classes.dex
          Filesize

          5.9MB

          MD5

          9a4d9e50925043d3e23bc211922f5d97

          SHA1

          4f677b1820f91be48b275dd2a2b5459bd2817ff0

          SHA256

          cbd250ed5c510ff68da410045da968e44158f819113774115240b5903b264ee1

          SHA512

          f83ff5c74ba6ac5cfae03e6a0bac3d7140a28c8b517006333544152d5c909ff37b838d2a54dee44360e1b672b2675c1b500173011e958fc128dd2c9503da9338

          Download Submit

        • /data/data/cn.ctcms.amj/.jiagu/classes.dex!classes2.dex
          Filesize

          5.1MB

          MD5

          d65e8f6e301e5146d0c191527bb72e00

          SHA1

          ee50c3783f53639aa14193c0e1e66bc8102ce6c5

          SHA256

          9f6db11983d62fdfed36c0f05940ff30d169449130cebec5e7f4ba6263d5a126

          SHA512

          684212bab71533f95e19c215a5a4b1ca795064e3cf721785fc0b502b3cdf093584fd0b8fabfb31eba66e3db1c2c0201f82f17abcb03651ca60c225be928de3eb

          Download Submit

        • /data/data/cn.ctcms.amj/.jiagu/libjiagu.so
          Filesize

          475KB

          MD5

          f0f9ef36b67807a253b5932f865eae7b

          SHA1

          6a8d66c6efa2750b54cb763f4ad044bba4154e0d

          SHA256

          646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75

          SHA512

          e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548

          Download Submit

        • /data/data/cn.ctcms.amj/.jiagu/tmp.dex
          Filesize

          284B

          MD5

          f1771b68f5f9b168b79ff59ae2daabe4

          SHA1

          0df6a835559f5c99670214a12700e7d8c28e5a42

          SHA256

          9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

          SHA512

          dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

          Download Submit

        • /data/data/cn.ctcms.amj/databases/ct_demo_db-journal
          Filesize

          512B

          MD5

          9956c0872f5746f69c628adf86261424

          SHA1

          de413d02696a55d1bc4c29d51910c47a15c09dbe

          SHA256

          44b3c80f0852557b764f137fdbb35305125ec4c1990737b650f6ea4d1f3db8a5

          SHA512

          1a4839aa745cf6763878be499b7c741e0b7a586878bbaa6a2e284be410461cf90b2b581a9ded7e9ad16c07c8a84a54d60a11b3e2c17556a7ac53a94437bc6b84

          Download Submit

        • /data/data/cn.ctcms.amj/databases/ct_demo_db-shm
          Filesize

          28KB

          MD5

          cf845a781c107ec1346e849c9dd1b7e8

          SHA1

          b44ccc7f7d519352422e59ee8b0bdbac881768a7

          SHA256

          18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

          SHA512

          4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

          Download Submit

        • /data/data/cn.ctcms.amj/databases/ct_demo_db-wal
          Filesize

          48KB

          MD5

          0fab5c72eb47536fbd8dd8c0bb3d8fdb

          SHA1

          a86b876b6dbea4cfcf2ba640453279ba5207a3f5

          SHA256

          f9fc6e3f1519ed36c9301ecb68216e5c41aa5d89757eb594fae20436e46cfb61

          SHA512

          5ddd58d8a9d67f53483b3eba765ef088090cd6c7241affabf4676c4f9f125495007d18a1fd9be6d82d030ef5a0c7ecd9034f6e519b87de724a327385ce393a54

          Download Submit

        • /data/data/cn.ctcms.amj/databases/gechain_finance_db
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit

        • /data/data/cn.ctcms.amj/databases/gechain_finance_db-journal
          Filesize

          512B

          MD5

          de7d903334f509e42aa2a6de07225e19

          SHA1

          bd8a5175bced7561b063165f1df0c17a559498ac

          SHA256

          e260f7baa47fc35ddb416a32b662470fc780c250cbca6caf708a3608ffb77545

          SHA512

          fca85996d0484b184a4d1ca59842768a2340f05ea6605381eeba5a6e8f4513e92e1f3c2484496bef93de1e12cff6ba7e93545427ebd97a977d599f33a772cd88

          Download Submit

        • /data/data/cn.ctcms.amj/databases/gechain_finance_db-shm
          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

          Download Submit

        • /data/data/cn.ctcms.amj/databases/gechain_finance_db-wal
          Filesize

          48KB

          MD5

          a492ae5f1aceded355359fcb0152e948

          SHA1

          96456fba2e6cdae4f28616ccdadd520828a40e59

          SHA256

          f566906c5436b9bcd6a0c85e3050d08e7381249998ca734b1db21584239dc705

          SHA512

          af7b83de18b82f1dcc93356a3a711e127c81eb9f6f4832266642e36ae3219aa36c2c68eb361922733dc7354a7f4a073bac7d1871586772b84715fbf99336fb0e

          Download Submit

        • /data/data/cn.ctcms.amj/files/.jglogs/.jg.ac
          Filesize

          32B

          MD5

          958b81d6259151bbbe047b3a7911481d

          SHA1

          f7b39cf340fccf5b96c98c422a580e172a6b148d

          SHA256

          4995cbefb2b3a52206c88b0e5d09fa79bde52cd2c3eaf71f28e7289712e6fa73

          SHA512

          9f0d234c90927687e03073679cb1c5809ad7d791f9ba05cc88a36e1c7cd71214c0abf3f5c7d54682efef823cea4f8402df3eeb96da8a690640a4292bb4aeeed6

          Download Submit

        • /data/data/cn.ctcms.amj/files/.jglogs/.jg.ic
          Filesize

          32B

          MD5

          f94365632645d3da47f2f3b33397e22f

          SHA1

          39717d6f11c2390322cc602977b9021fc9b804e7

          SHA256

          1eddc2fd4e9ffe1d5686e8bbe6fe48c208856dff2e8070baba7dc704c4f5a4f3

          SHA512

          d8257d924903cc7555187ae8ef49a42c954b511730d31e8ad53071ea5daa100edad598fbf5ef4f4c047046e4ee9d1811e8b47491639759c7fa804e4433c30d29

          Download Submit

        • /data/data/cn.ctcms.amj/files/.jglogs/.jg.rd
          Filesize

          73B

          MD5

          212d32f0f51f96d1efbfd01c65544d94

          SHA1

          a5ae4b95d9af3942b41f38e3850f1e8e43a85d15

          SHA256

          d489e6f866e8a8c49286b4fa9428a663d95e8ae2f2833b042261e752b8fcee64

          SHA512

          630c3ad7d36153c20752e84837d57f918dd408aed4c73a77c3c2f12d2831701af0107057460a9c89490a1aeed83fe760fad45a9980a1ec147306b2fe3c9eb9f9

          Download Submit

        • /data/data/cn.ctcms.amj/files/.jglogs/.jg.ri
          Filesize

          307B

          MD5

          8e852b0819e69dba88f0b1f01a33982f

          SHA1

          a7b48d55f3ad01a3717456e14bd8b793e8239e1f

          SHA256

          70c2aec770b9e1ecb259a9cd99db6ab2f79374732b5a0e7af5303ccc25968c80

          SHA512

          5080e590de0f8694abf96b5c056a3fd662737a89612166b87fe953cd3c506982a2f075cdb0a005652734915e3903f751b76b7f32de741680462a48559a56c3e9

          Download Submit

        • /data/data/cn.ctcms.amj/files/.jglogs/.jg.ri
          Filesize

          314B

          MD5

          4dc7eaab511213396dbb20e46cbaec7a

          SHA1

          ed429371234b1fd9d811445d98b369e0184bc097

          SHA256

          1031856d6803f1fd560661b839881bb59d567bd65157ed070172ab530db695f9

          SHA512

          dd289ed66bdb76eed1c12c3fe024fccedd1809d29d3c145d41f3a5b89da4fbf697201932c2f2969aa96338f6275bcc3c9248a027bcefdafe59d3b865fbdc5d6f

          Download Submit

        • /data/data/cn.ctcms.amj/files/.jglogs/.jg.store.report_pid
          Filesize

          32B

          MD5

          ebe3aa17c0afeaf12e939f76f5cc5525

          SHA1

          7dd3295b0b7c480f67e18709ec3a57a17a9437ee

          SHA256

          fa88173a075fead5dd0b8ec10ec08c1bb69afdf5af03b1d12154ef04ca08ed35

          SHA512

          b09ed724255a829bdb7a1ff1528c1ab5223c8ccf78246d88c41d246b3a30f26a1f62f1338559cce29a17fad634838b47928a349bcb21417f6adffea302fc8f0c

          Download Submit

        • /data/data/cn.ctcms.amj/files/.jiagu.lock
          Filesize

          27B

          MD5

          2477ed56364677a02e8331579b67a132

          SHA1

          ab1036142abab334750c7864de147ef59cb43d77

          SHA256

          18b68d06b6a84d4108cfdc9804ab5caf82a08633efb180ed5c3865460e9693a2

          SHA512

          a7cbd8d0c2387d2037f44e970d564199d3dbb3088145a8ad7899acd86aff1d3f41fb3913765bd86faf34174c0f575f411f0e2cc333bca80041ec6e80f0be154d

          Download Submit

        • /storage/emulated/0/Android/data/cn.ctcms.amj/files/tbslog/tbslog.txt
          Filesize

          10KB

          MD5

          aa02472e2648b3c32674a63a5a572131

          SHA1

          32e565ae4d22caa9c32b9a395e15bc0de47bdbcc

          SHA256

          6483ecc4e8f748227ea200682d79648cd795e468dfdda56585cc970cd2bd804e

          SHA512

          bb9855c0d370378945e057efeb2ee24ee115c80246bf3c54f861a55cadb385c11c38fe2e9a3c6bd91d2857194ba7cbf09d1c76d6769801d334502c9692390761

          Download Submit