0874f00762c96eb969cbdc1a2a168299653a078d1c20cfebd4889caaa36f9895

Analysis

max time kernel
8s
max time network
131s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
10-05-2024 09:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e72737e59c62adb8747c0e58e56abe3_JaffaCakes118.apk
Size

12.6MB
MD5

2e72737e59c62adb8747c0e58e56abe3
SHA1

08ad7cec0e7db5a8f1ca7aae2e4f51206463c056
SHA256

0874f00762c96eb969cbdc1a2a168299653a078d1c20cfebd4889caaa36f9895
SHA512

35beba43eac6d2f1d59a53f5488b3a607115f0ba83ded38dbb002bb187431ff63f96cfade8182131f2773234653118c496cbb35f4337b5cd6e2d65d5133b543f
SSDEEP

393216:LcB1KOey9uhdHkLuyxCldtWZCfb2exuh7:ADKO+DHk6aCjtpzfu

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.znjf33.znjf/[email protected]	5055	com.znjf33.znjf
/data/user/0/com.znjf33.znjf/[email protected]!classes2.dex	5055	com.znjf33.znjf

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.znjf33.znjf

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.znjf33.znjf

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.znjf33.znjf

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.znjf33.znjf
1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5055

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.znjf33.znjf/.jiagu/classes.dex

Filesize
3.7MB

MD5
d78e18d2cbd3f5c9e697c12f4020fc49

SHA1
a9887506555e45a8ebbc180e1040e0849844f598

SHA256
9ad446118d1846080e2a426f988290cb87240dce81b88a1422be917bfcb2529a

SHA512
c6d0aab3745684d77358c278268eb5d0e36c54a0f8dc6a76352cc9c743c10c499a0f1a40b02660fbf17fb60cceb703b7021a9a45c7f8585023ad5dedb8e85ac2

Download Submit
/data/data/com.znjf33.znjf/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.znjf33.znjf/files/.jglogs/.jg.ri

Filesize
314B

MD5
ad56d4c8ae01fe5d81cf9295e36f5223

SHA1
854d84ca2f2944ef56efcb1a23bcd3d3f112d9d8

SHA256
7144d7abf4905024118a4e107e7ab94c8a0cb8544a0affad98c70cb6c8be2876

SHA512
797eb69fe12ca34e0a33b8a5e54b808feae8529be039871548c01d1a7e13ee85615d52d07b5b47d787f640ef4e2e8bf7431c43b1c901af41b1bfcafd4b2cfd33

Download Submit
/data/data/com.znjf33.znjf/files/.jiagu.lock

Filesize
27B

MD5
62655fb49c446229c4f760d3118a1c67

SHA1
9b585f662033419b86ed2df72f50c1760b55fd53

SHA256
665491f3aff074f81bdca8044828c24df41656ff737c0a7140b5600ed16c0348

SHA512
7f25431bc751ee33de1bc1a67e91009498f894efcd5224ab6f87dd4646be41988bd8e1d616ae779ac01679491b1f44d4caa5d902324c446cbf72a16cb87cfdc4

Download Submit
/data/user/0/com.znjf33.znjf/[email protected]

Filesize
5.9MB

MD5
04c552063363d3e43d5793dfe797ce8a

SHA1
13d6433b80369ed671f21c143728b0c3c5454a96

SHA256
b237d1673e9d0046b75282d7bcb7fac3765ead2ec368ca4d53004f40f87c9cc6

SHA512
4acfe6fd463b3e159b9b79cb971e88aafbba451abb93a07557d274b0d8ee0284dd2da69166ee7ff377e152230f76ad75172dbdc6cc7477b68642504c50f024bb

Download Submit
/data/user/0/com.znjf33.znjf/[email protected]!classes2.dex

Filesize
2.4MB

MD5
d4b0bb6125f4eba71637e30bcfbf81c8

SHA1
abfe5016caec96f2a7cc89a20c964410ad16f19b

SHA256
9c4c1ac850473092f4f1cbedbd6180ed45368f6c9cba9c8326f9ec5ce6116f28

SHA512
131f356a349364cbd8be79b98c5afbb42140b2cc8afa38a2ce324fb6bc6de71fa1ae48590bdc6b410e31dc53d709a65c14778e45bcf9a87cfba48529a239226e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads