18790f13e93caf6451704f685b823a5ed6877449c1ead3586d9b3abbedfaebf4

Analysis

max time kernel
19s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11/05/2024, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33303929446d56560a35c387574bd9b6_JaffaCakes118.apk
Size

1.7MB
MD5

33303929446d56560a35c387574bd9b6
SHA1

b7a5f792ce32ec62eb8958db957c0ef636f7f110
SHA256

18790f13e93caf6451704f685b823a5ed6877449c1ead3586d9b3abbedfaebf4
SHA512

e87f935cdba48b5c2564dfefe2456f549644c9f1cc777d1f2c87a181bc7aeab36a712954716382376adc1393c39791011ec29407516c04a4ab3339c4566a8316
SSDEEP

49152:/s+FJOxo0Eo9AOOniENLS5h41cSNGscDOsHsNsgsAf:/FFQx28OiE85m16DPMaxAf

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.nesun.jyt_d/.jiagu/classes.dex	4272	com.nesun.jyt_d
/data/data/com.nesun.jyt_d/.jiagu/classes.dex!classes2.dex	4272	com.nesun.jyt_d

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.nesun.jyt_d

com.nesun.jyt_d
1⤵
- Loads dropped Dex/Jar
- Checks if the internet connection is available
PID:4272
- chmod 755 /data/user/0/com.nesun.jyt_d/.jiagu/libjiagu.so
  2⤵
  PID:4299
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.nesun.jyt_d/.jiagu/classes.dex --dex-file=/data/data/com.nesun.jyt_d/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.nesun.jyt_d/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4343

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nesun.jyt_d/.jiagu/classes.dex

Filesize
537KB

MD5
f974ca053ca72d8e9640d63320e6639f

SHA1
e04c6665fcb8a62c43bf767b0c93bdf3bfa072c7

SHA256
255e77d3e5ade06b09e020c39ddbd29aae7a0cf9029dac79f4e15d8183580146

SHA512
64a5ea6b95caa5823dec3300fb30838ffea40930b5edd86b9bae53effe7d6dd65c275e3992886744c70e5e30dce43b59340e6bceefc519e1d5b455f2f1ec2eed

Download Submit
/data/data/com.nesun.jyt_d/.jiagu/classes.dex

Filesize
1.7MB

MD5
7d4368da54be73a7c42e975b13dbd5b6

SHA1
9ace1517c65bf06ca0f271eaca8aedf14f82c0be

SHA256
1eb67645ae1bfac8ac59f32ca2ae009755db670add438624ab2db7bee9693dc0

SHA512
7187afcf08ad8d0ebf95e78f1caf375e97ee10d5baec5ad12d143be684fe71948a2cf6746e5cc61cfd6a438f36b52ce86979702511c86d272f82e0a0df0c03ff

Download Submit
/data/data/com.nesun.jyt_d/.jiagu/classes.dex!classes2.dex

Filesize
36KB

MD5
72d6671286f327903488b68040fa840d

SHA1
41147a1f395dbac472819a205fb1df9df2e56a0d

SHA256
d9b4f5e19d0e52ed057ad1788a1f4af705dc6e38be5ca8a4462c33aecbc7d054

SHA512
102fcc7a95fd4b9d9b28bcccefb3494a5e6100c39bc7152ce332d582c6dc7f3940740fbeb7a0e0fd9e3dfa7809af5d66b6e2a2cc96131a7f237a37ade269e25f

Download Submit
/data/data/com.nesun.jyt_d/.jiagu/libjiagu.so

Filesize
363KB

MD5
f7f5e960db0c8a6f3b5b8d1a0427a042

SHA1
a8b623f9f87a6e785508befe07314da2fa903bfa

SHA256
17ac5b03f2a51ebdf2cce66314bc8e3e1547bfa0dde61357fcc07768aaaecb3c

SHA512
ec889d1d9428cdbac082d0b5ab81cf33ac417874a416daf27b02af3d207b1b02ed794fc0b3f0ea266c8edaf3bfeb8f3cef7c631af689405fa629fee948ae8cba

Download Submit