Analysis

  • max time kernel
    10s
  • max time network
    153s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    13/05/2024, 10:32

General

  • Target

    3f0cd476ceac1deac45c501f4699c9e7_JaffaCakes118.apk

  • Size

    20.8MB

  • MD5

    3f0cd476ceac1deac45c501f4699c9e7

  • SHA1

    7a2ee8875e12dcd1b28735f1bf04f986757ed7e9

  • SHA256

    287fdf681e87f03813cb570c808d2fb0e0a5d448d7f875a68eeae409473098f8

  • SHA512

    29aff59d2060dfc2d606c5d7bfe1dc21ff75d7d8baa9b7afc91d1dd466bac63e62fcd505584b71f9564d0cc491b9d57122bd5a4598edb254fd407299afc357a1

  • SSDEEP

    393216:xOjvXRcXcgI0SWw0/iA6IoBFeUCeUGdfdl/LDdOT2RGUetDdOTRt++nWYY:cjvXRmIcUTemDAT2glDAT2T

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.manyufun.myfapp
    1⤵
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4240
    • chmod 755 /data/data/com.manyufun.myfapp/.jiagu/libjiagu.so
      2⤵
        PID:4264
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.manyufun.myfapp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.manyufun.myfapp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4322

    Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.manyufun.myfapp/.jiagu/classes.dex

            Filesize

            5.4MB

            MD5

            a36d039c45f644cc8fdf771e030b3f00

            SHA1

            f06bbf4710393ab5babb44a6cc1196468d636bdf

            SHA256

            0f7e6911b3ec1736fb6e07900758c9d3de2ce9275b2f6f190c5bc6f4c122a9ac

            SHA512

            e9859c5a3598506307d39ae433505f3d01e6828130044fda10728f236f50f4641fe2e35cf7c10a665c20a8b2df404e44706e6c51fa783554782193b5fa099af7

          • /data/data/com.manyufun.myfapp/.jiagu/classes.dex

            Filesize

            6.3MB

            MD5

            50384487fd4b2de45cc8115af25d57a2

            SHA1

            cf1c3e996ef6a048d3143947e4f10c34d05fb081

            SHA256

            0060b45004c29da4e78760eb45b7715a0001128426f1cebf94ce919d6938f2a6

            SHA512

            24953696e7908aaffe371238bec7ab7388b77a7478aa66c4edc5b3b56ec453df137c1a897c6979881266637046cb177b0bcfe7c08047d69e06373f7fad49ed96

          • /data/data/com.manyufun.myfapp/.jiagu/classes.dex!classes2.dex

            Filesize

            4.7MB

            MD5

            b958f4c48c270808ebe3f9b3d12336cb

            SHA1

            a5d863271e4332c80258fe3005acbd51b21905a4

            SHA256

            25dbd9a6aefa63b615411f1c330898febd33d6800ff81a698afa1ba56e8da175

            SHA512

            1ad217f2d11f930dfb73e615e7c7e414deed5bce4af0c4f144a13d50088db23bbd20d8f30f785c6dd6b47db872ec41e45a2d486e1c6fff4379dca383abe6d26b

          • /data/data/com.manyufun.myfapp/.jiagu/libjiagu.so

            Filesize

            455KB

            MD5

            e5a53000766ebc433b27d6a66ec4f555

            SHA1

            2c8f53f1c03aec2005bcad67d731f07261dabde0

            SHA256

            78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

            SHA512

            370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

          • /data/data/com.manyufun.myfapp/.jiagu/tmp.dex

            Filesize

            284B

            MD5

            f1771b68f5f9b168b79ff59ae2daabe4

            SHA1

            0df6a835559f5c99670214a12700e7d8c28e5a42

            SHA256

            9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

            SHA512

            dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

          • /data/data/com.manyufun.myfapp/databases/MessageStore.db

            Filesize

            4KB

            MD5

            f2b4b0190b9f384ca885f0c8c9b14700

            SHA1

            934ff2646757b5b6e7f20f6a0aa76c7f995d9361

            SHA256

            0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

            SHA512

            ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          • /data/data/com.manyufun.myfapp/databases/MessageStore.db-journal

            Filesize

            512B

            MD5

            3cecafcd280558b8006c09d8fafd6f41

            SHA1

            c3fe47c15c9560339305bb69e968c7dd674563c5

            SHA256

            25745abca552095649317496e8923d4dc82a907f4baa991c57a8ec37ee1b22fe

            SHA512

            791dd66724703982f474e838a3fdfdca99cc67059598b8f29829e5510e06ea7a04c8b0c8e50e0617a4d8b03ef3b4d18b7dc180673fce50b20f9033747b6df69f

          • /data/data/com.manyufun.myfapp/databases/MessageStore.db-shm

            Filesize

            28KB

            MD5

            cf845a781c107ec1346e849c9dd1b7e8

            SHA1

            b44ccc7f7d519352422e59ee8b0bdbac881768a7

            SHA256

            18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

            SHA512

            4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

          • /data/data/com.manyufun.myfapp/databases/MessageStore.db-wal

            Filesize

            64KB

            MD5

            bf12928786fa322c48f336a845357a68

            SHA1

            ec9d7b8449a722c4f722affc6e9d9c1f9dfc96a2

            SHA256

            2b81e0492aa5dc3b271d0cae58be47bc0619104ffadd6949244019c9123f6126

            SHA512

            3bc0ee7c38eb0cacc9f54309bbd3a91c886f1a7d2a913eb35776acb65c075a44f5289544da644ffc6d9cfe9ca86a6eb13acf433b44cb8f8f1cb70083434a23f9

          • /data/data/com.manyufun.myfapp/databases/MsgLogStore.db-journal

            Filesize

            512B

            MD5

            e9115c660f21a0d15e1cf7a29a5f4a13

            SHA1

            87af9f201357a0415b482ff9def51b5141f02110

            SHA256

            774d46a192960cd6ec0bba4f9caa76f2188b52c7ca45b451e9c2ce1d33eab6ed

            SHA512

            d7b0623afaf3f848f444c2ecccecf15c9419b0cdaee33ce0fe588d4eb09c225ab73e4dd34ebcdc699f5a9bd6d91ef48406397284f576afbde5c008f0856b5877

          • /data/data/com.manyufun.myfapp/databases/MsgLogStore.db-wal

            Filesize

            68KB

            MD5

            a2e57dcb3da78b32950e19e2ff6b80e7

            SHA1

            d93e5b29f225a9475ade0b2cf37b0e90e33bb284

            SHA256

            80d6b996c080964e619d7ec172a1ec6b86075ce28c8afcbd9bc91cd115d375dc

            SHA512

            74aeb114311fc03624d1bb99889fe633ec3abed83dca2792682f42f1df70daeb777fa2519c107ba20026f3e6dd70b6a3a99078f2171edbfe44e76a94ce11bedc

          • /data/data/com.manyufun.myfapp/databases/share.db-journal

            Filesize

            512B

            MD5

            35b61a2b6f51281950e141b9ccdf2c2f

            SHA1

            b9b3a856e22df2e7d772fa07472d88d4b3e38176

            SHA256

            970352723fc546927b7eba3cba789b51332b19050fdddb991b730dd23149cb72

            SHA512

            cf0b3eed55e7e050452ea5e48bb4a11a6c34285a3f85560e00f195cdf890d1d6296bf0bedf587456183cac3703ed420f3a36a64ea29a8a31feddac97f05670ec

          • /data/data/com.manyufun.myfapp/databases/share.db-wal

            Filesize

            16KB

            MD5

            042d1ceae570ad403ae4d30f60d0cdac

            SHA1

            e21f46e9579626762fe6bd2a3d8200bc274fcdda

            SHA256

            0acaf622621cfe1e0673b5896f7776c30fbedacf5875a52ee3e6ba054f629255

            SHA512

            6967a0f40bd7b99bb6ae4aa9c15f22320e6495dfbbc24878c06d4059df7f0145bcfff32ee46c6e9b79f457d6151db00b3477fa8e169b14e94d177c477ae6b19f

          • /data/data/com.manyufun.myfapp/files/.jglogs/.jg.ac

            Filesize

            32B

            MD5

            fd83696a7d14d40193c4605a32f8372e

            SHA1

            41b4d928a0a3614232609009edb2dbe67280027c

            SHA256

            3e2af0ff4f12739495f3eb222c3281e4d1b1806c88daedc393f1570cc35c3e13

            SHA512

            02d26273a5c0db3afd68a44cac2a64e18e7985dc958f0b8856640af3545d20b6f19c9e78a5406333cdaf91560a3e32dbab7bc5d93b5392025e6a8b485e70e95f

          • /data/data/com.manyufun.myfapp/files/.jglogs/.jg.di

            Filesize

            340B

            MD5

            07fdd0b849a9bb93e8f0d355bcdd86d5

            SHA1

            16d42d7653ac8252bc2cf2de505cbe80d966b0fa

            SHA256

            44bab825ece78d1a194fb104bbd4e55c967fa604cae0bfac14f7445ad1fa4066

            SHA512

            f71b9c1b701993645d918b68a3912ff06f04ea24de88308a107ba4622807f46f5736c190b253fe10f8315a2b7300359cc9053986d1a791e25fa35e8eaa010476

          • /data/data/com.manyufun.myfapp/files/.jglogs/.jg.ic

            Filesize

            32B

            MD5

            796a7b29b040f2bfac9b01fc82201e08

            SHA1

            4188ad7a74d2d3268246dfb4bd51b7ee64ca2a62

            SHA256

            e510f98ea44ed3f51f9fd1b5b1be52fd72ba1f9a8c51ce72fa2a908f30dbde6d

            SHA512

            192fb273d449eb07aa749300aa468469b4a058170dce54199b9c87d1e1f4e96e02626311d3eb52998278f3656f56f857641ec9fd9432487ce59813f5de1a1638

          • /data/data/com.manyufun.myfapp/files/.jglogs/.jg.ri

            Filesize

            314B

            MD5

            4c9e6a5fd5dbb9f483b5ca572f05769c

            SHA1

            9af222c7d505afe1690f87be60e9df061cec28bb

            SHA256

            cce412d8faef71f47b53ab28cb1922a271fee4ef0727c338a8ddee074f9d72e5

            SHA512

            572d8d76efb93c6caf9ec07c8b74037a45e36c7727c82ce3ce2999d86f8f7c47d84708b3e57b353ac0bb4bb414bee1279a816c90ce2adac4308f01e5be488914

          • /data/data/com.manyufun.myfapp/files/.jiagu.lock

            Filesize

            27B

            MD5

            4406d746387d655a1fcea7909e47cd53

            SHA1

            ee25b9a67d882564282a190ef74088ad23009def

            SHA256

            70634cc4338d4ba2ffe5f0653d6a75963a3ee4e9ea98ff1acc12ab6262c679bc

            SHA512

            3d7f579382c288e2b5deaeedd1f46152e38ff235b0b54dcefa40efbf8aa23a5d0bba6adf77eaee810225cc285b0ba0b152e8ed3dae37549ff624bc37cea8408d

          • /data/data/com.manyufun.myfapp/lib-main/dso_deps

            Filesize

            144B

            MD5

            9a3914bb0b012b584410a6935c72b49f

            SHA1

            f6b4e00fd1ebcfcd1fee84547cd00453b133ccfc

            SHA256

            f8bff2dcc54c6d82c14dd923780ce2db49d0987cf60ea44ac1780a07d9893931

            SHA512

            363d9dd47ba24b57e6a3599891ddc504353e3b1e13233e47eb39389824885841ece1dc6edcb2742e3b4f01eed26d4d9b1ffd23757288136ce7bcfc8b22eb5ce9

          • /data/data/com.manyufun.myfapp/lib-main/dso_manifest

            Filesize

            5B

            MD5

            c06857e9ea338f3f3a24bb78f8fbdf6f

            SHA1

            c5a0a2529d2deb60fec041b4fbd722a2ebe31702

            SHA256

            957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

            SHA512

            29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

          • /data/data/com.manyufun.myfapp/lib-main/dso_state

            Filesize

            1B

            MD5

            93b885adfe0da089cdf634904fd59f71

            SHA1

            5ba93c9db0cff93f52b521d7420e43f6eda2784f

            SHA256

            6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

            SHA512

            b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

          • /data/data/com.manyufun.myfapp/lib-main/dso_state

            Filesize

            1B

            MD5

            55a54008ad1ba589aa210d2629c1df41

            SHA1

            bf8b4530d8d246dd74ac53a13471bba17941dff7

            SHA256

            4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

            SHA512

            7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

          • /storage/emulated/0/360/.deviceId

            Filesize

            48B

            MD5

            1d8d16c4e3b19ebf18988530d9b9a757

            SHA1

            bc94c1cce05cd848a53271ecb9c5311e27ffebf5

            SHA256

            abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

            SHA512

            4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

          • /storage/emulated/0/360/.iddata

            Filesize

            32B

            MD5

            fb0404e1898af1a9c1094edd50b23f62

            SHA1

            d7c00e89ff9f91a697b1a8847f80ec21a9533973

            SHA256

            8752117f6e050eb035de9a2e52ed049013aea2d1d3d2bfc35be2f239fe4957ae

            SHA512

            2cde42995499d40277025663b083f2776b680142abc2949f622b67f34b135ffde627b49ba1147da27d258b47c549589e1e894f2f2f5c2cd2cc88eceb47ff628c