b0b3774310059a437d23deed21beada60b5c119587c9c3fcab010218905c15f7

Analysis

max time kernel
73s
max time network
152s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
14/05/2024, 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40cd318246e08a43c2b7e7b13b912497_JaffaCakes118.apk
Size

9.4MB
MD5

40cd318246e08a43c2b7e7b13b912497
SHA1

654db22135370c24acf222d916b2c6f7201253da
SHA256

b0b3774310059a437d23deed21beada60b5c119587c9c3fcab010218905c15f7
SHA512

8f732dea05c697b66739146f57a4f29752c612559dc8193a981d657398abc7204f4e91e1e7e2412df26729f1e96cfd2269e7ef0d598cfe4d02a8db2cfdb68f8c
SSDEEP

196608:TwEKDHCCo5YXc7Y1e00kTKUOU7e7gvo0UakIsp1j:TwVo5X7B0zfOUy0vQh3

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 9 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.gosing.earn.syz/.jiagu/classes.dex	4273	com.gosing.earn.syz
/data/data/com.gosing.earn.syz/.jiagu/classes.dex!classes2.dex	4273	com.gosing.earn.syz
/data/data/com.gosing.earn.syz/.jiagu/tmp.dex	4273	com.gosing.earn.syz
/data/data/com.gosing.earn.syz/.jiagu/tmp.dex	4323	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.gosing.earn.syz/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.gosing.earn.syz/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.gosing.earn.syz/.jiagu/tmp.dex	4273	com.gosing.earn.syz
/data/data/com.gosing.earn.syz/.jiagu/classes.dex	4368	com.gosing.earn.syz:pushservice
/data/data/com.gosing.earn.syz/.jiagu/classes.dex!classes2.dex	4368	com.gosing.earn.syz:pushservice
/data/data/com.gosing.earn.syz/.jiagu/tmp.dex	4368	com.gosing.earn.syz:pushservice
/data/data/com.gosing.earn.syz/.jiagu/tmp.dex	4368	com.gosing.earn.syz:pushservice

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.gosing.earn.syz
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.gosing.earn.syz:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.gosing.earn.syz

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.gosing.earn.syz
Framework service call	android.app.IActivityManager.registerReceiver	com.gosing.earn.syz:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gosing.earn.syz
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gosing.earn.syz:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.gosing.earn.syz:pushservice

com.gosing.earn.syz
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4273
- chmod 755 /data/data/com.gosing.earn.syz/.jiagu/libjiagu.so
  2⤵
  PID:4297
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.gosing.earn.syz/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.gosing.earn.syz/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4323

com.gosing.earn.syz:pushservice
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4368

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gosing.earn.syz/.jiagu/classes.dex

Filesize
6.5MB

MD5
12ec9fb356475beb262f47479148f9ff

SHA1
a943ae307754dfbb2905a1cb659e773b7da9a0af

SHA256
f3d1169d3d07149fb7ce906f018c84d97388b80bae893550af975d9eb7b79c11

SHA512
d5ab417ceb9b45591837e6e51a34cdbffe9703bca1573568ce926103eabb9bbaa5586056e0700fbd1053036ffd2a001467da9af29c25b886d0544402bfcba116

Download Submit
/data/data/com.gosing.earn.syz/.jiagu/classes.dex

Filesize
6.4MB

MD5
b2b942dc8862e6aca202e44156d84dd4

SHA1
e987cc70196a17e285a893db826c035d2f3e5776

SHA256
cb7c3fac46621c76b17d289206b6f28a1450e3d451d96c784b114a98a03da400

SHA512
5361d441e93e89a9b2cae02a6b38bed0d59285c55b5c6893be2f01f442670bca2e94b7a58b5b60ab06e2821d897eb33c19983e9ed966545d39ad9d753ddff3b4

Download Submit
/data/data/com.gosing.earn.syz/.jiagu/classes.dex!classes2.dex

Filesize
5.7MB

MD5
50dff7de6f568053c1273654337dbb2c

SHA1
338b0634340569aaa13a91c1d72105367a84b657

SHA256
67c735825e35e2dc3147be65c1d5d20622da2a581971916501395298de80d63c

SHA512
aeceb29fe85a19e24b10cca34467b05cb681a93d8fd7905dbb4df9347857c9dd0ede0c238a832143eaa198b90152c8eb672104640934503658c0e3ec0f9a2a08

Download Submit
/data/data/com.gosing.earn.syz/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.gosing.earn.syz/.jiagu/tmp.dex

Filesize
512B

MD5
e7475a15961ee772cfdaa62b2ee5b86c

SHA1
1f07032405c61a35bf10671ddb2a998e541c9666

SHA256
5bec5684f50a3c1cef05e06b0ee41a3c1d60f0697ff82dd0b0e2e31c0e0d8e32

SHA512
0137cb2f2908ecdc470b7f69e18f9fe2f55c4a7ad9e47ba296cfebc607bd919d284cf52a506017b556ffbfdfeff6e4784c539b6423873238f808dee5b039185c

Download Submit
/data/data/com.gosing.earn.syz/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.gosing.earn.syz/app_crashrecord/1002

Filesize
229B

MD5
d1eadee148d000f084f1294dca2eafaf

SHA1
68b184b5777349b98f18da28733dab83d4d1fcda

SHA256
a6e9476fbe38e273bb4834171c67b210df9038ec7c7e95d2eb94f4b5fcab8e9e

SHA512
f00abbb1af737e6f7f4aa0ae9e14abc683cedf9d3ee363458b1738d9dbcebc344730ac0915057d5556a2a44473b72a8aa646dd468c98a9d2222c2fb6498773c6

Download Submit
/data/data/com.gosing.earn.syz/app_crashrecord/1004

Filesize
229B

MD5
66eab81a49d4a07cbb2408a61e8ca81e

SHA1
eee27f8a4c20c7402828afe857c43f854cce0f10

SHA256
c1d6af7f0ef76d54d66c298a2bdf5731f365cb6f60cafd48befc8138d8c3496b

SHA512
e39dff6a7cf0e66c0d5b4e613a1290bc26a60ef405c9f78d7904dcfa578452e08a8285d38ba83b4e6ca8289fbd64be82edeb818237599737569e17f8ced11692

Download Submit
/data/data/com.gosing.earn.syz/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.gosing.earn.syz/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.gosing.earn.syz/databases/bugly_db_-journal

Filesize
512B

MD5
31ea1217ea08c1daafd3f19998d399dc

SHA1
28d18b4e5bed8b61811425732d75ba9e1cd60c1b

SHA256
ea59552cb0fe4d01040e366efc593a98c41ea0be903e6d21f9fcbae9b35b6124

SHA512
be934752297721eb1bbeda8ccfdc77cab27facb2f7dd5b0078d4cd444382df600e182b7ec8dbad64373e547e9045871aedbe1855152c4c14856e7d3ae55e178e

Download Submit
/data/data/com.gosing.earn.syz/databases/bugly_db_-wal

Filesize
68KB

MD5
646b2393a3157a2b91fe505ad488e3e0

SHA1
6951f1f557aeff9a983250ba051ff49701422b51

SHA256
ecbc37064dba72b026d3e7d5701f21840f93f8a60720d5d9b4a899ffbb01458a

SHA512
467ec345e601d9b2d57914406d45327779c3277f450db91b9bd5422a3dae455f6d95559bb9717c4a375ccdff2e1850bea15520bfe1cabafbf7d3d9375be60217

Download Submit
/data/data/com.gosing.earn.syz/databases/pushsdk.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gosing.earn.syz/databases/pushsdk.db-wal

Filesize
140KB

MD5
6e3b9ebb2a0f4136306a10cf9178ebe6

SHA1
84598fa3686a84b8682e5214b2a8637ca7af3cf1

SHA256
2360a637a56c56f6888459e74f7cbd78f258e23c6b74f6c99142817da0c70dba

SHA512
3c65b08a84f375bd12beffbedf56b136856c66a2ff45112e46452d773ca8349260167efe2794705f7565be12476a1cc26265a8f74e375f7a0a8dce631b28911f

Download Submit
/data/data/com.gosing.earn.syz/files/.jglogs/.jg.ac

Filesize
14B

MD5
4af57fc40a497f73062841681d27cdd4

SHA1
3d4bf0744b857571f8b43bdb31f1dc23cd32c7c3

SHA256
052b00f9154e2ad6c48eeb2a714b9a51e1b2d9d7b0c6c4221ed685838ea58c15

SHA512
43291b6b5695617315dc98aac3be158f4388c2119fde861fc24b1f5b02b2ee91812e7ec3795fcf9e5a70e968a8b3257616dbb621167a732fb9fce8437bcaecb7

Download Submit
/data/data/com.gosing.earn.syz/files/.jglogs/.jg.di

Filesize
340B

MD5
ff0fe74a72db7dfe5116f2053650cc2e

SHA1
5b68f9df83b82be44f838dcaaf69365ae311e025

SHA256
6ff59943409ee63d2abe1913af4e99b8b814e79ae54eb2e0fcd9a26f4dea5588

SHA512
56ff2cb590b4ff0f458c39e940838269631e79337ae7b665737e43301b50acad0f613c8e80a19e37b546351459efd9b03bfbec452e647ad82c3ca2c7450cabb6

Download Submit
/data/data/com.gosing.earn.syz/files/.jglogs/.jg.ic

Filesize
83B

MD5
83f1a41a1f8cb1e2043ae0afd0da2497

SHA1
e1eb17e19a21daaa095fa2af5715f04e475cabe9

SHA256
319253306f687ffb9d9e2f79bdaf9b323a90e75cee54bf507dfd97ad9dcd7945

SHA512
cb01c5d4cff729f131075ef0d9a8b3f431afdc28aca00efba81fb92ac1e8a8bef99160a5e67afa8adf8abc260784ff575ae89669964a04da0666880743cff980

Download Submit
/data/data/com.gosing.earn.syz/files/.jglogs/.jg.ri

Filesize
314B

MD5
213b2be6f27a325e8119fc377c384374

SHA1
c2adfd32edb55a80e4d16edbc867094ac18aa062

SHA256
3c3f7b9b07fbace478c5d948bfa6b2b02396cf74b6b598e015db3d439b6575cc

SHA512
1705a9a61bc3f276debe66858d99db6c0132290b5fc1d9256c6b24ecd0c98cfeb1b94f3b016f7ff7699572405249b80e73172a7f5b28f6ed4a87e57686dc0c89

Download Submit
/data/data/com.gosing.earn.syz/files/.jiagu.lock

Filesize
83B

MD5
760a4b1f12eb6a16a150b916b32c2d14

SHA1
4e8ba6354d2303aa705cb2445fb185b7a935c914

SHA256
052679cc3aecf230c4cc1595718677b47445279e7a016364b7c6b54db9ac86c9

SHA512
76efa0e055f3199d9a325cba2f78c2b426f79a8e0c2d33ff0e91464558b31459e609b81b6ed89e52a0cc7a8b602ea460a4c1aaa1800bc17fd7b35a9ce7741c88

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
b6f943da3b3c7abb8d1a6baf8edbda63

SHA1
4636bd564cdc0ed26a4b88baec6fae792ed494b6

SHA256
cbfd8ea2faec491958fe0db671dbdd155805967e32e148a9bb6aa032a1743aa5

SHA512
ab7bc3af3e1dd5d1cbd74899a12596a8a5d084085341737cd127c95fa6be3978584f781772b49f7cc56e0f8f7e1d1835990a8f6f204f9419bc3ba8ca47a09b7a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads