46f91e9f87b1e7287e1452ce8bfab8ef12429fac3f68dede82c522cf87684816

Analysis

max time kernel
70s
max time network
175s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
14/05/2024, 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42915b74a51083d11811b97cf71a7855_JaffaCakes118.apk
Size

30.9MB
MD5

42915b74a51083d11811b97cf71a7855
SHA1

f034eef713265a1702713d4bbcabdb2ed66459aa
SHA256

46f91e9f87b1e7287e1452ce8bfab8ef12429fac3f68dede82c522cf87684816
SHA512

6686737ff194fc79e7b6842930baba621ad039f50dec55604554421201054b5f4bae7287ad8f86f96aeb91cf96877366da9a7a3ca27e62197fe47cca3d3693a0
SSDEEP

786432:hxvOX1oRjIDu3UIY5h0CPvCuyuIgDyIOtvK2vhwDXD+:aZxpwuxy9AAgS

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 7 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.serialno	com.jingoal.mobile.android.jingoal:jingoalprocess
Accessed system property	key: ro.bootloader	com.jingoal.mobile.android.jingoal:jingoalprocess
Accessed system property	key: ro.bootmode	com.jingoal.mobile.android.jingoal:jingoalprocess
Accessed system property	key: ro.hardware	com.jingoal.mobile.android.jingoal:jingoalprocess
Accessed system property	key: ro.product.device	com.jingoal.mobile.android.jingoal:jingoalprocess
Accessed system property	key: ro.product.model	com.jingoal.mobile.android.jingoal:jingoalprocess
Accessed system property	key: ro.product.name	com.jingoal.mobile.android.jingoal:jingoalprocess

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.jingoal.mobile.android.jingoal:jingoalprocess

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: init.svc.qemud	com.jingoal.mobile.android.jingoal:jingoalprocess
Accessed system property	key: init.svc.qemu-props	com.jingoal.mobile.android.jingoal:jingoalprocess
Accessed system property	key: qemu.hw.mainkeys	com.jingoal.mobile.android.jingoal:jingoalprocess
Accessed system property	key: qemu.sf.fake_camera	com.jingoal.mobile.android.jingoal:jingoalprocess
Accessed system property	key: ro.kernel.android.qemud	com.jingoal.mobile.android.jingoal:jingoalprocess
Accessed system property	key: ro.kernel.qemu.gles	com.jingoal.mobile.android.jingoal:jingoalprocess
Accessed system property	key: ro.kernel.qemu	com.jingoal.mobile.android.jingoal:jingoalprocess

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.jingoal.mobile.android.jingoal:jingoalprocess

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.jingoal.mobile.android.jingoal/[email protected]	4601	com.jingoal.mobile.android.jingoal:jingoalprocess
/data/user/0/com.jingoal.mobile.android.jingoal/[email protected]!classes2.dex	4601	com.jingoal.mobile.android.jingoal:jingoalprocess
/data/user/0/com.jingoal.mobile.android.jingoal/[email protected]!classes3.dex	4601	com.jingoal.mobile.android.jingoal:jingoalprocess

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jingoal.mobile.android.jingoal:jingoalprocess

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jingoal.mobile.android.jingoal:jingoalprocess

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jingoal.mobile.android.jingoal:jingoalprocess

com.jingoal.mobile.android.jingoal:jingoalprocess
1⤵
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks Qemu related system properties.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4601

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jingoal.mobile.android.jingoal/files/.jglogs/.jg.ac

Filesize
40B

MD5
a80146fa283afdf78798013defce5158

SHA1
226e97e49f64f2b56ddb2607b330b24923e2ed43

SHA256
4ffdb2015d474d8259d34a70e44b4bad171266812f9dfdd8a73073ae7ba893be

SHA512
c07f864999281bd515a39ea20942a051e71da14acae5d174521ea4b848c95b459ba1ca2a9c1aed7e399c8e24c3b5c8e5688479a084d541fc47a44974b8f1c1fe

Download Submit
/data/data/com.jingoal.mobile.android.jingoal/files/.jglogs/.jg.di

Filesize
340B

MD5
f4d706234552205f0b9a41523bae0f47

SHA1
b0f2da5800605cd423c3f03a863e7fa83a4fdfe5

SHA256
fc84926e2424f92a536d3b5152d7b65764c04531fbef1361685f431caa234df2

SHA512
cae87cde3abd424535ac340f3ebef7af32ec8e26f55d4146f38de49e3fb565236f874e7b306b041250bfb763ee046870c218c952cb0668d8bb5a83aa738ff445

Download Submit
/data/data/com.jingoal.mobile.android.jingoal/files/.jglogs/.jg.di

Filesize
340B

MD5
5c7fc922fb8f4196e8f9943fe0f5447c

SHA1
177ad72de6a464e5f7533772d8bed05262b5905e

SHA256
dbccc98b72612357a608e2adcd0f96ee11cf39c1bced834df95effd6780a59bc

SHA512
fad8b80e09b09c6f432d142701a3dba4099cf4f9a57b1fde2a4c768f1f11f208e964bd3188c8160300feaa92cb4c0072fc78ca1a59c797356bca4a15523a71ed

Download Submit
/data/data/com.jingoal.mobile.android.jingoal/files/.jglogs/.jg.ic

Filesize
40B

MD5
de6c5f33dc61d52eef90a75f75e74094

SHA1
6dba54d542da2d813a91d6857c2a695d97b11606

SHA256
8aa0772a9fe65de8967f4dc95d3459cb4bfa3a57d1580be5b35802beed19abb7

SHA512
0bea5e56e330601903ce7deac48bd5f90c96f68c52535481d18686b41f33442f593780ae9452cf8a0586c17772d929913097dc00ec14f918c15c1950f440f8f1

Download Submit
/data/data/com.jingoal.mobile.android.jingoal/files/.jglogs/.jg.ri

Filesize
314B

MD5
a98d4dc6b209700a4d7211dc5e588625

SHA1
c15c125870ad6d9d3bc9d77e5001aeb6e3a10682

SHA256
4a255be35831d5e9811cb0e5b053e18080bd608f9ef53baa408e8e0b45be9367

SHA512
2ab85df8e3fde003c6c37c8b67485058106d3ea268e604c58179ce26499b3f41688f0794616622924c6b543715345e8a4340890ba111d6a68f6ea689bf6635f6

Download Submit
/data/data/com.jingoal.mobile.android.jingoal/files/.jiagu.lock

Filesize
27B

MD5
fcc10e4a2bd565022c14585e81e472db

SHA1
820ed4434fcb660ba4295131bb3d9dd8e8c1e815

SHA256
4fbd1bfaf28ae04b954cbd5a6d087c6b252d4aabc69c6975b799023608d82728

SHA512
38de94e45af17b2d71c3db826d578b8f5466c91f0c163be14293c26c80ead27546cde6c868e48b3ce6bb211ffda95314f6ee9129d7f29ee618880a1ca6369441

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/.jiagu/classes.dex

Filesize
8.6MB

MD5
7549f1603e5ef4ae53f1e2e3b82e3f8e

SHA1
cea93c2f37591a7e2cf1148decbc4251151915c8

SHA256
36118e5cf3a1c27b583f2e84d6c9ce16282c86f144e16b2f162795363767c4b5

SHA512
40663d778d73c7437941d5eb752f228efded2dc08902ff9c4e4742887256f22de8103fb4e96ab7fc860f7d5cf372c6359732aa0e7db72391e6201c69b786ca7b

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/.jiagu/libjiagu.so

Filesize
446KB

MD5
8f55d5deb281d8aa1a0b9f72f7185e58

SHA1
5ce262af6a74a11931bf4b1e92a59b9acab27f37

SHA256
b57aa883bd4a8241fe2ebbeec0988614da1ad453f5784f3439335a6f800c7944

SHA512
4d74f007dc4a19ac3a8ae3434f06d2509397301c0a9b0288475280801c8907ce48248459436416fb14fc5a3a6ce790d680b6b9c95d35afc49c2f0639199b56f6

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/[email protected]

Filesize
6.6MB

MD5
9784210acc7eb0dcfa344f9dcfca3a88

SHA1
0004b8d42456adc9c44ecd110d521549f662368b

SHA256
bc2b0a7f5632af32228d71b6af86eddfb66ea38bd6cc172cdd681430aa152c34

SHA512
19d3d62ac69991d3d1367c8f61b463a55412ecbe5c2263d472ec995ffb1c7c5d4886c84f45ea81924448de2a86e5e82b4b415bc7d3ccf7a91af3e8d2a304e3e9

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/[email protected]!classes2.dex

Filesize
7.5MB

MD5
7fbc26223a545d46d910263ac1021169

SHA1
955ed555181b4aa11b567c49f32dd30f0e649a50

SHA256
69ed07f59c88c87ee6234cd2c15985e11e5a08dfb6432db67c89369ead3fe3ee

SHA512
c982e21e621f5516dd85edba3a8173b574f7e444c8299a6eb5d6eeb4b9ac59e6ac7fef6e2cec9c3ab3a0a68f869017b8ff7039d527e196b2e00391007d73f90f

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/[email protected]!classes3.dex

Filesize
1.3MB

MD5
3d16d3a8460702c145f2f521f2071a88

SHA1
1bc01fa950d8a97f5900b061b93db85b8e9c05fe

SHA256
1b0aeed3eeb89639704abed96f3beffeae184deeb57d763678a78ec7afb30211

SHA512
cdfeb4b43ec29363a01d24db7d7c488662866d17e6c856ea8b405be39cba883a731e430befd7a6d9fc5512807f4cecb3dfc8294cbcbe6f6a7cc1ad2ad6c3a15a

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/databases/MessageStore.db

Filesize
36KB

MD5
f1abc67cc72bf5fe66779fa5dd1dfeac

SHA1
660f6d1cffa2bf57ec29105e40d08ab103cf18ad

SHA256
a953ef381606a6d98d98f3278e94fc1d5b58a0778f8ea3e305111586b759c14a

SHA512
dfbe97f3c1f3a3ebd63fc5bcee1b1dd1b91dfe01ac95af8fe897f44079e852421fa0c4cf038da6e43264d50f3e612ddc2be9aa17bf47ef604ca428fafe0858de

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/databases/MessageStore.db-journal

Filesize
512B

MD5
6e6961741016bd907e1fab250ab3f582

SHA1
c559781b41d7c6b6ed49d98f53a2f82f269e77c8

SHA256
79e18120240379c2e95c47f56a38940e7e7b3715fce9ec96a9d8a476a10b938d

SHA512
d7ce571fbb9d27afeec872b7722fef6add8f05f06e0869d400e0b7a08d00612eee961d27ce25aaaa466b2f25d5c96ae7b4521d44a1b1e3a9c15a60607757db6f

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/databases/MessageStore.db-journal

Filesize
8KB

MD5
f2b781bc21e65f60e4c5a22bb30d7a68

SHA1
9489057e927c135b45e3048c503c97872751bf15

SHA256
fc37c0fa2cd0b986da4137aab8440cbbb9f50710103b77fbdf0d7e9a05e23bee

SHA512
caf22234036c52dc1770f1b843abad20453ca863e5824e466be2f8528d1473b51f90531baab9e58c8b432215a2f1f7b97957c20d26015a0d098f59ccdf369e6a

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/databases/MessageStore.db-journal

Filesize
8KB

MD5
a993e0b2dcd83de8a047efa03a0be852

SHA1
262dcc6e900a5c970679135bc8813224b20d5e8c

SHA256
52f5b77cf1bf37bbf816a01e5be93b18ea970a328156dfd24b4c4f80026f72d4

SHA512
47aac7153891f6c149c7b97a29747acc49e72baab3d0ce1c14144592efad94e8165e078f1790cdb1ea5e03a73304611d0804ebecedf967a0bbfb08ff80a8f031

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/databases/MsgLogStore.db

Filesize
56KB

MD5
1b88a60dbc1952b8a35efae400bb9029

SHA1
550edfd6c1707c5e246ada2e079cee11157ffe22

SHA256
e05b9921e91a945de71be9b409212c88b46dd7f9393b19053516bffd0c649b00

SHA512
fe5a5a98a177283a91339d219269d1552cb05fa6a91528722171b0c94366ca98846207545c5e0eb6ec7e15d7af16e2413ea2d480672989841f175732f7c9cf95

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/databases/MsgLogStore.db-journal

Filesize
512B

MD5
86252a33283a70d855bc081e7c396aa8

SHA1
72a9e90acdb145f489f6552945bc770a422a6964

SHA256
d0683ea4509dfc6f230195b86ec0752c0f7f1cfa51e00f39602a5776e82109b9

SHA512
1acb912bf2b401ff49f86768fca40347049765add3b72ee66206dab5dcf0c500cc76b309df036e2c627460a18340e74fac1d575443788994cd3970471cf9d857

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
0cf24288ce3510e22de82ad6d4fcafab

SHA1
1ec0079ccee11ea319179c4eb6000ed4451a63ee

SHA256
2219f520d85160d83af4dabf1a0b08f93043b2201cccf501b275dbbf8d8f27a3

SHA512
fbc11bc2d15ac0c826f7f87ceb3ad9aee9b5499bad8af78e764e699f3ddd3cc3fc5dce15a6cfea846b7a6afc39a73651e6f94af3b1e8b68ee1662c8d848dfda7

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
73b248a49de06c019b0304b340a941ed

SHA1
45834d7b0a9f30fa563bd92a0da458f562d21251

SHA256
c2e0b77cd5822b4c2ac603bc83ccc5b852b1fd17f56547eaa27fcfbad21f3652

SHA512
ab5b4e18937ad0a68a74de189e4b57cee62805b59961d15d2686b32dd8ced111dcf47de254dc60587cf637c98fd9367f9d2bb090ad1af611876e8196c3c4dd23

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/files/JingoalMUrlConfigValueFile.json

Filesize
2KB

MD5
55712ff915d2454a1c93a32ca248f9f0

SHA1
5c45232c99669bc23c40430a4f09b00ce4935322

SHA256
b8b05c58595eb0623928519c10429f5a71a96ac7a157866a91bc789df22f4db8

SHA512
6a4638ad5230c38888f59fc73fa40607948f44c302a64afa2679efb2e327b8b248ed0ca0ac8aebdc38937107d7238e22862beac0325928049a581a74ae945e13

Download Submit
/data/user/0/com.jingoal.mobile.android.jingoal/files/nuwa/hack.apk

Filesize
2KB

MD5
7ce04ca39923a472f57fb8c632ecedce

SHA1
c31070ba1e3bf8208658a954fe4c304ae7bee9d5

SHA256
0c9f14b2912c81e612fa17ce13f9d4ce2611ad5856e114bcfa63c0ff1ccb72bb

SHA512
aeedcca7f8790b28968843ee149d9a3b8d3f164a725d9be44c3d79838b70be636795b5414adc1432289acc82e89ff868c1c63e173cbd1d8f643145d140a6af41

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
160d7067aebe934aff2adc2265224dc3

SHA1
96e80c5996bfbf880cb22831fd4f1ef6352d72bd

SHA256
b0e6dbeaa65f82bb5793a99862b857a08650f96aecf41797ba23cec1545500b0

SHA512
c081b0aa3b9f6e6f300c1729804b3fd68b59dda77b0041a010c54e685fdde3ed9202d753949853f37351d0e620ef3c622dc64799c8c5f2008672eeb25311d59e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads