Analysis

  • max time kernel
    80s
  • max time network
    150s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    19/05/2024, 04:47

General

  • Target

    589d6fa413e083640fc16ce9afec65b2_JaffaCakes118.apk

  • Size

    23.7MB

  • MD5

    589d6fa413e083640fc16ce9afec65b2

  • SHA1

    6ae92be13a52c105a534f578a64351a5ba6a75ed

  • SHA256

    45df5e19c65c28725ccc53908b531f43e8df7887f5dbd9f91f5ce790d20fddfc

  • SHA512

    2d342078d4efd46061c482751e8c851222053fb6d5972fd86ea17a41790091d5297145c3affe46adca3cbdf0ec5e2ad88da4c80bdb65c02402fc3195ca425fa4

  • SSDEEP

    393216:q9QumRjyzfKaSVE/TcH/QRdh4IyL5n2I8WQH0sOu1siikELPgZYiyHa7VO:q9Qum5y2ErCMh4PLmUsOu1siDkHHuM

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs

Processes

  • com.ldw.xiaolirili
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4206
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ldw.xiaolirili/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.ldw.xiaolirili/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4236
    • sh -c ps -ef
      2⤵
        PID:4374
      • ps -ef
        2⤵
          PID:4374

      Network

            MITRE ATT&CK Mobile v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.ldw.xiaolirili/.jiagu/classes.dex

              Filesize

              5.9MB

              MD5

              b9f9931b72aca62ab85f5dcf8453c13d

              SHA1

              a6e3386cfd33ccf92b19b3b047ded7ad38fc162a

              SHA256

              f004e201fe30837615cd45d2173f44d928cfa497afc2f34e43ca1ef8557f688e

              SHA512

              7c9f29134d9591081377c2149ff2b374a56d7886fabb8223f50e50c822529f8cbdce7e29cea5bcfa39a449745c9c3a59e0e675ba3a043274bfee1faf51ce77a3

            • /data/data/com.ldw.xiaolirili/.jiagu/classes.dex!classes2.dex

              Filesize

              5.2MB

              MD5

              0c56981f0d52eb30a6c3dc4f62c09993

              SHA1

              a2a5fb7d344f558046fcf41003658da35340f980

              SHA256

              edee9d3c501c4672c0d15da0adbf24b09fc177f62a4b8202435faf55b1151ab5

              SHA512

              6b4f4724d4dec7ec701dfa5adde92cb4f0c19fdc8220eeb211ce3e7ff5d10bdd42b6759202ea43a01f8f266fe4055e409f4f18a19615ca3da16a3d04880ce87f

            • /data/data/com.ldw.xiaolirili/.jiagu/libjiagu.so

              Filesize

              558KB

              MD5

              98736de515958ae37ae93a0a0e997098

              SHA1

              72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

              SHA256

              335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

              SHA512

              cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

            • /data/data/com.ldw.xiaolirili/.jiagu/tmp.dex

              Filesize

              284B

              MD5

              f1771b68f5f9b168b79ff59ae2daabe4

              SHA1

              0df6a835559f5c99670214a12700e7d8c28e5a42

              SHA256

              9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

              SHA512

              dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

            • /data/data/com.ldw.xiaolirili/files/.jglogs/.jg.ac

              Filesize

              32B

              MD5

              892a67f61d91246db75cc39fac164f98

              SHA1

              b243fd584fc39714cd5b1ae3c3d9cbb4428f2c6d

              SHA256

              4e772b8bcc92eefe3000ed19c884817f4c627c8a2d9cb9d97560778dc70edbdf

              SHA512

              d88447a17c8dc841ae0c726d06d2b35150292d0720e49cd519b06b9a81ddb6c504b03e42c8d5e5c7cd84f1c081c6c1e2971392f45a454979bcf5fa1e680e978f

            • /data/data/com.ldw.xiaolirili/files/.jglogs/.jg.ic

              Filesize

              32B

              MD5

              486413efe3c0f8c5646f2ed9408b1fe9

              SHA1

              c4ae6004107be7b2762a7626f9450e9366aef855

              SHA256

              dc3ee62e914f3c46f923f07e4dd822975babe515aa08df28fe4a2b5357e779e4

              SHA512

              24b6af045270f11e35c631fc528afb3a80228f44ad0251cf5375ef0a0572d1241ef9e461805c2854424aef771bd3c2b5412c3e2d98df0420cb6ae2649f39f542

            • /data/data/com.ldw.xiaolirili/files/.jglogs/.jg.pk

              Filesize

              32B

              MD5

              c20f5ffa7737742401fe4968d61b80ec

              SHA1

              20c822ee7508ba2d578f17bc44140a4df24fd12a

              SHA256

              9f2fa0cef2d4c34fdc089d08dfc98beb07eb50543a992240260391793da7a3b8

              SHA512

              24b68c59ba2053a59f37aeb66f922b41738b0ad96f5e5bb7e3fecfc23eeca965655c83765caf6af36c98fe24b29504bee18725223d1e82638425e52274f7c6fd

            • /data/data/com.ldw.xiaolirili/files/.jglogs/.jg.pk.h

              Filesize

              64B

              MD5

              7c30ef5a25d5f1f5843ce8179d238580

              SHA1

              73caffbf5cf0905e5169c08c27948fed6016bafd

              SHA256

              ad700568f93cd3303ccddf94ea9aa221fc3bd896206543fe2206b9d41b81c7d7

              SHA512

              2bfd61511fd3b622cebf173a725feb1446d4fa7e02d1c2c868a2e57b08454bdc88a570aeea5dd4987793fa379d86a168a43944bf8c8230701bfaec2a60983c52

            • /data/data/com.ldw.xiaolirili/files/.jglogs/.jg.rd

              Filesize

              32B

              MD5

              de97b290c04009a4a5d7da3dab315cb2

              SHA1

              d4db70f80431cd249162523d6aad5f14eec31b8b

              SHA256

              aa1cbb52a85fe5b69d4d2eba7c6a82815eeffcc0c584d2723a181cb7306d24f7

              SHA512

              b2d8f6d2dcae7f91c461e5e736bc2dc2ff5ca5dd603ed59a9f87745e6c16ae007d476d0e94591f684dd8ee092058100964a2c76f4a4fbbfcbf329545a0724b4e

            • /data/data/com.ldw.xiaolirili/files/.jglogs/.jg.ri

              Filesize

              314B

              MD5

              6f55b9f3c2bfc90106ce7f439662099f

              SHA1

              1b1879943292ffd0a8305843dd8d62956dc65e42

              SHA256

              6a14964d0d77bbedd1a1aab14ba40bfd56a5c96f1672d516957f6415ddea3a82

              SHA512

              69145f09b2f859d5620506411089c15c539ad83a7287b5c024a2fdcb27ce06ace0e1b395ac1d95c8bed55415ba7e0d0a96b024f409d8f39303b0a41fb869a7db

            • /data/data/com.ldw.xiaolirili/files/.jglogs/.jg.ri

              Filesize

              307B

              MD5

              f54412c19cdde887dd370481fc43d37a

              SHA1

              7f1b7cab3424a4703a73bc784510d91b878f3b73

              SHA256

              ca54ab5aecc299fd441c0af1672d2ab147c0f30649f09405952d1f0e313e6db3

              SHA512

              1de59ebf095060bc6ceabf0141cd34b231e45fcc5aef6e62ca7574a4bd4e550c7f6386cc65c54e9aafdb56ae6bca2fe1111034cb3f7c734f9b8df52f3a6e9bb1

            • /data/data/com.ldw.xiaolirili/files/.jglogs/.jg.ri

              Filesize

              307B

              MD5

              97ae25d37ab468cf089789827d01b55b

              SHA1

              ede886a3d0af564f341b226b7aa508cd3621c347

              SHA256

              b95582a259700378fbb216115f1654ec3cdb22e24968de9a456a97af4f10a638

              SHA512

              e1a7bd7206d26758640c6eac016f6dc629a20a5dc01ac4f2f9209600ba0a5b908daaf7a3b0a0f9c494e1a86651d7d5c6ee8f702b866051df5404ec430bfd8a66

            • /data/data/com.ldw.xiaolirili/files/.jglogs/.jg.store.report_cf

              Filesize

              32B

              MD5

              70078fbc9b233f47677a5b18ca4fc93e

              SHA1

              d34f91253b1aee4fdb474bdd438981ad6afc642a

              SHA256

              d97bcfa8794c4011868c13b1bdd811091948c4b11df8c3fae7c0527c4f83fef0

              SHA512

              7bc663b61e58245bda8227469f2e1637cb842f6dd275e80d6ef9796f4f6180d120483d07b091832f3dedf57777eecd0743ae495e9b2b892f376e2bcb9620b5ed

            • /data/data/com.ldw.xiaolirili/files/.jglogs/.jg.store.report_pid

              Filesize

              32B

              MD5

              c9aed6fadcd29cb0d89c4913967f1020

              SHA1

              4e23383ce2f6714f3d724b214cfb9f186cd68d52

              SHA256

              656821c26c1342e1770f67d60e90c25bd19e5c400789e5d5f38f4e34c8f29684

              SHA512

              fd2f13647b5a60e4da22ab1b7f4a6460dfa2872853470b2160270829baf8e09ce919bcf735d4e3f3ce9990f640e2c46d5de3cccfa195b8307b51d6ed29e4477c

            • /data/data/com.ldw.xiaolirili/files/.jiagu.lock

              Filesize

              27B

              MD5

              2ccacee45956939ec1f3fd6ccd08bd8d

              SHA1

              355f286622f74e4717e2d9cc9441bceb053e7665

              SHA256

              46f2055442dc2bfd2a53f729346dba3e66ba1ae0c60d40a099eeb50104d1cd4f

              SHA512

              7a056060a3a968b5d3e075897f43260e6c9f5fae69cecb82ab5dc5ac33147efb04b392b9685d8e60ef4ab782d0a1d21edc62b04cadc1d034fedaa06b03d3ba09

            • /data/data/com.ldw.xiaolirili/lib-main/dso_deps

              Filesize

              288B

              MD5

              a770e1549f7e2c5230e12ed2ab7e418b

              SHA1

              c504ecf5d8eaece0df59f7a5f2d364b7b0680f5a

              SHA256

              49065db8f8eaedcc08c3a4843287ee575a1e55abbc84ca376d1ba80e9b147bbc

              SHA512

              b58cd7333f9fd699fd40a2e02cecefee9a30d4b16aa4dcad19016e5540eecac4dfec6b402f721cb9ed44b73dada43fbe699c8b2a115c534b6cb7caaf69528383

            • /data/data/com.ldw.xiaolirili/lib-main/dso_manifest

              Filesize

              5B

              MD5

              c06857e9ea338f3f3a24bb78f8fbdf6f

              SHA1

              c5a0a2529d2deb60fec041b4fbd722a2ebe31702

              SHA256

              957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

              SHA512

              29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

            • /data/data/com.ldw.xiaolirili/lib-main/dso_state

              Filesize

              1B

              MD5

              93b885adfe0da089cdf634904fd59f71

              SHA1

              5ba93c9db0cff93f52b521d7420e43f6eda2784f

              SHA256

              6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

              SHA512

              b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

            • /data/data/com.ldw.xiaolirili/lib-main/dso_state

              Filesize

              1B

              MD5

              55a54008ad1ba589aa210d2629c1df41

              SHA1

              bf8b4530d8d246dd74ac53a13471bba17941dff7

              SHA256

              4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

              SHA512

              7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339