c0eda9b699ffc73231296cd220b1b5314632db7625983790adc1f6842ed8a8fd

Analysis

max time kernel
10s
max time network
147s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
20-05-2024 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6007a132635358382f82986da6f175e1_JaffaCakes118.apk
Size

9.8MB
MD5

6007a132635358382f82986da6f175e1
SHA1

42915886874f566f0516d0e97f543d2eb90a1e26
SHA256

c0eda9b699ffc73231296cd220b1b5314632db7625983790adc1f6842ed8a8fd
SHA512

120e640a329e08353d558bedc3210f93580ad11f0394be7f9224af0eb5d878e20f9ac45399d610ba85c7f6236f6f104a988d892563e2a91b35774bfee4bcbcfa
SSDEEP

196608:PCjVH0HW5mwtdTLI3dJ/Kcet9DvrKUC9JIcynJYboWHvczMxfFJrOEh:PCjiwtR83dJyRrqD6JuczMxfLrp

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.lt.bc.mb.mrmfxs/[email protected]	5116	com.lt.bc.mb.mrmfxs
/data/user/0/com.lt.bc.mb.mrmfxs/[email protected]!classes2.dex	5116	com.lt.bc.mb.mrmfxs

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lt.bc.mb.mrmfxs

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.lt.bc.mb.mrmfxs

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lt.bc.mb.mrmfxs

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.lt.bc.mb.mrmfxs
1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5116

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lt.bc.mb.mrmfxs/.jiagu/classes.dex

Filesize
8.2MB

MD5
659a4b3d6a27e90b63737d911839d2ad

SHA1
4a03dbe1057d76f1a63f010622ab25d06ba9efa1

SHA256
85fc91a67de9e9af75ce2b118ac55df9dda2dd250c3007f62fbe016eddada268

SHA512
dfeac12a3b2c2b32370fa087dca18a6acbf343e89359f5fe30390e0a96758fda15d197e752de856f55a51b801cc8d2fb9970ca2781d59a1c230fe11a6f861747

Download Submit
/data/data/com.lt.bc.mb.mrmfxs/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.lt.bc.mb.mrmfxs/files/.jglogs/.jg.di

Filesize
340B

MD5
ea845ab63999069184b24b43ea8a4aa0

SHA1
fc4e3a4e220b382fb024704d5d23ee3ed6fb1da2

SHA256
32929464ce2246c2fd6ee794e6dd7130116dd0075acd15e7f96e3e7d617ce6b0

SHA512
ba738b3364e0eaa32d9a81ed9ba112fdb61666db132eeaf2b4d11eb2eefb546513e102a2056927f00635e68de8f8f77317ebe6cd669b4ae931b6bee7c73afc04

Download Submit
/data/data/com.lt.bc.mb.mrmfxs/files/.jglogs/.jg.ri

Filesize
314B

MD5
e014bfa5c170e5bf68e6bb257d806e65

SHA1
f2fcbb1d7da80dba2154ba35d775dcb323823621

SHA256
0a1ad123060a259556d8180ea6af89c0c458b1497741ec95c9144a0890da50bf

SHA512
df079e658119824a06e82a2efe86e6c890150f8b312ae0096cea3fa419df0b34530985956effdd8020e5050cfb66f8d948bd0ead1a2642b9c12521bdf8df302f

Download Submit
/data/data/com.lt.bc.mb.mrmfxs/files/.jiagu.lock

Filesize
27B

MD5
4903f95b241095650c8398eac39ab2b5

SHA1
389bf5fce2645bf97ff866a1dc4e758bf8277af6

SHA256
e285af03bbb5f227860a1fc1507dbd572ddc1077b46c9d9f735ec0dcc0927b31

SHA512
b8a0b0efaae32bf15f88787641587dc0aa4acfc1f43a4f18246f57d4c580d37f3d0de45d0dc2eaf88c9d36e1aecabf565a16a854800d7ffa7c4a9b1dd1745097

Download Submit
/data/user/0/com.lt.bc.mb.mrmfxs/[email protected]

Filesize
6.7MB

MD5
46f2fb56792aa561c948d7f9b275d314

SHA1
8df46a944ad380091a2521f0eb2f568bdb9d8437

SHA256
021096d9a1ef0af91698baf5c93b67d962bea5e2408c4508606bf7e7d77bce0d

SHA512
3271a5dd1c53e444367703b27559873cac55d84187c1af5d0a765c6fe9772ab6ab8290b5b2938768a0f30237d62f24e70dfd65efd01ef999fcddd46904026dfe

Download Submit
/data/user/0/com.lt.bc.mb.mrmfxs/[email protected]!classes2.dex

Filesize
7.3MB

MD5
ae30b743a41d6a36ea99d3039a365aeb

SHA1
a798e87f27289bb7fdb4479ed306b383f5c15f07

SHA256
22287c8b377c346669d0961baf340b90a2d78daa98c2c8837470a59bcc5072b1

SHA512
d3c18ace4a3b99de23f7b7b558deb4d582120984b5a8d05d2e21e7b08b877c92d251b5073b27afbac3f0279f5fff528ebf1ea84ea0e1a422771b6e6cd6655e3e

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
8aec016f9fbd1f51682262189b73ea04

SHA1
728abeb62d52d5dc25df80ee6f11d6bf338ff555

SHA256
b7b5712440ac05ae21f71042beb9ea50fa7782ceba22e5941d8d9bb171e8d4cd

SHA512
726f7e72a148af3a29ffa72100331941562ff0cfada2e5f5fac04d4b2725e7b71e43d8c97f48e6a6da1e9254e9bd9b6ba5a323930f9dc4dcd64609b712247deb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads