18a1f4aec94f0eb4d63b4e88f3e661bffde12e58349fafd0ad02150253b592eb

Analysis

max time kernel
58s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
21-05-2024 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63f072b5e767b938e2e8f541cabc557a_JaffaCakes118.apk
Size

29.3MB
MD5

63f072b5e767b938e2e8f541cabc557a
SHA1

6553c406777ae7ca73715800fa40ae32a9ddc1e5
SHA256

18a1f4aec94f0eb4d63b4e88f3e661bffde12e58349fafd0ad02150253b592eb
SHA512

0728362fa10fed2ff8274e50fd30e01d5fdc91b1890bddbbf4d517c6bf284ba6852f801f67e2aa70002e38cb9b8ba4544a5ba6b89e8bbfb9ba5954eba3020a53
SSDEEP

786432:C9IPvYarGoqoqbmk03QkkNE1fSG1HdPkqg6QS9XhuUt0q:CadrqFbmkfQSA5S6h9XhuUtb

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.orange.polevault.gtx

description ioc process

File opened for read /proc/cpuinfo com.orange.polevault.gtx
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.orange.polevault.gtx

description ioc process

File opened for read /proc/meminfo com.orange.polevault.gtx

description	ioc	process
File opened for read	/proc/cpuinfo	com.orange.polevault.gtx

description	ioc	process
File opened for read	/proc/meminfo	com.orange.polevault.gtx

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.orange.polevault.gtx

ioc	pid	process
/data/user/0/com.orange.polevault.gtx/[email protected]	5165	com.orange.polevault.gtx
/data/user/0/com.orange.polevault.gtx/files/ebody/res/37673/vva.jar	5165	com.orange.polevault.gtx

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.orange.polevault.gtx

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.orange.polevault.gtx
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.orange.polevault.gtx

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.orange.polevault.gtx
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.orange.polevault.gtx

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.orange.polevault.gtx
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.orange.polevault.gtx

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.orange.polevault.gtx
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.orange.polevault.gtx

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.orange.polevault.gtx

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.orange.polevault.gtx

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.orange.polevault.gtx

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.orange.polevault.gtx

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.orange.polevault.gtx

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.orange.polevault.gtx

com.orange.polevault.gtx
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5165

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.orange.polevault.gtx/.jiagu/libjiagu.so

Filesize
482KB

MD5
f380717bd1e3916c7b697fab8d46c5d8

SHA1
04f51f0d16097214e38be517d93be44cb0603a88

SHA256
8455632be7bacb221468c4daab2f9b5ee33739f08b22244ff81a36a02bec36cc

SHA512
b78fe11f77d2c0ec5b36850e8cc3b955661b31641405233c8842b91205e44dc16a30d7fc1ef18dde1b066c1b98959ae9c18be5472413d2b398b7ab6a6b52c07e

Download Submit
/data/data/com.orange.polevault.gtx/app_ebody/res/xmtok/37673/uuloi

Filesize
2.6MB

MD5
a4be05e15ad132090b309f396e91ff58

SHA1
8c8b8354188d80d9abf60f4f63883d2b92a553f2

SHA256
e2c35ba3e0b82ced9693b57da9c9c57a1e9914d272a8f94f9f39b40ec3451016

SHA512
1db29d80bdec4939d19566a9714cb400fcf7baf17b306b6b65ec92f573aa1910262cd4b51d9791af38b5951ef39bbb499a9003b9e0c528c31a2a21e45f09f341

Download Submit
/data/data/com.orange.polevault.gtx/files/.jglogs/.jg.ac

Filesize
40B

MD5
7b4fa3fc4547a9125b7b9c30e66b9b72

SHA1
eeef03c447a7cac7b351a417e366d0b2333cc5af

SHA256
d7886453983a6cadb613024cf3ef0b4f7e64a64b47ddbe370c0485dd493fbf62

SHA512
50a6eaf30a0cc1711553c87f2288e2a086dcd5d684bae1b8d1c1d5909080eff0f8f09226f6268e6110af3dc82607c1c429cd0cbe5510fb3d7e7adb6f46b3c212

Download Submit
/data/data/com.orange.polevault.gtx/files/.jglogs/.jg.ac

Filesize
40B

MD5
69dcf38a0d88fa6c39c2b16902553e29

SHA1
4c58d60ce78ea9c2f5444cfe9678a606f2c2eef0

SHA256
54085908e33c2816b1aec5c6b4a499259484ede0f906f612b0ba3bb3f6fd5024

SHA512
9d7cd9f2ab68e91172c6d7268258e12ee056316be062cad1f1fc09d3b38dbaada4d2c967c531b68be3bae11502d5f1e80e6d1f56bc4272c2ee593fc064ea4fe2

Download Submit
/data/data/com.orange.polevault.gtx/files/.jglogs/.jg.di

Filesize
340B

MD5
d06bb65166123a2461f3fa8866b0f960

SHA1
60f2acae2527ec2c5e5fcd4f00c6d07fb4566f25

SHA256
e5d470a4f126fa5a7f7b2e56ea00b3807a3615216a51a917fa974a204b97bde5

SHA512
5bef81ecf453c73d4605ce0882f11723a6a867c6e98087b4606352c4a9807b37171456657e3349e77096f4bb87cc6cc96a945cf9228ca41260af97615756940c

Download Submit
/data/data/com.orange.polevault.gtx/files/.jglogs/.jg.di

Filesize
340B

MD5
e06d4672bce2aebc77e29142cbe75e31

SHA1
f09a2bfab5e6700b392f295ca23e98ca105cd6dc

SHA256
c6b0cf337a4f23b52ab1ca6eee7093da5180cd780c1e41845ca74ce153b78b4c

SHA512
e84dc16c05796b7c43166339faa2e96dd5127ebd5d009256233647681a8f965ae99ec3917cb1c8f198986e7de7abf57dda4331fdb2221a6b68c8603a0497bd71

Download Submit
/data/data/com.orange.polevault.gtx/files/.jglogs/.jg.ic

Filesize
40B

MD5
314d3e243bbf301628001b4c9d4108e5

SHA1
a7b9204f2ea0985143db7c657867f7b0cec76189

SHA256
2abeb078e4016fee0e1a3345218f9c084a3f806e547cfaa7050926811067ada4

SHA512
b51fbfd9b2cffa50a357b8c6c714cdea58ea09d213b440ccd226442ac2795b281e3a3f344ac5733aaf030045d66c6d69b5682da7aa92554885ceebb48776d6cb

Download Submit
/data/data/com.orange.polevault.gtx/files/.jglogs/.jg.rd

Filesize
32B

MD5
25ad63675587b6d322cfe8ecc999dc50

SHA1
cfa9864675772d6ae08101161ee42eaf0ca2433a

SHA256
1991395e9779e184e075f3b5c80eb252260b1c8838a25711d132550232485bb9

SHA512
93153aae3188ace4fa4143a48abf6677b8c7e0af8fe0f804822cee9209a17bc74d6b0ecf607ff1283a1bbcbef48bd00ee453131ba2a1dccc0450616856e77890

Download Submit
/data/data/com.orange.polevault.gtx/files/.jglogs/.jg.ri

Filesize
314B

MD5
0c7b2d2d3b1f25106313952f75547d06

SHA1
1e72e2c5850a33a489e8c02fe37c6f3e077aa28c

SHA256
7217e4db521ad2477bda262d6984df9f42ed270d23de25563432191d43dbefd2

SHA512
565c8217c11cdec0ff5b4f5ff55603a7a1096c932730d36a3385e5c498c7965217938c4a8e2f273065fd2b41e970edaa2aafaf33b5956a2f97c1aa8ee33d85ae

Download Submit
/data/data/com.orange.polevault.gtx/files/.jglogs/.jg.store

Filesize
127B

MD5
c391fdfd2f4bddc630dac0454ac84325

SHA1
73806a7b169a7936f2bf3cee8cad6ef894cc3d37

SHA256
4233bf5249f9ee01ef6c4511ba5272dd1adde57d93daa5a3ff25b08c233e1a80

SHA512
4eb140505bb6fbeddac2845f9d07e43d79875ad9d4797fe30920afac38d3b8cf61cc8f0644bde78535ff76be4a46d56d2210f8bfcbb18d984b7da789a2992560

Download Submit
/data/data/com.orange.polevault.gtx/files/.jglogs/.jg.store

Filesize
32B

MD5
448e391c59eef34ee1defbe4dee4c41f

SHA1
df1f890987371d7d8e6963c68b787856e42bc146

SHA256
55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

SHA512
ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

Download Submit
/data/data/com.orange.polevault.gtx/files/.jiagu.lock

Filesize
27B

MD5
f74cae4c2641deabb4db4a5a4c2ab476

SHA1
1b9c7199e520559184ef63374ab79725e7d3f5d5

SHA256
82520dc98a887c9c9baa03132d37295b16039524632943440a345e7c87cf8440

SHA512
6aa9368f0fc6b60dd99bce7a6586d78363636f5ccea0d1e5defc5b5b3827db7b9336cc51092c089f8586bf2aa33f6dd468943f2c65792d787f89d2bbe622c91e

Download Submit
/data/data/com.orange.polevault.gtx/files/ebody/as/cheuu

Filesize
8B

MD5
8030f9e6d971ad5ce7de7527a94c725f

SHA1
df0960942b1a392bfb2b436221d170d45d706161

SHA256
700d598fd840de17e4ef82f0a84473bd2c28d8a3a4f46361f9028dacb3ba45ed

SHA512
f322ae83b415e26d83ea02f4176c47bb9c912a80e8906d3e578939c46fcc29664077a54061aa43f40434930450318ab494b4e33db81fce412f139b6da5b0edec

Download Submit
/data/data/com.orange.polevault.gtx/files/ebody/res/37673/vva

Filesize
2.6MB

MD5
c7464d7ac75c59a56ff2f6a0f9374094

SHA1
e18fb726a5a36039aa18c383b265e79a343479e4

SHA256
c22c33159bbba233c5747086b13a5ee067c44bc7726267e4d02b8993fde1f344

SHA512
93fd8ca48d0febfc386b9cfb4eb01e5aaf72ff0f9e1abd4720884fa0c93d422728f61da7edebabc1267a8aa2c4f6aa831c8d5a596d08f6b64ef696e19188a9f9

Download Submit
/data/data/com.orange.polevault.gtx/files/ebody/res/37673/vva.jar

Filesize
342KB

MD5
c575a286b11bbafcf8e4905d27f30977

SHA1
92f75a7425564f8e5ced10e4ef098c378a0748bd

SHA256
185c4ce6748aecf146255ae05828bb01d88b523d7c930e058c851ea5d329beba

SHA512
f71571ee69dbb5fea7ac72572b1e50bfac1c7b0a577a5163631410d9f002ce38ebc1e3da4b43000a3575b68b30c70609269c48d165e1cd326474d3e46e19087e

Download Submit
/data/data/com.orange.polevault.gtx/files/ebody/seey/tmd

Filesize
32B

MD5
f22d1c9d8805a03089a14cb8f0a077f0

SHA1
fbf44eea9680293a31ffaefdf4a51fe76b661b96

SHA256
c799bb41ae4a0e972aa7f51fa42bddcb39740813d1549c792a1bfd1cb159be49

SHA512
9c14964bf702554b46136efa6238920b25cdba7f228d72eb66de2efeed0e7f6a785770fc97bbd53819538c23add5ec41ed99933809c30ff8a95311728b044ae3

Download Submit
/data/data/com.orange.polevault.gtx/files/ebody/seey/tv

Filesize
5B

MD5
1c4ec9002d8f6c1ddae5c151e48cf718

SHA1
2425cc273831d722bee4906c14c03fe497b99c08

SHA256
f6c857ed9fb74036aad1662f0450a84601f9eaf5f9eb0e6943136fa6ffab21b0

SHA512
6371c3db3d1dd610f1d22a8a5c5ba3efb8e4d0fd8df158f0dcc001238072717bb1d385152e4b8f67d7283eaf41d0582f6381e859f83f673e8b4ec48ce59d76ac

Download Submit
/data/user/0/com.orange.polevault.gtx/[email protected]

Filesize
4.9MB

MD5
497f72f6b4dd191071d058c808e1f865

SHA1
a674b583dcf2d6c7096268e4f3a667a63b0c2a5b

SHA256
09a301f7d6d03212f7b8c1d89f7aba527812c0a25cd5775fa6284369a39d730d

SHA512
c22bb689a3ddf687f0249238e178fb087400809307aee70d6af8c7eee85bd579f5b763351d207bd98b4a30850c1e4d0d0ae871d77b947263a0349c04a73aea97

Download Submit
/data/user/0/com.orange.polevault.gtx/files/ebody/res/37673/vva.jar

Filesize
1.0MB

MD5
7eb039aa7728169a015707a82e1b41a4

SHA1
adeae37340af1ce383c908cdc4d375b270b30a60

SHA256
9e4e34e3db9a85d0e2f937c85255f2c924df7465284c9f8d91f9ab4ed8f2c49c

SHA512
c60f5c867ff34eed8186741ed2947e21ea7f3264114347ff64c90d9e04381238f0a3fbae18ef4ddc3c4b390935a21ebcfa311815384615574e9c9f90a825f7ca

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
d5655001c72b4e894616dd7a9899eb32

SHA1
b6a28f7b1da45eaa5655eec1a93a2b76c66b174c

SHA256
2c36ac32a32404b8fdad4d7c73acb25802d5841afd0ec05d7c156103de78f150

SHA512
41a042f12357346b656f7d4f11284ca2d842882825559924a929bb2b3bb1a548fc02f69d514ca177854082d56f52316002e522a00458e10807e9155f3d14de78

Download Submit