9835c8a0b9242e9169e96bdc7c703c695381c9288ead3474fcfb271fe1eeca04

Analysis

max time kernel
178s
max time network
189s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 23:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68f2b46bf966a20f3782a4de8013b890_JaffaCakes118.apk
Size

22.5MB
MD5

68f2b46bf966a20f3782a4de8013b890
SHA1

e06b64259a80fe8958fcb50e333414a4eb3f416d
SHA256

9835c8a0b9242e9169e96bdc7c703c695381c9288ead3474fcfb271fe1eeca04
SHA512

b51ddd7d508331f64b3fbe4faf0c97dc55e79a23ebd8c880cabe05e7a197c7f5222c487b95d6758d644be4b9faa10572d69223a0c8ccd9d4974999d0ff9e59b1
SSDEEP

393216:vQXmZVfO1+cVvpPPbUsMjSUylbz5Zmicp+r2tF9YM3c7gf/dgMRG6:vWmZpi+kFQjkp3mpF95sc2MA6

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.xgbuy.xg

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.xgbuy.xg
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.xgbuy.xg

description ioc process

File opened for read /proc/cpuinfo com.xgbuy.xg

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.xgbuy.xg

description	ioc	process
File opened for read	/proc/cpuinfo	com.xgbuy.xg

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.xgbuy.xg:pushcorecom.xgbuy.xg

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xgbuy.xg:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xgbuy.xg

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.xgbuy.xg

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xgbuy.xg

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xgbuy.xg

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.xgbuy.xg
Framework service call	android.app.IActivityManager.registerReceiver	com.xgbuy.xg:pushcore

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.xgbuy.xg:pushcorecom.xgbuy.xg

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xgbuy.xg:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xgbuy.xg

Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.xgbuy.xg

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.xgbuy.xg
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
impact

T1471

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg
Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg:pushcore

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.xgbuy.xg

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg:pushcore

com.xgbuy.xg
1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4278

cat /sys/class/net/wlan0/address
2⤵
PID:4341

ls /sys/class/thermal
2⤵
PID:4460

com.xgbuy.xg:pushcore
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4318

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xgbuy.xg/app_SGLib/libsgmainso-5.1.81.so.tmp (deleted)
Filesize
591KB

MD5
687caa989e11c0692e34271a8eb1d7fd

SHA1
8ee2b5ca1350ef4d8c4e0d65ebb5c1cb9616cf81

SHA256
45f7cf854b5ea2d259010a6cd19631861070ff9c0ccb4787cc94facac057807a

SHA512
4fd2e1557cb502f9db38756596c7c45c45d324153728859418c9ea5c37ac61dc659c7795eeb72908d7ea470058954b80e3096649f072ec2f4b2e76aead114016

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal
Filesize
512B

MD5
0064046806356df8c20d44808695ffa7

SHA1
42fa8b186d81989922570f3a3887f6be6b931c84

SHA256
b309a89fee32797206524d82fbf6c2c3c6ade05dc9255d8bfc5ae775e054a8de

SHA512
a9ac12f80c54dd84c6736618864edf7500d1b8f8421b3dfb9e434097dc59b3d115d1e891a80fb83ec704aac022956958a13196aede013558d3d485dba41a691a

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou
Filesize
4KB

MD5
d12cc58c16dbec8c0937abb31357cc7d

SHA1
7a636217134ac447d10b48a610c9ca091a39c966

SHA256
be954df8ceb2cae3c1dc241fb7b15f834aa91ceb3bb33ba06b2a096155ab9346

SHA512
dbaa0d42e509331ac55d959ac49911df689e3ecba27892698b2c0e3800530f298b7f4bf01a199834bd60bdcc7a1cc3ba9a05909008763a5237e5a04a4602d052

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-journal
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-wal
Filesize
112KB

MD5
a81147fbe8aadc199f65e1370bf417e4

SHA1
b5c566276d7b0ecb4104ab59a9582e08734f6b20

SHA256
9ecdc37dce9492d8270b84b50c9dc971dd30a3912cbd01f3e7e5b0fc67d15f5a

SHA512
5d4bd4384eab7434c401ba76d8589a949a9b174975cec376b8ab15e2b3d96c453c99bafa8bf4295b9f1095a335a38f24d99ecc3e5b1164e837d42e972fb2d914

Download Submit
/data/data/com.xgbuy.xg/files/Mob/mob_commons_1
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
591KB

MD5
c85e8919765cc22095d1b8e40601e34d

SHA1
22d48933b9f30a028cf4c9d993f59c767f9e8e35

SHA256
f4ab50b1188cc9913c106f1f661162cb7db90aa288a90fa6bb41c5938b6afa8e

SHA512
6715ed9290b868a5733f6c6001e9de1375a381b5f61552fc0adfd825c72977cbd34a347f7fecad8cbc798af7b5ef59f4a23bbe6fedb714e4dda65a1e5921c08e

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
50fd6a807097950a6c119ee150563d6d

SHA1
f7faad1df7531455a97d9dce595a3608a946961b

SHA256
a7a2b0d91c9f2e621d871de454edf82995419df65060f934558af142ec23c966

SHA512
cf77f83a5a4478511458f6df399b28d90a146ac29fd8c9bb0d2e7ea33a1091725b461cdb7b83e7077415d90166d96b769d19ec15244f86cf5563eb962f0124ea

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
ff7be01a012fc54e908eb2eccd57a66b

SHA1
bf57ff27016c17aade09a42cd6a4008d8331f1aa

SHA256
b964f5daac6a271b8bd418b4fdb07679e5deb1ebbcec41108b035ad92754ad28

SHA512
cafc1d01b31a324510df5bc4e4322e4816efb995d26ebe9ba2cb25df8695cc54fb72afaaec0468017ca11c312faae5aa4a4991a3928f1c827941db04293017ae

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
019ce4b5201cf5a00b53de51f2b0fc02

SHA1
3565f7b96366d2b20c35e943390ed185b1eaf3b9

SHA256
77cdd029fa7dd085d246d61c846995391aab1df939ff643a902a5c162969d682

SHA512
b77ae98e8fe9b90a155b8514854935034750656d9d799537aa732cf480386fbec8fa9c2a082879e91f175045cf84c4cc75ce540dc86aec74c74916413f58f7e9

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
f2262d3fefe7b5b875bc8fc6fad1e3ac

SHA1
7bf790a57e227f0f510ca0bd74abc785fe8b52a3

SHA256
71cf52536ad9e61778a3950040e25d55e1c1bc5f2fd63672a1c9af1f8d423e2a

SHA512
2b55d63928bfabbea154357d770f06cbe0aa70cc5bf43733647cd7ab5ecf40c6976022da7a9419b909725d5f22227f30276199107417331896c08dcd5812eaa3

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
213B

MD5
82d325a1f3b11c3c5d6342a04958d4c5

SHA1
0e334bd5934407ebe019b5a246f81c5d7ca6ccab

SHA256
8478949818e597dcf1ca1ea9d9f83e0ef0069ea9aa66954eaa987d48558a19da

SHA512
e0eebd7c03fe53b50c180cc81093d979c2d74b112bcb6cbe01e1a8db799f6f252b2eddff9e022dd11c7a80fddcfbd320ddbbdde15d5f04e74fdb6507fa68207a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
e783d0fc1b121d109f070e646ddce1c5

SHA1
3068cdc5e1b5d7d417ea1211cc5d68eee983f4b4

SHA256
c03db51a74813d4686057b2fac80e0f73b5009270536f77424192502e1eae3a9

SHA512
35d0115627554939696f0a48894c8ca785968ba82cea9b1d442f138208905d82156c71957c43e882823862506699af5f6e9f13d1a9bcf2c33317737c45c1063f

Download Submit
/storage/emulated/0/Mob/.slw
Filesize
66B

MD5
19402718bfb1c685a726b4e1d846ad98

SHA1
02a7e30044a67085f2f1da24e16e4ecfede65b72

SHA256
079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0

SHA512
25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

Download Submit
/storage/emulated/0/Mob/comm/.di
Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
/storage/emulated/0/Mob/comm/.di
Filesize
111B

MD5
1d2712b9b4a4198042ce0cf2ded80272

SHA1
06e95497f9bc0426ef6a6be923e20aa6f1232b33

SHA256
44425b23c612d24d7f3e15de74b7977fcb124f8831eeec476b1b23f14d003cdb

SHA512
66a6f862c4922d43ab7e32a308e832b98a4e68139a7f74cc67c4dc382291f9205355279a4023a9e7683a6147dae5c33b542db4b8426a9103c7bd729d61717f59

Download Submit