b581b283b7f1c54e27a00bfa10478ed5e51bd941fe08d0da2964652cbd29f57c

Analysis

max time kernel
6s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

658bc88006c62fc22c73a65b11a8259c_JaffaCakes118.apk
Size

29.4MB
MD5

658bc88006c62fc22c73a65b11a8259c
SHA1

4b447808b4f54f289a0f9e79d0c31190dc83c55a
SHA256

b581b283b7f1c54e27a00bfa10478ed5e51bd941fe08d0da2964652cbd29f57c
SHA512

0b407c333a3a1f1aec9c05fc971580c06b93cc818a7fd1a1c15ec9b2b14febfab7c7d720a94ff7436d80f447b0cdae87e36b35703c9f07b353f8390ac90870bd
SSDEEP

786432:uYpy4FqAAC8HjYaB9AwG4hi0Fmsh8OHJ6mhlaOXBllzt:bpyoUjl9A74histBhMullzt

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.temple.escape.runrun.mt

ioc pid process

/data/user/0/com.temple.escape.runrun.mt/[email protected] 5156 com.temple.escape.runrun.mt
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.temple.escape.runrun.mt

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.temple.escape.runrun.mt
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.temple.escape.runrun.mt

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.temple.escape.runrun.mt
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.temple.escape.runrun.mt

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.temple.escape.runrun.mt
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422

ioc	pid	process
/data/user/0/com.temple.escape.runrun.mt/[email protected]	5156	com.temple.escape.runrun.mt

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.temple.escape.runrun.mt

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.temple.escape.runrun.mt

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.temple.escape.runrun.mt

com.temple.escape.runrun.mt
1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.temple.escape.runrun.mt/.jiagu/classes.dex
Filesize
1.4MB

MD5
e03456160acf6e5de3ba8cbd2c4d174b

SHA1
6d571958e3098f800ead5a8faa131c5cf73bfcc1

SHA256
ec28284ac149c90b81cbf8ceb25c98041febce271fa4c7bb5428cb3885f3933e

SHA512
ddf52c08c97da10986ef74dfc1ced7de9879da75e9f91dc14475423d9aac93d7cefd74cb35ad965ef09ba5c3d617a8f6b5eecfc3b81771d4043c7104f8ed1b0a

Download Submit
/data/data/com.temple.escape.runrun.mt/.jiagu/libjiagu.so
Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.temple.escape.runrun.mt/files/.jglogs/.jg.di
Filesize
340B

MD5
f6f107c7f746a430764067bbb3973264

SHA1
3036ca0f7b08faf0df8f7776487143c2cc699b46

SHA256
b63836fc8ef0fcf79ab1c77c7012270b4092f556efe48c3a9a94949982a533ee

SHA512
d8044c84af807d9dd8495560d3dfd98c3879cddcf5a2c48da0a32738f22668a987e04dd7a6436b80a7da97c133c75d63edade170ffe72038d206f1fbd08fbb1d

Download Submit
/data/data/com.temple.escape.runrun.mt/files/.jglogs/.jg.ri
Filesize
314B

MD5
3a0f355b456695b714bf1024512c80c9

SHA1
971e24e647541d223f22604b5fcbf852b4b1704d

SHA256
dc9080d59ddbe136ec8c2f1f0663f2e5db337a67fd5aa020ee9aa03b0bf43414

SHA512
ed15c1bfa2410747bd732bcd81e80c358f6a3d7c28e9ef6072a74009a3157248fa47f6ed13b33f6d73957d179857792d4098805eb44c89bd8ab609fd2e6d3bfe

Download Submit
/data/data/com.temple.escape.runrun.mt/files/.jiagu.lock
Filesize
27B

MD5
a20c70e1e4abfbb1809ddff36590666d

SHA1
28cdd6e0d29654081304e8d6163a6da6ae4d7eee

SHA256
b974e07b3678c66e8c8d0b745d83d4ff3c691b980e3e610810e047b103033a09

SHA512
576b07f97220b593560da9ac01a11b9f5af853119ee44dad1f57e5738bb8f094e4c95f7978d4aa14393be2f1581ddee53e97ad8790cdf12cad0832ccade615ca

Download Submit
/data/user/0/com.temple.escape.runrun.mt/[email protected]
Filesize
5.1MB

MD5
c04a8871b4bdc2f4014f07551f8efc50

SHA1
55feb31d24549e26be17303e4559794dbc7b291a

SHA256
3afbec0d12f299e669568d2cd834fb62fa92e0e1ce20e90d198f53f3bfc891d7

SHA512
950befa1f0fb28be7f8760d54be9aa5df503e8a043efdbd4d82d06dd87d7c279f3340687b5d1aaace0bfa7e5b186783584328fae7c28da02c769850359895cdb

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
d5655001c72b4e894616dd7a9899eb32

SHA1
b6a28f7b1da45eaa5655eec1a93a2b76c66b174c

SHA256
2c36ac32a32404b8fdad4d7c73acb25802d5841afd0ec05d7c156103de78f150

SHA512
41a042f12357346b656f7d4f11284ca2d842882825559924a929bb2b3bb1a548fc02f69d514ca177854082d56f52316002e522a00458e10807e9155f3d14de78

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads