0bb462620eb7842b98a96351ab5ac1244f0b9c8b1aac22bd5104dc1b3cc43f57

Analysis

max time kernel
10s
max time network
148s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66ad880fd949cf15c550f3896bb69878_JaffaCakes118.apk
Size

19.5MB
MD5

66ad880fd949cf15c550f3896bb69878
SHA1

da5badc3a69d66084e76da640b218d281f498a59
SHA256

0bb462620eb7842b98a96351ab5ac1244f0b9c8b1aac22bd5104dc1b3cc43f57
SHA512

6d114133c0a130149be1f3ebf02940d1c985a372c0496eefcbbbaafd0d961ed38d4e8e7ba3da14f4b4570cffed63bcb0f3e6371c38c4ca6f06be3d18244be677
SSDEEP

393216:7jjNqeHH/k+kHXw1idNiGLE0cy+r2tF9Ymud3tS7gf/dgTRGF7N:7jjK+kH5uG4SF9C8c2TAH

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.xgbuy.xg

ioc	pid	process
/data/user/0/com.xgbuy.xg/[email protected]	4556	com.xgbuy.xg
/data/user/0/com.xgbuy.xg/[email protected]!classes2.dex	4556	com.xgbuy.xg
/data/user/0/com.xgbuy.xg/[email protected]!classes3.dex	4556	com.xgbuy.xg

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.xgbuy.xg

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xgbuy.xg
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.xgbuy.xg

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xgbuy.xg

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xgbuy.xg

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xgbuy.xg

com.xgbuy.xg
1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4556

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xgbuy.xg/files/.jglogs/.jg.di
Filesize
340B

MD5
64c65098d6a6e893430969adeaa51a5a

SHA1
e349f4c6b9534a290518c4a2ff8d5d008c799d2c

SHA256
f31d1ce525e64c182b138ba28d08c542d46590d0da57cbab8f3c85133ebad31d

SHA512
a8d3bf099004b36418b31ea7e0ecd0027a3227948aa52ea95148e140ad5b6b4a65d97f92384c87974bc9dda66a3a785cef2439402123395738cfd5448996c8c7

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri
Filesize
314B

MD5
6b719eba07e3926bd6e3689f27c545ee

SHA1
81de9fc554ae4a7fbdf1b00cdc1766d6368bf2bd

SHA256
19a8229d8d51fdcf8fe04b3e085391899dc1c5d1e89fed088fcef0e9a1f9c00d

SHA512
ef685e7052632b8ba89b5146d3f519a2caf66cb90e1ff3c33a4119253869008a466a80517049f155f3febd0d6bb685d33bf3e4b2a18a4ccfe45e5ba79357ee07

Download Submit
/data/data/com.xgbuy.xg/files/.jiagu.lock
Filesize
27B

MD5
bd46e19eec871698a01879ffd6c1ae3b

SHA1
de3d65b8b3358d4227439844e9ec0129a988733e

SHA256
00a49aa2d061ebefcc4f54a1bf0902ee42c100b64d0b612d66a4d35a89eb455e

SHA512
442b172e508d36560622ff644cbfae84fb237855c1bd4b842454ce29c30927e8203e33427feb5414a655a473c51516eef9ae28b02e94fbe8190d8ad7b1685939

Download Submit
/data/user/0/com.xgbuy.xg/.jiagu/classes.dex
Filesize
8.3MB

MD5
a838fff4fdf89930be6dd388fbd80659

SHA1
14a327fb3b6029e6a4fbdf829615db18366337a0

SHA256
bca7fbb222a7bd8cb5d067c98640e4503b08e25b319c2962404ff958560560b6

SHA512
84b15c21ac4a0ce0511b4aed2b759303e5b9044eddd117684e2d1762c6bf537198ffb229bd964decd3ab40a4abfc0774e4557c9a96da290693d9f9c434ba0598

Download Submit
/data/user/0/com.xgbuy.xg/.jiagu/libjiagu.so
Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/user/0/com.xgbuy.xg/[email protected]
Filesize
6.5MB

MD5
aacdf68939a164cb8fb1f7aba60233ff

SHA1
fdb0bd467ea9464193414daf0838c131bb494ce4

SHA256
d3decdf9ddd937c07ff0f8e00331cf3af484723a2d10ddadc98cae19a814d81f

SHA512
4deea43b8b2b8b234e9a05c4e41e8cd525b049ab549281e97310bca437e457409dd7028873f7745385aa7553f7e75c4f0a466079c7621f418f4806fb184e8ea4

Download Submit
/data/user/0/com.xgbuy.xg/[email protected]!classes2.dex
Filesize
6.5MB

MD5
4a44fc220c4e12fa64f6c957b7d541e7

SHA1
965b965653d42a63069a07e3628452e97ba0a952

SHA256
e63677f9eeca7225447f60398d4831f27b6bd5c666d908329d7cb03f260b76ef

SHA512
c2a3aef3e712ba0f2d961bf281ca4f6b0e50cf1f5dc051ba4f2d93e6d06c825a2396bd1b5ce446ed081d357625a1b44cfb0f4a55d4624bad26047e721ce7410c

Download Submit
/data/user/0/com.xgbuy.xg/[email protected]!classes3.dex
Filesize
2.7MB

MD5
415589b5e032e13b9871b2d615c3c87b

SHA1
20aa8c0f50fb4eea5330cd30c4a2851479994f8b

SHA256
6aea01f6796ab45336d6763dc6bcad2dc452abd9e0d307b6b79cea6070209bf9

SHA512
5f1c985cd2de55eeeb2f2ad742effeb6775d43d9ad812716b326035f5c8843c4c4cf08e1b131d5501ccbe2d9ab859a60ef406814f6c86f4cb57fc0c93858d4f6

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
bc317b3abebee77b74c4a6237adb87f1

SHA1
9c0ee6e285d8a91749debbe85fd489f1e9f9b68e

SHA256
f8d808e6eaae530ffcf0c5b1701272a7e7f448b8c839a6ebd53be9bf3805d8fa

SHA512
65bce3fdbf8972a9e0595cc14246ff034d3ed34cf07da6c19fe057868c4d1bd5185e1a3f4c3bfdad2b239d58e4be2d8982ba8f69ae0712fa8cc81368d421e629

Download Submit