4497c1c4954e0f455a253b6d1071d5a1bdba47903be423c512d5d75a6e9fe50d

Analysis

max time kernel
179s
max time network
185s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66d2d8372ce68636fedd67ec76c07b77_JaffaCakes118.apk
Size

18.0MB
MD5

66d2d8372ce68636fedd67ec76c07b77
SHA1

82f0bbcd9cb9fb7262b9754cbd932e2a3960687f
SHA256

4497c1c4954e0f455a253b6d1071d5a1bdba47903be423c512d5d75a6e9fe50d
SHA512

2f7f121ed13a3004d00958f29f0e1163e65d59f375f9215027a398f237612354db55c661deb29981dab4add9f5d92e298f3bd31a51c0ab5ef5c17067aeed7ad0
SSDEEP

393216:+NKMf1mAplwBcHUcd+r2tF9Ya3g7gf/dgSRYe3un:+NKMf0ApyqHLF9Twc2SWeA

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 10 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

ioc	pid	process
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4264	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4264	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4264	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4264	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4264	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4313	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4313	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4313	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4313	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4313	com.xgbuy.xg:pushcore

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xgbuy.xg
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xgbuy.xg:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.xgbuy.xg

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xgbuy.xg

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xgbuy.xg

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.xgbuy.xg
Framework service call	android.app.IActivityManager.registerReceiver	com.xgbuy.xg:pushcore

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xgbuy.xg
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xgbuy.xg:pushcore

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg
Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg:pushcore

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg:pushcore

com.xgbuy.xg
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4264

com.xgbuy.xg:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4313

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xgbuy.xg/.jiagu/classes.dex

Filesize
6.6MB

MD5
af40ddebf367d3418c410ba2bbdb34a6

SHA1
9a5c0f557da523fb37d3ea9f1dad84e45b78b8ab

SHA256
fd4c1d3b24b0138f6f355235f35815ff43de7e73e5029854ac0581f6d5b4cb45

SHA512
6ca004321a8ef7f6a08b5be12833971bf017ff58c753ebe73d682abcf5633f084b9b1f5c3453432894f8ce8c9b306963b345cc0d6503450667d9ef66d3ac0ae7

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex

Filesize
6.5MB

MD5
56a56032a56816197231ccd2c1447841

SHA1
42b24c7723619c5bbfff5625ee1f4ff7a9afb34a

SHA256
920b1975141f98268ddde30a18db00a3c92776c8472763640b06009b90ccf039

SHA512
f47a2ee1f15a58887d5158bf141277a7d6488fcd31a9c85ca0d6706a4252433b812e8a49e956fba313393ac55333bee777394d300e136d489a484f5e883e3165

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex

Filesize
2.1MB

MD5
63eb01b23dce33b6abd34b5693031ca8

SHA1
870abc96ae069aa034b1b647244af5465a881ddf

SHA256
3798ad86a5974af83d89bc71f1737c1747ca4561beb07f74a214675efab02629

SHA512
eac344e6167fc50acfca60a177bccf404cd0eb595b0b3e948f88af21ac3d7c14a49d0d7162bc5ef529b9107132c8ac3d0242186ac1b0ac231acc31e8f969311a

Download Submit
/data/data/com.xgbuy.xg/.jiagu/libjiagu.so

Filesize
486KB

MD5
50750315eef281575611bc425174b939

SHA1
acaff02526d7b4c257e00002ed09af364f66a401

SHA256
c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef

SHA512
60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

Download Submit
/data/data/com.xgbuy.xg/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac

Filesize
32B

MD5
1264f30db5bc978090c891fc9ba97820

SHA1
22a1664ca5bac8af36bdaf8e4098c02c7fc9c1fc

SHA256
6383110e70c2cf20a67539bbf759d99229ac2dcd214cae6a3c5de840497bab2c

SHA512
f3ec53223344ea4763479b39ae62a3dde4b83e0db05d4707c9e2c914725943063706c6c53e6fc043ee13640ac98242775c901b84ec76eb3edf11615bd0084488

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di

Filesize
340B

MD5
469813a04f0ccfc5c76f869e326d28b2

SHA1
d65daa928fd745f82350cfcad87c80ee6a9fdeb6

SHA256
8daa46ebc05db789d6fcc895aebec74f35779b73054383ce9a3d5fe5bfdbb7e9

SHA512
85e1f0b030dbb016d79ba69c7358b2344abe5039e81c30df4252f793319b9413a047f6c437cbe2c9d312beaf3341c8f86613213608a223e0dc8287382efcf5d2

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.li

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.rd

Filesize
73B

MD5
1a5d276d1e61ef6ab8262f83cc23eeb4

SHA1
d0979b7b2304f4a8540b132a87ce728637359431

SHA256
54b74f17e1010d576783577bcc52009aeaae6f9c58f3b29f6becd0bbd248091d

SHA512
dc3ab8cdd7c8b549601253ecc5612c6efbd8bddd0fc26f7a463e94eadbea5c8c42e531996a3826bfa6760fd9676f5ece376d8020dda0896f024cd5427fa62f05

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri

Filesize
314B

MD5
3b68677e081be10ff5544312a47755fe

SHA1
a83ba0d119391776723564b21d62d7ee01907bc4

SHA256
c39441169e6027ded5812454d9edb36bf26204a3bbf82e9c939e786bbff22ad7

SHA512
09fbdd7d8dbce777103b420048a5501dbc403fe963240a88a6c3d8be910e7824a7d309dc03423dd3acf354f90f1dc88964bdd2c9f8648314957b09ef4a52fe6c

Download Submit
/data/data/com.xgbuy.xg/files/.jiagu.lock

Filesize
27B

MD5
078500c4f59bbfdf43729dbdc4baac35

SHA1
9874c293ad12002f067487057efa2e7ed71edad5

SHA256
226417d523ed2fdd6a03afc60a3681258f0b7419019372126a76ac6dee00d44a

SHA512
7bd31f4350accda2adae7264e1c31c730ef75e7c451cad3c1ade5dae18424b26380ac792ce62cf2bc8cb441a230ad17f82e483f80ff397437293bdc5f370061a

Download Submit
/data/data/com.xgbuy.xg/files/Mob/share_sdk_1

Filesize
23B

MD5
8e24e79baab91c4d0604eaa9006a0cb3

SHA1
e427afc94a4b957a7096f73e395a10ea404c076b

SHA256
65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

SHA512
45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
5bf85148841d8383d6d7b986208f4e57

SHA1
3ae0cec3700200310342e6fe027dbf002e8dbb87

SHA256
5c84aa5fca03441f84293fdc45f10fe0873daebdee032eb82ffee4ce4bf8654c

SHA512
900486ef249d3e04f5cc092b1203a3a447a80ac84a870cd749fa428e850e13e2290d00262f99ebfc5be55cbd771c9b18eb0e4133cc668b6086fe525ceb1c96fc

Download Submit
/storage/emulated/0/Mob/.slw

Filesize
66B

MD5
19402718bfb1c685a726b4e1d846ad98

SHA1
02a7e30044a67085f2f1da24e16e4ecfede65b72

SHA256
079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0

SHA512
25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

Download Submit
/storage/emulated/0/Mob/.slw

Filesize
112KB

MD5
29980bd4614d88a46572d5e640f668ce

SHA1
7c20a57dc5903bdbabc42b2d3a5fb7bd631f4f25

SHA256
a70a13484d4c8309a082e945430fd9256fc8783ce9a1bd66065cef840bcc5d3b

SHA512
2b27ec5fe62aca092f3225f2ccb17fd3063155e3dcaf115578af3c90d8d82ac140a7eaa21a69003d72dca35e93c082ab77bcbd7f6f89f9c0134d488ca36eca89

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
202B

MD5
8dd9081c011d39ceab32f6055b954c08

SHA1
da91fea97d3072416db71a1b039cb9ecb4f2f902

SHA256
e2808ab1d0ec8bd23e3a495456670e152172acbad6eacbd729c0009a91fb3438

SHA512
a6ff4a3e55b04e24c2ce474902e153c9200ea48d3c9cc89235e50e476d4df97edfdaa567b436a98a9162b95d8e1dd998a9da72231e4d02dd473fb0cd4a3a5712

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
d3822225f5403d2b80856aa505fadc65

SHA1
aea69cce8a792425ce31f51011e19507b59367e0

SHA256
c9490af58a3346df60f68df0bc6d43e6db73a87e9d27129acff09c370a111953

SHA512
fa0ddab8ed248cb1ea3db68f8d69ac8a5f3c6ef32b3df1b0d2ab2e5c3ebadeb7459d8d796b8bf75ffe4dfcecbf790fa93fb8dbb9cf59439a9bf9608c6ccb27b5

Download Submit