4497c1c4954e0f455a253b6d1071d5a1bdba47903be423c512d5d75a6e9fe50d

Analysis

max time kernel
179s
max time network
186s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66d2d8372ce68636fedd67ec76c07b77_JaffaCakes118.apk
Size

18.0MB
MD5

66d2d8372ce68636fedd67ec76c07b77
SHA1

82f0bbcd9cb9fb7262b9754cbd932e2a3960687f
SHA256

4497c1c4954e0f455a253b6d1071d5a1bdba47903be423c512d5d75a6e9fe50d
SHA512

2f7f121ed13a3004d00958f29f0e1163e65d59f375f9215027a398f237612354db55c661deb29981dab4add9f5d92e298f3bd31a51c0ab5ef5c17067aeed7ad0
SSDEEP

393216:+NKMf1mAplwBcHUcd+r2tF9Ya3g7gf/dgSRYe3un:+NKMf0ApyqHLF9Twc2SWeA

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.xgbuy.xg

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.xgbuy.xg
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.xgbuy.xg

description ioc process

File opened for read /proc/cpuinfo com.xgbuy.xg

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.xgbuy.xg

description	ioc	process
File opened for read	/proc/cpuinfo	com.xgbuy.xg

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

ioc	pid	process
/data/user/0/com.xgbuy.xg/[email protected]	5093	com.xgbuy.xg
/data/user/0/com.xgbuy.xg/[email protected]!classes2.dex	5093	com.xgbuy.xg
/data/user/0/com.xgbuy.xg/[email protected]!classes3.dex	5093	com.xgbuy.xg
/data/user/0/com.xgbuy.xg/[email protected]	5226	com.xgbuy.xg:pushcore
/data/user/0/com.xgbuy.xg/[email protected]!classes2.dex	5226	com.xgbuy.xg:pushcore
/data/user/0/com.xgbuy.xg/[email protected]!classes3.dex	5226	com.xgbuy.xg:pushcore

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xgbuy.xg
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xgbuy.xg:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.xgbuy.xg

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xgbuy.xg

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xgbuy.xg

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.xgbuy.xg:pushcorecom.xgbuy.xg

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.xgbuy.xg:pushcore
Framework service call	android.app.IActivityManager.registerReceiver	com.xgbuy.xg

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xgbuy.xg
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xgbuy.xg:pushcore

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.xgbuy.xg

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.xgbuy.xg
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg
Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg:pushcore

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.xgbuy.xg

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg:pushcore

com.xgbuy.xg
1⤵
- Requests cell location
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5093

com.xgbuy.xg:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5226

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xgbuy.xg/.jiagu/libjiagu.so
Filesize
486KB

MD5
50750315eef281575611bc425174b939

SHA1
acaff02526d7b4c257e00002ed09af364f66a401

SHA256
c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef

SHA512
60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db
Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal
Filesize
512B

MD5
5f993fc01f77ed62abd6878d1bf6b853

SHA1
829ac2da5882cffba391b2f25576cd96c16c7472

SHA256
f1f48869eb7f7d874b5ee798f4051c375ffbe91112d8d03e2d5ffe63ae5dff88

SHA512
b1b53c8239fe3873969075de704bfee5526442f67b85abc3c4e34d54065c67fa9925b7c233051c8f7e2bad9d4e860653e367a6440c6d80125aadf99fc6dd1b70

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal
Filesize
8KB

MD5
787331878aed1d85aeafca720ec22797

SHA1
4206bcf46ae0074b64650564466992194054433e

SHA256
9fe8cea2c1c873013072dec2122fa135c59bec44bb73fdb5a476c6fb76d05939

SHA512
f63633d96467f8c44d4ba8df92653cc1cfab7d89cb7af32c972926453d5905241cf14de1bd5fa6b20a1529490560f319567c0dcd11c5b4425442645f04bcc3c8

Download Submit
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal
Filesize
8KB

MD5
568337ef0d1a0d55cf018b02a6e119ae

SHA1
8a1c3a7b514ba4911ef28802d996620cd951ec2c

SHA256
e78ad48d16ac01797574287a571304a82ef8e87e00c13585a0688992a4909237

SHA512
047556109c04ebb02fd65753f6c455b2abe42ae0358e8d6c331fcd4f22ecc362ec1bea1817657b708f36f30209ac0ddf0b568180f900bcb38fc879643035ea22

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou
Filesize
44KB

MD5
6ed98fcdd3c07e754d91a6b161e90a4d

SHA1
afc6d1d9fe61c9d5e359b3797102d18e33b36ec2

SHA256
9162b4bf4a80cce0438cc90170757e589ccfccc3d8ed1489ec634495cf59006a

SHA512
e1fa246f12041bc7b2d7bbd74b176c638ee9316810322c7ba1d53c2ff343e27bf491e8c14e70f5ef3bc8808a6d9fe3b7f5882dc172d72bb91e1e21384368250a

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-journal
Filesize
512B

MD5
e07be609e462e810182f047e2f9c560b

SHA1
6619299292be8c85575e0d15c80676039e72a15d

SHA256
f6385ac88864e8ee78aa73dae92be4bcb81e52326ae74f84fc9f89b86892c7e2

SHA512
26dd30d475fdaae03eaf46018c1f32864bea71b4e45f6ec15d04d2e435314e1705ad7c5bc194f39c576af17c3f4e1105714690d64c3b7b2d15174ec5390778cb

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-journal
Filesize
8KB

MD5
fed93a3894a7c7584c960c974feea558

SHA1
7ef7ea04b95bf0ecf96666ea337f5d4871705532

SHA256
db3df9f63e3faf455ea7ed0f1a4ce781fd3c3e0c7c360edc26cdbc7f4f29cf21

SHA512
f1b360ed9a13abce550ac1059557902f9ac27cd22d530425464140a2867f45074f34c68a2c29d54eeb7ba3c14f49504b32c306b3e8adfefba3b8e9e588e27fb2

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-journal
Filesize
8KB

MD5
3c59f2c85b62eb8da4bafee9eb5b5f29

SHA1
a4e50468c81686cee12531dce0c885e40d0148b2

SHA256
26c0f314c363a0b1b75af6c4601652451efe20ec6b08b6067ea08e4e18d408d1

SHA512
91f03104f02ef3361cb90e393921ec3f5d30ea65c91e50c0cc04c22feff89ef0b548142bb21c65b637acb0989534a4124f70391e43268efb766f8607bbd538df

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-journal
Filesize
8KB

MD5
b6f1cdd8c5c6fe2e33f4cd80869f8c79

SHA1
8f6b28259df727c34fd35673cfb50a871a3d0e72

SHA256
ba63c9cc85973c96ad8adf6bb4393f05a89a14f1c6c2520afb200c7c275d7a10

SHA512
cac395dce6890948a02453fbaa8086d20584144945fe1bba97d700ee040725f37d2be283519ce7b1546f38638b97dda614ea10efbecff0ab0d2f95bb5b95763b

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-journal
Filesize
8KB

MD5
450f4bd41cafa12c44db43c1c37cab92

SHA1
a2d0470da5d3916f9ec9c35c9e02005625e75130

SHA256
f02783e7f3e0d7e0cb91875e880c8826ee06825f73401e364b36936fc88de3df

SHA512
baba07283a52d1170447bbe93cec896f332a5974acf856b670079a0166eb78318422535cb2ec463fcbdf72deac1b3b48215aba406a0020d77c07ff4ef82d408e

Download Submit
/data/data/com.xgbuy.xg/databases/xinggou-journal
Filesize
8KB

MD5
3d947397ae9f7bd96dd62362a4a77a14

SHA1
d61d3be225b36296db4c3ab65adca279ec2ec09b

SHA256
97df9f1c5c600f91046a45bfbb6938846380defdbb4782a39e3a093b0312e6f4

SHA512
17c4745fc91b8a9e393eaf2936f2a579a36edc4d2b15831bf0f0834f2a584f47748d6a261472db9f7f94cd152c167a2905508a3cd8814fce7ea0ca848113fb42

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac
Filesize
32B

MD5
1264f30db5bc978090c891fc9ba97820

SHA1
22a1664ca5bac8af36bdaf8e4098c02c7fc9c1fc

SHA256
6383110e70c2cf20a67539bbf759d99229ac2dcd214cae6a3c5de840497bab2c

SHA512
f3ec53223344ea4763479b39ae62a3dde4b83e0db05d4707c9e2c914725943063706c6c53e6fc043ee13640ac98242775c901b84ec76eb3edf11615bd0084488

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di
Filesize
340B

MD5
dc8d122b0f3b9c4c72672774c41edf05

SHA1
43277f24bc764ee5dcd107b148c92d9534147cac

SHA256
86e83b6a214b56ba59ed304e3134ac960b69bdf0b0acccc53b7278431753de21

SHA512
4318cda00315eb5911087678b4d974a400dd304f6dfd1ce46a0dc4565beb2ca0958832ab28a7518918dcd702bfb1998a270fd6073dc5c986d19610de30a6a3e1

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic
Filesize
32B

MD5
9afbf0dc0b4a4fd0a874cfec2c55461a

SHA1
a42766499eef11be1120ff87588b7f715c1b2a7f

SHA256
75c6a927b6cffe50b1a48e8aff766f5d543dec5aec8010b835ab4c4d8dd3da37

SHA512
863cdc25dd26bc2db5a80480a5d5bd16965ce02afc94f732f31c24bdcd3daaae24d41504f0eefead9a8ecc402aa2e798ce100e8a225b13b38b05aa433456185d

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.rd
Filesize
32B

MD5
dc2e848be2824acf32cff8ee979e58cf

SHA1
de0d519b548d2290385fe035f031fd2c4a61a0eb

SHA256
77b8a926e64d8810db71b3d51f4cf37b68037d0d91e5ea2940872775e8442a23

SHA512
52d2e8441548718e5a13c0521a46b15ee7d6b93039edd4f3033852240a63bb4361e238b6c7020725eddfad0199ccfdb7496f8e47a3ef6116e5d0bf067f5b46c9

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri
Filesize
314B

MD5
fa75fc692e80bc473eac07787487c700

SHA1
e401995f7f22571f88e6f512182e176d93f44ff6

SHA256
f816b85c704cee1f30c22d7ecce067c28a698bf5ce0a19b606b8dfc9516621c9

SHA512
d35dbd05aeab5bdf93ac13aa2f7d58b8037b617405f6671fc1512a97fab53810831a6ccdd5a4623381ea5dac799092899f96fc4e0d8f9e92e65b39e5f2c868b1

Download Submit
/data/data/com.xgbuy.xg/files/.jiagu.lock
Filesize
27B

MD5
3e252ca29f823b45ba82ce3e36d1f3c3

SHA1
e8fc00e34763bf0769095b24dc587e0c8a6aba85

SHA256
51c51eb00456d29ceb84fd0b58391c979602b1e7340a940aa964745151dc040b

SHA512
eef3bf84a8ceda7fce8a5605d774585d676688eea60dae63bcbe0bc05701351b7a030af7fcd83aeb8c789183b4a03155571b912b854393d0f84c23908c6ed0e8

Download Submit
/data/data/com.xgbuy.xg/files/jpush_stat_history_pushcore/normal/nowrap/aac1a029-8c71-4bff-8c9c-a95bfa6c060c
Filesize
187B

MD5
25cee9df6e8713080ff620fb24e5dc5f

SHA1
ef22a6ba3348910d754d1aa97cb2d8a06a7e1263

SHA256
d50c222d96afea9f84cb61674868b61e7fd02f6c7bf880d8525914c1c53ffc0f

SHA512
61a900dfbe6ebc4f652570ff8b642cf494cd30499a115a557777667770aeb7fbbaaa0a614769615a4398102a3e43b7baff788767c9cd8fe3fb1c6bcb73b0f73b

Download Submit
/data/user/0/com.xgbuy.xg/[email protected]
Filesize
6.6MB

MD5
af40ddebf367d3418c410ba2bbdb34a6

SHA1
9a5c0f557da523fb37d3ea9f1dad84e45b78b8ab

SHA256
fd4c1d3b24b0138f6f355235f35815ff43de7e73e5029854ac0581f6d5b4cb45

SHA512
6ca004321a8ef7f6a08b5be12833971bf017ff58c753ebe73d682abcf5633f084b9b1f5c3453432894f8ce8c9b306963b345cc0d6503450667d9ef66d3ac0ae7

Download Submit
/data/user/0/com.xgbuy.xg/[email protected]!classes2.dex
Filesize
6.5MB

MD5
56a56032a56816197231ccd2c1447841

SHA1
42b24c7723619c5bbfff5625ee1f4ff7a9afb34a

SHA256
920b1975141f98268ddde30a18db00a3c92776c8472763640b06009b90ccf039

SHA512
f47a2ee1f15a58887d5158bf141277a7d6488fcd31a9c85ca0d6706a4252433b812e8a49e956fba313393ac55333bee777394d300e136d489a484f5e883e3165

Download Submit
/data/user/0/com.xgbuy.xg/[email protected]!classes3.dex
Filesize
2.1MB

MD5
63eb01b23dce33b6abd34b5693031ca8

SHA1
870abc96ae069aa034b1b647244af5465a881ddf

SHA256
3798ad86a5974af83d89bc71f1737c1747ca4561beb07f74a214675efab02629

SHA512
eac344e6167fc50acfca60a177bccf404cd0eb595b0b3e948f88af21ac3d7c14a49d0d7162bc5ef529b9107132c8ac3d0242186ac1b0ac231acc31e8f969311a

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
b41b57ba3d1d291c624d1197a6d4c0b9

SHA1
3694858f9181aab9f3e80bad7c93d8fe5c77c034

SHA256
405fc4ee796121fc004955de4e6f8a1f9d756566a34d7e29342d187e88579408

SHA512
301424392477ca91d693df78248f5e5e9a40eb1d1cf621ac07d47440826ccd4d68fccd11aa7b57735ee1c883dde4896063fb0fda2eeaf9bf0bae47d66d9bff67

Download Submit
/storage/emulated/0/Mob/.slw
Filesize
66B

MD5
19402718bfb1c685a726b4e1d846ad98

SHA1
02a7e30044a67085f2f1da24e16e4ecfede65b72

SHA256
079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0

SHA512
25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
34e05aba7b949ec5bcb0815e3d346458

SHA1
97a15e1b871b591d22908a1ec93f0c0536da5124

SHA256
f00770610c93a61421aaa41c76a9e5fd4f490bf227a7fe2301f9d15f2b6538b2

SHA512
f4e5d4a4ce75e0b715f8e29d2b5f87140e41bd7202ad9546a7e62d9ffc4e21b36dab3afc11c14040119bf115826502793bab15b2b2d37ba5d83f6e9df3733a9d

Download Submit