Analysis
-
max time kernel
179s -
max time network
186s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
22-05-2024 09:40
Static task
static1
Behavioral task
behavioral1
Sample
66d2d8372ce68636fedd67ec76c07b77_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
66d2d8372ce68636fedd67ec76c07b77_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
66d2d8372ce68636fedd67ec76c07b77_JaffaCakes118.apk
-
Size
18.0MB
-
MD5
66d2d8372ce68636fedd67ec76c07b77
-
SHA1
82f0bbcd9cb9fb7262b9754cbd932e2a3960687f
-
SHA256
4497c1c4954e0f455a253b6d1071d5a1bdba47903be423c512d5d75a6e9fe50d
-
SHA512
2f7f121ed13a3004d00958f29f0e1163e65d59f375f9215027a398f237612354db55c661deb29981dab4add9f5d92e298f3bd31a51c0ab5ef5c17067aeed7ad0
-
SSDEEP
393216:+NKMf1mAplwBcHUcd+r2tF9Ya3g7gf/dgSRYe3un:+NKMf0ApyqHLF9Twc2SWeA
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.xgbuy.xgdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.xgbuy.xg -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.xgbuy.xgdescription ioc process File opened for read /proc/cpuinfo com.xgbuy.xg -
Loads dropped Dex/Jar 1 TTPs 6 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoreioc pid process /data/user/0/com.xgbuy.xg/[email protected] 5093 com.xgbuy.xg /data/user/0/com.xgbuy.xg/[email protected]!classes2.dex 5093 com.xgbuy.xg /data/user/0/com.xgbuy.xg/[email protected]!classes3.dex 5093 com.xgbuy.xg /data/user/0/com.xgbuy.xg/[email protected] 5226 com.xgbuy.xg:pushcore /data/user/0/com.xgbuy.xg/[email protected]!classes2.dex 5226 com.xgbuy.xg:pushcore /data/user/0/com.xgbuy.xg/[email protected]!classes3.dex 5226 com.xgbuy.xg:pushcore -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.xgbuy.xg Framework service call android.app.IActivityManager.getRunningAppProcesses com.xgbuy.xg:pushcore -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.xgbuy.xgdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xgbuy.xg -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.xgbuy.xg:pushcorecom.xgbuy.xgdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.xgbuy.xg:pushcore Framework service call android.app.IActivityManager.registerReceiver com.xgbuy.xg -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoredescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xgbuy.xg Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xgbuy.xg:pushcore -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.xgbuy.xgdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.xgbuy.xg -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoredescription ioc process Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg:pushcore
Processes
-
com.xgbuy.xg1⤵
- Requests cell location
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5093
-
com.xgbuy.xg:pushcore1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5226
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.xgbuy.xg/.jiagu/libjiagu.soFilesize
486KB
MD550750315eef281575611bc425174b939
SHA1acaff02526d7b4c257e00002ed09af364f66a401
SHA256c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef
SHA51260584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9
-
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.dbFilesize
12KB
MD5ea628e04765adaf4238a5dcdff4bbd51
SHA1a801947619ea8c368efe9c006a324dc6339ac60b
SHA256885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4
SHA512c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe
-
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journalFilesize
512B
MD55f993fc01f77ed62abd6878d1bf6b853
SHA1829ac2da5882cffba391b2f25576cd96c16c7472
SHA256f1f48869eb7f7d874b5ee798f4051c375ffbe91112d8d03e2d5ffe63ae5dff88
SHA512b1b53c8239fe3873969075de704bfee5526442f67b85abc3c4e34d54065c67fa9925b7c233051c8f7e2bad9d4e860653e367a6440c6d80125aadf99fc6dd1b70
-
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journalFilesize
8KB
MD5787331878aed1d85aeafca720ec22797
SHA14206bcf46ae0074b64650564466992194054433e
SHA2569fe8cea2c1c873013072dec2122fa135c59bec44bb73fdb5a476c6fb76d05939
SHA512f63633d96467f8c44d4ba8df92653cc1cfab7d89cb7af32c972926453d5905241cf14de1bd5fa6b20a1529490560f319567c0dcd11c5b4425442645f04bcc3c8
-
/data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journalFilesize
8KB
MD5568337ef0d1a0d55cf018b02a6e119ae
SHA18a1c3a7b514ba4911ef28802d996620cd951ec2c
SHA256e78ad48d16ac01797574287a571304a82ef8e87e00c13585a0688992a4909237
SHA512047556109c04ebb02fd65753f6c455b2abe42ae0358e8d6c331fcd4f22ecc362ec1bea1817657b708f36f30209ac0ddf0b568180f900bcb38fc879643035ea22
-
/data/data/com.xgbuy.xg/databases/xinggouFilesize
44KB
MD56ed98fcdd3c07e754d91a6b161e90a4d
SHA1afc6d1d9fe61c9d5e359b3797102d18e33b36ec2
SHA2569162b4bf4a80cce0438cc90170757e589ccfccc3d8ed1489ec634495cf59006a
SHA512e1fa246f12041bc7b2d7bbd74b176c638ee9316810322c7ba1d53c2ff343e27bf491e8c14e70f5ef3bc8808a6d9fe3b7f5882dc172d72bb91e1e21384368250a
-
/data/data/com.xgbuy.xg/databases/xinggou-journalFilesize
512B
MD5e07be609e462e810182f047e2f9c560b
SHA16619299292be8c85575e0d15c80676039e72a15d
SHA256f6385ac88864e8ee78aa73dae92be4bcb81e52326ae74f84fc9f89b86892c7e2
SHA51226dd30d475fdaae03eaf46018c1f32864bea71b4e45f6ec15d04d2e435314e1705ad7c5bc194f39c576af17c3f4e1105714690d64c3b7b2d15174ec5390778cb
-
/data/data/com.xgbuy.xg/databases/xinggou-journalFilesize
8KB
MD5fed93a3894a7c7584c960c974feea558
SHA17ef7ea04b95bf0ecf96666ea337f5d4871705532
SHA256db3df9f63e3faf455ea7ed0f1a4ce781fd3c3e0c7c360edc26cdbc7f4f29cf21
SHA512f1b360ed9a13abce550ac1059557902f9ac27cd22d530425464140a2867f45074f34c68a2c29d54eeb7ba3c14f49504b32c306b3e8adfefba3b8e9e588e27fb2
-
/data/data/com.xgbuy.xg/databases/xinggou-journalFilesize
8KB
MD53c59f2c85b62eb8da4bafee9eb5b5f29
SHA1a4e50468c81686cee12531dce0c885e40d0148b2
SHA25626c0f314c363a0b1b75af6c4601652451efe20ec6b08b6067ea08e4e18d408d1
SHA51291f03104f02ef3361cb90e393921ec3f5d30ea65c91e50c0cc04c22feff89ef0b548142bb21c65b637acb0989534a4124f70391e43268efb766f8607bbd538df
-
/data/data/com.xgbuy.xg/databases/xinggou-journalFilesize
8KB
MD5b6f1cdd8c5c6fe2e33f4cd80869f8c79
SHA18f6b28259df727c34fd35673cfb50a871a3d0e72
SHA256ba63c9cc85973c96ad8adf6bb4393f05a89a14f1c6c2520afb200c7c275d7a10
SHA512cac395dce6890948a02453fbaa8086d20584144945fe1bba97d700ee040725f37d2be283519ce7b1546f38638b97dda614ea10efbecff0ab0d2f95bb5b95763b
-
/data/data/com.xgbuy.xg/databases/xinggou-journalFilesize
8KB
MD5450f4bd41cafa12c44db43c1c37cab92
SHA1a2d0470da5d3916f9ec9c35c9e02005625e75130
SHA256f02783e7f3e0d7e0cb91875e880c8826ee06825f73401e364b36936fc88de3df
SHA512baba07283a52d1170447bbe93cec896f332a5974acf856b670079a0166eb78318422535cb2ec463fcbdf72deac1b3b48215aba406a0020d77c07ff4ef82d408e
-
/data/data/com.xgbuy.xg/databases/xinggou-journalFilesize
8KB
MD53d947397ae9f7bd96dd62362a4a77a14
SHA1d61d3be225b36296db4c3ab65adca279ec2ec09b
SHA25697df9f1c5c600f91046a45bfbb6938846380defdbb4782a39e3a093b0312e6f4
SHA51217c4745fc91b8a9e393eaf2936f2a579a36edc4d2b15831bf0f0834f2a584f47748d6a261472db9f7f94cd152c167a2905508a3cd8814fce7ea0ca848113fb42
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.acFilesize
32B
MD51264f30db5bc978090c891fc9ba97820
SHA122a1664ca5bac8af36bdaf8e4098c02c7fc9c1fc
SHA2566383110e70c2cf20a67539bbf759d99229ac2dcd214cae6a3c5de840497bab2c
SHA512f3ec53223344ea4763479b39ae62a3dde4b83e0db05d4707c9e2c914725943063706c6c53e6fc043ee13640ac98242775c901b84ec76eb3edf11615bd0084488
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.diFilesize
340B
MD5dc8d122b0f3b9c4c72672774c41edf05
SHA143277f24bc764ee5dcd107b148c92d9534147cac
SHA25686e83b6a214b56ba59ed304e3134ac960b69bdf0b0acccc53b7278431753de21
SHA5124318cda00315eb5911087678b4d974a400dd304f6dfd1ce46a0dc4565beb2ca0958832ab28a7518918dcd702bfb1998a270fd6073dc5c986d19610de30a6a3e1
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.icFilesize
32B
MD59afbf0dc0b4a4fd0a874cfec2c55461a
SHA1a42766499eef11be1120ff87588b7f715c1b2a7f
SHA25675c6a927b6cffe50b1a48e8aff766f5d543dec5aec8010b835ab4c4d8dd3da37
SHA512863cdc25dd26bc2db5a80480a5d5bd16965ce02afc94f732f31c24bdcd3daaae24d41504f0eefead9a8ecc402aa2e798ce100e8a225b13b38b05aa433456185d
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.rdFilesize
32B
MD5dc2e848be2824acf32cff8ee979e58cf
SHA1de0d519b548d2290385fe035f031fd2c4a61a0eb
SHA25677b8a926e64d8810db71b3d51f4cf37b68037d0d91e5ea2940872775e8442a23
SHA51252d2e8441548718e5a13c0521a46b15ee7d6b93039edd4f3033852240a63bb4361e238b6c7020725eddfad0199ccfdb7496f8e47a3ef6116e5d0bf067f5b46c9
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.riFilesize
314B
MD5fa75fc692e80bc473eac07787487c700
SHA1e401995f7f22571f88e6f512182e176d93f44ff6
SHA256f816b85c704cee1f30c22d7ecce067c28a698bf5ce0a19b606b8dfc9516621c9
SHA512d35dbd05aeab5bdf93ac13aa2f7d58b8037b617405f6671fc1512a97fab53810831a6ccdd5a4623381ea5dac799092899f96fc4e0d8f9e92e65b39e5f2c868b1
-
/data/data/com.xgbuy.xg/files/.jiagu.lockFilesize
27B
MD53e252ca29f823b45ba82ce3e36d1f3c3
SHA1e8fc00e34763bf0769095b24dc587e0c8a6aba85
SHA25651c51eb00456d29ceb84fd0b58391c979602b1e7340a940aa964745151dc040b
SHA512eef3bf84a8ceda7fce8a5605d774585d676688eea60dae63bcbe0bc05701351b7a030af7fcd83aeb8c789183b4a03155571b912b854393d0f84c23908c6ed0e8
-
/data/data/com.xgbuy.xg/files/jpush_stat_history_pushcore/normal/nowrap/aac1a029-8c71-4bff-8c9c-a95bfa6c060cFilesize
187B
MD525cee9df6e8713080ff620fb24e5dc5f
SHA1ef22a6ba3348910d754d1aa97cb2d8a06a7e1263
SHA256d50c222d96afea9f84cb61674868b61e7fd02f6c7bf880d8525914c1c53ffc0f
SHA51261a900dfbe6ebc4f652570ff8b642cf494cd30499a115a557777667770aeb7fbbaaa0a614769615a4398102a3e43b7baff788767c9cd8fe3fb1c6bcb73b0f73b
-
/data/user/0/com.xgbuy.xg/[email protected]Filesize
6.6MB
MD5af40ddebf367d3418c410ba2bbdb34a6
SHA19a5c0f557da523fb37d3ea9f1dad84e45b78b8ab
SHA256fd4c1d3b24b0138f6f355235f35815ff43de7e73e5029854ac0581f6d5b4cb45
SHA5126ca004321a8ef7f6a08b5be12833971bf017ff58c753ebe73d682abcf5633f084b9b1f5c3453432894f8ce8c9b306963b345cc0d6503450667d9ef66d3ac0ae7
-
/data/user/0/com.xgbuy.xg/[email protected]!classes2.dexFilesize
6.5MB
MD556a56032a56816197231ccd2c1447841
SHA142b24c7723619c5bbfff5625ee1f4ff7a9afb34a
SHA256920b1975141f98268ddde30a18db00a3c92776c8472763640b06009b90ccf039
SHA512f47a2ee1f15a58887d5158bf141277a7d6488fcd31a9c85ca0d6706a4252433b812e8a49e956fba313393ac55333bee777394d300e136d489a484f5e883e3165
-
/data/user/0/com.xgbuy.xg/[email protected]!classes3.dexFilesize
2.1MB
MD563eb01b23dce33b6abd34b5693031ca8
SHA1870abc96ae069aa034b1b647244af5465a881ddf
SHA2563798ad86a5974af83d89bc71f1737c1747ca4561beb07f74a214675efab02629
SHA512eac344e6167fc50acfca60a177bccf404cd0eb595b0b3e948f88af21ac3d7c14a49d0d7162bc5ef529b9107132c8ac3d0242186ac1b0ac231acc31e8f969311a
-
/storage/emulated/0/360/.deviceIdFilesize
48B
MD54c4c5285293d5141f582aefa4e038669
SHA1e01852a72e5a8e6f7d63a21426b515118196047b
SHA25636c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399
-
/storage/emulated/0/360/.iddataFilesize
32B
MD5b41b57ba3d1d291c624d1197a6d4c0b9
SHA13694858f9181aab9f3e80bad7c93d8fe5c77c034
SHA256405fc4ee796121fc004955de4e6f8a1f9d756566a34d7e29342d187e88579408
SHA512301424392477ca91d693df78248f5e5e9a40eb1d1cf621ac07d47440826ccd4d68fccd11aa7b57735ee1c883dde4896063fb0fda2eeaf9bf0bae47d66d9bff67
-
/storage/emulated/0/Mob/.slwFilesize
66B
MD519402718bfb1c685a726b4e1d846ad98
SHA102a7e30044a67085f2f1da24e16e4ecfede65b72
SHA256079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0
SHA51225254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD534e05aba7b949ec5bcb0815e3d346458
SHA197a15e1b871b591d22908a1ec93f0c0536da5124
SHA256f00770610c93a61421aaa41c76a9e5fd4f490bf227a7fe2301f9d15f2b6538b2
SHA512f4e5d4a4ce75e0b715f8e29d2b5f87140e41bd7202ad9546a7e62d9ffc4e21b36dab3afc11c14040119bf115826502793bab15b2b2d37ba5d83f6e9df3733a9d