6195fd96c37649ad45891e927eeb550698d0aa1cd59958109bfbf29d6fb26dca

Analysis

max time kernel
84s
max time network
186s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

670772656ba6f0599f8b55ab6906465a_JaffaCakes118.apk
Size

15.1MB
MD5

670772656ba6f0599f8b55ab6906465a
SHA1

fa1ddc4f94895fef328266ce428e9e7227fcc1ee
SHA256

6195fd96c37649ad45891e927eeb550698d0aa1cd59958109bfbf29d6fb26dca
SHA512

b96d27bd2f38f714811436df1a97b4a0ce3eb57aa20806507aebf8e3a6d559bad98b8df383359f1a70d4b5fa2576b786471ea8472d41d2f96f76d9fcb7d98a5c
SSDEEP

393216:3nJiN6wG3PYRIywrElnKbshM6KXZTrcmlUkR/64CaasJwImES0:XJigrQKywwln6sy6KxrL1QajwzES0

Score

7^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.jiaoyu365

description ioc process

File opened for read /proc/cpuinfo com.jiaoyu365

description	ioc	process
File opened for read	/proc/cpuinfo	com.jiaoyu365

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.jiaoyu365com.jiaoyu365:channel

ioc	pid	process
/data/user/0/com.jiaoyu365/[email protected]	5105	com.jiaoyu365
/data/user/0/com.jiaoyu365/[email protected]!classes2.dex	5105	com.jiaoyu365
/data/user/0/com.jiaoyu365/[email protected]	5404	com.jiaoyu365:channel
/data/user/0/com.jiaoyu365/[email protected]!classes2.dex	5404	com.jiaoyu365:channel

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.jiaoyu365com.jiaoyu365:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jiaoyu365
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jiaoyu365:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.jiaoyu365

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.jiaoyu365

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jiaoyu365

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.jiaoyu365com.jiaoyu365:channel

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.jiaoyu365
Framework service call	android.app.IActivityManager.registerReceiver	com.jiaoyu365:channel

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.jiaoyu365com.jiaoyu365:channel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jiaoyu365
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jiaoyu365:channel

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.jiaoyu365:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.jiaoyu365:channel
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.jiaoyu365:channel

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.jiaoyu365:channel

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.jiaoyu365:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.jiaoyu365:channel

com.jiaoyu365
1⤵
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5105

com.jiaoyu365:channel
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5404

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jiaoyu365/.jiagu/libjiagu.so
Filesize
485KB

MD5
4fbf8fbd1b55db3930771d862b71b693

SHA1
2e47a482fe3a9b23f86a45b9156ad7e941a4c52c

SHA256
b1f08e952ff37ea12e2d40e11f74cc02c441950e81ed68a600f7fc7c75d88536

SHA512
418a2d6e0f34fedb86024d2d7c60e05a667db5c5b4db7eed648aa8d44e7abf04901ecf07d1c2b0c4b5c9d02638736210a8a439344fb0e369c0e3060443b8cd4a

Download Submit
/data/data/com.jiaoyu365/app_crashrecord/1002
Filesize
223B

MD5
61325c994151f3cfa883de307ab9ddd3

SHA1
bcbf3c20a21137d493d41ae73ee72c261e69c4ba

SHA256
1daa1a2207e50d868f796268f952251b90ca8dea05a66e5b4aedeac21ac7bf36

SHA512
79e4891a0a60aa159461bb4df523f89e67b860e0b7c488c92b184d269d0499c979e49f9c78b2c2736aedff92f805f7a434966505d9b62422a970c65c218e5ba3

Download Submit
/data/data/com.jiaoyu365/app_crashrecord/1004
Filesize
8KB

MD5
ac16f04fb9f5474ef994693d38e98dfb

SHA1
36559b84a3086060e5b8fb3c7506813fd6f7dc6a

SHA256
bc8793710f10bc371e680dfbaab79ec589300a33298d51160e1d74260fe57569

SHA512
5bb1b7606f62585a66b4ab3ded494f2a63295d062bdd102cfc65a292b2fd7d446f2a13fe7d338ca29ff8566cb9e46ae5b85dbd535149538584bb6eb248039384

Download Submit
/data/data/com.jiaoyu365/databases/MessageStore.db
Filesize
36KB

MD5
6457df83d7f417fd3ad44205adea0922

SHA1
dc05449290ced974d82c843a52d7579942007576

SHA256
520bf66ab0f3d0eb3de232b8889e5a461437557dd3e2ccf2e5da2332976313cd

SHA512
ecf4f332b91c448812e87975f57166996f06dd573c13fa4ad900246b91343bb4416c4e236acf39ce0bb52cc68041881893a032c73c316e5d2364894583f50955

Download Submit
/data/data/com.jiaoyu365/databases/MessageStore.db-journal
Filesize
512B

MD5
66447e8c58139d7705f8eb2202d13089

SHA1
69886e12c4d6af8aff3ba8dc0770159083b1077e

SHA256
91ef4840d33dd493a098cd8bb61be2e5a85f3ab3ecf1f399fb6c18a9330a62f8

SHA512
334339f9e14fdbb7191df4e14ccf60c4b72373f845caa285deb6ec18e31f9376be9160de90f9338c5d88158652d7c6b4e09b5ca6535793e4bfa500e2641372e1

Download Submit
/data/data/com.jiaoyu365/databases/MessageStore.db-journal
Filesize
8KB

MD5
2820423c7314356e609d3fbc763462cb

SHA1
f8a2dee492820ccbcbbbd2ebdf3c07f89ff76adf

SHA256
b0c0499d54ee029f790ac00ef40dd14e1f3ace99ed58c8bebf94f5eca701caac

SHA512
450640aa60efc98796c9d5d0f297adf4908fe57d18a08527ceeb7bd92637b8a837a43bc26fcc71b5a277559854cc820c96f4ce420e4d78599fe12f2d68552ecd

Download Submit
/data/data/com.jiaoyu365/databases/MessageStore.db-journal
Filesize
8KB

MD5
336f6b45994b440c8b008c397ab443e6

SHA1
6c9f5dbff874ea93c9f1ffd8c06ab7164dee2229

SHA256
e056a07b07c0fdfa8c31ebc97e273c553cc457a6c16385927847bfaa86365df5

SHA512
f920e60e2ebf4bfad792fc10a625cb0f80f1ec12f77bb37d471003b76a1c793242021f5859e7c94626db973765fdab604e7ba1094d9c3eea3eb0e15cc9a4bf71

Download Submit
/data/data/com.jiaoyu365/databases/MsgLogStore.db
Filesize
56KB

MD5
9cec591e3ef91ae568f4cb6e7c2a8745

SHA1
ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7

SHA256
05be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c

SHA512
f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51

Download Submit
/data/data/com.jiaoyu365/databases/MsgLogStore.db-journal
Filesize
512B

MD5
c90f77448a48b6f20024215edbb09d4c

SHA1
8f08a6d4c45c5ec9a6a24ec2353b041373b6e3cb

SHA256
ef7ebefcf2bb9576f6864bab90d980d70e01594330b5a9877954bb0f1c2a1140

SHA512
e49202167960797273cd114ab624806dc953f834626dc6ef37891fcc8b31af3b0350ff3e3d9375c383f2953a410418351d97c4717f5a1e532e2ab91bc1e7e294

Download Submit
/data/data/com.jiaoyu365/databases/MsgLogStore.db-journal
Filesize
8KB

MD5
43b9a9c2d8e8972ca7971030d613f1fc

SHA1
1dea57700196cfc7a75c899dc408d29014a72328

SHA256
9aa91ab87267594d56e7c651af83db3c0387d24623f9a2a01d0f760b53b348bc

SHA512
0730feedb8e329fbefa9942d849cdce128ea210482f8d788aedb291ccbf9923fc2aeb957f1ba222cdaf9ccd62c26473cd1edfcbd07a98ce715e2f8949cde2a73

Download Submit
/data/data/com.jiaoyu365/databases/MsgLogStore.db-journal
Filesize
36KB

MD5
50f3d63f4b9241e212be8ec20bf3e374

SHA1
10353f506f0aa9dfab398275482eb42da167232a

SHA256
be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653

SHA512
dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c

Download Submit
/data/data/com.jiaoyu365/databases/bugly_db_
Filesize
52KB

MD5
f6993c8a2625fd5bb1ffa309eac0a8db

SHA1
3e3f668efb1f615d00719c61a12c20c123e72068

SHA256
6c2a7dac617213620828911fca40fcca0735ec69651ca77163818d593aff9e01

SHA512
34cbe5b5ee9a7d3830db3f46c8475743e051e599398a6174dacffb1f597ffeea28873dc2cc61f7b2f15451dc7ec08e62a12bdfc69ad7a636b8663adc9cc2ce43

Download Submit
/data/data/com.jiaoyu365/databases/bugly_db_-journal
Filesize
512B

MD5
5e1b0bbc4e78f254af64a8137e0dc68d

SHA1
71e7b683e36f239cf532d1c452e9084d74134fe1

SHA256
e5abe7415f220b56db5c3faad5b912e6287aa0ccd76f87d39926cc5c9cb00a57

SHA512
e559427c72b14bebdbf909505cd79ccd0e903643236f53586b91e3a35b7bc03cf3f85cc6654d290fd15733f97a9e4af9a8b0729373b2a52c91a8615546af81a2

Download Submit
/data/data/com.jiaoyu365/databases/bugly_db_-journal
Filesize
8KB

MD5
f0f2c37c3a3068d289e31ddb9e659caf

SHA1
ff4634267e87be5d43a58a52533dff15797652f6

SHA256
cfb816458196f03c76fd4f7232074a83860d7e1869e85b590e853ce530ac241f

SHA512
bfc6b86b81ad31459a66127d4b634082e9e600fb58bef817e3a997a78e4b94aaad171c7ae93ba7dd0486e3ded358532cef1a0aa372cd0ad0e33bd3e61ee9a0ce

Download Submit
/data/data/com.jiaoyu365/databases/bugly_db_-journal
Filesize
8KB

MD5
d610e30c240b898ded749067f32adc58

SHA1
798143f34dc3546b30d0fde02fa08b923d3dab74

SHA256
78da2ecda72ee09e9b31634b882ec6f83300d5ce92e060d38b42f3ea851a2f06

SHA512
0ac274af5a30c483f718900cd78b48245a93fc1d1bd30b4afae3566698842c87ab28a5a42a038f20cc2e4049e37904bad9460267dd8a341806ff72170265ca97

Download Submit
/data/data/com.jiaoyu365/databases/bugly_db_-journal
Filesize
8KB

MD5
1b391f2ecea7c76ff61d691666d25f51

SHA1
2850e478a8ab0881d9167e8afca02ab49152e2a9

SHA256
24f8ad5bebd4c01cc021d8717eec3f158ce67fa649eca987695ec1a253762762

SHA512
17e6394a22ce8306312fcb877b6d90eb851b9a2fe49e5513364dce783c06374140acdb3de6c01c5841dc831f07f5c61fd0b6fcb3f772aa9c458510ff8df4e7dd

Download Submit
/data/data/com.jiaoyu365/databases/message_accs_db-journal
Filesize
8KB

MD5
6f4fc206c6d7d1dc5858b5ea1192215c

SHA1
a6f5d4b3727470453f19d488e87ed7618bfdce57

SHA256
134a972f6fabd9e178e8bcc192881ff6a5b6ac5ac0a0d938f8641428d3622000

SHA512
c5aea2eaa3e96a19ebe90598d4f41e930ea7cf6c647935c50ddd70e9630688427b29319d5c3897c8586fb8f5b1b9510fdb03803f962c5896b8b1994471fcb486

Download Submit
/data/data/com.jiaoyu365/files/.jglogs/.jg.ac
Filesize
32B

MD5
b351881b55d1840bf66b8c17cfac51b9

SHA1
7667d09f2fbdd66416133be7738cea09f03c0dc8

SHA256
faeaa27a89eea0b96822d1b841da970a2a36072a4e1cb6d83c9f444486e14051

SHA512
3ab7d525854f77106482a91489214db5eebb0a2e2a50c170f4940e387a89c9a2a83805495a11a73b0e14006244ec10ce5fe221535990b3117883392817056d32

Download Submit
/data/data/com.jiaoyu365/files/.jglogs/.jg.di
Filesize
340B

MD5
d4154086128cf3e6a38e6986eb0618bf

SHA1
d39f2b3074eff041ea0b2dc0ef8d471e50c6f3fd

SHA256
ac941ea4a05f61d6d91a3de9bacd27e128ab05e83928f343a9ae209cdaaf0b60

SHA512
7c5c95eb7a03b361b9cb6aae499f45a4b41aacc451197adccf467713150e8fa9de1f7ae342ae5ff5eb63c513d9a259f81d8815cba559baa711e8bf4f4a4dfa5d

Download Submit
/data/data/com.jiaoyu365/files/.jglogs/.jg.ic
Filesize
8KB

MD5
26d74c4c42115fe72de4482736cadcfa

SHA1
7a02a1f701688ce7cbcb6322ff62cfbe64875605

SHA256
5ff9f91449055274bbe74c4e3c1a97f8597c4d069fb1926ae73460e7770e27ac

SHA512
46970b34f9f6b9c35bba6662799fedbba2571dc756b611bd046df12cd5268a3b425d59d1cd639ce432a21fc96e7f7e52b38041489d60950b13e39332d8e01375

Download Submit
/data/data/com.jiaoyu365/files/.jglogs/.jg.rd
Filesize
32B

MD5
a4b72a1ffd5ce280828b22a607338e33

SHA1
6ca8eb69712251b4239490fb351c27ec4cfb7de0

SHA256
0e8f5a59b962341cfc68077c376549adedb3c8b14e2103450c9403d7f77f8cd6

SHA512
b705f1f96fcc383a7948a7f4baabcb21810a55614264b39db78281dcf91b1b733fd5f2378068773312ee88ac9fd18be4d4b78988d4235f9794398219a0297cfd

Download Submit
/data/data/com.jiaoyu365/files/.jglogs/.jg.ri
Filesize
314B

MD5
924986ac0cb44318ad3bcf20c35c2d78

SHA1
d2d3d605240d0d866a31898525427bfacf09e3f1

SHA256
cf9b9e2df3e33d8fa41c555e7a48d431b42462fb4e23fb197801e80a3675b2b7

SHA512
fe9b152ce0f42db19dcd94b47f7c06945cd5d5b1e856dd0f762cb81e041c35abebb5179088de2ffed7c8ecbf2500fc61a341bb8b71e1b24997b85ded0446f93b

Download Submit
/data/data/com.jiaoyu365/files/.jiagu.lock
Filesize
16KB

MD5
d56f5f0e1048e6229d5b0bd987c7675d

SHA1
2189c6a32977c3e6ef8d25535be0be51e57491df

SHA256
e6db638474dea0aa19a5a471740e4be32afd428c316d6f991c7af2895a14641b

SHA512
041f4bac52ff95fea59d1078980604fc856090b33226fd7a36bb4eb285bd290fe5e63d9e6476e5b37775d7a8799db8e95c062c405fee963bbba0b5b7e7ad13c8

Download Submit
/data/user/0/com.jiaoyu365/[email protected]
Filesize
6.4MB

MD5
f9d922368aa3b34aa8f433f2880684e5

SHA1
5f300228ed0e54965c3745afd046ff40b812692b

SHA256
96d39f052bd44e78746d364f935be20b45dc18ff7f95dc234dab3f40afed12ec

SHA512
1850958f0f30953df8c58304dd567083fd842a205291361c570a6a6059200e365ffc8d1084bbd3be9acdb19f71491971ad7fe74dbffabc95f867856ee25c1a01

Download Submit
/data/user/0/com.jiaoyu365/[email protected]!classes2.dex
Filesize
3.6MB

MD5
f3e528280a8778514f89562d988e5d24

SHA1
109cdb07255d1f5b52fb0313a40fd6fc6f8b9109

SHA256
880f086ca8d2f831f756bde68d58b9b71307180b0c660a13f7caca0c9da05981

SHA512
955f23f68332aff7080ddbd7d0338fedbbacbcdba843a011b4d5501a12162d77f2830f294481629e8048eb464dddf8c9f27948531aaad86a254aa53e11af4d6a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
b9c3d0aea68cfd9813551db32d09b289

SHA1
d43b7f95a90e3120e716c66a0f71a6e22317275c

SHA256
8699478fc58f37029abbd41a1b9f4894c8e839bdc90c1d9d3db77fc93e52d6ed

SHA512
5eba0adc69dcfe2ca26dc31f6c8a897309ffc7c76f3a17b365d26c8bd0a2edb2fbd734885574947a90b2b1fbe27e136529962ad0a518ef1043e8d08786ce439b

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
231B

MD5
d9a59b70b1d9ad6fe1b18aa23b368f6c

SHA1
35f86e6e9d9f185dcbf99a79899ea982c97da373

SHA256
3ce2c036886b311154070cc250b91e04e774984733213bd878eaa2efb17f5314

SHA512
8b590abf7f1216fe5910e3d883cd18d6a2f80c1eb2d84f6a76141a0811385a3a56692d341e15107b306121c36c26033d801f029e480e7fd3464efdeac27ea0c1

Download Submit
/storage/emulated/0/360/.iddata
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/storage/emulated/0/Android/data/com.jiaoyu365/cache/uil-images/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit