Overview

overview

8

Static

static

6

676d2afcc9...18.apk

android-9-x86

8

676d2afcc9...18.apk

android-11-x64

1

Analysis

  • max time kernel
    54s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    22-05-2024 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    676d2afcc96e0c7576d36e71dd850aa9_JaffaCakes118.apk

  • Size

    5.9MB

  • MD5

    676d2afcc96e0c7576d36e71dd850aa9

  • SHA1

    59bf286bfa92bfb028f6a5705cbed9eda558bcc2

  • SHA256

    ec195c6b415ce535c92a704b47dbc0a26ed7a6bf6bc7980edbc1573092dc74c1

  • SHA512

    302a5f28c71b69948421ab89617c6fb0517cf67a227e4bb67823af272d876afa1b5472ac5a49c5a2d982f5add1ad3bfcf5b8bec685167d8bd1ba87957cc98f39

  • SSDEEP

    98304:xMP5sNM0K8kJcdN4n4CCA4WOjw66L6eWwFVMp2ugyZsPBcyzmglhiC8g:uPcMPBu3xA4fjw66ZlFaIf2Fglhf9

Score
8/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 4 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 7 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.project.od
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4256
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.project.od/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.project.od/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4318
    • sh -c ps
      2⤵
        PID:4442
      • ps
        2⤵
          PID:4442
      • com.project.od:pushcore
        1⤵
        • Loads dropped Dex/Jar
        • Queries information about running processes on the device
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks if the internet connection is available
        PID:4359

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.project.od/.jiagu/classes.dex
        Filesize

        4.1MB

        MD5

        18aafb68593a6bdf9704c40e6cfbc367

        SHA1

        2ae38c7b37d021fd037fa7c59141f15fff45c0ee

        SHA256

        0ec8a785f0d89b81fec73d6b78554211a2a613735d4f6290ae7b3956b0493500

        SHA512

        4fccee56362fea2d1f11a48fd791da9b1e9a597ef18793dd8810e155876fa3c490f483394c237882bb6257df8caf09740c67e50e5960227a58435d21dc45fd21

        Download Submit
      • /data/data/com.project.od/.jiagu/libjiagu.so
        Filesize

        496KB

        MD5

        0be54d2d5fa1fbbe2969b0e1ab052a16

        SHA1

        327662d1f5f6625ebcc867427680c0592195179e

        SHA256

        737fe51ea6b3570ca3687670edd6026b2e889bbaa0dffdf0a2e1b167b3680c22

        SHA512

        db6c195d9fd6657a7e65caf5dfd5ab33fc076d9d2bd919b8590e7b0178f3ec9ecfb6c00d0df1d2c172a32641a3bb019374a393d62e5d678804e7757ec1c30453

        Download Submit
      • /data/data/com.project.od/.jiagu/tmp.dex
        Filesize

        284B

        MD5

        f1771b68f5f9b168b79ff59ae2daabe4

        SHA1

        0df6a835559f5c99670214a12700e7d8c28e5a42

        SHA256

        9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

        SHA512

        dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

        Download Submit
      • /data/data/com.project.od/files/.jglogs/.jg.ac
        Filesize

        40B

        MD5

        fad45e7f84892fed49cc0bda41257f8c

        SHA1

        bf36c2d362f6a50b0df0909de7dc8357988556bf

        SHA256

        8440cac75b67b323617e1f94b2700e36013de381bd6b5da7cce0fae11356f410

        SHA512

        4199265278677a41d19da2815860b9ee966f00356e85200611c657b12c754c8d674363ab0c072cd8f19e74898a93bbd07b348daf79665dc3d709114949c1438a

        Download Submit
      • /data/data/com.project.od/files/.jglogs/.jg.ac
        Filesize

        40B

        MD5

        aa6c9203f36fcb74c0c0779d23f36481

        SHA1

        392c3f80da8cc52a3ee74ca9cae0f1dafc5f6336

        SHA256

        99baa566d22040bf32233379b2cdfdc777f3b979eb6cfc1cbec29fbc72feabb7

        SHA512

        760cc21a4b29623ef597a3014e466f28f70e9252293382d3e99cc892c05430d6e8d01fa7809ce49b44d38745084ffa2e5471be2d1b6e4d84ca4f526150f4356b

        Download Submit
      • /data/data/com.project.od/files/.jglogs/.jg.di
        Filesize

        340B

        MD5

        62e692db9cc6fb82f6301dbd4c918adf

        SHA1

        d3bd29914f662db56dbd01c1812e2103bfeed3a5

        SHA256

        7804d6f1277393601c8a6b060a1769e4220ab9a97fdbf969d7b2ba47fc2f97e3

        SHA512

        40c96659dbbf12434f2d636927b004c2c4d8616367ac8f87c9cdf8adf2e5de804d4680f74230c3187a8fe7c55c73dc33b4373de1edd33c6be4b32ed21bbb64f3

        Download Submit
      • /data/data/com.project.od/files/.jglogs/.jg.di
        Filesize

        340B

        MD5

        22947c96dca9eafcd5b770f191118620

        SHA1

        f988c73c4406df04b7f97f4cc89c3c78ae8798f1

        SHA256

        cc8707b64ac92a72e13f2a179e6e55503f6b31f1219e9ee22630a6e15bab2b2b

        SHA512

        591c704af1df1d2f312a1823d71b5bea0e7c2312b2bb79b722d291d93454b6dfbff9963ae28dcbc4cbaed78305cf6f3144fe8fe2f409be0f63ebc87098b61513

        Download Submit
      • /data/data/com.project.od/files/.jglogs/.jg.ic
        Filesize

        40B

        MD5

        f90287e43e53aee363b37b977b8f2726

        SHA1

        0b5dfd7af8169651ae77755801a004fb37e62e2d

        SHA256

        5a0718e9e0b42a16de2ee6ddf17233573f657ddc4c92c8da0b752508d5f15db5

        SHA512

        74e1e6add23db959347f09effb438deffc1d5c8c2cf837223f48aaaecd39e64de9786cce7ea882a0b1cf91a38c6a39f5a8445f08cd1d538a43ab62b1587298c3

        Download Submit
      • /data/data/com.project.od/files/.jglogs/.jg.rd
        Filesize

        73B

        MD5

        41402e6df416836c9952cadb6511de0e

        SHA1

        310e44e32fd4907bb278970c7fd32dbfb95525ad

        SHA256

        75cd2ca151c4793615f96c8a692b2209149bd0bc9e41c8947cb9a89891138f9b

        SHA512

        fe62b82ea57c2e84546c5d31e8f7f8428d1f3d6d7c3665c5d052dd4e65125394a929a67836b8cae1fcb6c49e40fccd665052691b7504d5d2b2a922e1f7ece200

        Download Submit
      • /data/data/com.project.od/files/.jglogs/.jg.ri
        Filesize

        314B

        MD5

        089279ab6d7c843ee7ccaca552dc15f7

        SHA1

        03df4e3839a0e90c978a4c31ab4ea331467c5852

        SHA256

        4dac730d3f4e1081db2a4ec2ffc3f1fc54a05702f66b16e8aa834daa36ef2414

        SHA512

        02c19798b4a4dd1d0177d74824a5f59d03b9b6daa4b2ce27e651e8786eea4fed6816abb9923929066c618d14c4b5b42491ed49611a3c5bfb0333e5ad6bc6ca57

        Download Submit
      • /data/data/com.project.od/files/.jiagu.lock
        Filesize

        27B

        MD5

        a8c5c93425098a6c7b25180a21ba0f32

        SHA1

        9262fffa2e15855750649de6b554b65b1e4afb64

        SHA256

        6f5d3dde2a313859ad68cdd2706add7baca377f6799b3084a8aacbfe5729a9f5

        SHA512

        d0675dbf81200813944992f0cdf0f6a68aba1de4ce8e3191a3c6232dd5c98496ea976536700a38cc0d8c687119820a46e275f04f3fc773afe8241d7ca21ac12e

        Download Submit
      • /data/data/com.project.od/files/jpush_stat_history/active_user/nowrap/627850f8-953e-410c-bad6-e41bdc6c869d
        Filesize

        159B

        MD5

        3a9aaad8e9fed57669420e1ef39756c4

        SHA1

        74fa5d5ddf797e71e130c26b4069cc79d973b93f

        SHA256

        f6f22712403afed3cf2736348073c3ce2161811b018340c72324c0c32b9cb0f4

        SHA512

        1b73086975c55a8806042a3872b55d157280db89ff8574a9a920fd5f82d087da389a0e63c85738761cae1833f2f5c90bcf987203f5254529c1e8a44fdbe0dd5d

        Download Submit
      • /storage/emulated/0/360/.deviceId
        Filesize

        48B

        MD5

        1d8d16c4e3b19ebf18988530d9b9a757

        SHA1

        bc94c1cce05cd848a53271ecb9c5311e27ffebf5

        SHA256

        abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

        SHA512

        4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

        Download Submit
      • /storage/emulated/0/360/.iddata
        Filesize

        32B

        MD5

        3a4ef6686574e8e3475df8baab0d49f3

        SHA1

        f49b4008c604d573192a173a9145afdbadd725c2

        SHA256

        086b34ea01d8c5ba55ea149551d57c78c19baf17142a03dfbe2f5cf3b5ec0da4

        SHA512

        98af2fc6af11fca67a414a21fa21cbe2a7b1ec1aeef4c1bb1cd5bad1ab54a4dd756c168f60717306850699c446aa86ee97e8603a081631662cdbbb549ffb5ca3

        Download Submit
      • /storage/emulated/0/data/.push_deviceid
        Filesize

        32B

        MD5

        49318fdd4858fb6323362f04c772f5d3

        SHA1

        3b42262ee6474b7d85ed697ae30b058828c5499e

        SHA256

        964aceacbb1d3e6e27331fc0361a5a841a8a053a22f986fdd8f615ec73d47249

        SHA512

        cbc1666083be00c49b6aba35617a6d047555225aaa62628885450efd7afd11b3eb37297c7f038d7157f115fdaf53acccfadc08493ef9a94b1f7c4902c9903fc8

        Download Submit