65938115a412e5219947213e46d7c5041de53df60a13060905684eeb559dbf4c

Analysis

max time kernel
34s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6774fd366e2d34fe6fbd9fca1da6aafa_JaffaCakes118.apk
Size

13.2MB
MD5

6774fd366e2d34fe6fbd9fca1da6aafa
SHA1

6b753ce3723ec4a36cb9656ee518552d14fec802
SHA256

65938115a412e5219947213e46d7c5041de53df60a13060905684eeb559dbf4c
SHA512

2bf8a7820b103ad96fd53d7e31c3938175afdd63c500f8c16b45580bc5f7f74c400d2849e6d27cb98bf38042850cf502167fa41ffd289ca15616b7940d219675
SSDEEP

393216:8NvfCH+/pV9aRKoZC7Xl23CVP/xhuRx5kw:8xCGVcIoZC71ECV3Md

Score

6^/10

discovery impact

Malware Config

Signatures

Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.tidemedia.bozhou

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tidemedia.bozhou
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.tidemedia.bozhou

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.tidemedia.bozhou

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tidemedia.bozhou

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.tidemedia.bozhou

com.tidemedia.bozhou
1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4296

chmod 755 /data/user/0/com.tidemedia.bozhou/.jiagu/libjiagu.so
2⤵
PID:4326

chmod 755 /data/user/0/com.tidemedia.bozhou/.jiagu/libjiagu.so
2⤵
PID:4490

/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.tidemedia.bozhou/.jiagu/classes.dex --dex-file=/data/data/com.tidemedia.bozhou/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.tidemedia.bozhou/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
2⤵
PID:4511

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tidemedia.bozhou/.jiagu/classes.dex
Filesize
4.0MB

MD5
28eceab34e76ff07e1274950cba169de

SHA1
994273997986276833e07bf93d4c775cab537cfc

SHA256
e27c6d120c3ff72c6c51795328fc1e2966a9567e7208128dc60282ffc03ccf68

SHA512
eda1fc4a35263a68bdaf1f3622b867f3c670866873225453fb5b124cd594d9e691ea919b7af045b7c9e084a8aa6ffee33423becbd4b0295fa44e45dd4569edc5

Download Submit
/data/data/com.tidemedia.bozhou/.jiagu/libjiagu.so
Filesize
363KB

MD5
6c9d83b90aa9c9f904d22eb9b16f8f95

SHA1
4d5e0ce3c55a22475b58a982d67ab9aa84384c40

SHA256
2432ac0b864b33cd599129578c42c43811461dbcb83e2a21301ccb8d0810c5e7

SHA512
07d16f67cefc986c0d6974e3bbc38d95b5b184520ec8f3c9ae59a2f0e76213d359b35dc507d482322d2c045ee75183def8e3d7659ff5fa78f6afff931084e90b

Download Submit