2660a12e02d535d2c3a8c119f7f6131ebe19ccf6ecf771b4a870eeb306a6088b

Analysis

max time kernel
12s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67c5c456a19ef4ef94edf666ddcc3c91_JaffaCakes118.apk
Size

16.6MB
MD5

67c5c456a19ef4ef94edf666ddcc3c91
SHA1

9180c1a88fc45e968829c77a859483677a97fc94
SHA256

2660a12e02d535d2c3a8c119f7f6131ebe19ccf6ecf771b4a870eeb306a6088b
SHA512

40b2b935c62b4ca9b5b2b1742def4633bc7077b15f2773a81fa8d38c5516fabdb47f5c6f48b179cc4127c37c2f11f69be9897ac82122873c55d5db09c538b4cd
SSDEEP

393216:334RTvYoXOoWJSIFqorjyVL8VuK9LwjeqzG:33qTvYoKvPt9ZH

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.xgbuy.xg

ioc	pid	process
/data/user/0/com.xgbuy.xg/[email protected]	5121	com.xgbuy.xg
/data/user/0/com.xgbuy.xg/[email protected]!classes2.dex	5121	com.xgbuy.xg
/data/user/0/com.xgbuy.xg/[email protected]!classes3.dex	5121	com.xgbuy.xg

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.xgbuy.xg

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xgbuy.xg
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.xgbuy.xg

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.xgbuy.xg
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.xgbuy.xg

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xgbuy.xg
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xgbuy.xg

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.xgbuy.xg

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xgbuy.xg

com.xgbuy.xg
1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5121

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xgbuy.xg/.jiagu/classes.dex
Filesize
7.9MB

MD5
0cd77d33f6caa924c186679fd337f145

SHA1
102cf7a11549a293b17e48eb237903c03add006f

SHA256
4e1fe7a6d13c8cc085744cb354f09eec14c52bd30c31c5cf0aaf20592cc147c1

SHA512
92c2dff4e242edf0e1e788cfa6c34ce4f713e5cf1dd4bc2cf2f1a538030706fc6474aea028442db0743d8f7ddea5d2750e6ec96147b3206ed956cea9f568b7c0

Download Submit
/data/data/com.xgbuy.xg/.jiagu/libjiagu.so
Filesize
382KB

MD5
aa01dd97609092ce310e17bf791069ce

SHA1
f000840a8f68ea7beb2e29ea466088daf55609db

SHA256
e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

SHA512
766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di
Filesize
340B

MD5
3a04dc7cf42a482174c4771f7d7d1e1c

SHA1
c1058b78d4ba129e96ae5f050977a904cdf0b192

SHA256
2f7fa3d7d9cc2fe90c7d85ccd5fccb5216386a78e0e860dd035d862912465446

SHA512
e18cf0dccc570173634d1a4f7a1b21985e6910b42239775ffffb55287ac649c9e9669d3bc9f1d36954ca1fade80df5350b52eb86cd619d6e08d275a3bed0411d

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri
Filesize
314B

MD5
88464eda925a9dbb66982e4b67b2dbd6

SHA1
645d10ff23dee634ec084bf267db16bce1a2b63b

SHA256
ef67bae32c8f4122c3768ced8efd89ac38dde25a7bfdfe63d3ffb661f1084814

SHA512
253fc0e09814c88fa5b8bf477ace27d0b51a6c9d5626d5345b61645eea4d3c12fb997c96cbaf1a5d9f44016b823bf7e2850ac229590e44e0cbab369d9d52885a

Download Submit
/data/data/com.xgbuy.xg/files/.jiagu.lock
Filesize
27B

MD5
824d341ce64b51b63e321965b3a48537

SHA1
caa24283537375d9c3e2f85283fd818b0a51cf5b

SHA256
6e6a91eaaf515c7926d0fec704cb9c8dc610c5c1fcad832e7b5e853a09017e4e

SHA512
35e7037a806ef9227390f16a000995efb379f6598b0b5ff61ae9de47c4a2d8061160e1b8c1acc86670a4022e0e3b988d08b1782a538364832112cf48f8e63b93

Download Submit
/data/user/0/com.xgbuy.xg/[email protected]
Filesize
6.5MB

MD5
e9795f4ac90154fbfa4f9be0bf8cc219

SHA1
ed4516b59cff0329cdb619aef02b305f62b8f913

SHA256
d92af3ceb4890498e9ad673ea8a1d4c94b8e20f6432b69ec11e064d615ea6871

SHA512
a1ee6169b27836a126a76ead7cdf03dee197b14c2954c533f2c5246bb48dbac7d8a8b226ad072b7437bd4e2d39a8c4122c08ab84028afab65ce3cb6fe1dfd6b4

Download Submit
/data/user/0/com.xgbuy.xg/[email protected]!classes2.dex
Filesize
6.5MB

MD5
316c471e13373205bb78d2d14de594bb

SHA1
1844dfa0141a5ffb3c6d22b5d4c8b05866a9d5f0

SHA256
223340fd297581f1e0eb42638aad112136d3cc5dd5ea075fc9a2c52b18e90c77

SHA512
80b5b66db493adae54d47446f73320892bd48b76b50f890991f0c2b11d6aa56302b7fdafa15481c93c6a5b8b9f708374e443377b5c5afb250ef8cfaf9a05e4f9

Download Submit
/data/user/0/com.xgbuy.xg/[email protected]!classes3.dex
Filesize
1.8MB

MD5
5ab9238a7658f6db6e09f787a2c5368d

SHA1
75f48fb1354061c10cf0ce81628a7f8517e7e50c

SHA256
600b2db9f847e857793c62344886e4c6f0964d1d5c6b84bc5414aa072e06d6f6

SHA512
e37b975a409cadaec368acc9eeb53691e207d685fd21cb955bcdb11031b4546da13c7c65e34835d151b13e8cb283b6bc7057a61e851c5a9f1221a28a3e29370a

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
b41b57ba3d1d291c624d1197a6d4c0b9

SHA1
3694858f9181aab9f3e80bad7c93d8fe5c77c034

SHA256
405fc4ee796121fc004955de4e6f8a1f9d756566a34d7e29342d187e88579408

SHA512
301424392477ca91d693df78248f5e5e9a40eb1d1cf621ac07d47440826ccd4d68fccd11aa7b57735ee1c883dde4896063fb0fda2eeaf9bf0bae47d66d9bff67

Download Submit