0035123a446c7cefdf223531e688f88612363a47e8b3c0f34fa4482c1c5c485a

Analysis

max time kernel
34s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67e694c363b167de723390063e7e041b_JaffaCakes118.apk
Size

6.7MB
MD5

67e694c363b167de723390063e7e041b
SHA1

9b1b093b10f2f0decd0a4d73d05fc3337584f86c
SHA256

0035123a446c7cefdf223531e688f88612363a47e8b3c0f34fa4482c1c5c485a
SHA512

b81f2e7d921f04490b2905a16cf36d55626359b4af2629ca1a18a17d48cbd32046bc338043b3df053e7c6ef832a46c3d427f3d278daad3a33c9a7060d95e7da3
SSDEEP

196608:kuBXJxEOCuX55iUuL/QCL3p29/+CkAL3p29/u:JBXJxEtuJ5YL30SAL30u

Score

6^/10

discovery impact

Malware Config

Signatures

Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.beidou.axw

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.beidou.axw
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.beidou.axw

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.beidou.axw

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.beidou.axw

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.beidou.axw

com.beidou.axw
1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4306
- chmod 755 /data/user/0/com.beidou.axw/.jiagu/libjiagu.so
  2⤵
  PID:4334
- chmod 755 /data/user/0/com.beidou.axw/.jiagu/libjiagu.so
  2⤵
  PID:4479
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.beidou.axw/.jiagu/classes.dex --dex-file=/data/data/com.beidou.axw/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.beidou.axw/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4500

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.beidou.axw/.jiagu/classes.dex

Filesize
2.0MB

MD5
ba887ad478524c825dbf95aa0ce875f8

SHA1
2677ea556dfdc08dbe72c0d505dea3534f616334

SHA256
307ef08dafa9f3f304c5aa7840325982a301e9e5dbf4c97783df2abdf3476d6b

SHA512
1f5ebc8d5e914b4f0c22b26cadeb93186aff933261b4f58b2f21f5a246948fbbc420ad05d58409a63e97602e23872303bdab2a5ef453d70486c6e456bb55f61f

Download Submit
/data/data/com.beidou.axw/.jiagu/libjiagu.so

Filesize
363KB

MD5
acd3a64e22c56dc0628edd7615a74ab4

SHA1
ec22ef7fa9dca4b475af2724d483bda140370ca7

SHA256
c57cffd4175fcd618f29d48eeba1b8b30e2bfd4ce9e05c6c5b0bc4378914d008

SHA512
ec93027efd827742d3f9db70c4d4aba51e817191ff888aa2337939f2ce518b98f1c1f7ed3d49d25d3bff47738f68ead6348b1b309c54a17e18c4460cc2142e3e

Download Submit