Analysis
-
max time kernel
28s -
max time network
185s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
22-05-2024 18:14
General
-
Target
6829b1512c93d1c127a895492467a358_JaffaCakes118.apk
-
Size
31.1MB
-
MD5
6829b1512c93d1c127a895492467a358
-
SHA1
23ef664e6ffcb123420d24a52cca1682d0797979
-
SHA256
1118924cca9597dfcf35ce2e95cca0cea50bef2cbc4e1990f77695c77cdb13a3
-
SHA512
9af550a6cf6fe6eecfa59437c2f8fb6cf6d367e518767bf0c49525a1062cf320e735b6dfcba2178b845e1d7a618445f1f84f2e0edf7006154db9fa5dbfdf9b5b
-
SSDEEP
786432:3TVtmxsdEYU2gJbE+JS+SqwMQFbCtO/1q5Qi3/pdryqPsDy5:RtmIg1E+JhOCg9q5Quxz75
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks Android system properties for emulator presence. 1 TTPs 2 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.mogujie1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mogujie/files/break_dex/break.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.mogujie/files/break_dex/oat/x86/break.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
/system/bin/sh -c getprop ro.board.platform2⤵
-
getprop ro.board.platform2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.mogujie/app_crashrecord/1004Filesize
226B
MD583e93ad8f12f210011ddaa9e4ddaf1d7
SHA166ed67dfb7bfd436be7b60a13cccc43d909aa776
SHA2562fb76099fef566ff11bac3a229b13d33e55c54172aa4376f8b64676b11d0d731
SHA51283cb951d40ca0f316bb4243895ba0f3a2902805d6b04d8ce7a5285ca1cc3d0f514d1cbe4a32ea750918a9e1aa756ed858b638df80d34d6aee733985a45786949
-
/data/data/com.mogujie/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.mogujie/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.mogujie/databases/bugly_db_-journalFilesize
512B
MD553c76b60c06f0c156c59fda0b0e3de87
SHA1ee763ffe74fcf62f1048479a2b749572fc480601
SHA256de6a377a2b7406981bd08fd17a23b28e167339fc12e2165b7109d00730170f41
SHA512fe4f02fc25654f8599f5231696aef00207ffc3c493f9427add47934ca50b1fbdcd451932c1ff49d426ab879360ea55e72d5f4e8da29110d1915ea5660d27b6f1
-
/data/data/com.mogujie/databases/bugly_db_-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.mogujie/databases/bugly_db_-walFilesize
76KB
MD542e6d714d17e69be19625f618143ad10
SHA17a58e722d4949922a1787a8837a7ba919b42313e
SHA2562b8592145a5c63cc7089127346f72d7765b7e0198bf7081af9ceae3291d1528f
SHA512d09b0c821baeb37354dd05061e810bad4e9f869efaf7d770c64dfbb7b24bb6c9a0f783c75dbbe4bdc1c04ee2c7f017b52cf0cc941a1b5037df4e8be072b8bcc3
-
/data/data/com.mogujie/databases/mg_analytics-journalFilesize
512B
MD59f8ccb935692e7b482f45cf4a7b81ff6
SHA1495f2bdc1f5469e229d1eaf61ace9b18305d081c
SHA256a968cf0be8115e699a92d3facaeee28d8773036c9af7d7a61b1bde8222dc9a25
SHA512feb11608e73da21c57fb85b1e73e93001a21f934f6623eb4f5be61f6bc14eb89269299a337d9a84c8693eb10770bd12ce3c29604677882b726015d81a286bedb
-
/data/data/com.mogujie/databases/mg_analytics-walFilesize
40KB
MD5cd64989cad514d7e6ea81772c0092809
SHA19fe374d1679309f82e2d41c3a4061239851486f7
SHA25672ff4a02b32f73c84677018d8cdfa6cd6365156a3d897017fc5594f58539233f
SHA512ccf07663adc61ed442156c679cb0b8460060eeffd109a0e6e9ddc52c6d9c6dfd63c28db27e1414765358779cf9dad3e7a817213aaee7862bfe553b0bb712d2cc
-
/data/data/com.mogujie/dynamic/10.1.0.8236/ModuleConfig.xmlFilesize
24KB
MD5fbf7a0e9f337c891429d40f3ab97a558
SHA1a034c2bc9dcd49484f9c27b4059b041171b46b81
SHA2567091f348879e89800a0dff38d0da004c1f04373fafdbc945b0e42a4b45fa4377
SHA512a5d4c300adb857976d76435b966fb144b6ada618f1dd82d800fba8d641ae3ca7e3eba91ec1c43d8be9af6ae75b791e6df7ea18f0bff665762b3a3837c8f180fd
-
/data/data/com.mogujie/files/MLog/MLog.mmap2Filesize
150KB
MD506ae8a01d80da962c7987c264af64cec
SHA163a497994321f254b535a846ce89f076d4e378ee
SHA2560c5cc90b079d0d9c1ded1376357d23a9782a704a83e01731f50ccd162e246492
SHA5128720928fbe7cf8351c9dc45cb1a9c8243939c7e3c9c6957d24dbe18c0819d05ea7475e3953018f0365461fb2987ad68d8ec9f59b03aef3adbd3e4ae8ebbd0427
-
/data/data/com.mogujie/files/MLog/MLog_20240522.xlogFilesize
311B
MD51f6fdcdd2ed5d17bbc2335c91bc6df57
SHA173644a6175c98514e9bf8fdfd29763973a4c1999
SHA256c448f79a0d9877560b7781536d1e536fdfbc1e6eca3850c0ad1c551e42a97c1e
SHA512b4973ba29b462d6df7678f82bdd81be929d06a92a40101a6a7d71da843ddbb118933219d4f64e0e162b7039cb81f6da08f7c7fe33bd181522a6ef30c7acc1305
-
/data/data/com.mogujie/files/break_dex/break.dexFilesize
476B
MD5155ca590d5bd04c31927f2a4e5391c43
SHA14eeb069a030d9d1c1982c757d89df2874eb9d427
SHA256b8923495c36fba52b2de736f558c37b97c73f736fd48a6dfdb7d8ce6ac2ad1c4
SHA512ecf86837599c28fdef876b2fb328e2cd14ebefa6a81fb4fa6b52df442f0979a9e559800389833f20e25f7d91d979d29f1f67ed733189af7889228c751d536360
-
/data/user/0/com.mogujie/files/break_dex/break.dexFilesize
476B
MD5bbc60c4260a820f27ed250f718583b72
SHA133c15bae1356a761f1340a4d20ee88b06106d1cd
SHA2563275be42373ad0afec64de9936861dff0fd7fa9bacdce8154e0350e4ac6dc914
SHA5123d4a34c70e984a5027ed3cc2f2430ffd29e617f6a98daae4ac125aaeee9d493436c87f0a8b90bbc102eccee0928a1275435281935fdc77b8274c7b8018b0acaa
-
/storage/emulated/0/Download/.mgj_enhanced_storage/mgj_did2Filesize
36B
MD5a04da6b7710229f042906e9f9fa72214
SHA1b35a3a041f0f94000c1c4eaa063d54d10d665218
SHA256707dc684c2142c3e079f95f4695abdc610742de6e30d74f773754ef0a669730f
SHA512426e108725503ed68dd2bfb4dde45a98e0cdf7d00c185c5ab6e0df9b6f9b8665deb7f4ab5a9ef81a45cc8d9b6d188c59c3d90042cdde142ff17db1da09f0dc03
-
/storage/emulated/0/Download/.mgj_enhanced_storage/old_611_didFilesize
15B
MD5748d9beeaa1899252a7365b780b95fb0
SHA12158cbe9044f2b138df0094615afe6616e526c9d
SHA25659290d2d5a77605f8140feb82e44e8438115fb2f93dc56ed4c225b88c21baaa8
SHA512cdeb0c4cebf1cc96ebda6940763a940df76120ee991bc7f003480caf055a970f16e4a19ef2ba2c56fa056d539b981e16542ec7239a7b91dd3828585bc2d1e440
-
/storage/emulated/0/Download/.mgj_enhanced_storage/sys_didFilesize
32B
MD5ee9fdc830e082a4c6dab3c136cc5e9b0
SHA1ae9a6f71c8dd3ed21835f7482bf2f2857a1a1a2f
SHA2564d25f72f3deac953278b596df243215518ce377f9658fd579aeb2d1ba9f4fed9
SHA5120a55746a9c212005db1f71e414d0ba17b25efcfd71d08d841b403aeffc4533e1ed63f5f5fad97f1df316d9adbc9d53c4e7a9016f78a5bf78573cfc3af4174247