Overview

overview

8

Static

static

6

687921cf68...18.apk

android-9-x86

8

687921cf68...18.apk

android-11-x64

1

Analysis

  • max time kernel
    116s
  • max time network
    183s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    22-05-2024 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    687921cf689eff293d12f5568b3c8e4a_JaffaCakes118.apk

  • Size

    25.3MB

  • MD5

    687921cf689eff293d12f5568b3c8e4a

  • SHA1

    aa10a8b7ee07b80e8842a2b233a8c8017e162823

  • SHA256

    18644350bd72d9ec4829189f99dedf3e925be472555099fce43abdfdea4ab9c2

  • SHA512

    afaeeae8a786ccde9bc37b43bb32a2d81b57056b90cfc99552b5586dcde1f4d13a90a829d1f38272726e33fac1cfb60a023de42af9b99b8e8837d62a80eb3b7c

  • SSDEEP

    393216:KZrQ18YtOWn8j0Kp9JjSry2dnzmYYi2l4tChYbQ2fIa5lADIipiOWTGdC6:mrQ18YtNbczAPd6O54YfIa5lApWEF

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Requests cell location 2 TTPs 8 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 4 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 4 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 17 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 4 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 4 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 4 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 4 IoCs
    impact

Processes

  • com.app.pxd
    1⤵
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4272
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.app.pxd/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.app.pxd/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4338
  • com.app.pxd:mult
    1⤵
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4390
  • com.app.pxd:push
    1⤵
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4444
  • com.talkingdata.sdk.TDAntiCheatingService
    1⤵
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4591

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.app.pxd/.jiagu/classes.dex
    Filesize

    6.0MB

    MD5

    153acddd03dd3bdb91add3e4a5a44f2c

    SHA1

    2ef1ec265935f7945a5156b7bc22f54366043631

    SHA256

    4b8249fad6bbcc29bf8c62bad705912fd00c4347c8edaca7e83003c38b319532

    SHA512

    c8dbcced2d2a5f75c468d39c7193163c9b75a40a71a3f41b55c946ad093fd9047a9bb62f2d8e97b8a768b3abf0661554b37dbee3bc9ed314b407b77f5ae30982

    Download Submit

  • /data/data/com.app.pxd/.jiagu/classes.dex!classes2.dex
    Filesize

    2.4MB

    MD5

    328e285ff41992520ce63197d2cbf51e

    SHA1

    c54cd6e17a4c462b9c9498b996596e9e1e11b3e7

    SHA256

    7fe754b569f164897c640fd9f48bf8f1299bc21c1a756fd25c56555518a61605

    SHA512

    51869414f7b66fc2efbc5ccc0ff23df2fb73f03eafeb63355fc0e5686e6b24f6d346a8d7a271d8632297f4e5be6f0309738884eb9826591727f2230aa66185d7

    Download Submit

  • /data/data/com.app.pxd/.jiagu/libjiagu.so
    Filesize

    497KB

    MD5

    e102893683a16d223c852ac584155d58

    SHA1

    5560d79d71fb1951d6ab0a464af87429a4933c2b

    SHA256

    41c76fbc6aabf843f22a1cf49a457bb99a7579b7260e46b2841c30afd82523c8

    SHA512

    3129498f917661361bc9a0eaba6b7b6490c2216e19dd7cc802b1f2f22fc16ae43b86a7ca97273cd2e2504a7e7e08a173daac34f5085a21ffd4ac1d84e76cb8ab

    Download Submit

  • /data/data/com.app.pxd/.jiagu/tmp.dex
    Filesize

    284B

    MD5

    f1771b68f5f9b168b79ff59ae2daabe4

    SHA1

    0df6a835559f5c99670214a12700e7d8c28e5a42

    SHA256

    9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

    SHA512

    dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

    Download Submit

  • /data/data/com.app.pxd/cache/td_fm.jar
    Filesize

    50KB

    MD5

    63d83095a211ee8590d04728e3411657

    SHA1

    c5bb38d6a4a4ac7331c0485f14dc37947ff4576c

    SHA256

    365a169c85c8a27b05b4dab58c29280190873fbbc365931e7c323c90a1f035f1

    SHA512

    ea8aec72c8e9ed52eeae4b1aa7cae05b886054724333d703852226953225c458dd8695659e4fdc042f263bfd9c2a85d758984404c1d9ab2c537c68fbd386e923

    Download Submit

  • /data/data/com.app.pxd/files/.jglogs/.jg.ac
    Filesize

    2KB

    MD5

    6006d967ab588ca0ed1e15c33b5057fe

    SHA1

    b71bfb8c560bedb3c370883660ca9c2507e9b121

    SHA256

    03daacddea30041998f6930e034030f15bcc67a2286d5fc7ad3ec8c28d2b6383

    SHA512

    26f92c5d77b2d7f7e98df9f01f85fcee702fb396cb01c303d7acc6ff605b9be42f9109b7de1ccbe34bee68ebab3bd8a3c8ca2fc1d3664e9f2eecfbd656dbe091

    Download Submit

  • /data/data/com.app.pxd/files/.jglogs/.jg.di
    Filesize

    3KB

    MD5

    19afcaa3171019d9b022db5e7c010893

    SHA1

    5d38aaa9d3a7c86c36feab13ab38153a3b64e142

    SHA256

    4799fd65ad0b6184c64736cce620c55042400987524fadf4bd261c729bece528

    SHA512

    57e4f00e17cd5626c715be980c30a02e25e8ac15bb5f7354a04ab34dc8874f4e0e33bf414e75e3d774f32550f5f3300b7bf5a14793c5fdd1ee7fb77fa783135d

    Download Submit

  • /data/data/com.app.pxd/files/.jglogs/.jg.ic
    Filesize

    15KB

    MD5

    6fc8d4c04e4cef1d5405cfcf7aa599cb

    SHA1

    a429351753ab400ff510af1397deaff96caa0575

    SHA256

    8b1969520df775d1ae533bc6652290327a394442b14f01758bc26da6967b8651

    SHA512

    3fd22672058c7d8aac07903ca689933804f88d9b2e4bfa8be1360866b2cbd7146ff15e53c13d1bb83f9585caa8fd8857e934b2bc1e580a4dc1320c1cd2f26fdf

    Download Submit

  • /data/data/com.app.pxd/files/.jglogs/.jg.li
    Filesize

    4KB

    MD5

    904045940bd4e6324e0bbc69a5f22ff3

    SHA1

    14929d7592672138e917e323c472ca97eb89ced1

    SHA256

    b08f789969ac8918a757b489419649328a1a2f6cf11c0f446f856480ec1429e6

    SHA512

    f2363cbc728f1cad908f39d6806648a5163cbda5d38878eb4df4f623b6353a838d20eec55fa0d30703e96676504ecdd783f8e730640c10578862691f49d66449

    Download Submit

  • /data/data/com.app.pxd/files/.jglogs/.jg.rd
    Filesize

    73B

    MD5

    95af9218b5ed8e5732ba8b427b7551ef

    SHA1

    c4086271b3d33571098b07a651a318e11641f776

    SHA256

    fc50635e66fb21cdaeca608826c10120dadc749068e4c605bc3905bca18c67a6

    SHA512

    61130780ecfed4c1d9ff6dd14af3e0451bdff5b6c4634532e1495af951c76dc09260c18dd83d60cf0521f6298986409339495423be78f8217674e4ed80cff70d

    Download Submit

  • /data/data/com.app.pxd/files/.jglogs/.jg.ri
    Filesize

    314B

    MD5

    702b06c7ba311255c14382e96dc8f3dc

    SHA1

    534b08876d586897eb00687100bdfe7568211e07

    SHA256

    721e6b28ee41603a0716d76d488e3ca0a2de9eada29ba4741bb0c96fd9eb8a9b

    SHA512

    ac84c5cb5db5ac45f06a6012e3ad24aa9c04722fbbcf6e324b0242e4774dce158b25ba552839cff51997f85697645551f49943fedd47476132a06a8ffd41715e

    Download Submit

  • /data/data/com.app.pxd/files/.jiagu.lock
    Filesize

    27B

    MD5

    879dc95ab6666ca99e794d772f823cf7

    SHA1

    cfc1e67436713942f6fc2ca89d4c7fa28376d984

    SHA256

    01fa34883fa922ebaa120e9d7036b37b1884a15797c08c651b6acbfc134f6462

    SHA512

    48680dbf934d97d71dd2676152a6ad60097c0aaabb804b9a7a093df284c90f3af392dae71ef8debb1de683e49da09ec334fe9cf05063ec9f91ee8cebd8dbfc3b

    Download Submit

  • /data/data/com.app.pxd/files/AntiCheatingLock
    Filesize

    2KB

    MD5

    4e66d55a385ca817f0e0e0425ef24499

    SHA1

    e9f217a5a446bf913ee1e777479a234bde95bf0c

    SHA256

    8d65458012309159de479640f9536131e8ff3a12d6de13caa95658e2652ebd4d

    SHA512

    f64ceabf5691c4c5519d5c7d9b0e0cce7330efaf0c768b0c2298dff94abfe0f09d7bb2762de8b7293ec8e86a8cbb296bcd07e0dbd3635136a08e6e111e4e87d8

    Download Submit

  • /data/data/com.app.pxd/files/td_database0SaaS/1716408727900_4444
    Filesize

    2KB

    MD5

    4fb63fb023cf441f4f8f114ad1de38d1

    SHA1

    623cde98a10dc01033d5d8a8c77cb3c8f661fd70

    SHA256

    3fe95594a2a0a0e29790a866874069ccf952b7954921c2df46ebde8cce7bef29

    SHA512

    09e05108723b13e1c0e8dbe57b2bad1a4266219de1458b6faea3ef20be49457b8ef8205c4d2e8f06980ec4adac390ecc0ff22e52ecc4c0f51919a3368edab306

    Download Submit

  • /data/data/com.app.pxd/files/td_database2SaaS/1716408720029_4272
    Filesize

    2KB

    MD5

    5b41d3fff5d5a81aa058c17b62605f36

    SHA1

    84ecee4af9d5154c3fd7e90e8d1c39a46d73c597

    SHA256

    7916c1806c96c9d2a76c6f9e6759e1b00b1c8c5d3dffa1f8b3f1fe206355f61c

    SHA512

    718f1937cee4963f72dfa2a9ffeea93ef7d5cd57c70c4231649e3aba368bdc4e3c87140814fbcfa8f262a8df03d946652c4ce978806843331d1182fdc13aebe4

    Download Submit

  • /storage/emulated/0/.tcookieid
    Filesize

    33B

    MD5

    ebdea89331a9d1ddc2aa2e4d48c463bf

    SHA1

    53dbb2a4aa03f588918bc39b32533a1919b10fe3

    SHA256

    1ecea57ddb7b6b82e3ba95e8f1feb9cbc9622e758aff671399c7c7b9e51cc094

    SHA512

    05a57923ba18c6ebe98ef2aa7b83865b58f4988e620610a18cea61d0da6c30a78b69e97cf13fd54b6069ac7c816f3db9fddeacb66d214e6b67c6d7e2b0f0d9e3

    Download Submit

  • /storage/emulated/0/360/.deviceId
    Filesize

    48B

    MD5

    1d8d16c4e3b19ebf18988530d9b9a757

    SHA1

    bc94c1cce05cd848a53271ecb9c5311e27ffebf5

    SHA256

    abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

    SHA512

    4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

    Download Submit

  • /storage/emulated/0/360/.iddata
    Filesize

    4KB

    MD5

    26c5da6211d450a99ad0e46fe3da4146

    SHA1

    5d08eff481cbffeb9f064fbc9dd30137ab8c5c78

    SHA256

    a8cb2af7c0189e4406d9b79f2840243aeddaed83e5edc201566c37c242009c6d

    SHA512

    fa0970d3ad3acd56713f45042c990f56c48e365d73a82e1d21a9c85582b921c81a72334cd6ecfbcf1c0a056f94c84442cd5375bee761562136c8d41b478ccec6

    Download Submit

  • /storage/emulated/0/Android/data/com.app.pxd/files/tbslog/tbslog.txt
    Filesize

    4KB

    MD5

    fe4c0bf7e796ef4d9b7ca42b12da77b9

    SHA1

    7afb4d7f569a4d8ead54894916b47815937f3955

    SHA256

    e7b4fd83f2ad4bc9decb78ba87465318573981f1fa48cdda4029af617a84df0d

    SHA512

    295cb007dc317509e2d3039e68fe43006f7a39d857ccf4e052d3325ffd6925c8563762cfbedfc1b74450cfffaddb86d284c7a76d4c8b7fff204945ac6cec2f3b

    Download Submit