Analysis
-
max time kernel
116s -
max time network
183s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
22-05-2024 20:11
General
-
Target
687921cf689eff293d12f5568b3c8e4a_JaffaCakes118.apk
-
Size
25.3MB
-
MD5
687921cf689eff293d12f5568b3c8e4a
-
SHA1
aa10a8b7ee07b80e8842a2b233a8c8017e162823
-
SHA256
18644350bd72d9ec4829189f99dedf3e925be472555099fce43abdfdea4ab9c2
-
SHA512
afaeeae8a786ccde9bc37b43bb32a2d81b57056b90cfc99552b5586dcde1f4d13a90a829d1f38272726e33fac1cfb60a023de42af9b99b8e8837d62a80eb3b7c
-
SSDEEP
393216:KZrQ18YtOWn8j0Kp9JjSry2dnzmYYi2l4tChYbQ2fIa5lADIipiOWTGdC6:mrQ18YtNbczAPd6O54YfIa5lApWEF
Malware Config
Signatures
-
Requests cell location 2 TTPs 8 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 4 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 4 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 17 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 4 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
-
Checks if the internet connection is available 1 TTPs 4 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 4 IoCs
Processes
-
com.app.pxd1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.app.pxd/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.app.pxd/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
com.app.pxd:mult1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.app.pxd:push1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.talkingdata.sdk.TDAntiCheatingService1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.app.pxd/.jiagu/classes.dexFilesize
6.0MB
MD5153acddd03dd3bdb91add3e4a5a44f2c
SHA12ef1ec265935f7945a5156b7bc22f54366043631
SHA2564b8249fad6bbcc29bf8c62bad705912fd00c4347c8edaca7e83003c38b319532
SHA512c8dbcced2d2a5f75c468d39c7193163c9b75a40a71a3f41b55c946ad093fd9047a9bb62f2d8e97b8a768b3abf0661554b37dbee3bc9ed314b407b77f5ae30982
-
/data/data/com.app.pxd/.jiagu/classes.dex!classes2.dexFilesize
2.4MB
MD5328e285ff41992520ce63197d2cbf51e
SHA1c54cd6e17a4c462b9c9498b996596e9e1e11b3e7
SHA2567fe754b569f164897c640fd9f48bf8f1299bc21c1a756fd25c56555518a61605
SHA51251869414f7b66fc2efbc5ccc0ff23df2fb73f03eafeb63355fc0e5686e6b24f6d346a8d7a271d8632297f4e5be6f0309738884eb9826591727f2230aa66185d7
-
/data/data/com.app.pxd/.jiagu/libjiagu.soFilesize
497KB
MD5e102893683a16d223c852ac584155d58
SHA15560d79d71fb1951d6ab0a464af87429a4933c2b
SHA25641c76fbc6aabf843f22a1cf49a457bb99a7579b7260e46b2841c30afd82523c8
SHA5123129498f917661361bc9a0eaba6b7b6490c2216e19dd7cc802b1f2f22fc16ae43b86a7ca97273cd2e2504a7e7e08a173daac34f5085a21ffd4ac1d84e76cb8ab
-
/data/data/com.app.pxd/.jiagu/tmp.dexFilesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
/data/data/com.app.pxd/cache/td_fm.jarFilesize
50KB
MD563d83095a211ee8590d04728e3411657
SHA1c5bb38d6a4a4ac7331c0485f14dc37947ff4576c
SHA256365a169c85c8a27b05b4dab58c29280190873fbbc365931e7c323c90a1f035f1
SHA512ea8aec72c8e9ed52eeae4b1aa7cae05b886054724333d703852226953225c458dd8695659e4fdc042f263bfd9c2a85d758984404c1d9ab2c537c68fbd386e923
-
/data/data/com.app.pxd/files/.jglogs/.jg.acFilesize
2KB
MD56006d967ab588ca0ed1e15c33b5057fe
SHA1b71bfb8c560bedb3c370883660ca9c2507e9b121
SHA25603daacddea30041998f6930e034030f15bcc67a2286d5fc7ad3ec8c28d2b6383
SHA51226f92c5d77b2d7f7e98df9f01f85fcee702fb396cb01c303d7acc6ff605b9be42f9109b7de1ccbe34bee68ebab3bd8a3c8ca2fc1d3664e9f2eecfbd656dbe091
-
/data/data/com.app.pxd/files/.jglogs/.jg.diFilesize
3KB
MD519afcaa3171019d9b022db5e7c010893
SHA15d38aaa9d3a7c86c36feab13ab38153a3b64e142
SHA2564799fd65ad0b6184c64736cce620c55042400987524fadf4bd261c729bece528
SHA51257e4f00e17cd5626c715be980c30a02e25e8ac15bb5f7354a04ab34dc8874f4e0e33bf414e75e3d774f32550f5f3300b7bf5a14793c5fdd1ee7fb77fa783135d
-
/data/data/com.app.pxd/files/.jglogs/.jg.icFilesize
15KB
MD56fc8d4c04e4cef1d5405cfcf7aa599cb
SHA1a429351753ab400ff510af1397deaff96caa0575
SHA2568b1969520df775d1ae533bc6652290327a394442b14f01758bc26da6967b8651
SHA5123fd22672058c7d8aac07903ca689933804f88d9b2e4bfa8be1360866b2cbd7146ff15e53c13d1bb83f9585caa8fd8857e934b2bc1e580a4dc1320c1cd2f26fdf
-
/data/data/com.app.pxd/files/.jglogs/.jg.liFilesize
4KB
MD5904045940bd4e6324e0bbc69a5f22ff3
SHA114929d7592672138e917e323c472ca97eb89ced1
SHA256b08f789969ac8918a757b489419649328a1a2f6cf11c0f446f856480ec1429e6
SHA512f2363cbc728f1cad908f39d6806648a5163cbda5d38878eb4df4f623b6353a838d20eec55fa0d30703e96676504ecdd783f8e730640c10578862691f49d66449
-
/data/data/com.app.pxd/files/.jglogs/.jg.rdFilesize
73B
MD595af9218b5ed8e5732ba8b427b7551ef
SHA1c4086271b3d33571098b07a651a318e11641f776
SHA256fc50635e66fb21cdaeca608826c10120dadc749068e4c605bc3905bca18c67a6
SHA51261130780ecfed4c1d9ff6dd14af3e0451bdff5b6c4634532e1495af951c76dc09260c18dd83d60cf0521f6298986409339495423be78f8217674e4ed80cff70d
-
/data/data/com.app.pxd/files/.jglogs/.jg.riFilesize
314B
MD5702b06c7ba311255c14382e96dc8f3dc
SHA1534b08876d586897eb00687100bdfe7568211e07
SHA256721e6b28ee41603a0716d76d488e3ca0a2de9eada29ba4741bb0c96fd9eb8a9b
SHA512ac84c5cb5db5ac45f06a6012e3ad24aa9c04722fbbcf6e324b0242e4774dce158b25ba552839cff51997f85697645551f49943fedd47476132a06a8ffd41715e
-
/data/data/com.app.pxd/files/.jiagu.lockFilesize
27B
MD5879dc95ab6666ca99e794d772f823cf7
SHA1cfc1e67436713942f6fc2ca89d4c7fa28376d984
SHA25601fa34883fa922ebaa120e9d7036b37b1884a15797c08c651b6acbfc134f6462
SHA51248680dbf934d97d71dd2676152a6ad60097c0aaabb804b9a7a093df284c90f3af392dae71ef8debb1de683e49da09ec334fe9cf05063ec9f91ee8cebd8dbfc3b
-
/data/data/com.app.pxd/files/AntiCheatingLockFilesize
2KB
MD54e66d55a385ca817f0e0e0425ef24499
SHA1e9f217a5a446bf913ee1e777479a234bde95bf0c
SHA2568d65458012309159de479640f9536131e8ff3a12d6de13caa95658e2652ebd4d
SHA512f64ceabf5691c4c5519d5c7d9b0e0cce7330efaf0c768b0c2298dff94abfe0f09d7bb2762de8b7293ec8e86a8cbb296bcd07e0dbd3635136a08e6e111e4e87d8
-
/data/data/com.app.pxd/files/td_database0SaaS/1716408727900_4444Filesize
2KB
MD54fb63fb023cf441f4f8f114ad1de38d1
SHA1623cde98a10dc01033d5d8a8c77cb3c8f661fd70
SHA2563fe95594a2a0a0e29790a866874069ccf952b7954921c2df46ebde8cce7bef29
SHA51209e05108723b13e1c0e8dbe57b2bad1a4266219de1458b6faea3ef20be49457b8ef8205c4d2e8f06980ec4adac390ecc0ff22e52ecc4c0f51919a3368edab306
-
/data/data/com.app.pxd/files/td_database2SaaS/1716408720029_4272Filesize
2KB
MD55b41d3fff5d5a81aa058c17b62605f36
SHA184ecee4af9d5154c3fd7e90e8d1c39a46d73c597
SHA2567916c1806c96c9d2a76c6f9e6759e1b00b1c8c5d3dffa1f8b3f1fe206355f61c
SHA512718f1937cee4963f72dfa2a9ffeea93ef7d5cd57c70c4231649e3aba368bdc4e3c87140814fbcfa8f262a8df03d946652c4ce978806843331d1182fdc13aebe4
-
/storage/emulated/0/.tcookieidFilesize
33B
MD5ebdea89331a9d1ddc2aa2e4d48c463bf
SHA153dbb2a4aa03f588918bc39b32533a1919b10fe3
SHA2561ecea57ddb7b6b82e3ba95e8f1feb9cbc9622e758aff671399c7c7b9e51cc094
SHA51205a57923ba18c6ebe98ef2aa7b83865b58f4988e620610a18cea61d0da6c30a78b69e97cf13fd54b6069ac7c816f3db9fddeacb66d214e6b67c6d7e2b0f0d9e3
-
/storage/emulated/0/360/.deviceIdFilesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
/storage/emulated/0/360/.iddataFilesize
4KB
MD526c5da6211d450a99ad0e46fe3da4146
SHA15d08eff481cbffeb9f064fbc9dd30137ab8c5c78
SHA256a8cb2af7c0189e4406d9b79f2840243aeddaed83e5edc201566c37c242009c6d
SHA512fa0970d3ad3acd56713f45042c990f56c48e365d73a82e1d21a9c85582b921c81a72334cd6ecfbcf1c0a056f94c84442cd5375bee761562136c8d41b478ccec6
-
/storage/emulated/0/Android/data/com.app.pxd/files/tbslog/tbslog.txtFilesize
4KB
MD5fe4c0bf7e796ef4d9b7ca42b12da77b9
SHA17afb4d7f569a4d8ead54894916b47815937f3955
SHA256e7b4fd83f2ad4bc9decb78ba87465318573981f1fa48cdda4029af617a84df0d
SHA512295cb007dc317509e2d3039e68fe43006f7a39d857ccf4e052d3325ffd6925c8563762cfbedfc1b74450cfffaddb86d284c7a76d4c8b7fff204945ac6cec2f3b