c5ffd3ce6714500166a4c18dae7f28b1b1b40323ca15b8fdc4eab3f9c8e2675a

Analysis

max time kernel
9s
max time network
136s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
23-05-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69587d5a2a638b1e4246a3023fab823b_JaffaCakes118.apk
Size

20.5MB
MD5

69587d5a2a638b1e4246a3023fab823b
SHA1

8952a3d4f66c17f24d589350451cd91b15cf2659
SHA256

c5ffd3ce6714500166a4c18dae7f28b1b1b40323ca15b8fdc4eab3f9c8e2675a
SHA512

3bfc7e74586a6a276f282ae4486723e38e14d6d8f54e177e9c48143e140f58b4bbadc4afddeecf5a92c25ee314316bb3a3ba07cbc57fb773995e1ba296dc574d
SSDEEP

393216:IjhkcfRKDBBaxg7X7z08z8QmFv/LvMQcgSxMji+AOXoNuyK/oDP:Ijhky8B8+vZk4qUMPAOXoQyWk

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.wenhuapiaohao.app.Coin

ioc	pid	process
/data/user/0/com.wenhuapiaohao.app.Coin/[email protected]	5175	com.wenhuapiaohao.app.Coin
/data/user/0/com.wenhuapiaohao.app.Coin/[email protected]!classes2.dex	5175	com.wenhuapiaohao.app.Coin

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.wenhuapiaohao.app.Coin

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wenhuapiaohao.app.Coin
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.wenhuapiaohao.app.Coin

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.wenhuapiaohao.app.Coin
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.wenhuapiaohao.app.Coin

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wenhuapiaohao.app.Coin
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wenhuapiaohao.app.Coin

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.wenhuapiaohao.app.Coin

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wenhuapiaohao.app.Coin

com.wenhuapiaohao.app.Coin
1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5175

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wenhuapiaohao.app.Coin/.jiagu/classes.dex
Filesize
3.9MB

MD5
613106b8bc96773a0081822065f0ad8f

SHA1
d419f0aa28bd3d87ba19da06d0eb9fc343e842ce

SHA256
96fb4587b6d5b0b10319cc2b963d191ddc51c30ad28642fbcb6e141b86210de4

SHA512
21cf6d7c160950a52a19a8bc22d5d145fb87c2423c643e4eba120f95ab465054b6804fbdefd4fb9d854e3628e25baa4db28c18096f55ae5925857bffccac7538

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/libjiagu.so
Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/.jiagu/libjiagu_64.so
Filesize
429KB

MD5
05a8c3ca16893f4e6cc997a82d987fb3

SHA1
76d6c6d19e0bfa83c847e5d330bd144f58994bff

SHA256
82e708e200cebe270ec57231729413621a8904e907efac8cfe71cb2cf16a3c10

SHA512
2a878c39e713fb6ff5b457f94a1fe2b5adc456924d087a1b6abd59afc0b0e9bad68852eddd34c6441e8996e66eb5fdb711ed6f477d6e447dd48cfd151d89fe96

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/files/.jglogs/.jg.di
Filesize
348B

MD5
57104c155033dfae7759b17588e93477

SHA1
119391d6e726c750f81163968f60c63047f26847

SHA256
5d377a6ec738be7fe5acf04dc2b8194b64dbdc866bd7f20a6861bddabb88a278

SHA512
02242fb58a3ed21273e49a5063ca94f4efa9d337c5630ed4177e4a82a587a9eb7a15a9e8e143ebf282e35cd3bb984f215f3e6977829afe71770e8cf3ae69ae2f

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/files/.jglogs/.jg.ri
Filesize
314B

MD5
834741972c10d442f5e7db0a16e111e9

SHA1
0b0ef4783aa077927741fe365fb9fa3f4140b2c4

SHA256
218c15431ff65ce64be102fc668686a3c4806e6875f2489754e22aaba1dadb9f

SHA512
11849324d83d488990e5fb2cae6e5557e1b84d35703b2b5be2dc641f0684f908ced7f732537eaedb29132193135afbe1221b9a4afd9212cab8a24769c72b64e9

Download Submit
/data/data/com.wenhuapiaohao.app.Coin/files/.jiagu.lock
Filesize
27B

MD5
1c15136329f7cd8ada3d2c4d51f507d1

SHA1
ba9161ea0ffbeeefad197c8cf87e6e6b687f76cc

SHA256
5158c106827142e9127e7bdaab13ae7a9f54d6d757f1390d60c1fb07cb0711a8

SHA512
bd2ea4454970b3e3bcc87e67ec9b8148c1f6beacfefb12af174b8bad6a364e9e72a0bc9fa4a3f19ab3567e0832a19091916fa9d550796e732d30e548f239994a

Download Submit
/data/user/0/com.wenhuapiaohao.app.Coin/[email protected]
Filesize
5.6MB

MD5
29d78566170b74dc78c1f3ee3e337552

SHA1
d3c656b047f7f38dfbc1a6f836d9952a5498b656

SHA256
199d99263ab1bc8e4b766e520b97de8d792a2cf6f3b5179e3e4448e2164c1124

SHA512
fe696b6173d2a787703806e9f4081b63c327bbd60283260188ccc223b664d3ff24969f1bcd66829b8448ea6350ed2d64db8f821e3b36a4433a04a221d2e66540

Download Submit
/data/user/0/com.wenhuapiaohao.app.Coin/[email protected]!classes2.dex
Filesize
3.7MB

MD5
57464ec7afc8687f9996203a709ff7b8

SHA1
9063a721dfa2279560a014afe033839671c25537

SHA256
7a47029f6edc2ee77a23e30154b7e16dd4915eda661912d66f47bb27d36af3ed

SHA512
ec9cb8cf3aee1311e938ca33830ca39266b21e5c07a349b156d160a645c2e9136ebb2f573be24c78b37406d90d775d843b367808023466d4ce2d2b8b8c0ac19b

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
7b1757b0573c93d07359d952034b7dc2

SHA1
4d69a97b24dd7a0ae2d2f5defb9bd6be85201cb5

SHA256
ac5e24fdfbd32e1e44724b33cead88376a59c80fcbc543b02fb08fbecba7a75a

SHA512
15cd87414f5be9ec8e97a52e2836b174d3536868592b13ae1f2402d4bc59c75003bed34df40a030bfcfa5684cc497a01fcfa02af91b2e7cd6ce76fe2bc7ba385

Download Submit