9979036ed185b7fa6670a40b2a6663dcb12867d9e08d737ce2e05268f39e8e99

Analysis

max time kernel
8s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69a4fdcc5ff32ac0203779ef7a0141fd_JaffaCakes118.apk
Size

10.7MB
MD5

69a4fdcc5ff32ac0203779ef7a0141fd
SHA1

0ab3393f030f75eccc733fe703f9149538f86706
SHA256

9979036ed185b7fa6670a40b2a6663dcb12867d9e08d737ce2e05268f39e8e99
SHA512

4e7811d5e02f8a9ec336ed8dc325df9649fbc4735e8fe0f462abfc9a6bb148e04bbd2748f290c7bb37015f0c3eb5fe977e865992da6d37a38af942eb6eba238b
SSDEEP

196608:ZdKvpK2azbJoNp8Ouhv0vC08r8TfCUCiUib2o3wik60JD+vJ:ZdCizbO8vcvLnfCZQ2MJ

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

cn.nfwx.tv/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.nfwx.tv/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/cn.nfwx.tv/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/cn.nfwx.tv/.jiagu/classes.dex	4295	cn.nfwx.tv
/data/data/cn.nfwx.tv/.jiagu/classes.dex!classes2.dex	4295	cn.nfwx.tv
/data/data/cn.nfwx.tv/.jiagu/tmp.dex	4295	cn.nfwx.tv
/data/data/cn.nfwx.tv/.jiagu/tmp.dex	4328	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.nfwx.tv/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/cn.nfwx.tv/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/cn.nfwx.tv/.jiagu/tmp.dex	4295	cn.nfwx.tv

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

cn.nfwx.tv

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses cn.nfwx.tv
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

cn.nfwx.tv

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.nfwx.tv
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

cn.nfwx.tv

description ioc process

Framework service call android.app.IActivityManager.registerReceiver cn.nfwx.tv
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

cn.nfwx.tv

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.nfwx.tv

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.nfwx.tv

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.nfwx.tv

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	cn.nfwx.tv

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.nfwx.tv

cn.nfwx.tv
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4295

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/cn.nfwx.tv/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/cn.nfwx.tv/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.nfwx.tv/.jiagu/classes.dex
Filesize
6.3MB

MD5
c045348d5ea31b4fb6691e7c7b657f36

SHA1
87d9321a51203d31b6443a6209bbd7ffdd78903e

SHA256
ac91629a336707c62a61e8c18373b6313dfc072efe5fb464b87b23d54e227bda

SHA512
c73d8db89ee70a68f4d1a86e85834393d03fdd69680ac53ccb4b14c76d7d8a7f29e79df87a4a6e3ed6650a57d5e4d9b21334f5e18ba03f5ca21056a83ff3ef33

Download Submit
/data/data/cn.nfwx.tv/.jiagu/classes.dex!classes2.dex
Filesize
4.0MB

MD5
82b3b598c95f0412406a0a730bb704c5

SHA1
e4b0db981923d221064ad29f80c6eeb7adb5b102

SHA256
f73d8d9fda27f07d2dc2333f7840fdb44f7fe27df23ae2535e8c0730f29ee819

SHA512
17fd957a3f2b2854226b45e298ac8e28a49e26888241a3dd4c7df0a7b30827bb29020db1eb018541fa2c55407b5fcd034a1f91e242bb6ec0d975427e214b6f5b

Download Submit
/data/data/cn.nfwx.tv/.jiagu/libjiagu.so
Filesize
496KB

MD5
f07656a2f51ecb23edc102003c32b764

SHA1
3ef18f74b609313887b9e825c56a54b5a9eef20e

SHA256
f6847402ab69102f8495aac58b9beddde9a71dc52470c5de17e382eec2a6b913

SHA512
34b337d2cf98ec3009f80ff299e43984a1c911e5f9eb5942a915915cb7b5b591ffc9f1b79a7989534c2583a703a3f0857e74be68cdd71388f68d5bef354f7238

Download Submit
/data/data/cn.nfwx.tv/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/cn.nfwx.tv/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/cn.nfwx.tv/databases/MessageStore.db-journal
Filesize
512B

MD5
2da27c867c1017892642a5c7ec4e9f74

SHA1
b56985b3eb2335763b51be0e031e1e7cc495e92b

SHA256
3a7a6cdb7dc84bf5709d6257346bcaf32016a266c9bfee9a8873931550bc2b0c

SHA512
7a3d08d392dc6e347b50fe808a0a2212b80fa28841017f4310efb42ad2532b62434585ea5faef45fd15e7b43b035704e17aa66cacfe8d5e7c9b3555b9b6d61a3

Download Submit
/data/data/cn.nfwx.tv/databases/MessageStore.db-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/cn.nfwx.tv/databases/MessageStore.db-wal
Filesize
48KB

MD5
7802b4f6edb901bf64cea5da11227277

SHA1
c377a431f7e3c3c9bb4bd816bc0d3429df67b5b7

SHA256
542965b4913dca28c84cd9bf73fa068301f47cab0e650fd371ee274c3670726b

SHA512
87e39f1a5d661efe10204429b4dd2948adf9cb9752fb046338e8645af0c0a7835a1ce80130815ee33347495c4fbd58f9139ff2b70ae5d0b6be1d55a50a1cfd2d

Download Submit
/data/data/cn.nfwx.tv/databases/MsgLogStore.db-journal
Filesize
512B

MD5
2762a8ed324399132b081f545db34bdf

SHA1
321991459160a1a0ba1b6ff79e1eb5ff4e97cd5f

SHA256
9f985961c8997d1a7ef68b605a0b858d1da14646dd6263b70e55eaad13f38ba7

SHA512
c1f1c957a042239e696c382c8488cf94e185b6b34db365bf1b97d083f8cf760955da39dfbffdc925a0acdce43b3b0994d96e24b80ecdcc2d17de3fa4d1d4cb7b

Download Submit
/data/data/cn.nfwx.tv/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
0f13137d4b8b00ac444140b175972d82

SHA1
5614ebd8cb1f7a0b30c31dcb79502753b8d50759

SHA256
0612c12ba94224d27b420e98404bea83c50003248d9d241b6e326d50d5f01ab9

SHA512
70f1e29d6780fdd8d8f708b6e34dd71b0f5d73da336ec6ebcc045ffed2fd620ea139bc92e1a2ad640becb6b5ee9f33ac4e4557a324c2ec11ccc831e85eff23d8

Download Submit
/data/data/cn.nfwx.tv/databases/nfwx_new.db-journal
Filesize
512B

MD5
7b092c99406c63b42f0d9fd336f814b7

SHA1
a80a80af925bfbe9a1c856d2f0289741eeb4a25e

SHA256
f6516da2c7420c57f3b8ff4153aab1dc36c71c9aaaeaf88117be34dfea201416

SHA512
0dba3093cd688acf5a8f1e08bc74be6f5cf619c18874e28d1c20fd126b26f2d6ea281a587e198b1ca91c5c962b382f85ca565365651a1ce0bcba6254385e0533

Download Submit
/data/data/cn.nfwx.tv/databases/nfwx_new.db-wal
Filesize
16KB

MD5
1aa4f0f24ac64ef02761d391249e0d0e

SHA1
cd6a72a927fe35727a55fc6df8ed3864928c40da

SHA256
88861a04e00275df015e2a7c7c68e3fec20b7b246fa92b2e9fc32e6775ee45a3

SHA512
d218f6fae63ef3723133642b469f1bce3f246762e1a3825f570844d24bf8d6f19a4c43d323e67e1fe6c581d6017010040ec76c474338cb723f325f12d836d1d9

Download Submit
/data/data/cn.nfwx.tv/files/.jglogs/.jg.ac
Filesize
32B

MD5
6dcb6af344246d01b75b02f18889d420

SHA1
86ee2263e5fa99c4b625695250e0ce1aba27e1d8

SHA256
a0648780400edc13568568cac00dd010cadc10386fa6206cfb9bdd2a23df2a8c

SHA512
b340ae93e8b024e5ee61f29aabf1a6fd1c54da075372d1f7b9aabbe48e981c191ff55cc483b3d361f07741354f66d57b3e14563455977f4ded65bd975d520d80

Download Submit
/data/data/cn.nfwx.tv/files/.jglogs/.jg.di
Filesize
340B

MD5
620e6a16f51117ec92e7388f1adb3738

SHA1
cfe310225fc45717a6ec921784270f18feefec03

SHA256
d739a9fa1e74de7e14e8366f6644c57552f781c39140f5fbe8fc943edbb65bab

SHA512
9ad66eee512eb9781b09d74b662896c8cfd154cb3cbb9e077544f3a2e03d7d5c699f1cb3b00b7cdd040d5b6cd882f74ded43bb6a88e3fdbb2118362de0a39cb5

Download Submit
/data/data/cn.nfwx.tv/files/.jglogs/.jg.ic
Filesize
32B

MD5
954d3882923198ff254a0a58487c0603

SHA1
7e3dff6098eb63ee386f68906fb26e1f50f64bbe

SHA256
ac5e68221f61e32aa6b0515798e6fd29f0a58fba636057d38d1f284c980db9f3

SHA512
fbfaf79cfae1d166889d289d6fd224f32efd6b581e7d5d854fd13ba46fe4c452ebda408efb50086dcfd4b799c7636576b8ebc3655a5c45fae1c9b0c4652496bb

Download Submit
/data/data/cn.nfwx.tv/files/.jglogs/.jg.rd
Filesize
73B

MD5
2ca39e557e07d4347811f4d0991d976b

SHA1
4f40bc741709993bd49d39eba34feb69863d36f1

SHA256
e28a97396f323932b5f9fcb4bade97dccfd6b587e38b97ed8f8f8ccaa1de5c60

SHA512
90df521bdd7d67fa6dbcb838f632b740324db880c34a0aa9efe35e916d819750c4b4b25b31693f365466c5c0ecbd4001edece515d820d80c584929cf98e8ccd4

Download Submit
/data/data/cn.nfwx.tv/files/.jglogs/.jg.ri
Filesize
314B

MD5
6e9504ee9da46187711f170f58565d3c

SHA1
444fe5ea05dd02fe80b0257027bb8c082afc6d9d

SHA256
e77b9028acd5977d5ff163f96bab215eef993a25b382522a1f9444a5ace42275

SHA512
63400e761948e7ac4cf873e203ca2411f22530ae0104f47805d9cd64a47e7a32fb6fe65a69a952110479c082a40ff99dee54157a5919a42f92b6f678ac879fde

Download Submit
/data/data/cn.nfwx.tv/files/.jiagu.lock
Filesize
27B

MD5
48312f07e5cae3d245f0b67e24195005

SHA1
84decdd9bf4906239e5a9c4fa567d510f7b88c82

SHA256
5e82f6b005e5d8a102ae0cb6d85ffa7e9139e263c5fd0a3b3c40e31cb21f31d7

SHA512
470693be3676d45c624aadbf2a943ae125dc88b51a9513209a79ec9b6b0b8ecb03c913864419a2e030d4c74b1305eaefd1806df2e90e6bb5af9ae70c3f104d21

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
7a75258700271a37cc080d95fb3c213b

SHA1
20e2fb802c2aea30f9e36af861af02fe7a4648a7

SHA256
14da40743fe449513ee952332e2c1dfa7d5d044e076d867c485becd05a88a0d4

SHA512
773f5e7c4f8cd7425556b13c766562cbf949aa7b656c4d43997f26629c0a4dd015e01bde5fea1a0d7c9ac862f5c401e35b83f13e517a2634c5af406f9a923075

Download Submit