Overview

overview

7

Static

static

6

6a8243d28a...18.apk

android-9-x86

7

6a8243d28a...18.apk

android-11-x64

7

Analysis

  • max time kernel
    6s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a8243d28a7a0ba26eaeee569d698a72_JaffaCakes118.apk

  • Size

    14.8MB

  • MD5

    6a8243d28a7a0ba26eaeee569d698a72

  • SHA1

    f92dc868dcc85a85fbac80e9170f40a4db6d6ff1

  • SHA256

    fda7e8431299f095deb828a021ce212bf806901fbab8d8012ad2f8840a72d3bf

  • SHA512

    b6970d0c14008dbf4c0a4cebc46c7eebe62d18d6138932a29e339ec394acc896045f82f516b799765152a288fe4a8149ea0bb91c64746f0ddce571459a975362

  • SSDEEP

    393216:vDOZh55AImBebRr1SLHU0ClJmBavWUuenYLTs44:aZr5ANebRr4LHlClR0ecId

Score
7/10
discoveryevasionpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery

Processes

  • com.ecaray.epark.pub.luoyang
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4284
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.ecaray.epark.pub.luoyang/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.ecaray.epark.pub.luoyang/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4320

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ecaray.epark.pub.luoyang/.jiagu/classes.dex
    Filesize

    5.6MB

    MD5

    f68a57906ee4f6a5b8993a6e44e70e51

    SHA1

    5b2a38a82ef6b37851e6e08d6cd2563dd40fef82

    SHA256

    05848fc5a0cf8938dae17fdad13de2a7ecc3f8ad30abfa5707115d0801c31bef

    SHA512

    fc91b0acf57981d4601066ffeaaff02240ffcee7f0c47a7ed8d08c605974f7b5d5701aeda889c2221a6856da06152ca631a4fd71919a5195ec029f530fd7ee0e

    Download Submit
  • /data/data/com.ecaray.epark.pub.luoyang/.jiagu/classes.dex!classes2.dex
    Filesize

    4.1MB

    MD5

    2a96af32b1fdfc6aac9c2153837f4fcb

    SHA1

    8c602dda9d8855efcacc96e9499ab31331b28c38

    SHA256

    4216c9d6df5617f330a45c7261041ae642de3322a090ff29a24f0f802546f55b

    SHA512

    bfebffa1eb9320af69b35fbadc446f2f6a5d34e31547e1dc281e4f97ffbbbee74f1f8461041c8d9c2f1e4d06b03d4e11b16e275b3be841139d3a528250bab148

    Download Submit
  • /data/data/com.ecaray.epark.pub.luoyang/.jiagu/libjiagu.so
    Filesize

    485KB

    MD5

    2c1a490890ff15348d2fc3815b2cfb3d

    SHA1

    922e1e5539c40ad5bed578a9cea9f076df02eaee

    SHA256

    4a272d3707e61d656a95d20b944a402a4ae39b79013e3a47a93c0faa3eefc6da

    SHA512

    3a910269e855c3c9a31e40d2d18d166d3c3dc08bb9b063e363be8e737181389e9cc67be8d9ef8d1a63ca0500d0d028aa2562e6fb979beb1a1cccf0fe4d1d1853

    Download Submit
  • /data/data/com.ecaray.epark.pub.luoyang/.jiagu/tmp.dex
    Filesize

    284B

    MD5

    f1771b68f5f9b168b79ff59ae2daabe4

    SHA1

    0df6a835559f5c99670214a12700e7d8c28e5a42

    SHA256

    9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

    SHA512

    dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

    Download Submit
  • /data/data/com.ecaray.epark.pub.luoyang/files/.jglogs/.jg.di
    Filesize

    340B

    MD5

    11a1078b27adff6ffb5e8314dae2f11a

    SHA1

    9d180037145d4f50add324da1dca13b3c9ad6e48

    SHA256

    42ca18b36353a64eb727dbbef2eef9ae5e8a54240ab3e1735546f67dcc67b54d

    SHA512

    26ee36f534854bc6b74826d5aa4671e1406b642d6c78c04411f2e0424c6d96d31023735aabc6201d2a101478e9f4e41319888d2040a0ab357c4d99829ee535f7

    Download Submit
  • /data/data/com.ecaray.epark.pub.luoyang/files/.jglogs/.jg.rd
    Filesize

    73B

    MD5

    81c51414df4f9885fabd75569c2567f6

    SHA1

    5180ae7dc3ee9f1d820a7a87fb175d43cffdfbae

    SHA256

    bfacdc9b7e8ede648d4e292526d443235308ee57eeb17a5eef620ef9f4246592

    SHA512

    b7e963db05d972ffa746a0205147c8470a0de794677ca6dae7c5c9a3cb31fbf1c29dc561b0d31a36387f485ce3d72a4568978a23909f404d18fcf601f90be638

    Download Submit
  • /data/data/com.ecaray.epark.pub.luoyang/files/.jglogs/.jg.ri
    Filesize

    314B

    MD5

    2fa35a44c6995052537ac0e2235b6504

    SHA1

    642eaaad0342b1b70c938dbaa69c2d57ef092579

    SHA256

    0d148431cae6e83ec6cde797465ed9558aaa3b0479dd3e48b4c24e6df65bf056

    SHA512

    4d52081bb813d6b8668d3ece0b44d3c83e5a34780bd3e8af66d7a25c295aa000a01e6c503a23728a8e2ec73582a206bc686c7329e9383a94c8792f805e4122c3

    Download Submit
  • /data/data/com.ecaray.epark.pub.luoyang/files/.jglogs/.jg.store
    Filesize

    32B

    MD5

    448e391c59eef34ee1defbe4dee4c41f

    SHA1

    df1f890987371d7d8e6963c68b787856e42bc146

    SHA256

    55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

    SHA512

    ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

    Download Submit
  • /data/data/com.ecaray.epark.pub.luoyang/files/.jiagu.lock
    Filesize

    27B

    MD5

    465ab808bdff1ae3674ee4d98c1cf458

    SHA1

    ed6f5fe8e10a8b93046550227d26dd2db15d3ff8

    SHA256

    46fdf39624ab68520c6d864fdc72bd2c6918ed76170f68e6b9c134de265893ec

    SHA512

    daf69bdce1af016d53a8841b57f12c8cddaf465ef76ea4f2baae8539903fd9b515ffcb1e28e223fe54eb94f668faa21d0d2b36ebb37259d42aa4d7bacedff7da

    Download Submit
  • /data/data/com.ecaray.epark.pub.luoyang/files/libs/libBaiduMapSDK_base_v4_0_0.so
    Filesize

    644KB

    MD5

    a52e65f425e84338be506d74c0cc8c04

    SHA1

    ba51648b140f65e271103dd9afe16a308492ed82

    SHA256

    6af6463273654031855bc44df9865ca793f9dcfe46463b3325631436ce533c1b

    SHA512

    a6fdf8dff10b4497e9c3db637eb4bff6bff3d05d9858e3f124e95342eb33cec2e9f74ec1d87b25c1e72da1962287263873bbe89f22c8e3e337225c9882d01dcf

    Download Submit
  • /storage/emulated/0/360/.deviceId
    Filesize

    48B

    MD5

    1d8d16c4e3b19ebf18988530d9b9a757

    SHA1

    bc94c1cce05cd848a53271ecb9c5311e27ffebf5

    SHA256

    abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

    SHA512

    4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

    Download Submit
  • /storage/emulated/0/360/.iddata
    Filesize

    32B

    MD5

    aebb7f346af80b353b9c4dc8dbe7170f

    SHA1

    26b2ce83cc76a24b2b7f11ed74b9b4a766ed1c85

    SHA256

    7063bed8bf8bd8cc434b9fe06836347d805fc98b3a7df4445344d57d53d8b86d

    SHA512

    179edbffc24060bd59e2901e5a5c4025b69d970718842dc783817629a1f76b41239b796b13f0c49d91e599ea0d088960e3a71b915eb45b9b082b939509059904

    Download Submit