fd43588d32c579d59cb476b72532a2403f5353434cf52e9dff38c02d40ed989d

Analysis

max time kernel
7s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cf63d38269772968b4a7852becc485b_JaffaCakes118.apk
Size

8.9MB
MD5

6cf63d38269772968b4a7852becc485b
SHA1

e8949b8840f3a815802935ec9b7df055468f8e73
SHA256

fd43588d32c579d59cb476b72532a2403f5353434cf52e9dff38c02d40ed989d
SHA512

ae80270b5593ff4ad7d9c61a4af0a9ed5056473014806258d9ac4b92125ce9bec674d42db37fca433efcd9329e19d2a6436c8e7e474a482791edf6f76b734e2f
SSDEEP

196608:MPHyuYxCuJFbNSxeSWSZJwzP8W6BxNBj6QgXADXwy:8ynCuYMKJsUW6x16QUADl

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.rjjmc.newscratch

ioc process

/system/bin/su com.rjjmc.newscratch
/system/xbin/su com.rjjmc.newscratch

ioc	process
/system/bin/su	com.rjjmc.newscratch
/system/xbin/su	com.rjjmc.newscratch

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.rjjmc.newscratch/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.rjjmc.newscratch/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.rjjmc.newscratch/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/com.rjjmc.newscratch/.jiagu/classes.dex	4291	com.rjjmc.newscratch
/data/data/com.rjjmc.newscratch/.jiagu/classes.dex!classes2.dex	4291	com.rjjmc.newscratch
/data/data/com.rjjmc.newscratch/.jiagu/tmp.dex	4291	com.rjjmc.newscratch
/data/data/com.rjjmc.newscratch/.jiagu/tmp.dex	4291	com.rjjmc.newscratch
/data/data/com.rjjmc.newscratch/.jiagu/tmp.dex	4322	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.rjjmc.newscratch/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.rjjmc.newscratch/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.rjjmc.newscratch

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.rjjmc.newscratch
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.rjjmc.newscratch

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.rjjmc.newscratch
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.rjjmc.newscratch

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.rjjmc.newscratch
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.rjjmc.newscratch

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.rjjmc.newscratch
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.rjjmc.newscratch

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.rjjmc.newscratch

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.rjjmc.newscratch

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.rjjmc.newscratch

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.rjjmc.newscratch

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.rjjmc.newscratch

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.rjjmc.newscratch

com.rjjmc.newscratch
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4291

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.rjjmc.newscratch/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.rjjmc.newscratch/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4322

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rjjmc.newscratch/.jiagu/classes.dex
Filesize
6.7MB

MD5
bae2d4b2e2f83a3370f02ad156fa592e

SHA1
c371784b1e98e64438beb582dc0ad2d9a14f6ba6

SHA256
018bb3853d5fc1992c1dff0018fae44ca3d82a277f5fe4f7009ff99795774e45

SHA512
00cbe4f100d330cae9679d38731a0e8347bd0430837842ae3327a339ebd2019e82ba9bd8de6ce2aae11dc0ca58f6d64113f9407657e3e2c26faecaa4c1c85d5d

Download Submit
/data/data/com.rjjmc.newscratch/.jiagu/classes.dex!classes2.dex
Filesize
393KB

MD5
7f65feaf791e7cc0253bef4e86bdd4d9

SHA1
7cea7d77aa27e7d4b26d86e198b412d5a8b24fa1

SHA256
59d2fd29ad1cddf9391a6755360351b70dd14fbde3e858be5a4c736128709d9b

SHA512
b7ea5b67d71ee6c2b945b050ba4b42cfb8c6828d60276972dbf40f035c180224f4eccd143d23bf4c903c97cf14ab611319a75d265cb084ff9eb9179cb644e6c7

Download Submit
/data/data/com.rjjmc.newscratch/.jiagu/libjiagu.so
Filesize
495KB

MD5
de685970891708f6edfd18f03c6557ba

SHA1
ac50f88327652a72df73d43e9260faf169283c34

SHA256
b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e

SHA512
cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

Download Submit
/data/data/com.rjjmc.newscratch/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.rjjmc.newscratch/databases/bytedance_downloader.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.rjjmc.newscratch/databases/bytedance_downloader.db-journal
Filesize
512B

MD5
9d0af6e40137370a4b4e358295d5fc48

SHA1
fa4765d7105e836824b97b453faec5495472d264

SHA256
f3b92459dde8dc21bb875ee316d784292b3f181304684284193b1fe3764793d3

SHA512
4b0984cfa46eff92558f33a776015dd6f24802537cbc5307e3b9128c88388f24daacf082fac0fab21fdaf430b91abeb07bb46a77fba5b758f9ac4e48ba3f2dec

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.ac
Filesize
32B

MD5
8ff98c65f39092bfffc4469e350c3abd

SHA1
92d8a2d8a141e5134f25006ba7e22a5072174334

SHA256
e55f384ed3856a13e2d5255d74b10e1aac64ba9c78162bea5618ad073855efb2

SHA512
f0895609b7bd6f8f3600999bbb73acf5a80af97b9722412467ac4a1da4ab9e3b3126c922919dd714a1eb23e71e2404369557c2a21be239d66de231ce8ab9c4fd

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.ic
Filesize
32B

MD5
57b4b1c8af7c2642459472f73b55fbe6

SHA1
593b37355cd7534d087452faf3992a9c60a10204

SHA256
3dc9855a81cc27146a6bb2b686e40c99f848ae4fef4186af89372f8d33999268

SHA512
262e384f51356760b9e03190fe1b11172a15a4648f67d039210abb8e0d3679a17af8266cac774d086fee1e857eb8f72613e18c255534f86216caef651643c685

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.pk
Filesize
32B

MD5
87ed1d2f19248227c39cc2fcfa76e9c1

SHA1
edf9a78ceb0e8fc0d3ffa8a2a1cf523790b40d9e

SHA256
d5a88ed8ad493a2df0744bc5df16a82b39c5a9e22efabf949257e8f9ed29b83c

SHA512
6b9586c00bb35be994a6d893b0e4521c1c7411ff41c0b72b736272ea4c600d0a6e728573161abc9e939862836d938275ea2fefaf5412937d4ab79a807de939d4

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.pk.h
Filesize
64B

MD5
4e0f80c1ed3d69483452239017c99938

SHA1
fb93abdaafe13fec7add4fc7cc53fdefecab27f8

SHA256
8aa82d101af6422b7656f38f2de2a630ff441eb6b761b902a437cd855b53bc74

SHA512
a3308c73055fc4a8ed668ba2ec652c1109ad50f93d252707bfe3200d6bc090bdee6204c57931f0e136baa6b59b35645dcacdd7a0da39f781a00c65f073a0bf62

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.rd
Filesize
32B

MD5
1b9a07b9001364aab22ee77125925eb5

SHA1
8468d08e0685d6b387e914d7eecdd20366e8b548

SHA256
ba2c015be515e7e79b73b6099a418b8a26b029b43e7e3cc3a9565c32078593f9

SHA512
b2c8402587ce6565e7195fc39253d617665124dcd65697185f5e307140c39b94d9823fd5951f1e58e2a8046d69660b55849c323c86e222b2a8d8ea38b75618a8

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.ri
Filesize
314B

MD5
030a1c36283a0b797b3d30876952ecb4

SHA1
40792224e1b724ecd6076e3f1bea8f9c76359056

SHA256
9493ae7683fde7a34a5c0e48a8014399c6e6d809b72decbf59db907aa0287e21

SHA512
e743c3ddcd723fae6047443409309ad93505b7ff5e8f24f845bd7c120281d1da679a8e45a8d69b857b9e688e15675fb0145783b8073e4c9595c141d2ae8023a3

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.ri
Filesize
307B

MD5
3ba5addbf529d38376c1d2146d47f106

SHA1
72cb2ce99c883736b13f4f69d810558f7aad0bd5

SHA256
7390d8f52187b50f75e852d237a30b2a1bd099d72fa15446c3218a334a606063

SHA512
335ef43336bc570d86725ad0e8abf7e1b6626cd9a27b14d72e6465e2bb9f1aa8bba56a4cfe92b89fe18b18d451f4446e44865fcddd1339b36efe7d442fca9861

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.ri
Filesize
307B

MD5
b0f8825fe24e1344a923a8b47591f9b0

SHA1
bd0976d2e9502d3668985d4e3820f12be118f962

SHA256
204c0ed88e21005615e9aa7b85d42f1ab3077c13b256b063d447fb454ee5c34d

SHA512
45ecaea1bbf0d1d499f1bbb30ceda677fb4e75c2992fd59328daa2f5591e8d8190296263090bb5a9b9227f8df47da739d58a96a5b35238d6874b3fdfc15e72bf

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.store.report_cf
Filesize
32B

MD5
66ebae69b66dd14dc33ec75d423f48c5

SHA1
df453638e7f9270254a20b2650c484b3ee7524f6

SHA256
fc973da202ceafd30f42fa24f8c125f9261f83780a11ed5d8b25f05cacaa6674

SHA512
fe8b255a2e7778d75b3cc4ec04d23258f48ac453627d6ef03fdc5a1c0a37792734b206b2a2d4818dc1a1920edefc86d8ad04760b3f16562f0370f5c50b6c93ce

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.store.report_pid
Filesize
32B

MD5
cd6e402c397eb3b6a50da1a2258d2cd9

SHA1
a83c1cdce0a8c956582a6d0ac66655e902b82920

SHA256
ff801f9f26a33291fd25a4edc557cbad59ef2ad11ef517724a07a348ac7e9e0c

SHA512
822ad7a981c22d18ef91a6bd4eba5a9b69d18ae578888cc060937c086019dfd880baf62d59ee5118f709136ec6423c2106c4fb4f0bd4267b187ef4f2a93c57e8

Download Submit
/data/data/com.rjjmc.newscratch/files/.jiagu.lock
Filesize
27B

MD5
2a86317facb257be1b7206e66a03f530

SHA1
547c444517b9bec384e08d2578cbf2c60fed481e

SHA256
9d2162b18465298dbef0103e28d23eb6f0462cd266f2f94fec3d482a2652f79a

SHA512
b1f16c7c8275b8d1ffbf91d920ac7781a8f9b70363dca88ff27bb720eb3617eec518d1ac5338ed217e8bca9987f8e1b4d4056e8c592aef0b515cc589886cbea9

Download Submit
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat
Filesize
36B

MD5
52758083267c752dc7cc1f92ce2ba80c

SHA1
24addcbe408a7ef221564ad6ee86103cd83374a3

SHA256
a525cf274854c634362a55cb20b04f7e25b46a2cc9ad8c86558e219f53a29363

SHA512
ed74aae5c2a8f16b1a082ccc08ec506cb7339dfb4e69c01ebdbf0f1e391cf841580868a336d587befd315cadc2d754510a9aae709da523d1ae635e8c1dda3f47

Download Submit