fd43588d32c579d59cb476b72532a2403f5353434cf52e9dff38c02d40ed989d

Analysis

max time kernel
9s
max time network
136s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
24-05-2024 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cf63d38269772968b4a7852becc485b_JaffaCakes118.apk
Size

8.9MB
MD5

6cf63d38269772968b4a7852becc485b
SHA1

e8949b8840f3a815802935ec9b7df055468f8e73
SHA256

fd43588d32c579d59cb476b72532a2403f5353434cf52e9dff38c02d40ed989d
SHA512

ae80270b5593ff4ad7d9c61a4af0a9ed5056473014806258d9ac4b92125ce9bec674d42db37fca433efcd9329e19d2a6436c8e7e474a482791edf6f76b734e2f
SSDEEP

196608:MPHyuYxCuJFbNSxeSWSZJwzP8W6BxNBj6QgXADXwy:8ynCuYMKJsUW6x16QUADl

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.rjjmc.newscratch

ioc process

/system/xbin/su com.rjjmc.newscratch
/system/bin/su com.rjjmc.newscratch
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001

ioc	process
/system/xbin/su	com.rjjmc.newscratch
/system/bin/su	com.rjjmc.newscratch

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.rjjmc.newscratch

ioc	pid	process
/data/data/com.rjjmc.newscratch/.jiagu/classes.dex	5114	com.rjjmc.newscratch
/data/data/com.rjjmc.newscratch/.jiagu/classes.dex!classes2.dex	5114	com.rjjmc.newscratch

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.rjjmc.newscratch

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.rjjmc.newscratch
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.rjjmc.newscratch

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.rjjmc.newscratch
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.rjjmc.newscratch

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.rjjmc.newscratch
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.rjjmc.newscratch

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.rjjmc.newscratch
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.rjjmc.newscratch

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.rjjmc.newscratch
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.rjjmc.newscratch

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.rjjmc.newscratch

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.rjjmc.newscratch

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.rjjmc.newscratch

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.rjjmc.newscratch

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.rjjmc.newscratch

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.rjjmc.newscratch

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.rjjmc.newscratch

com.rjjmc.newscratch
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5114

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rjjmc.newscratch/.jiagu/classes.dex
Filesize
6.7MB

MD5
bae2d4b2e2f83a3370f02ad156fa592e

SHA1
c371784b1e98e64438beb582dc0ad2d9a14f6ba6

SHA256
018bb3853d5fc1992c1dff0018fae44ca3d82a277f5fe4f7009ff99795774e45

SHA512
00cbe4f100d330cae9679d38731a0e8347bd0430837842ae3327a339ebd2019e82ba9bd8de6ce2aae11dc0ca58f6d64113f9407657e3e2c26faecaa4c1c85d5d

Download Submit
/data/data/com.rjjmc.newscratch/.jiagu/classes.dex!classes2.dex
Filesize
393KB

MD5
7f65feaf791e7cc0253bef4e86bdd4d9

SHA1
7cea7d77aa27e7d4b26d86e198b412d5a8b24fa1

SHA256
59d2fd29ad1cddf9391a6755360351b70dd14fbde3e858be5a4c736128709d9b

SHA512
b7ea5b67d71ee6c2b945b050ba4b42cfb8c6828d60276972dbf40f035c180224f4eccd143d23bf4c903c97cf14ab611319a75d265cb084ff9eb9179cb644e6c7

Download Submit
/data/data/com.rjjmc.newscratch/.jiagu/libjiagu.so
Filesize
495KB

MD5
de685970891708f6edfd18f03c6557ba

SHA1
ac50f88327652a72df73d43e9260faf169283c34

SHA256
b3124a6f192e562313f1e2d24b292852d4eb87cbe95dccd1d94b3a0540c0c11e

SHA512
cd56aa34265252c1457e28f442872dfaedc897607b816526de7e76c88ea00c24feb3542c21be7dc587b58df8ccbb1e045d3533741981212eac4d704143bfffe0

Download Submit
/data/data/com.rjjmc.newscratch/.jiagu/libjiagu_64.so
Filesize
526KB

MD5
f3f377aff0413b6667306b3ad51a032e

SHA1
0e03658be45eb84be83a147329b82885da1b4702

SHA256
78bf69f4b3eea98355f96ae381547380263beb136fe29d630e2e3216780fdac8

SHA512
a23a89fb8721736f4c82f779f515fc2f702c0d98d696911802d57600ba4066762ade878535abdff7ba529e167d035f7b97e829dc3e1b7d04825b00d31f7d3b0b

Download Submit
/data/data/com.rjjmc.newscratch/databases/bytedance_downloader.db
Filesize
20KB

MD5
600d724a598424fe6a9e8c30f407c6bc

SHA1
8a4f9073370bbd3030552d7595192c24f7419e4e

SHA256
f7f0c3e8bbbf3835ed943557c570a78124755eea305d14a6e56340ff53ab30ca

SHA512
f4a411efab7a676378bd8196c7603de41d9c7bb2d67a37fe2fd6ba78fc261f8f981e68d56c89d12c0bbdf44eee477cfe9880c28e5f1c734f951a6640d4afa71f

Download Submit
/data/data/com.rjjmc.newscratch/databases/bytedance_downloader.db-journal
Filesize
512B

MD5
5222b19c64fe1c4fae7b01d3eaa4da47

SHA1
3c81a19654ba0b92867c6406b72aeb13ff0c175a

SHA256
57465bfeb32574f76232651a6407b44bc47207970f8b848ccd4282f0eb3eeac2

SHA512
22a82b09be2deef80e5e05c052a78d7547f0ee1e95dd427ade035cc9a3557adb87f29fa79e21baba0fc97c9dc1ae1b3823336378be0fb103b9c8a604f390bdb6

Download Submit
/data/data/com.rjjmc.newscratch/databases/bytedance_downloader.db-journal
Filesize
8KB

MD5
8e6207ca1ccef0c3ae567a59e5d73a5d

SHA1
41ee0d15da9753ae72d9457aacf55be6425cfc4f

SHA256
9a9d24efeb130d925add5a7b72f5e86661fe14d86de94c6159835c54eb695d8f

SHA512
320183a6467ef088d2e97ab73638c5b103390597f8d3f640abfb049eb8818ee7d84d43b58781f1b70f1a66a6f843dbef0b35a72e134da63e837903913692d31d

Download Submit
/data/data/com.rjjmc.newscratch/databases/bytedance_downloader.db-journal
Filesize
8KB

MD5
bcbda1fe11b173d466870702db061861

SHA1
0c7bfc778475c00a9f6c8e5e4bfc67aacc3c3583

SHA256
5c1b0e867372d582ba87d2a8678338347bbef6791ecbc14a0689e94f3fdce7e3

SHA512
464df497deae2eb101aad442f4e94fe16626dd5e7cbd02a6b592b1799576909dbaecbe5be76c313ef325bd24c6833178e98d36cffbe1835a36d68a529ef5122d

Download Submit
/data/data/com.rjjmc.newscratch/databases/ttopensdk.db
Filesize
48KB

MD5
b42c49b45ea1479a7c13f64e8c0d6ae6

SHA1
5a1874d7adacd65a87b0a49ca877a7f291c2caec

SHA256
e2dd34c69551bf6026cc452ee3e94bc6a9d1861126f72212a092899a12a8dd54

SHA512
cb4dd39007dd0ae6ee4a8aedf27d2eb7eb907940bc9c1097b43070568dcce0a8eafe0b81b60d224a4c90c1d3261f584c62205b447bae701073250b9ce1971510

Download Submit
/data/data/com.rjjmc.newscratch/databases/ttopensdk.db-journal
Filesize
512B

MD5
9a2682db19694419c8b770354b6a6bcb

SHA1
efbfac6d8755f9620f6532716d62ffab93cf6af0

SHA256
20898b89ff79153563d180fe6d7648e410abb581a9575a71b2c7cf9a0f7e793f

SHA512
f60e9144a5a797ab99470ec7226cd6992cada6fdc6b9ec694b4ddd2cea7770fbccdef2832e47f5c459d6d210f6985fee9ac2af91d5aa1a9e7c99ac4c845fedf3

Download Submit
/data/data/com.rjjmc.newscratch/databases/ttopensdk.db-journal
Filesize
8KB

MD5
31ba9cd517409e0b15d527013b106a57

SHA1
0a825fc2b5d99cc3cf00db279ef6c24118d0fd34

SHA256
8411bfa7a53b4ce4a0b40308a1489d4b06dad4e6107232878c87139c3931ecdd

SHA512
0532ed3b3a4b31e4ad9dc0da4e01a991573577f3f51f4cfdb836cf016fb30a93ea55944e3327c6e5a93c142436054dcf2648248bacb311b974219d030cc69be6

Download Submit
/data/data/com.rjjmc.newscratch/databases/ttopensdk.db-journal
Filesize
8KB

MD5
d8b7c0c251e960d37d3f1d67709a2213

SHA1
8aab56032c12b4aa97ae7344726e3fcc7912e30b

SHA256
d140dab4e126fa1d75b5f9ff50394a6cb33a9d8b2c2b235cff36fb6e70a7b7b3

SHA512
aeb17f43d9dc3a24a50da9b0ab64c2e21d4969496d711af56f433ff32bf92f880b8ba280da31d8f60b7c9468aaa311667dae705d8b880a68cfde80dde1e1a938

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.ac
Filesize
32B

MD5
8ff98c65f39092bfffc4469e350c3abd

SHA1
92d8a2d8a141e5134f25006ba7e22a5072174334

SHA256
e55f384ed3856a13e2d5255d74b10e1aac64ba9c78162bea5618ad073855efb2

SHA512
f0895609b7bd6f8f3600999bbb73acf5a80af97b9722412467ac4a1da4ab9e3b3126c922919dd714a1eb23e71e2404369557c2a21be239d66de231ce8ab9c4fd

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.ic
Filesize
32B

MD5
57b4b1c8af7c2642459472f73b55fbe6

SHA1
593b37355cd7534d087452faf3992a9c60a10204

SHA256
3dc9855a81cc27146a6bb2b686e40c99f848ae4fef4186af89372f8d33999268

SHA512
262e384f51356760b9e03190fe1b11172a15a4648f67d039210abb8e0d3679a17af8266cac774d086fee1e857eb8f72613e18c255534f86216caef651643c685

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.pk
Filesize
32B

MD5
87ed1d2f19248227c39cc2fcfa76e9c1

SHA1
edf9a78ceb0e8fc0d3ffa8a2a1cf523790b40d9e

SHA256
d5a88ed8ad493a2df0744bc5df16a82b39c5a9e22efabf949257e8f9ed29b83c

SHA512
6b9586c00bb35be994a6d893b0e4521c1c7411ff41c0b72b736272ea4c600d0a6e728573161abc9e939862836d938275ea2fefaf5412937d4ab79a807de939d4

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.pk.h
Filesize
64B

MD5
fd34740f4d20ccfbfd1abb2beaf32a88

SHA1
0a1fd7244c6eec72d9d3abecf78f140f61f0fde5

SHA256
9e2b44f35da9aecd8a42ecdeeb5fb9ef6941e42e9e7b68f9cc5a742e9d094f89

SHA512
38cd3611d11222451aa1d6e52da6c7c8b5d923e14391e3ada11f794e14665229749aa4521221ffb88738e066a2b31e8a5fa07938483a3196db2ef2d55e95d2aa

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.rd
Filesize
32B

MD5
1b9a07b9001364aab22ee77125925eb5

SHA1
8468d08e0685d6b387e914d7eecdd20366e8b548

SHA256
ba2c015be515e7e79b73b6099a418b8a26b029b43e7e3cc3a9565c32078593f9

SHA512
b2c8402587ce6565e7195fc39253d617665124dcd65697185f5e307140c39b94d9823fd5951f1e58e2a8046d69660b55849c323c86e222b2a8d8ea38b75618a8

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.ri
Filesize
307B

MD5
9c0e3eb4be6a6470eb6cd0d21b3f02f3

SHA1
e9c1263aff19237d44ed9916f4ee8732db2b194f

SHA256
974c9af0a9861ccfd0bc73ec56cc15acb0a3f959cb12d73323a19ba781b105fe

SHA512
4f87184d7ed2cf58d6a1d101265ace7c884f8494b54e29c94b11b3184f57d52b40ef28abf49aa82b20aeb54b28f1b91621da60ef5195265e7f0936e43a091533

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.ri
Filesize
314B

MD5
a8a6ab9f885928d38cc9af7b10486c7f

SHA1
393d0ac002757b3abc1555d55f33e05633811cd1

SHA256
4a7c9e74c9ec081e40bc737b9734604d2b53d439e88dbca5b0bf4d3508e025a9

SHA512
9b671a88c36b9cad7c13b20100f0ea5b8a2cf6a5871bc3099f720de915e6dd5a45c03e87ba3a40c07d4e38d845e7ad903c4b92a6d1f470751f75abdf95428283

Download Submit
/data/data/com.rjjmc.newscratch/files/.jglogs/.jg.store.report_pid
Filesize
32B

MD5
cd6e402c397eb3b6a50da1a2258d2cd9

SHA1
a83c1cdce0a8c956582a6d0ac66655e902b82920

SHA256
ff801f9f26a33291fd25a4edc557cbad59ef2ad11ef517724a07a348ac7e9e0c

SHA512
822ad7a981c22d18ef91a6bd4eba5a9b69d18ae578888cc060937c086019dfd880baf62d59ee5118f709136ec6423c2106c4fb4f0bd4267b187ef4f2a93c57e8

Download Submit
/data/data/com.rjjmc.newscratch/files/.jiagu.lock
Filesize
27B

MD5
7d8615023ed3f5021e4eac9b297fdc3d

SHA1
d5874a820e0dbb492fe2c0ccba24c357c9bbeb90

SHA256
d321c508909acf3f03dbafc079ee5644ab8e68116ab8da3b7820d85e68ac9448

SHA512
6bbd523260051e6d7d719ce4a7fdc9919aee86a6f0539645faa3ebb730c133ebe953cd173530cd0d6845937f474a5f00ad9062347aed2ec8f3b8fbd0425489f0

Download Submit
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat
Filesize
36B

MD5
3286072e2d72f83d760f62629a818375

SHA1
bd2006b3252ef151a73ab7fee692e63510918ebd

SHA256
f7e32affc49269764bdb356adf406340d5211676aaa7c8a23481bb5e24c0f27c

SHA512
f389b3efb860f50defc5a51e41d6da74f259a9c1a60e9c87e4a27c5c3171e3327c46b957e4cc014fb9014e64bfda4c4c41796c4bf43d3015dc557b425d7ebacc

Download Submit