Overview

overview

8

Static

static

6

6d0919202d...18.apk

android-9-x86

8

6d0919202d...18.apk

android-13-x64

Analysis

  • max time kernel
    174s
  • max time network
    182s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 02:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d0919202de2c552152b0a4359cbd103_JaffaCakes118.apk

  • Size

    17.9MB

  • MD5

    6d0919202de2c552152b0a4359cbd103

  • SHA1

    07b1fcdaaaab9391fa324176c87910d8003fe124

  • SHA256

    e030b3327031b515ebb5f44813d90f36694898b106dfa0b446e70b59fcfa5302

  • SHA512

    c5f9690673441e8afd4d9cfbf7b957d46c1f86e5db904fa770655270c545673bdea9917d56b5118f26be6e7363cc63b003b03c45301e5374cc1657343cf37dee

  • SSDEEP

    393216:2qjVlqgWRbfcDdLncK+r2tF9YV3K7gf/dgRRJlo:2qj3qgW1fcRLTF9Uac2RzS

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 11 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.xgbuy.xg
    1⤵
    • Requests cell location
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4264
    • chmod 755 /data/data/com.xgbuy.xg/.jiagu/libjiagu.so
      2⤵
        PID:4322
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4352
      • cat /sys/class/net/wlan0/address
        2⤵
          PID:4399
      • com.xgbuy.xg:pushcore
        1⤵
        • Loads dropped Dex/Jar
        • Queries information about running processes on the device
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks if the internet connection is available
        • Uses Crypto APIs (Might try to encrypt user data)
        PID:4410
        • cat /sys/class/net/wlan0/address
          2⤵
            PID:4611

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.xgbuy.xg/.jiagu/classes.dex
          Filesize

          8.0MB

          MD5

          7c17366a8785c78be60ad22700e831a6

          SHA1

          df18773978ef0fd306f7692b1c68fbeaf006ba6b

          SHA256

          b1db2ad411bb5b6bd2df10ebf92f30e0ecd691fc63a06a6b26d713d3ae5e075c

          SHA512

          78f586522675ad57f799f5d140b89280dbb6d1661e594c1d59f57148f658914d17b2e93d066f32492449ec27f19436a4860ebef43d028c9721e99b357d0cb771

          Download Submit
        • /data/data/com.xgbuy.xg/.jiagu/classes.dex
          Filesize

          6.5MB

          MD5

          63489f8ffc4c23ff337d45cb8346f966

          SHA1

          22d215c56a5a20cd554eedcd1bc23154f5cf844a

          SHA256

          645251fb0c5def1ae81713dbbba3d23e471eca87bcf73cefce9e32c256c9a9a5

          SHA512

          73099e94ef1d7798248decec3527402d61bf62b2aa7c39645b1d557fbbd4a07cc65e302dd08e79052652511abb76b35a749dffbc4fd34df070926f349186cccf

          Download Submit
        • /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex
          Filesize

          6.5MB

          MD5

          a4cb96ae304b9c8463e5d2d6b61bc25f

          SHA1

          e40d7603620bb6685248b468487776ea7169a4ff

          SHA256

          b05bb83f8406984872b617c85b0b50a716c1b1baa1f5617524f3cc3f53dbd182

          SHA512

          9571da0805c8c8f3dfabe30d908797b5b03a2529de9d72eab6a859a44e121b8bd11797a47bc8a2ca49929601dea6b70ed07859e4eb2ac65855930c11a4edf489

          Download Submit
        • /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex
          Filesize

          2.0MB

          MD5

          bf5b40b5d4157a240dc5677f9012850b

          SHA1

          f7c8627ce6368fd6b6b29fce0e1cb7e1b3950043

          SHA256

          b163747ba703216a09be9cfe163dd8a8cb6ce7853a48a686b4d8a0a904c5aa61

          SHA512

          aad9d3532a4672dc56ef9bd828e825b2d08eea26126fac7ef7e8a850e772fc6651bb64005bdac7aaf5a4294c33f8720d6106ca5df58a14fdc13dba2f17bed493

          Download Submit
        • /data/data/com.xgbuy.xg/.jiagu/libjiagu.so
          Filesize

          455KB

          MD5

          e5a53000766ebc433b27d6a66ec4f555

          SHA1

          2c8f53f1c03aec2005bcad67d731f07261dabde0

          SHA256

          78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

          SHA512

          370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

          Download Submit
        • /data/data/com.xgbuy.xg/.jiagu/tmp.dex
          Filesize

          284B

          MD5

          f1771b68f5f9b168b79ff59ae2daabe4

          SHA1

          0df6a835559f5c99670214a12700e7d8c28e5a42

          SHA256

          9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

          SHA512

          dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

          Download Submit
        • /data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-shm
          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

          Download Submit
        • /data/data/com.xgbuy.xg/databases/xinggou-journal
          Filesize

          512B

          MD5

          8e334414504df8e2ce19d4db9dc6fbd4

          SHA1

          8bb10a6d49940797ae1daea6fa3f2660327a5481

          SHA256

          05795a870fff1ca080d25b7ca6c1e6e7f4fde9cc474502403881988fc704faf7

          SHA512

          ef8d8d3106a6f0fa65db056cd9944d4a548ae07ae83832bb40c9c4cad7c603f9a05f60761fe94b94044d647c199cb065b2eabf86a25d39bd35bb14dd6b9a3a4f

          Download Submit
        • /data/data/com.xgbuy.xg/databases/xinggou-shm
          Filesize

          28KB

          MD5

          cf845a781c107ec1346e849c9dd1b7e8

          SHA1

          b44ccc7f7d519352422e59ee8b0bdbac881768a7

          SHA256

          18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

          SHA512

          4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

          Download Submit
        • /data/data/com.xgbuy.xg/databases/xinggou-wal
          Filesize

          88KB

          MD5

          6630f20ec7728688d21b9601b979e4f8

          SHA1

          226b052b6b6e2e03bff43a7f9f4e98d740329a73

          SHA256

          75cc42a7bcd565a4762444230b46fa5ccca59ff5423d270f88d1e629a4d2cb35

          SHA512

          e747cbd26054088149aed9cafceacd1910ed109c4858e24a76be1fc655563c9d950f9793eff26bba06c8731c19876a5f4fc505a82202f12bb711e1e6b86ccbdd

          Download Submit
        • /data/data/com.xgbuy.xg/files/.jglogs/.jg.ac
          Filesize

          32B

          MD5

          1264f30db5bc978090c891fc9ba97820

          SHA1

          22a1664ca5bac8af36bdaf8e4098c02c7fc9c1fc

          SHA256

          6383110e70c2cf20a67539bbf759d99229ac2dcd214cae6a3c5de840497bab2c

          SHA512

          f3ec53223344ea4763479b39ae62a3dde4b83e0db05d4707c9e2c914725943063706c6c53e6fc043ee13640ac98242775c901b84ec76eb3edf11615bd0084488

          Download Submit
        • /data/data/com.xgbuy.xg/files/.jglogs/.jg.di
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit
        • /data/data/com.xgbuy.xg/files/.jglogs/.jg.ic
          Filesize

          32B

          MD5

          9afbf0dc0b4a4fd0a874cfec2c55461a

          SHA1

          a42766499eef11be1120ff87588b7f715c1b2a7f

          SHA256

          75c6a927b6cffe50b1a48e8aff766f5d543dec5aec8010b835ab4c4d8dd3da37

          SHA512

          863cdc25dd26bc2db5a80480a5d5bd16965ce02afc94f732f31c24bdcd3daaae24d41504f0eefead9a8ecc402aa2e798ce100e8a225b13b38b05aa433456185d

          Download Submit
        • /data/data/com.xgbuy.xg/files/.jglogs/.jg.ri
          Filesize

          314B

          MD5

          72b5d2d301c60b25f55319da05b3f1fb

          SHA1

          cd48648f9cbd86b9526e7379acecee8f08348568

          SHA256

          7ed57973128ecc60873a68bac6f349a9d1eb10f6d16cbaea8d161552956b71d2

          SHA512

          78a03563cb052415b46f0d44cc9f1fbadf408e1a00d1266610f814a0b9c5b78d92f8887810f1cdf4fc68afcb8db6e091d0031b75cc0298ffbd3c99d6279c92a8

          Download Submit
        • /data/data/com.xgbuy.xg/files/.jiagu.lock
          Filesize

          27B

          MD5

          712d7ec48e0531f27a01f88f5150707d

          SHA1

          8cb8c6286803e588e171cd9b299e75ad6f1bbb44

          SHA256

          a76c50605896bc269fc496a6fc0872581c3bb7f3c8c9b6fc492018b6bb046863

          SHA512

          54b90a8e29109e1791517d507bf98f6c767c0cc81a094d0183b482c7d627ae816b001a843082513ccf7374a14de1a5486f0df2cd71082c7de9f2f63dc42f023a

          Download Submit
        • /data/data/com.xgbuy.xg/files/Mob/mob_commons_1
          Filesize

          2B

          MD5

          99914b932bd37a50b983c5e7c90ae93b

          SHA1

          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

          SHA256

          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

          SHA512

          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

          Download Submit
        • /data/data/com.xgbuy.xg/files/Mob/share_sdk_1
          Filesize

          23B

          MD5

          8e24e79baab91c4d0604eaa9006a0cb3

          SHA1

          e427afc94a4b957a7096f73e395a10ea404c076b

          SHA256

          65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

          SHA512

          45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

          Download Submit
        • /storage/emulated/0/360/.deviceId
          Filesize

          112KB

          MD5

          3bd93c46ff92dea93ec462adb9c65562

          SHA1

          9f6a1d340cf2a897cf017d3bb1843ca96d4a5d5f

          SHA256

          5045395c41d3069d2a9af4de9e11dcb691f46102330951790b5a57a2ae9872c6

          SHA512

          3411a727b166feb53c9d71ac65039011743f2758ed0e25e4319c6c8c2e79e4eb13ad28a93e2f06f0df9e03956c048d7dec9b9bf9701645742c49ee4aadacb6f8

          Download Submit
        • /storage/emulated/0/360/.iddata
          Filesize

          512B

          MD5

          2763d39d2564b99cff6bc446dfecb773

          SHA1

          4d3dd7dfafe7ca8850c1a5bd4396aaad814efe93

          SHA256

          c4b1b36ba6109d252f439d786a0ee5561c590494df3fbe90928ef568da05d454

          SHA512

          ee033418e6a37b1314156fe72c8b4e88bcac101fe36900196b15b474380a572e4d7676e791ef0c7731779338060bab845ec6ef21fefdd4983e10b1f0ab157fa3

          Download Submit
        • /storage/emulated/0/Mob/.slw
          Filesize

          66B

          MD5

          19402718bfb1c685a726b4e1d846ad98

          SHA1

          02a7e30044a67085f2f1da24e16e4ecfede65b72

          SHA256

          079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0

          SHA512

          25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

          Download Submit
        • /storage/emulated/0/Mob/comm/.di
          Filesize

          57B

          MD5

          acc2a2f5cb76c41d2e97e0d409b53bdd

          SHA1

          ed06f22ff10e0912f50d53bc775ed2ae70f85d5a

          SHA256

          12ee2ab25175281fd1efab755eb5a5b442e91d263646c52118e6b1e97856f448

          SHA512

          faed72411dfb1546a82a302b6aadf921bf66a09aa4641a6d1d523e5b58c063d5210089ca2d7dec8aadbe1efec4748a8abb36ab9fe1ab18539a92b76730b85419

          Download Submit
        • /storage/emulated/0/Mob/comm/.di
          Filesize

          57B

          MD5

          70a42cba408700f9a6c01c7941a8829e

          SHA1

          eab01cc2c0671538795fb0b1146017dc099d0984

          SHA256

          499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

          SHA512

          8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

          Download Submit