Overview

overview

8

Static

static

6

6d3b5b84ff...18.apk

android-9-x86

8

6d3b5b84ff...18.apk

android-10-x64

8

Analysis

  • max time kernel
    80s
  • max time network
    149s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d3b5b84ff9cc242770e1e9b93164abd_JaffaCakes118.apk

  • Size

    7.9MB

  • MD5

    6d3b5b84ff9cc242770e1e9b93164abd

  • SHA1

    0ee5813824131020abee3c6e266f627a1081ecd2

  • SHA256

    68b6f9004705795d9e5665ce03cdab74b5569edeee06aad903c2f65733a8a9ed

  • SHA512

    9953ce850fd80126a98f95d4c8b2361524e33b20e79f4cc698e11656bd5470781d0230b14691cf80bee822955bfd7eaaa89b7c346f7dd8b572534e082e15b247

  • SSDEEP

    196608:mC4fLGedmKrM2A6yJJWLi1Nee8XlFk55RpfXCO6:mFGeDM2A6yJJt1Nn8Tk/fSO6

Score
8/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.adsjpo.weoiuhf
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4310
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.adsjpo.weoiuhf/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.adsjpo.weoiuhf/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4343
    • sh -c ps -ef
      2⤵
        PID:4433
      • ps -ef
        2⤵
          PID:4433

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.adsjpo.weoiuhf/.jiagu/classes.dex
        Filesize

        6.2MB

        MD5

        b4eb457489a142b12041b53a8cfc69da

        SHA1

        5a9d1ea8a9ef4bcbda006143f1b9fc03e7d0fc32

        SHA256

        8146072bda81bb027f235914b35623039da0dbcd091486be6df0c7796471e561

        SHA512

        f7bafa420e7cdbc6dd3a7b365c33c0fee9fae60349fc47332b0f356cf040980378a5bd2f8c8b3ef9f45d7582ecde2339d66e6c227c2274c9f1a986e56aacb888

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/.jiagu/classes.dex!classes2.dex
        Filesize

        339KB

        MD5

        c1497b495f0b7bde27017830d02f0992

        SHA1

        b5aebd91c81320337dc224d8492e3d5806b5c07d

        SHA256

        014841ea1acb4006d3e6aafac1833f3e2667e3a3cc11f9204314e77f5ae26784

        SHA512

        43c4f997466ba0b2141797d19d332f84f14f5414d79c46f3491a3aea7fb940980280277d928084918c10b0d5e6bb6daedc67cdccef04ee30219c31a180114834

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/.jiagu/libjiagu.so
        Filesize

        558KB

        MD5

        98736de515958ae37ae93a0a0e997098

        SHA1

        72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

        SHA256

        335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

        SHA512

        cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/.jiagu/tmp.dex
        Filesize

        284B

        MD5

        f1771b68f5f9b168b79ff59ae2daabe4

        SHA1

        0df6a835559f5c99670214a12700e7d8c28e5a42

        SHA256

        9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

        SHA512

        dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/databases/google_analytics_v4.db
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/databases/google_analytics_v4.db-journal
        Filesize

        512B

        MD5

        0910726af84c0944e5a807b189639563

        SHA1

        bb001ab5c0ff5be6e47ecc746d8ddf262101ba44

        SHA256

        c13f1c522b7622d895f1c569afca8ab92715cc46b006420cf57c28fe986db8f2

        SHA512

        2120127e62bec56f7f4d76f15d37c9a121764ccc6f44c408c60fd776315420cd6c5dac20fd9bed7b0af8b03951d3249a52cb3076a3d57d187f218aa52b84ba1d

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/databases/google_analytics_v4.db-shm
        Filesize

        32KB

        MD5

        bb7df04e1b0a2570657527a7e108ae23

        SHA1

        5188431849b4613152fd7bdba6a3ff0a4fd6424b

        SHA256

        c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

        SHA512

        768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/databases/google_analytics_v4.db-wal
        Filesize

        68KB

        MD5

        d999d3c44047fd394f3fe4c854cd6853

        SHA1

        0591676fa80bff9e3eebb157692bd26a06a474b4

        SHA256

        1bab6ce12fc81b2431469b455d148e28263b5e4ae4a5bd04c1a90178b0cce573

        SHA512

        0e4ead94ed4464474604c31a7efd4234f25cafb5d50b98245d5248ff6fcd3352c6fd86acc1b07ebb2832a6684b7526f0d68fc8f0875f6b69b6f129ca04f6a09e

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.ac
        Filesize

        32B

        MD5

        7f7c1007865f4c465b5b8844597103ff

        SHA1

        34df7f1aa00fcb957ebdbef9b5f391a6a586de0f

        SHA256

        622ec2410f74f1aba142560a161053e68871537e695a65088104316db5bf3ecc

        SHA512

        3f0657c4fa2637c97e659ea5c77b523b93a9c5c5ce11000baf54dfd522bf7e8fc54db7edf94303e0caaadf6b37c71b56270352e75f41b1715418be0b9d7790ad

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.ic
        Filesize

        32B

        MD5

        299f6c1ebceb4c8954dec1b3cf880677

        SHA1

        9109b168911097e99e6559a4c2cbc93d3f3c3aa0

        SHA256

        0096fa740c8ce65f4af901e92f692d0c8561ea6573492ad3e799516011e200eb

        SHA512

        bfe84ec9077aed797dd0a7930d0bcfcc4b647eb5277245c031bf76d0cf223137262305fca1352e698e1fc6dc4b16ce66370dde6eeee47788a380e06e8f54770c

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.pk
        Filesize

        32B

        MD5

        3ab315219ae6c24a631be980c544f7c7

        SHA1

        6f42c2f43ab6cf09a1f5c40c4e57cbc1016f1394

        SHA256

        16c638445d3bf312c653ad90e48d8edcf07875d8e17e012a648d4e61c9b48159

        SHA512

        2694097ace2d746ace7ae89673d72b671acb63bf1fdadb334a9dda0e7e5cdde0192657137aa8f715fe76eb9b403f618ace487c01858ef67c6c14e428971888e9

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.pk.h
        Filesize

        64B

        MD5

        5e46743d001726caaecb9951ae4bd41a

        SHA1

        499349665782fa662beb7bb641aac1107696ba2d

        SHA256

        38c3b6f9c56e25fce4416257817887afc804ee42fec7a8b6591ad95584c3f8e2

        SHA512

        fbe40dcb3780f53ac8bdb6fc348b85b0031219687734f582da3093a55ce7f01eb6387efc07293d7fd221a55465a6e8f88cd55fced8ae5bbab19ca2d15717d564

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.rd
        Filesize

        32B

        MD5

        5c74df0c6340eff514872da47640d108

        SHA1

        1ceec416d33c60f9bb1ad101d9d2b239be19987e

        SHA256

        d23f52079bccb1e31a34978b73a55cdf0d195749c618bd265b37b8017af85883

        SHA512

        2045d14e216146d959bef19a73cdf64a265c83206ff832667089738adcca47ba87d08f915a90e4fed72b7e9f26b1fdd349a14bac28b76f33bc10fb7bc9aa91ad

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.ri
        Filesize

        314B

        MD5

        ad1fd9b548aa30d5f2f53cf52729369e

        SHA1

        405047c5d2af9dee135cbb8ec335ae5e14982734

        SHA256

        3594fe596eabbefe5647ca38b2038c5f5571f55fba59e2ab2f5d63ab8d8932db

        SHA512

        518c3f93796ac57a818daca0983d0877a3195bd863440ff4f549f63f4a02117905ba4a94ed0826c1bb3165392320b35fe0c2eeb73a74080a3ce641ac99bae08e

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.ri
        Filesize

        307B

        MD5

        068b426ff634690fcc0a226e2e2e3200

        SHA1

        af44d9f6677215c4374a90d1eec479150561d022

        SHA256

        eec6198aeb547817f55ab54171213fbeb8cd678bb042ce9445dda98b5b31436b

        SHA512

        af58f13e29d333f93dca729e6dddc87a32f759372e37b40551b1bcea8b3d8cf84f413f1b4da39fc9c9ef602c21fb9a69af77475da17d3ceccb934e2885737fd9

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.ri
        Filesize

        307B

        MD5

        a09790d492e17c03746b1bc8eb99391d

        SHA1

        79a4e2f5dd9bc7ae2c8afc9a15f1277ff52d12c4

        SHA256

        9b1fc1b0e8691bd903c9f4b10fe4c8043460407831c320e5f6691b4461196e38

        SHA512

        1fd497fc39879221a27b65b0cac2dbc3bea9d14a81719c512806ddaba358e63e6bf456d175af1dbd68ed59030e6686a03542d7ea569561170602b715b96db698

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.store.report_cf
        Filesize

        32B

        MD5

        6129132f437f647f3fa5b8ae195d87c1

        SHA1

        2a640b415127a89be534a216ef7fe622b1e82cc4

        SHA256

        41697b42ae0f333af2ce8e0705819b9b4908ae605768dadca30aedcb8a9b94b2

        SHA512

        196ad0f798ed3df8f850db0153897d15cb898146211932741338cd713b7ef3dca86a8b8f6d5c070c1b894f85f60a3fae379b0afa2a137c73ee684ffae27d86f4

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/files/.jglogs/.jg.store.report_pid
        Filesize

        32B

        MD5

        cdb2d7afb1a5484bb130b608eef6cf62

        SHA1

        2aa9f405c4ee5821acf565d61c1caf7d71feb25c

        SHA256

        620250960547afbcd36ebe8a6dbe4de553b678f507ffdaac58fdcc3dba44daf5

        SHA512

        911311a7aad0f330a41184b6b98f01a9befc78e6ea718bc965fb2d60c6db8fe5215d18e3d3d5caf3ea96c457963a2c57cebe8e64d6c9a5a03984198899c920a4

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/files/.jiagu.lock
        Filesize

        27B

        MD5

        2770e6a1369b08a689c047ac3ac17e4e

        SHA1

        9c40e3fc7ca48624066df2c1af19931de065a0e8

        SHA256

        c9fd58b2d784e71b01b0cb37dff9b25d9499fc55bed821076cc0652c8ede200b

        SHA512

        117c8ef9b0c17e2574ea276e09b0065927ef7b65e615ef6e698ee5011a6a414408e333eb8d67723a22a5fafa753aa49f9df8e820a4cb421c8028a68d2dad8e9d

        Download Submit

      • /data/data/com.adsjpo.weoiuhf/files/gaClientId
        Filesize

        36B

        MD5

        7c407062d5598165b4ebf3b6375c5097

        SHA1

        1979d33f221821e993a97f18ce9fff1e7be36a7c

        SHA256

        c6a444fc17387c311ec911d5f6bbba8b7526108695b335b8c82829a61adb3131

        SHA512

        59eda4a01967ce3c9ddb36bd02d06ed92fb8be2be331692ebbdfc2fdc7604b38f3a9a70c55357b50410cbc8c14f168899a275bb11daae72aab879e62c9735eaf

        Download Submit