16364a06833298982c144cb8a54e6ef80f040c80f39291de3db91e1a529a5008

Analysis

max time kernel
6s
max time network
132s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
24-05-2024 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d27839a77864dd07d1b37f58d4d11a1_JaffaCakes118.apk
Size

4.6MB
MD5

6d27839a77864dd07d1b37f58d4d11a1
SHA1

c89e567e48b28cdad9b77d877590a0390987e495
SHA256

16364a06833298982c144cb8a54e6ef80f040c80f39291de3db91e1a529a5008
SHA512

f264dc267f74d22b52d1586c20668552818ac0d259db2a6ee87d362c978b6337f93174f72c60b2e1880e231d28c73da8079dfd78fbe266dad1e9178d4dc4ca8a
SSDEEP

98304:/CHyv70Fk/wpzMMA1AJTmF/MhC3BM6UirQ25fmEY3:gk/wpzW1s/C3BCirQ25fxg

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

jng.jhnv.xgdg

ioc pid process

/data/user/0/jng.jhnv.xgdg/[email protected] 5149 jng.jhnv.xgdg
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

jng.jhnv.xgdg

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo jng.jhnv.xgdg
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

jng.jhnv.xgdg

description ioc process

Framework service call android.app.IActivityManager.registerReceiver jng.jhnv.xgdg
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

jng.jhnv.xgdg

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo jng.jhnv.xgdg
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

ioc	pid	process
/data/user/0/jng.jhnv.xgdg/[email protected]	5149	jng.jhnv.xgdg

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	jng.jhnv.xgdg

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	jng.jhnv.xgdg

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	jng.jhnv.xgdg

jng.jhnv.xgdg
1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5149

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/jng.jhnv.xgdg/.jiagu/classes.dex
Filesize
1.3MB

MD5
96047a5d266f4e1b8dde34ccad9d8ab8

SHA1
9f3da9c5479af1940039ed713ebd6e7c00d557d6

SHA256
9930c5972e9376ec9ecd1ebceeb5456235dccf0cfd3b29396054d04a7b4dd039

SHA512
d5a6975a548cbd27a674139973570360942165909eac69c137ee63ec1760ae59bf07533916ecb0997eebc0c668aedfae0af5db89be72d6fe01eaad411b308114

Download Submit
/data/data/jng.jhnv.xgdg/.jiagu/libjiagu.so
Filesize
456KB

MD5
7e7125a1193cfa8a696c1b8a6d2a103e

SHA1
af193df6127a47f455ebb7d5b792d2e982f4e004

SHA256
707cbb7d210699b111f050a382224f04ba2dbf72ecb4ee8f420d5759b6a23681

SHA512
91a62f00c2a9dc3c28348ef512ca56ab44d999e11dd806d565109159e79f25833c9141023ad639c7f5132acb8038ca0d7cc049ca2118534570d3ef1b36798b03

Download Submit
/data/data/jng.jhnv.xgdg/.jiagu/libjiagu_64.so
Filesize
431KB

MD5
6ee9a498bd6ed42a154060a4234ccb97

SHA1
4fd634e990722107ab3e72736ff132d6e1e0c8f7

SHA256
f56235bc5b496ec66aefa59b73130ffa19615e522c6aac2dd9e6519d7588cda1

SHA512
25af577f7f23367af461694be979c0b26ca318c696304951837771846d839410083997f3f5c1e0ee3ed55ab2d11a0e596c78f3b59ef6d572f5769d7ea236cbef

Download Submit
/data/data/jng.jhnv.xgdg/files/.jglogs/.jg.di
Filesize
348B

MD5
c8df60576923943a22c382530e080994

SHA1
2ee38b41a3caa4c33f104b3aa0555f88ab5a9105

SHA256
b4b3b6523ef2ef219ca941a78ec6c9b98ed17a084715b08da201538327a47ed1

SHA512
e26763d341a86bdeb5616db5caacab7b09b260673372c9bf3f598667aa2bdaf277db54e8794aa5626db53c352dc864ddacc52ec9a6eb0c7784ef9d91111f7a59

Download Submit
/data/data/jng.jhnv.xgdg/files/.jglogs/.jg.ri
Filesize
314B

MD5
925078bf076f35d3ab5f7735226c5a8f

SHA1
0d6b3feceefffa08d7446c759ee414dbf042f723

SHA256
c2a89cd137e36d9fc61984504681fc6c566766083a20d660a57469df8db58cb6

SHA512
53f4448085530a45936f93b8e4dd7c5e88906da390b5422dc7042cfc6861d2050cbefb822f4a834368db634923c4c86cc1bebc4e871157c2bd6d0241843b1555

Download Submit
/data/data/jng.jhnv.xgdg/files/.jiagu.lock
Filesize
27B

MD5
84e1c6fd27176df0966bf003e21a1d79

SHA1
5e44fc756ec626188419971f52ce5837e28d424d

SHA256
89849d469bc9084eebb3b7055cb816643f8dd43eb9d4269c7161d59af2bd0f5f

SHA512
0a00dea31ece751c14037af59811ab26d085943bc139b2d1fbcd06c69ecbf10d88e22ca2990fa63cb28f768dd05cfa76046e10341932473c23f1daed755fb2b3

Download Submit
/data/user/0/jng.jhnv.xgdg/[email protected]
Filesize
4.1MB

MD5
1110f9130f556217257ee33d1a5ffb02

SHA1
2587a3e8edef784c4eb3197bf9ccfb9fee3d69f1

SHA256
dfb0b5264791d944b60f0a0ffe6510b80ae6441ae1b3d29754881aed9bf54e74

SHA512
c8f4a8c2280116b76c2b2ef50454bc0960698d1b508ae2a07ecad476785272c5a8127f9829c4caa9fe18585fdfb3fa489ba7db8a27d021a38b3084a9f86a0f69

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
43abd8bad10eed8bc6103d175c6e4653

SHA1
b5fc5c35a2a57e06762f720057a1cc8bcec08218

SHA256
0a40fdba823786130b123d64fe3bf09ab0ba80a52989f61e2b85123f3227347d

SHA512
0396b3bdeee173b46c24f94e8a076c7c2d7bdbc2ff841bb12586490f20d04fd02d85aca08ded1ac6023a0fde06694dece525c4bcf46d29cf87c58b06afe558ac

Download Submit