be10bc610eda1525593bac46d4ad452cf9a3a9a414344c937f985594ed76dff7

Analysis

max time kernel
15s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d558e7eeefcc4d3ad60b0c10c45adc3_JaffaCakes118.apk
Size

30.4MB
MD5

6d558e7eeefcc4d3ad60b0c10c45adc3
SHA1

475340e5b44681b09dc951625caaa396169251e3
SHA256

be10bc610eda1525593bac46d4ad452cf9a3a9a414344c937f985594ed76dff7
SHA512

8553f72db360014ca0bef0ef0f86d6b3f857ec2ccd54b94644f6c0162d88745bb1f4e4a10e581cf4431c56186c2243bcb737fd18e08581e111d838cc63ca5e76
SSDEEP

786432:xm5U1yYfOGsvIy7Rqz2yar3zNGJo7/bWiwd:cUZfMvVqaFr5GJW8

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 7 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.appshare.android.ilisten/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.appshare.android.ilisten/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.appshare.android.ilisten/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/com.appshare.android.ilisten/.jiagu/classes.dex	4315	com.appshare.android.ilisten
/data/data/com.appshare.android.ilisten/.jiagu/classes.dex!classes2.dex	4315	com.appshare.android.ilisten
/data/data/com.appshare.android.ilisten/.jiagu/classes.dex!classes3.dex	4315	com.appshare.android.ilisten
/data/data/com.appshare.android.ilisten/.jiagu/classes.dex!classes4.dex	4315	com.appshare.android.ilisten
/data/data/com.appshare.android.ilisten/.jiagu/tmp.dex	4315	com.appshare.android.ilisten
/data/data/com.appshare.android.ilisten/.jiagu/tmp.dex	4355	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.appshare.android.ilisten/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.appshare.android.ilisten/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.appshare.android.ilisten/.jiagu/tmp.dex	4315	com.appshare.android.ilisten

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.appshare.android.ilisten

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.appshare.android.ilisten
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.appshare.android.ilisten

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.appshare.android.ilisten
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.appshare.android.ilisten

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.appshare.android.ilisten
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.appshare.android.ilisten

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.appshare.android.ilisten
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.appshare.android.ilisten

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.appshare.android.ilisten

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.appshare.android.ilisten

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.appshare.android.ilisten

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.appshare.android.ilisten

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.appshare.android.ilisten

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.appshare.android.ilisten

com.appshare.android.ilisten
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4315

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.appshare.android.ilisten/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.appshare.android.ilisten/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4355

getprop ro.product.cpu.abi
2⤵
PID:4410

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.appshare.android.ilisten/.jiagu/classes.dex
Filesize
5.7MB

MD5
1a9e619ee9b3adaff9763175ef343c65

SHA1
25eba6a4e6092714f50ea632e88a47bce3b71fee

SHA256
ea571268dacf27c122273df0f54589ec430b8509cba5495e0267ba6cf24e82db

SHA512
e515d490a6762931ed1557e3053c391ed323afe4ff30fd362fc6f66edf026243cf524e096e98eec7bc19419c79bb1256a9f6537a42d0f4f3e8a6a0092235512d

Download Submit
/data/data/com.appshare.android.ilisten/.jiagu/classes.dex!classes2.dex
Filesize
6.5MB

MD5
36ad8773ad780ccd57de18b9042d892b

SHA1
9802e970904769be9dea189629e50976a87f754f

SHA256
711467bbb3f90caab44f477af73dd3683ece3c3f3bb0f4e35a18f5235e4fb012

SHA512
f97553845a0cf90fdff9c3722a2d531f75226ea9f30bf5c2f8e597728c065775bf408d1287c4653463b13707ee7a7f3a8a54265e41e78b46367f3a0f1d513780

Download Submit
/data/data/com.appshare.android.ilisten/.jiagu/classes.dex!classes3.dex
Filesize
5.3MB

MD5
db4cdc71e04f30c7f2757478e585e9b3

SHA1
ffe5768173fa4707146034604e2e87a97db02a55

SHA256
26c2d31bb90bba4cd09a58b571845748d25cec6e6a4f563217996aed21cdd972

SHA512
619c1c6fb8889b55f8e68c0108684bb80f8599d760b889ab98be26b2ba2bfd74c9fdd75a99fecbbce55dccb7806e13d2ee22e62626a5ce998c6e95e2d8565b2b

Download Submit
/data/data/com.appshare.android.ilisten/.jiagu/classes.dex!classes4.dex
Filesize
4.6MB

MD5
56b7a6bd63ccb674b769624847d5ed7c

SHA1
2852fdfe308ff481a9d23d9663604836ffc49604

SHA256
530c730cbb0fc186e4449e81afcfb83abc8cf601cd5bede9a048354302eef3d4

SHA512
feec44f9434258db79f0bfd651505199bc381e2b680176c42d716aab28b5f3e723e7422eab3a3f822fd4f78db296eaacfb82321b173e385c9ba0d3483111af3e

Download Submit
/data/data/com.appshare.android.ilisten/.jiagu/libjiagu.so
Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/data/com.appshare.android.ilisten/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.appshare.android.ilisten/app_crashrecord/1004
Filesize
245B

MD5
0bfa5af242094d2178a92efe0d2f15db

SHA1
c74437ae851e56083dcf434e6253934b96210696

SHA256
d6e0c13f7ce89ca883c6148b0bf1d0bc71d5f977ce316d6e7a59135893a37f51

SHA512
2a24844380dbd95b71634d3a8c36bbefbb0c15cd862d9529683e7516a57b255ecd907d8291c7999abb85dba659f3b060e84124cf02a968cb425cb03d7d95b803

Download Submit
/data/data/com.appshare.android.ilisten/databases/bugly_db_
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.appshare.android.ilisten/databases/bugly_db_-journal
Filesize
512B

MD5
6779a981ca9be799fd570da4f8224c5e

SHA1
b5adcbbdb21bdc8ca3d30b895447d4ba031a87f3

SHA256
a16d0cd6b8f60199696ce71400c8292c5d9f07c243bfd9fd8938dc5c1418809f

SHA512
46e604db05cf742c3b2a897d6e58c1a5a645e02ab204ca203d133c522b3c6fbeb2800dfd450425ef382ca8641f3b459b8d681c1c473599cc7cf95c25875156f1

Download Submit
/data/data/com.appshare.android.ilisten/databases/bugly_db_-wal
Filesize
16KB

MD5
5a5ac542c547a87660b6a74908bd0149

SHA1
95dea8ff8ce98b62828f333df3c60f7a0596dc4b

SHA256
97f21870aa122ae517e91f263d4022e3186c54271c540f8083ffbd6b6c24ed5a

SHA512
fc798a3ee8542eb906d31f95b952252dd0b513f6f526d23a546cd3472c2c79ac8459c16aa1675b6152af280053690170bf6206270c017332116c86d1798a175a

Download Submit
/data/data/com.appshare.android.ilisten/databases/zan_analytics
Filesize
28KB

MD5
c1fea773c9743c89b6704c9e601324bb

SHA1
af60ea36b6e96186104c97f5546ea7170081d0f4

SHA256
3676f42704d6211e0871295ab77099c7b4d1334423c60cc197869fbf111a334a

SHA512
fae7b81ff613b43f5b9fe958229fcf5ec630ccaa32789d56dfcbdd4cbde0b4ae13879af12955d72799f0273a5bc00793cec24ac9b934243e4d3d19b40abc2c30

Download Submit
/data/data/com.appshare.android.ilisten/databases/zan_analytics
Filesize
20KB

MD5
149fdf85bc0af8746a52b9646f140401

SHA1
8a6cf99ecc63b997feaa340cd26de2c87e3095ea

SHA256
30fce1d876c7ceea0fc9f0ee55c9967b52a03344f7fae4a4aabd9ada44c500d4

SHA512
061c2f977135b47389da0c45f8a125c0c2a80bd17f48dad4f510280387e6b3478bd48edaa24ced2be3df531f98a5ed9fc749294a253f70590b39f629c729e6c8

Download Submit
/data/data/com.appshare.android.ilisten/databases/zan_analytics-journal
Filesize
512B

MD5
3db4a359b5e447198eeec7fe1a842fb6

SHA1
6579b7e4b3899831facd044fdcdbf4c0c1f2f9b9

SHA256
5c39ff0d3bc4ce299f1dcb75ae68bb041377115722adbd53c21c4914ef77e1a6

SHA512
46d35a6b07caf27b3f62d1c01238db76c11d431638ccb1b264001ea9b4ade8b86dfe878b6e4c42c4a0ab5c88ac196440db5916095deb73665005edb7c6e5b4f0

Download Submit
/data/data/com.appshare.android.ilisten/databases/zan_analytics-wal
Filesize
40KB

MD5
56ba588f638d03dec1120771a81a19e8

SHA1
d8c9adf1b59f40274c4d8e8514eb5cf7b618769e

SHA256
7f0f78cd3986de9cdd82a9e073a6143efca82582785bb0dc7d0c596a223a5b68

SHA512
dfd47bc5e8722e4664ba5014077184495280c8cc7ad3bbb18f7813a30115e632988de00eda4a50c57de3d30abe0fa09effc1b87faec700a1b82578b0b12a6d1a

Download Submit
/data/data/com.appshare.android.ilisten/databases/zan_analytics-wal
Filesize
8KB

MD5
53379b08921bfe278cd32e1de9ec4bea

SHA1
1922efef9fa1587e9076ca0902d5524ce53031a5

SHA256
92038f341d3fc6062dcf30619e0240043f348d61d55247b9883ec9c8ec356fec

SHA512
56210bb6828f1f05b01d8b6dc262a8c36c3fc2974ec664933285177598d4f84ff6f88b86bcb3256af24bbaa834fd9fdeb3465d20cab524a12a7f19538bb1deb1

Download Submit
/data/data/com.appshare.android.ilisten/files/.jglogs/.jg.ac
Filesize
32B

MD5
d7872bd48b7f1fe3b4e87fad4afd9a81

SHA1
a5aa9a719a32bfde8a3372e2b9644a1e689e8825

SHA256
437383c2986ca54c0e9ce9227f07afbb6cd21d736178fd0352af82b5dd0c149e

SHA512
ecb5b013de939b871d26376621b7a55a53f930efee0c455d4c36ab583ff879e09a8a8906be2d564031df738aa5473dbd0ccc18ed4790c526ac086d69f2e27910

Download Submit
/data/data/com.appshare.android.ilisten/files/.jglogs/.jg.ic
Filesize
32B

MD5
988ada3125364673f2564d62829bf2ff

SHA1
5b0a4a60f012d2bd0571728fd750dfa636523ea3

SHA256
b2692bf8e6bcd7cd04e273129c073d103c043685e4bc569423c7e06e547381b0

SHA512
aac57518903e1d6baa92f86c0f79a640873b68985e00d3a5b329c10c32eaaf37c8ba94717021d46f27493f00850c3d7281fbba7d28efd44c2c5554308c493e2b

Download Submit
/data/data/com.appshare.android.ilisten/files/.jglogs/.jg.rd
Filesize
73B

MD5
ee0a9c1e09e7b406b8ba3e1691797658

SHA1
41c3709d333edbbb7f4377f7e7ac50f5e3efe85c

SHA256
9ea8d24de972d122c83a8f1edc12cce85787aaf1e4acd1844627331b0112e66e

SHA512
48356d2e11cd614e13654c260219bc09ae1b3b3438aac94a80d3a355eea02b84dc9b34d91773e4c1beac7c7ee3087d86ee0e1c6c0f845a631f68ce53552f50bc

Download Submit
/data/data/com.appshare.android.ilisten/files/.jglogs/.jg.ri
Filesize
307B

MD5
4061efd6d7f2dbf2f0d675225cdf1d6d

SHA1
f18f08c522cb89a9f52584eb56ff2dce8c1b5f1e

SHA256
9311eb002ef8fb2d167c2ba853aeacc4c7bef8473d44ba451bcae25953354ac7

SHA512
13afc17950ae9289998b2bf0e647cd21dd002dd875cbcd24d428b0ca6b504885bdcde0e33abe9f07bdc7ce11c68d8d5f00503b1e0622de86b3f8b131af6adc21

Download Submit
/data/data/com.appshare.android.ilisten/files/.jglogs/.jg.ri
Filesize
314B

MD5
6ef28610b70a67257128bfe91b33ea46

SHA1
1f93dfd95ea05977c5c9733cf296e0fff9239ee9

SHA256
fb45ab7088757e32bc3368474a83529df8af85d0a997b2cbb8d3009ef5edd124

SHA512
76c034417eebcf6b8beee791b0a96fa1bafb734fd975c895794ee692e2b1add3440fd7dc43d84957a373d1d06008cd68b3d62e4a263235a7ace475febed1907a

Download Submit
/data/data/com.appshare.android.ilisten/files/.jglogs/.jg.store.report_pid
Filesize
32B

MD5
ce6a80f6448ed9abf3346a0612c90017

SHA1
3dbb3974e52103fb605f56fd8a322a28950eb40c

SHA256
672d26ed0fc9974d870fd59401d0f1078374f49426e56f5ba1499ff439b583e8

SHA512
0e5261f1d51b086037d2178a0bc53a5501760935ecb9a2477bc49f87435590357076bc59f47675c16fbe93165a1d85ae3c8d43275755ade5bb3410a079c0ae3b

Download Submit
/data/data/com.appshare.android.ilisten/files/.jiagu.lock
Filesize
27B

MD5
cb6c36edb646dc973a4fb61c7588592a

SHA1
2c5bf3ece1124f356de75000e0c07c144443fc98

SHA256
92716427291cc3d5282fc9da2f38a7a8ae4b08e753da4c9427706ee86ffbffeb

SHA512
d23bb2aa0b7b7a46b615e08860f1a06bd2a193c25b19931040e96dcad0125c047f840cd327068fb8a7a2a252492d466443dac8a73c9d322da43b8c952d6521a8

Download Submit
/data/data/com.appshare.android.ilisten/tinker_server/85d710f58cc4fcea_version.info
Filesize
181B

MD5
41894efa53782e3db1221d33df6cb4d9

SHA1
7fddbbcf288f76fa3d4d54520a53db45613a700e

SHA256
d30d91354bcac40a09bc5ed96b4dbd4e151b050ee3ee6a0f0a277f25f39d005e

SHA512
cd63903c72858bc7f32f372ad734f9f17ed814f36aa631590fc946006755cb53d7a459292ba9b15a250bdd6392a073dd83f793be4120fe955f99d2771f43b86b

Download Submit
/storage/emulated/0/Android/data/com.appshare.android.ilisten/files/tbslog/tbslog.txt
Filesize
4KB

MD5
0d1c3cbd35908a79de8d96e268f26e8a

SHA1
871f136c53535ab672966b3425c0a5b490bc16a2

SHA256
33445965b3f1694415d221683744d256ed6d96a2eef361efd9629e1e5e7c1a6c

SHA512
c8dcbbd65824771d96e7090402cd77bec7239fe2a58d585de70bc24132e8abe7148436c9e563093244934fadddc5b11e3e92fdcb631180dc8b2a383d2ab99bfa

Download Submit