2fd2e0d8296a5212c5ca5bb4d7bf59515ae28833038f72e524d4c1c3e08dc7a6

Analysis

max time kernel
174s
max time network
180s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d401f76d6fa0dba7c3da550f3d13136_JaffaCakes118.apk
Size

17.9MB
MD5

6d401f76d6fa0dba7c3da550f3d13136
SHA1

eb50c87af6c9e765e6553e0be69058014efcf647
SHA256

2fd2e0d8296a5212c5ca5bb4d7bf59515ae28833038f72e524d4c1c3e08dc7a6
SHA512

4d67bed7fa613bf602eddb47b5e6769eca536ac22b74d1023162b8b6e116b587cfa9ad9de38af84de5fe9b8a07825b7d007cd6b57d6bf7d4dc9c218080465626
SSDEEP

393216:2qjVlqgWRbfcDdLncK+r2tF9YV3K7gf/dgRRJl7:2qj3qgW1fcRLTF9Uac2Rz9

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 10 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

ioc	pid	process
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4227	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4227	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4227	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4227	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4227	com.xgbuy.xg
/data/data/com.xgbuy.xg/.jiagu/classes.dex	4346	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex	4346	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex	4346	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4346	com.xgbuy.xg:pushcore
/data/data/com.xgbuy.xg/.jiagu/tmp.dex	4346	com.xgbuy.xg:pushcore

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xgbuy.xg
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xgbuy.xg:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.xgbuy.xg

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xgbuy.xg

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xgbuy.xg

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.xgbuy.xg
Framework service call	android.app.IActivityManager.registerReceiver	com.xgbuy.xg:pushcore

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xgbuy.xg
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xgbuy.xg:pushcore

Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
impact

T1471

Processes:

com.xgbuy.xgcom.xgbuy.xg:pushcore

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg
Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg:pushcore

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg
Framework API call	javax.crypto.Cipher.doFinal	com.xgbuy.xg:pushcore

com.xgbuy.xg
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4227

chmod 755 /data/data/com.xgbuy.xg/.jiagu/libjiagu.so
2⤵
PID:4255

com.xgbuy.xg:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4346

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xgbuy.xg/.jiagu/classes.dex
Filesize
8.0MB

MD5
7c17366a8785c78be60ad22700e831a6

SHA1
df18773978ef0fd306f7692b1c68fbeaf006ba6b

SHA256
b1db2ad411bb5b6bd2df10ebf92f30e0ecd691fc63a06a6b26d713d3ae5e075c

SHA512
78f586522675ad57f799f5d140b89280dbb6d1661e594c1d59f57148f658914d17b2e93d066f32492449ec27f19436a4860ebef43d028c9721e99b357d0cb771

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex
Filesize
6.5MB

MD5
63489f8ffc4c23ff337d45cb8346f966

SHA1
22d215c56a5a20cd554eedcd1bc23154f5cf844a

SHA256
645251fb0c5def1ae81713dbbba3d23e471eca87bcf73cefce9e32c256c9a9a5

SHA512
73099e94ef1d7798248decec3527402d61bf62b2aa7c39645b1d557fbbd4a07cc65e302dd08e79052652511abb76b35a749dffbc4fd34df070926f349186cccf

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex
Filesize
6.5MB

MD5
a4cb96ae304b9c8463e5d2d6b61bc25f

SHA1
e40d7603620bb6685248b468487776ea7169a4ff

SHA256
b05bb83f8406984872b617c85b0b50a716c1b1baa1f5617524f3cc3f53dbd182

SHA512
9571da0805c8c8f3dfabe30d908797b5b03a2529de9d72eab6a859a44e121b8bd11797a47bc8a2ca49929601dea6b70ed07859e4eb2ac65855930c11a4edf489

Download Submit
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex
Filesize
2.0MB

MD5
bf5b40b5d4157a240dc5677f9012850b

SHA1
f7c8627ce6368fd6b6b29fce0e1cb7e1b3950043

SHA256
b163747ba703216a09be9cfe163dd8a8cb6ce7853a48a686b4d8a0a904c5aa61

SHA512
aad9d3532a4672dc56ef9bd828e825b2d08eea26126fac7ef7e8a850e772fc6651bb64005bdac7aaf5a4294c33f8720d6106ca5df58a14fdc13dba2f17bed493

Download Submit
/data/data/com.xgbuy.xg/.jiagu/libjiagu.so
Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.xgbuy.xg/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ac
Filesize
512B

MD5
b8c8af59bd91d2e743d7224cddbe33b1

SHA1
d04f043a4827432b42cf8a79fa1ce4e1bb3bd432

SHA256
6a9191c273bacfd430b98ffa37b7f20eb5ce640fea67f94e72ebc5268ae851d9

SHA512
6188f012cd01b6cdec470a505a95fbbe46e4e470664006f45c2c4eb74bd2832fe0b220e365fc400f2aa8867c5cb53599d619316110c59947722c93585fbf93bf

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.di
Filesize
32KB

MD5
e9ca226887e05d44eeee547627ba3381

SHA1
e1ab7244e619a030312cea7f975d6430d5788240

SHA256
a5a6cdf74cb5326ec3d468387158804a320402be8dd7fd846e5534caa6ca30e6

SHA512
300a00ac51e95afd85bfc05a1908f9112b83fcb7ead1dc6f2ed32bee89b17ed72386c3fd8dc47c73cef047d375bc3d0abef34de9776f58c2eec0782a6faa8f29

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ic
Filesize
32KB

MD5
268faf8cef1dd2accfde83a32ba357c0

SHA1
8d70fa7fa7bad3a73d45c6e20ef4e0ba73853a38

SHA256
8ea91840c84e56fbd446220815e6c6fc4a8b6d349b911a40200995eedd7e080c

SHA512
4fcbd56187dac6134c85fb3175940f75505e8e3ffefb3b8899d1c1600efae6d5dd4c983282c4e255b0d4abb06af0301fceac4cf2117eee0ed8f1940ebf3e5852

Download Submit
/data/data/com.xgbuy.xg/files/.jglogs/.jg.ri
Filesize
314B

MD5
6eece16224ce26dadd24d4c2c748d208

SHA1
1ed465dfddf7bb472f3c46d615fecf98575e1293

SHA256
622bb49be13a412b795bd240d52a451c5786f442794e21296b82ebed72e9e052

SHA512
5513637e597dea7b7d57006efb14462caa3c6cbacb20863bb25d8200bb3c0ff2b8b89ad6191b62442002bbd7bccb3b8d32d39d9ea05e07b34bfd7f5132be3084

Download Submit
/data/data/com.xgbuy.xg/files/.jiagu.lock
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
5bf85148841d8383d6d7b986208f4e57

SHA1
3ae0cec3700200310342e6fe027dbf002e8dbb87

SHA256
5c84aa5fca03441f84293fdc45f10fe0873daebdee032eb82ffee4ce4bf8654c

SHA512
900486ef249d3e04f5cc092b1203a3a447a80ac84a870cd749fa428e850e13e2290d00262f99ebfc5be55cbd771c9b18eb0e4133cc668b6086fe525ceb1c96fc

Download Submit
/storage/emulated/0/Mob/.slw
Filesize
66B

MD5
19402718bfb1c685a726b4e1d846ad98

SHA1
02a7e30044a67085f2f1da24e16e4ecfede65b72

SHA256
079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0

SHA512
25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

Download Submit
/storage/emulated/0/Mob/comm/.di
Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit