Analysis
-
max time kernel
174s -
max time network
180s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
24-05-2024 03:49
Static task
static1
Behavioral task
behavioral1
Sample
6d401f76d6fa0dba7c3da550f3d13136_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
6d401f76d6fa0dba7c3da550f3d13136_JaffaCakes118.apk
-
Size
17.9MB
-
MD5
6d401f76d6fa0dba7c3da550f3d13136
-
SHA1
eb50c87af6c9e765e6553e0be69058014efcf647
-
SHA256
2fd2e0d8296a5212c5ca5bb4d7bf59515ae28833038f72e524d4c1c3e08dc7a6
-
SHA512
4d67bed7fa613bf602eddb47b5e6769eca536ac22b74d1023162b8b6e116b587cfa9ad9de38af84de5fe9b8a07825b7d007cd6b57d6bf7d4dc9c218080465626
-
SSDEEP
393216:2qjVlqgWRbfcDdLncK+r2tF9YV3K7gf/dgRRJl7:2qj3qgW1fcRLTF9Uac2Rz9
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 10 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoreioc pid process /data/data/com.xgbuy.xg/.jiagu/classes.dex 4227 com.xgbuy.xg /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex 4227 com.xgbuy.xg /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex 4227 com.xgbuy.xg /data/data/com.xgbuy.xg/.jiagu/tmp.dex 4227 com.xgbuy.xg /data/data/com.xgbuy.xg/.jiagu/tmp.dex 4227 com.xgbuy.xg /data/data/com.xgbuy.xg/.jiagu/classes.dex 4346 com.xgbuy.xg:pushcore /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex 4346 com.xgbuy.xg:pushcore /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex 4346 com.xgbuy.xg:pushcore /data/data/com.xgbuy.xg/.jiagu/tmp.dex 4346 com.xgbuy.xg:pushcore /data/data/com.xgbuy.xg/.jiagu/tmp.dex 4346 com.xgbuy.xg:pushcore -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.xgbuy.xg Framework service call android.app.IActivityManager.getRunningAppProcesses com.xgbuy.xg:pushcore -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.xgbuy.xgdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xgbuy.xg -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoredescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.xgbuy.xg Framework service call android.app.IActivityManager.registerReceiver com.xgbuy.xg:pushcore -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoredescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xgbuy.xg Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xgbuy.xg:pushcore -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoredescription ioc process Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg:pushcore
Processes
-
com.xgbuy.xg1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
chmod 755 /data/data/com.xgbuy.xg/.jiagu/libjiagu.so2⤵
-
com.xgbuy.xg:pushcore1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.xgbuy.xg/.jiagu/classes.dexFilesize
8.0MB
MD57c17366a8785c78be60ad22700e831a6
SHA1df18773978ef0fd306f7692b1c68fbeaf006ba6b
SHA256b1db2ad411bb5b6bd2df10ebf92f30e0ecd691fc63a06a6b26d713d3ae5e075c
SHA51278f586522675ad57f799f5d140b89280dbb6d1661e594c1d59f57148f658914d17b2e93d066f32492449ec27f19436a4860ebef43d028c9721e99b357d0cb771
-
/data/data/com.xgbuy.xg/.jiagu/classes.dexFilesize
6.5MB
MD563489f8ffc4c23ff337d45cb8346f966
SHA122d215c56a5a20cd554eedcd1bc23154f5cf844a
SHA256645251fb0c5def1ae81713dbbba3d23e471eca87bcf73cefce9e32c256c9a9a5
SHA51273099e94ef1d7798248decec3527402d61bf62b2aa7c39645b1d557fbbd4a07cc65e302dd08e79052652511abb76b35a749dffbc4fd34df070926f349186cccf
-
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dexFilesize
6.5MB
MD5a4cb96ae304b9c8463e5d2d6b61bc25f
SHA1e40d7603620bb6685248b468487776ea7169a4ff
SHA256b05bb83f8406984872b617c85b0b50a716c1b1baa1f5617524f3cc3f53dbd182
SHA5129571da0805c8c8f3dfabe30d908797b5b03a2529de9d72eab6a859a44e121b8bd11797a47bc8a2ca49929601dea6b70ed07859e4eb2ac65855930c11a4edf489
-
/data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dexFilesize
2.0MB
MD5bf5b40b5d4157a240dc5677f9012850b
SHA1f7c8627ce6368fd6b6b29fce0e1cb7e1b3950043
SHA256b163747ba703216a09be9cfe163dd8a8cb6ce7853a48a686b4d8a0a904c5aa61
SHA512aad9d3532a4672dc56ef9bd828e825b2d08eea26126fac7ef7e8a850e772fc6651bb64005bdac7aaf5a4294c33f8720d6106ca5df58a14fdc13dba2f17bed493
-
/data/data/com.xgbuy.xg/.jiagu/libjiagu.soFilesize
455KB
MD5e5a53000766ebc433b27d6a66ec4f555
SHA12c8f53f1c03aec2005bcad67d731f07261dabde0
SHA25678e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d
-
/data/data/com.xgbuy.xg/.jiagu/tmp.dexFilesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.acFilesize
512B
MD5b8c8af59bd91d2e743d7224cddbe33b1
SHA1d04f043a4827432b42cf8a79fa1ce4e1bb3bd432
SHA2566a9191c273bacfd430b98ffa37b7f20eb5ce640fea67f94e72ebc5268ae851d9
SHA5126188f012cd01b6cdec470a505a95fbbe46e4e470664006f45c2c4eb74bd2832fe0b220e365fc400f2aa8867c5cb53599d619316110c59947722c93585fbf93bf
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.diFilesize
32KB
MD5e9ca226887e05d44eeee547627ba3381
SHA1e1ab7244e619a030312cea7f975d6430d5788240
SHA256a5a6cdf74cb5326ec3d468387158804a320402be8dd7fd846e5534caa6ca30e6
SHA512300a00ac51e95afd85bfc05a1908f9112b83fcb7ead1dc6f2ed32bee89b17ed72386c3fd8dc47c73cef047d375bc3d0abef34de9776f58c2eec0782a6faa8f29
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.icFilesize
32KB
MD5268faf8cef1dd2accfde83a32ba357c0
SHA18d70fa7fa7bad3a73d45c6e20ef4e0ba73853a38
SHA2568ea91840c84e56fbd446220815e6c6fc4a8b6d349b911a40200995eedd7e080c
SHA5124fcbd56187dac6134c85fb3175940f75505e8e3ffefb3b8899d1c1600efae6d5dd4c983282c4e255b0d4abb06af0301fceac4cf2117eee0ed8f1940ebf3e5852
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.riFilesize
314B
MD56eece16224ce26dadd24d4c2c748d208
SHA11ed465dfddf7bb472f3c46d615fecf98575e1293
SHA256622bb49be13a412b795bd240d52a451c5786f442794e21296b82ebed72e9e052
SHA5125513637e597dea7b7d57006efb14462caa3c6cbacb20863bb25d8200bb3c0ff2b8b89ad6191b62442002bbd7bccb3b8d32d39d9ea05e07b34bfd7f5132be3084
-
/data/data/com.xgbuy.xg/files/.jiagu.lockFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/storage/emulated/0/360/.deviceIdFilesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
/storage/emulated/0/360/.iddataFilesize
32B
MD55bf85148841d8383d6d7b986208f4e57
SHA13ae0cec3700200310342e6fe027dbf002e8dbb87
SHA2565c84aa5fca03441f84293fdc45f10fe0873daebdee032eb82ffee4ce4bf8654c
SHA512900486ef249d3e04f5cc092b1203a3a447a80ac84a870cd749fa428e850e13e2290d00262f99ebfc5be55cbd771c9b18eb0e4133cc668b6086fe525ceb1c96fc
-
/storage/emulated/0/Mob/.slwFilesize
66B
MD519402718bfb1c685a726b4e1d846ad98
SHA102a7e30044a67085f2f1da24e16e4ecfede65b72
SHA256079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0
SHA51225254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b
-
/storage/emulated/0/Mob/comm/.diFilesize
57B
MD570a42cba408700f9a6c01c7941a8829e
SHA1eab01cc2c0671538795fb0b1146017dc099d0984
SHA256499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA5128900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c