0e779b2aff1137aa69764ddbe256fc55d49fa780e44c5aeafb48447ee58c83f7

Analysis

max time kernel
8s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e1cc2cb214d8548a5f545d36ad336f2_JaffaCakes118.apk
Size

30.4MB
MD5

6e1cc2cb214d8548a5f545d36ad336f2
SHA1

3d53cb927de9dc067c0e98b1ed0746d9aa8a0842
SHA256

0e779b2aff1137aa69764ddbe256fc55d49fa780e44c5aeafb48447ee58c83f7
SHA512

5afde4f0e9de90eb4f60600ef532442e1d80bbb07a3139aaec583c678064b477450eb107a659e592ec72c533bfa2f064d574c0fa3c2ed176382f40e514b2e343
SSDEEP

786432:RWuHTm7X4Tk7XUQJq7xfKy2jOkLGbN6Q7NiDxB:RWcTmDAk7EfKj6RNH7NiH

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.ants.avatar

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ants.avatar

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ants.avatar

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.ants.avatar/.jiagu/classes.dex	4607	com.ants.avatar
/data/user/0/com.ants.avatar/.jiagu/classes.dex!classes2.dex	4607	com.ants.avatar

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ants.avatar

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ants.avatar

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ants.avatar

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.ants.avatar

com.ants.avatar
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4607

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ants.avatar/files/.jglogs/.jg.ac

Filesize
32B

MD5
0bcadf7843765a7cecdfbf4a47a82a5b

SHA1
0d2553d486a58cf9c673748d3da61207fbd482e8

SHA256
80fc9d0de6bbc75a5586074195b02ca5561398abbca7a890c2ba87ea2050c786

SHA512
e64dcabe2823cdae991d96fede98da578c31fe003b055472425ba80ddc58ac3b1312f400eef6cba670ef1ba84d5a7f6f3d898949afd8990c25798f77dbd30714

Download Submit
/data/data/com.ants.avatar/files/.jglogs/.jg.ic

Filesize
32B

MD5
aa65acd1f38bff4a9add09a7bd770e36

SHA1
b28ee720c401ed76d0d8bbcb7fdf2a1c8081b435

SHA256
3a6248b328bf32eb71b6708feef5394d3ea6bae3131bb35689aa744a08623293

SHA512
3346d0f209c6b245a2161eeb15a0dcaac08ad0fda5022d98faabd8df9370f68ca2653d3ecfe700b6b462c5d84790df52f419d69d3658c1d54de5a6f7143a3e7d

Download Submit
/data/data/com.ants.avatar/files/.jglogs/.jg.rd

Filesize
32B

MD5
d192239683a27d461ec72516b689da75

SHA1
c861e7acd87dbb4b88b15a3c3329fe118d33033f

SHA256
152e1ddc29faef74a3d2c2d3cec26376cc228f26b4e698660f72b37a65f220d7

SHA512
11d1881424768bd49a893d0c476107cdf99b5af8a37ce69b61385cc556b328facc78cdbbf4c5eed826b89103396f128d7944af7cf929b49dafa706554d16dbc6

Download Submit
/data/data/com.ants.avatar/files/.jglogs/.jg.ri

Filesize
307B

MD5
45914d4fa9803a22682287078e1508fc

SHA1
ad3b538a51ca1a94d493752a1daca33ab9ad4a8d

SHA256
7bd11dda62ff69778542c817c9b773c0e0381c953df8dfe7cccf8bf4a743032e

SHA512
c4a47ebf419cc9f3e7652b7af6bd7e18c4faff051f10fc53f2bc6fe1ad311c9a51da6597b383fd0ec3d3d631899096e857f7f1fd3167ae139d42a1d6c9efd9ec

Download Submit
/data/data/com.ants.avatar/files/.jglogs/.jg.ri

Filesize
314B

MD5
3a7520e36806820468d54549141eea97

SHA1
d0d1e1ed6d1ce4a2f9c1f04ca5bdd19513fcde62

SHA256
6f9508f3cd9348a6e3d9ca1def48cd6baec6126f22d58a63d32850029c7e8d4d

SHA512
9c84d0e069cb4ab723cfa29c8e0b1b675473a30c41098176077792d62e454d132a42f453e00efa738561234fa59a8ee1f3f093d1e61942dc2dd9b5057488a045

Download Submit
/data/data/com.ants.avatar/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
c7cfcfa9c6701a3eba7a5fac15585e81

SHA1
f6cafe4cea6b6ec6e48a568884df9335839dbecc

SHA256
6fce4676e31747c5e33b9d9882051afb731bcce36a3b438ed510948ce60dcb25

SHA512
e6e7af440f698f8cd4904d6f564fbd4d8cd8f166b03d33fa750800637576fd499b147c05573e04994a5899782b0c2043c4b00679e98fdc005e132e3afc1d53a0

Download Submit
/data/data/com.ants.avatar/files/.jiagu.lock

Filesize
27B

MD5
49871b5a78c3d607ffca6bac9a0d7be9

SHA1
9008e39d173c30ab2495ab1ec33b355b46c4aba4

SHA256
5c027bf477225c7bedc2901b9b36916cfb36095bd4dc83bdf638d3eb3597776a

SHA512
8c2e844217ca9e4ef350ec0292b770584f2b6870588dbdb70cedc19500025f284cba8bb66ffc44a1e8aff87eb4a4fdb7a5be4a69c99932cd71a5d2fb8d16083d

Download Submit
/data/user/0/com.ants.avatar/.jiagu/classes.dex

Filesize
6.1MB

MD5
02de7dfdfdb1558d61c7d83e99955970

SHA1
c211b763bbae2b209dc7232b25ce99f24c7c7a1b

SHA256
640c0588fe36220c6bc61632e485006d45ca3bf93a626bd8e9ee5233460e22c0

SHA512
7c4624744dd52866f3f92350832728b4b8876f4c9c94b91866a860893ec047cf7f680daaa7cbbd7360bc594cb0a14de5f666903a9441032bf48b14dc642132b0

Download Submit
/data/user/0/com.ants.avatar/.jiagu/classes.dex!classes2.dex

Filesize
5.1MB

MD5
4f8c9e09d5dbae9935bd17bb0d52aeff

SHA1
b76a105b200225600950b3f39668c9c2831c7d79

SHA256
539ccd79e00eabea802691492d54c7a95616ca1d848427ab772466830963170e

SHA512
fdb3e02fca389cc0ed1beaf4535ffe5f2fb400df893c57345bf45e523b47a0fc8a1fe226ca6aff1db2eead08315708bae629863619c3ccbf2236aa23067e2c28

Download Submit
/data/user/0/com.ants.avatar/.jiagu/libjiagu.so

Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads