Overview

overview

7

Static

static

6

6e485cb48d...18.apk

android-9-x86

7

6e485cb48d...18.apk

android-10-x64

7

6e485cb48d...18.apk

android-11-x64

7

Analysis

  • max time kernel
    179s
  • max time network
    163s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 11:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e485cb48d5e4c80c5cbba399d51b2ff_JaffaCakes118.apk

  • Size

    7.4MB

  • MD5

    6e485cb48d5e4c80c5cbba399d51b2ff

  • SHA1

    d5bb78e613baf3be7b0a26340aabd12e04b763a5

  • SHA256

    6ddc4d72f23b8140d59d368ed69d9a8c3fb40f8cebb2894b8787d342fccb53b1

  • SHA512

    ece4d4b259dd8e6757db0efd7ae263fcbadf2c0370d09b3413fe3aacd7adf0214c93ec4a79beb333bd670515c08fab00cce6926814c807856fe6da7548f5c8b2

  • SSDEEP

    196608:5C4LLGWdmKO0JBThRI+W5zT1cYPPGKzZut:5ZGWmu9Q+W5HCYPgt

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.tool.picture
    1⤵
    • Checks Android system properties for emulator presence.
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4254
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.tool.picture/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.tool.picture/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4329
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4383
      • sh -c ps -ef
        2⤵
          PID:4569
        • ps -ef
          2⤵
            PID:4569

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.tool.picture/.jiagu/classes.dex
          Filesize

          2.7MB

          MD5

          7ed2406cfdf62e726231ce040d3c4ef2

          SHA1

          ae383ed9d7903a5a8dfd29e8cc7dd414ad35a702

          SHA256

          4e10a1898204469f0e039e8af9640b253c0360d586055961210761ef02834cad

          SHA512

          c10e86cecbd8aa832fbbda75989686d134ad4f2898fbe330546c3ccfc9db8c3d93c5bc85ae8252066c6256a247bfe1000860e5f1f0b5cd49cf59bcaf5badd664

          Download Submit
        • /data/data/com.tool.picture/.jiagu/libjiagu.so
          Filesize

          558KB

          MD5

          98736de515958ae37ae93a0a0e997098

          SHA1

          72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

          SHA256

          335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

          SHA512

          cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

          Download Submit
        • /data/data/com.tool.picture/.jiagu/tmp.dex
          Filesize

          284B

          MD5

          f1771b68f5f9b168b79ff59ae2daabe4

          SHA1

          0df6a835559f5c99670214a12700e7d8c28e5a42

          SHA256

          9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

          SHA512

          dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

          Download Submit
        • /data/data/com.tool.picture/databases/ThrowalbeLog.db
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit
        • /data/data/com.tool.picture/databases/ThrowalbeLog.db-journal
          Filesize

          512B

          MD5

          c0ccadbfae1538c53f0506df83bac999

          SHA1

          4bb23a68b20730141c84d1326a032c5a18bd11e6

          SHA256

          217b7f79247a29b5758a2a097a85a5fd40f1ecfb071c3f4c7c33c632ae1bb159

          SHA512

          19437ba43b65bc27b1d81eb498bc3f756533501514c23ef28541f5c080d31c1eecf1294fb44a6a0d60818fa71a7406b7500354eae219eacfdbd73d4265e9817e

          Download Submit
        • /data/data/com.tool.picture/databases/ThrowalbeLog.db-shm
          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

          Download Submit
        • /data/data/com.tool.picture/databases/ThrowalbeLog.db-wal
          Filesize

          108KB

          MD5

          a2f3140ee785e465820c6d09f618cbbf

          SHA1

          f9311d8515a75bb7819038f22346329fad1d732e

          SHA256

          431bccc5f0a36f6627c143c8cb554b296c6e76c8be8e20d5bd2d89033cb4e330

          SHA512

          6ba27f7820906f5f0badd96727c4febd78e62df2c74ea28141dac89816ef7e9b13d35a6e1daf4470fdf6b73d0a99bdd1b6eb8b60e3d6b5c4ea0e5a8f4a3caf9e

          Download Submit
        • /data/data/com.tool.picture/files/.jglogs/.jg.ac
          Filesize

          32B

          MD5

          961a93ea76476aba10fb45d878165e81

          SHA1

          616e57425bbfb1b6c765d86fd92d7bdfb4f9efdc

          SHA256

          c4b6991037feb0bb5d23af63ef768942cb9cf1d9b4ba392003e6822d4fd77ecb

          SHA512

          31ecce4b21a9fe9d7ab6e9c3b7e9cc7670d55becfb61020f89442e072ebf4d43ae334fd636ed869105b6453d3981771319ba402bd069c5b62cbc806495ae936c

          Download Submit
        • /data/data/com.tool.picture/files/.jglogs/.jg.ic
          Filesize

          32B

          MD5

          30869a3d18d5aeff048dda010b4bbd81

          SHA1

          313b179e1c1a2f0477c5d859f41001656ab8addf

          SHA256

          0453e69a9f2638f93d5a64b21c8cb820b7bbfe7dd54c26b8cc827c5cdd40302d

          SHA512

          56963040b5836cf50a833409826f42c8c45e11066c6f4994178360e564095452499d934d85bf5a264ee26cf4eac54dfad0a6b5e5369b86aa0ba892b495254c54

          Download Submit
        • /data/data/com.tool.picture/files/.jglogs/.jg.pk
          Filesize

          32B

          MD5

          5fad63accb90af9f331573add728e411

          SHA1

          558ad1b1dad6b5af28ceb503db743a1849a9d6c0

          SHA256

          d5296cd4c674e7724ecc6289e82c17f2cab795dc2fd35d646d387297bd48bf81

          SHA512

          f6aa5bb2b2b1b153aa3fde5bac07713789c3675ade9548ab3efd6e1c38a18cc4aaef7a2efe7409ee22c14117ddd10db77e10462f0bf8b2161e898a469081058e

          Download Submit
        • /data/data/com.tool.picture/files/.jglogs/.jg.pk.h
          Filesize

          64B

          MD5

          c7357f4a6a3d9868b1dd28f57618fe99

          SHA1

          4f0eb2da2e8444a8762407b4d8a7cad851dfc95f

          SHA256

          6d48e1307f06368bd946519de28a0eb7267267e7bcb15f5ed8a2b382f80d067a

          SHA512

          778427c6ec626b24ccb17f0689c2317f9983ad021c77d7a1308dd320af778d38b9aeff3683fabe573c2854ac35c4890af1f24d4ab13c241f37883086e869f8e9

          Download Submit
        • /data/data/com.tool.picture/files/.jglogs/.jg.rd
          Filesize

          32B

          MD5

          742405d4f9b527c5d72cd8aac1f49263

          SHA1

          b2f3532a8829c26a2fdc5b8813dfbf5f962b0495

          SHA256

          9cab202432a39b1d1fbfc4bf2bc56f7fcee21c0a223dfe12c5b34f42445f82b4

          SHA512

          54d272a6016a72e3565937909a077d0d544341f1f724d027c815e1620386f81e45f25085381ae02b1b583cec2d553881aac53a8baa951327f14508c54f11a7db

          Download Submit
        • /data/data/com.tool.picture/files/.jglogs/.jg.ri
          Filesize

          314B

          MD5

          a588e0b9947d06574249007327a8309c

          SHA1

          a7869f42ab205614659e63e322de57327fe5e988

          SHA256

          8baa4e75e609d6489395ecddb381d8cd55922bc3133527ac9a4ae8dc0d28a646

          SHA512

          9f0fb7c287ff430bfc1105406bdcf5ab8b55ab5264794832c407d7b8c57f03cc7488205eb5a089a75a7cf095c79960572f50641cf720b77fd63d7cedf4723873

          Download Submit
        • /data/data/com.tool.picture/files/.jglogs/.jg.ri
          Filesize

          307B

          MD5

          88151c0302204d7c6c7e0c92d5000478

          SHA1

          ef27cebc4584be6140857a3728b8ba0c43e73ef7

          SHA256

          d9808dea5f205b08e0348abf138d84e276010e0b112b87806d67a34e2ff391ee

          SHA512

          5ce896687597f4b4f94d879826d9ff71443e0fbb92bf8f5516b9dc131d3f95d986112cb1a14ea6cb14d5bbb4d4cf367ea1743233068dda6f3e7f6d95f1731ce4

          Download Submit
        • /data/data/com.tool.picture/files/.jglogs/.jg.ri
          Filesize

          307B

          MD5

          304ece70321be55158432fb4d3060062

          SHA1

          ddeb7567b526498c4af68aae06e857332f80b7af

          SHA256

          97f74e0b2f38a47e86b6803783b1b15ea732aa4072d09b7bffafc8a2506bbe88

          SHA512

          5f895b257e9cc06804b699c89a0d7293e2ef477e12c2c74b63b5c6088534f6d85d937a19b29eeffa06797a3a6d1885755215a218853129dffad0c38d3b20d603

          Download Submit
        • /data/data/com.tool.picture/files/.jglogs/.jg.store.report_cf
          Filesize

          32B

          MD5

          4086c5b9b7edbc509eb248f9cd61042f

          SHA1

          d75878cca6cb8c839e42da7de77b5972783ff17e

          SHA256

          59a0dbc4fd57b1c74631d662400194233826c7772ea838ff59a0328e3c44c1f6

          SHA512

          18f045ebd24a0f1db6daa299d90dcfc9ac8b58698a494e63a4bf5bfe07914dd18f61d1e01a7e00be6e797d29324b1ea946c16648809eb95e259b7b1c0328a4f7

          Download Submit
        • /data/data/com.tool.picture/files/.jglogs/.jg.store.report_pid
          Filesize

          32B

          MD5

          0df2891adc9505423d3c0dba1300db13

          SHA1

          5c576c9f74c17309a1ae86b5555a8404e4003250

          SHA256

          3a44845a1ed57ed9df7de4d2831be1ed124936e4b2cd11f1cc6bbee6ff119f56

          SHA512

          5765b0f0a3345cfc0f6b4025d7f3db1ba2d5fe1e87bf8ce31d067429fe95a2b3415f2028041b14a51f25a050abde3c0db0b822485d25121b81c7f38d6b506ba7

          Download Submit
        • /data/data/com.tool.picture/files/.jiagu.lock
          Filesize

          27B

          MD5

          5c9ec3f6a20aa2d2b6985c8a2b29b53b

          SHA1

          978e7057fb0355fd930aca32bafda9311da833d6

          SHA256

          206e09bcbd210a431832c0c02021ed933f966752c319fb096866017dd8d5dc1c

          SHA512

          b9a62efd2c48f00a81752f7042128ef9da12c49a958a2f7cf5f28f69cdedeaba41747606e0ae665b2503640afa2cde147ebd69e8b3191a2674353cd27d9d29e2

          Download Submit
        • /data/data/com.tool.picture/files/Mob/comm/dbs/.duid
          Filesize

          132B

          MD5

          4ded5a05624eed27983b5f95160e44ad

          SHA1

          300f95253ea8fd79af1f8a5e66b3b7be888ab466

          SHA256

          9d9aa425e7e84c393d1a3bb5d5dcebe7d11535922dff3414602989fa4d262e3c

          SHA512

          aa69b6775b077c5b160a039f8c34c8e36748d9666b2e40f08ba174b0d512680089f2583a3c2a8552ced60b5de011fce4b9769fa95e137c303a6014b269e9117a

          Download Submit
        • /data/data/com.tool.picture/files/Mob/mob_commons_1
          Filesize

          2B

          MD5

          99914b932bd37a50b983c5e7c90ae93b

          SHA1

          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

          SHA256

          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

          SHA512

          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

          Download Submit
        • /data/data/com.tool.picture/files/Mob/mob_commons_1
          Filesize

          39B

          MD5

          661b6b32417a3588ca66c845711a74d6

          SHA1

          0e77bd563caffeda805b1038126b70ec27bb3e93

          SHA256

          f257202a96bbafc673e0a0146a9cbb783f4f09ea25c2e8af6c850ca6647f9603

          SHA512

          6c96ab6b2df2ec6f1b13199c85c3201d79b536adbc110259f27310d6c554cc5e13588a89be0c33a228476ef916aa18751323b38f15cff226dda0dbc67d29a855

          Download Submit
        • /data/data/com.tool.picture/files/Mob/share_sdk_1
          Filesize

          23B

          MD5

          8e24e79baab91c4d0604eaa9006a0cb3

          SHA1

          e427afc94a4b957a7096f73e395a10ea404c076b

          SHA256

          65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

          SHA512

          45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

          Download Submit
        • /storage/emulated/0/Android/data/.mn_410185822
          Filesize

          130B

          MD5

          f321656a466363e5192773d92000e401

          SHA1

          3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a

          SHA256

          53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c

          SHA512

          fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d

          Download Submit
        • /storage/emulated/0/Android/data/.mn_410185822
          Filesize

          146B

          MD5

          3e323c0f421293f2335efb91bd256471

          SHA1

          430ada6e67a7922a51e7bc489689be137f586fbb

          SHA256

          0d4e3afb048e2ad81ce981c9d1182fb5047b6d0f289e8160932d5fa6a00eabe5

          SHA512

          8acffea4b06d6c4ee04c314adda946ed735821bf4aa0346c45ebecd2fe4c33c9839536d2c7a0ccb5112931a2b14a0e03e79d3ad4425df0b47c6a46526bc156c8

          Download Submit
        • /storage/emulated/0/Android/data/.mn_410185822
          Filesize

          194B

          MD5

          af8e3e2490234bca95f938fcaf8701b7

          SHA1

          7e997c04be819cb6beab13bad05dea3ec12a7343

          SHA256

          96b814bf336e51d0b03ffd5220a98b884f90acfe1e3daf6e5924b5d9af69f535

          SHA512

          0e36e7740931fcc591ee9db489c397f3a6818444f8f8719aa38196f968480a36c95e217a01c4a2243639c2d73e3c24a40a2d877f927d0bc8fcdba209d336d7cb

          Download Submit
        • /storage/emulated/0/Mob/.mcw
          Filesize

          82B

          MD5

          116e7b49cf45d690058660fc79fc9d7d

          SHA1

          569f1b189c59331ff9f40c7fabeb2c7cdefeb4da

          SHA256

          e2f2da2426bbdb0f2906fc95b3c08e2a0fb49e9bc3f03ee9ed7ec9865a834686

          SHA512

          e9b5918d5c4ab960f61101665ffd2bd830d8a4516bd6f7a4015d83596983297262b352a992f0a6988ed2d67811a8fb0b880a7c208c59ceea4b32546b8693f307

          Download Submit
        • /storage/emulated/0/Mob/comm/.di
          Filesize

          57B

          MD5

          70a42cba408700f9a6c01c7941a8829e

          SHA1

          eab01cc2c0671538795fb0b1146017dc099d0984

          SHA256

          499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

          SHA512

          8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

          Download Submit