6ddc4d72f23b8140d59d368ed69d9a8c3fb40f8cebb2894b8787d342fccb53b1

Analysis

max time kernel
177s
max time network
175s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
24-05-2024 11:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e485cb48d5e4c80c5cbba399d51b2ff_JaffaCakes118.apk
Size

7.4MB
MD5

6e485cb48d5e4c80c5cbba399d51b2ff
SHA1

d5bb78e613baf3be7b0a26340aabd12e04b763a5
SHA256

6ddc4d72f23b8140d59d368ed69d9a8c3fb40f8cebb2894b8787d342fccb53b1
SHA512

ece4d4b259dd8e6757db0efd7ae263fcbadf2c0370d09b3413fe3aacd7adf0214c93ec4a79beb333bd670515c08fab00cce6926814c807856fe6da7548f5c8b2
SSDEEP

196608:5C4LLGWdmKO0JBThRI+W5zT1cYPPGKzZut:5ZGWmu9Q+W5HCYPgt

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.tool.picture

description ioc process

File opened for read /proc/cpuinfo com.tool.picture
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.tool.picture

description ioc process

File opened for read /proc/meminfo com.tool.picture
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.tool.picture

ioc pid process

/data/data/com.tool.picture/.jiagu/classes.dex 5199 com.tool.picture
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.tool.picture

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.tool.picture
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.tool.picture

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.tool.picture
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.tool.picture

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tool.picture
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.tool.picture

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tool.picture
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.tool.picture

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.tool.picture
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.tool.picture

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tool.picture
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.tool.picture

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.tool.picture

description	ioc	process
File opened for read	/proc/cpuinfo	com.tool.picture

description	ioc	process
File opened for read	/proc/meminfo	com.tool.picture

ioc	pid	process
/data/data/com.tool.picture/.jiagu/classes.dex	5199	com.tool.picture

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.tool.picture

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tool.picture

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tool.picture

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.tool.picture

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.tool.picture

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tool.picture

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.tool.picture

com.tool.picture
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5199

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tool.picture/.jiagu/classes.dex
Filesize
2.7MB

MD5
7ed2406cfdf62e726231ce040d3c4ef2

SHA1
ae383ed9d7903a5a8dfd29e8cc7dd414ad35a702

SHA256
4e10a1898204469f0e039e8af9640b253c0360d586055961210761ef02834cad

SHA512
c10e86cecbd8aa832fbbda75989686d134ad4f2898fbe330546c3ccfc9db8c3d93c5bc85ae8252066c6256a247bfe1000860e5f1f0b5cd49cf59bcaf5badd664

Download Submit
/data/data/com.tool.picture/.jiagu/libjiagu.so
Filesize
558KB

MD5
98736de515958ae37ae93a0a0e997098

SHA1
72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

SHA256
335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

SHA512
cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Download Submit
/data/data/com.tool.picture/.jiagu/libjiagu_64.so
Filesize
569KB

MD5
64f0958be2a8e6862b90faacb40129e0

SHA1
389c618137db70dbf84adffcdc3c5d4850a5ff24

SHA256
4f38bee50f32a8c64f4f9c671b7cece34d4a1cb926087fec8ef505327d4edfaa

SHA512
793cb7104013b7841c38e4aa14f4d9246aefa61aa9803160e6398c4115a2df5c6af304bad045c687467547deaab3bb77272a675b0d673f81f2df3dee2d1fe94d

Download Submit
/data/data/com.tool.picture/.oabugaij/.fsgkea
Filesize
1B

MD5
01abfc750a0c942167651c40d088531d

SHA1
d08f88df745fa7950b104e4a707a31cfce7b5841

SHA256
334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b

SHA512
d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

Download Submit
/data/data/com.tool.picture/databases/ThrowalbeLog.db
Filesize
32KB

MD5
db3bc987ab8554acacd070551493ffb1

SHA1
fe0e255e3179ded64b74dbcef5bbc453bb134b86

SHA256
98b0c3048ae6a986267db0a0920091636f1a3c5d5799971ff226e01674adc09b

SHA512
ec6b7d589e18d69f8daa47e60e172fa4669643a5a4c6b39fa750d52da84adabce09438ef9cf808085ca6b6a35141d8f07ab6ff6197d70aa533b4d702e0a686cb

Download Submit
/data/data/com.tool.picture/databases/ThrowalbeLog.db-journal
Filesize
512B

MD5
5ca38e0bda685e835f7d289a6980b991

SHA1
9374691fe03cbc6c2269b56afd6737b9a36be2f5

SHA256
cd7fbae332a57db14a1046b93a1f4f63d8abe0f5ed4a97ff877471889914ef6c

SHA512
1812e7961918fd2d7ccab5b7fac0faff9ed913e7bffde33567a4edce61939c0b98e8186c73b001f962a291e88000b83ed642b3db525f49f83c3772a5ef6a0915

Download Submit
/data/data/com.tool.picture/databases/ThrowalbeLog.db-journal
Filesize
8KB

MD5
e177395c49a1aa45508cf455f0e2c6f4

SHA1
87378455900cc9675f9ba39a9d968d0efc95109e

SHA256
fe798fe25fe346ae7f04df866d049de733e7242434bf217083e61fa74e1b126d

SHA512
e3191a391e257fc1398984b5b522629b3de161960618650b56b6b9a9d575e332d828f6f34ad912e8405c3f9fcfd45108094f9b621510a95b11d3f390390acf9d

Download Submit
/data/data/com.tool.picture/databases/ThrowalbeLog.db-journal
Filesize
8KB

MD5
f031636a2d6ec74145ab8891fab371a8

SHA1
ad1523d3caf183fc9fe7862847a87fb5ad62ae5f

SHA256
e5470b853fed655a596dc1f81dd9a2e2aa7203e63e7449e705b7ed2247af815b

SHA512
b93dc573b79ee4d5a671b6016c1a408aa0d2272546c4645216c14a72958c3c4262af11a18ee7227035bd4cc5e084d715de73a9b8775cc0db015a02ea9f4ff0bc

Download Submit
/data/data/com.tool.picture/databases/ThrowalbeLog.db-journal
Filesize
12KB

MD5
f94d2e9466e485b73a5a3ea2ca81339c

SHA1
cc99ca031bc867f8b61eb1f8236e38514b13c0eb

SHA256
542bec2d956aff39a519b8bb53834b0d281b6fef09a2b3fd6721b8a8db61e487

SHA512
2c64449d4172c023c9daeb050bbbc651f1ce7b4bc7871c507cac5853410c2af9b3fa45be94205d6d0286d5b721ffa227f99e16c210b8dca15c8e047604cc2552

Download Submit
/data/data/com.tool.picture/databases/ThrowalbeLog.db-journal
Filesize
12KB

MD5
eecb20e931ccdb9abdabc103f10da686

SHA1
bfee4900a57fb5175ff620c84297203ced8a3b48

SHA256
fbb22363dec193356fa3992ade79e6c1d7eb1a8800c9d184d7082044060fcc5f

SHA512
f23a6a4d90e33f6d66cf33acfd3d7d061e076a9522a7b71edbdb3da46ecf43b79858e8c5acfee33f200efa9bc200384d83eefb6c191167ec1fe80773d492b465

Download Submit
/data/data/com.tool.picture/databases/ThrowalbeLog.db-journal
Filesize
16KB

MD5
cdc5445f779f4cdf6b8ad8b5ab822e17

SHA1
56fdc8fc24af7522486ac19133f16bda3bb35f5b

SHA256
45bc52300638bee9c9636eebebddcc2b750c4e305f8a0b7972b1ec6461ee57de

SHA512
e1bfb551b276e3ef835fe1c44a3eabf6661d2370b4926121c1c79ba19dfdcc21ecc91bead5bd77141bd41a443cff533713f14314bc43c161cd252e049c685f50

Download Submit
/data/data/com.tool.picture/files/.jglogs/.jg.ac
Filesize
32B

MD5
961a93ea76476aba10fb45d878165e81

SHA1
616e57425bbfb1b6c765d86fd92d7bdfb4f9efdc

SHA256
c4b6991037feb0bb5d23af63ef768942cb9cf1d9b4ba392003e6822d4fd77ecb

SHA512
31ecce4b21a9fe9d7ab6e9c3b7e9cc7670d55becfb61020f89442e072ebf4d43ae334fd636ed869105b6453d3981771319ba402bd069c5b62cbc806495ae936c

Download Submit
/data/data/com.tool.picture/files/.jglogs/.jg.ic
Filesize
32B

MD5
30869a3d18d5aeff048dda010b4bbd81

SHA1
313b179e1c1a2f0477c5d859f41001656ab8addf

SHA256
0453e69a9f2638f93d5a64b21c8cb820b7bbfe7dd54c26b8cc827c5cdd40302d

SHA512
56963040b5836cf50a833409826f42c8c45e11066c6f4994178360e564095452499d934d85bf5a264ee26cf4eac54dfad0a6b5e5369b86aa0ba892b495254c54

Download Submit
/data/data/com.tool.picture/files/.jglogs/.jg.pk
Filesize
32B

MD5
5fad63accb90af9f331573add728e411

SHA1
558ad1b1dad6b5af28ceb503db743a1849a9d6c0

SHA256
d5296cd4c674e7724ecc6289e82c17f2cab795dc2fd35d646d387297bd48bf81

SHA512
f6aa5bb2b2b1b153aa3fde5bac07713789c3675ade9548ab3efd6e1c38a18cc4aaef7a2efe7409ee22c14117ddd10db77e10462f0bf8b2161e898a469081058e

Download Submit
/data/data/com.tool.picture/files/.jglogs/.jg.pk.h
Filesize
64B

MD5
c7357f4a6a3d9868b1dd28f57618fe99

SHA1
4f0eb2da2e8444a8762407b4d8a7cad851dfc95f

SHA256
6d48e1307f06368bd946519de28a0eb7267267e7bcb15f5ed8a2b382f80d067a

SHA512
778427c6ec626b24ccb17f0689c2317f9983ad021c77d7a1308dd320af778d38b9aeff3683fabe573c2854ac35c4890af1f24d4ab13c241f37883086e869f8e9

Download Submit
/data/data/com.tool.picture/files/.jglogs/.jg.rd
Filesize
32B

MD5
742405d4f9b527c5d72cd8aac1f49263

SHA1
b2f3532a8829c26a2fdc5b8813dfbf5f962b0495

SHA256
9cab202432a39b1d1fbfc4bf2bc56f7fcee21c0a223dfe12c5b34f42445f82b4

SHA512
54d272a6016a72e3565937909a077d0d544341f1f724d027c815e1620386f81e45f25085381ae02b1b583cec2d553881aac53a8baa951327f14508c54f11a7db

Download Submit
/data/data/com.tool.picture/files/.jglogs/.jg.ri
Filesize
307B

MD5
7d51890d88c52ea95201316dfca0f915

SHA1
ac8c5fe67d7d2f454417e5c166fe53fd4efcd59e

SHA256
8e3da50e9741e4d24ef06ade6e8908b9c41004e7da0a2781bfe19dd87b646e1d

SHA512
14736b139b373bbed30c866f44500d7ca3fae698d25aca2255e2e65c0f85ff16188bbcfa49f1a94c9ed9f78d61f987fd997de9aff973db4920a7a895715aebf2

Download Submit
/data/data/com.tool.picture/files/.jglogs/.jg.ri
Filesize
314B

MD5
5e320b039819b76e14f4f0b40c1806ef

SHA1
16cfabbba728e6601426582d2dcb93bcf8621bf0

SHA256
50e595be5981d3167bbeba77622c47be20a860c8662b91dcc98fd6d4077f3dab

SHA512
8814108a73e46f71408632a21ee43e4986a3d3882b15489bbe16b67f23c6946854e9eb0e4907ea03203cf0fde071396527db9121c770c30cec8ae5976ec6d7c9

Download Submit
/data/data/com.tool.picture/files/.jglogs/.jg.store.report_pid
Filesize
32B

MD5
0df2891adc9505423d3c0dba1300db13

SHA1
5c576c9f74c17309a1ae86b5555a8404e4003250

SHA256
3a44845a1ed57ed9df7de4d2831be1ed124936e4b2cd11f1cc6bbee6ff119f56

SHA512
5765b0f0a3345cfc0f6b4025d7f3db1ba2d5fe1e87bf8ce31d067429fe95a2b3415f2028041b14a51f25a050abde3c0db0b822485d25121b81c7f38d6b506ba7

Download Submit
/data/data/com.tool.picture/files/.jiagu.lock
Filesize
27B

MD5
34b98dfd98687d00bbdac0c8ce6598d7

SHA1
ae1356b2d16319910360fa91e75373dfd65026ba

SHA256
f39e2d7daac3477ed4a9b08bbdf95c1f6b91f6950c478aec8e2cba810f7c0e92

SHA512
39779fcbecec13b7c78695994ca9797a4cd67738f6a08a4d44992a9ee84d29b0dea14fa65ff4330cbc987210dd5a8f32ca0f92936fbc03f1c0309e7fa5f95eca

Download Submit
/data/data/com.tool.picture/files/Mob/comm/dbs/.duid
Filesize
132B

MD5
85e1f4cb48f402bb40556aa7ad20822f

SHA1
b8d9053c19b6ca8a9b18fd24066eb7b209992dd6

SHA256
792e85a470c698d8d8364c4822f61f697241531b28ad3c6091269d42a38b119d

SHA512
8d57176b4c080f2ebfde179a24e423a6d2a58e1361a7ed5f86f6c07aedc57cf0783eb341a2bd05af2e9f471b591e6dfc1d847b47ddc75abc38146ec0e101e9f5

Download Submit
/data/data/com.tool.picture/files/Mob/mob_commons_1
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.tool.picture/files/Mob/mob_commons_1
Filesize
39B

MD5
d36b9f9ae6d08d3ce672fe12405941af

SHA1
e3c37ab18c9fd0eec4cf80b7090159401f92a238

SHA256
291feb61ed7b8369e4f5a6a9757215667b2b6261aa8f41b68f186d505a6284d6

SHA512
63a93b5bac8d63a1d2d109cb93bd92228c9344c48a917bc3e9985cb78c41a2f6180f6788bcb24e5e9d20d9a171865e8cfa57e732b57eca8cf9be3dbd1b0899a6

Download Submit
/data/data/com.tool.picture/files/Mob/share_sdk_1
Filesize
23B

MD5
8e24e79baab91c4d0604eaa9006a0cb3

SHA1
e427afc94a4b957a7096f73e395a10ea404c076b

SHA256
65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

SHA512
45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

Download Submit
/storage/emulated/0/Android/data/.mn_410185822
Filesize
130B

MD5
768326e8dd7d9dabcb8d2c2e8f5482c4

SHA1
032412c4cc9896e53fcf9eea07fa3917924c42b3

SHA256
560c3d6fd1ef23d3973338a4194332237228a30057aa3a17c409143fc2ce0cf5

SHA512
37f0443199249cbe6ce2c25a3797a16eb5fef72774904067265be821d71ec73b18524ab3279eea5c8c9b409ae8c0d85235ee73352a8cbedc6105ad3904a1bff6

Download Submit
/storage/emulated/0/Android/data/.mn_410185822
Filesize
178B

MD5
3e3c1e78a75d0ebf63c4ac8735e6f62c

SHA1
e615e57a95547ff87db144eed0a6ee662e215f72

SHA256
0b55cfd6c6a0c6d3bdc554075155f05dfe68dfe09710440432f630abf61a5861

SHA512
a51795107cdc9797d2a0cf3d1f88364b3af9fa8cc6024ee0cc4836597e504083a46d4699945202fb367d2f0652f779f904ab8a49d297190f3075219b2b5652a6

Download Submit
/storage/emulated/0/Mob/.mcw
Filesize
82B

MD5
810d4cfcf6a4e1f7179dddc5e6a822e0

SHA1
593e075314607d7c07d1303328a84e765a1ab44d

SHA256
5a11b26f05fed408536d94e381c1589cb35d43e047302cb5cb2c014af710e73e

SHA512
9ecf53df141fe49550829c17e706bd447838c97dd1c50af62e5c69efb91024f9c2ab4819cbf1ad4f790e2b03479401976dfd50d27410b3d7323f32793eb9019f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads