6ddc4d72f23b8140d59d368ed69d9a8c3fb40f8cebb2894b8787d342fccb53b1

Analysis

max time kernel
177s
max time network
185s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 11:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e485cb48d5e4c80c5cbba399d51b2ff_JaffaCakes118.apk
Size

7.4MB
MD5

6e485cb48d5e4c80c5cbba399d51b2ff
SHA1

d5bb78e613baf3be7b0a26340aabd12e04b763a5
SHA256

6ddc4d72f23b8140d59d368ed69d9a8c3fb40f8cebb2894b8787d342fccb53b1
SHA512

ece4d4b259dd8e6757db0efd7ae263fcbadf2c0370d09b3413fe3aacd7adf0214c93ec4a79beb333bd670515c08fab00cce6926814c807856fe6da7548f5c8b2
SSDEEP

196608:5C4LLGWdmKO0JBThRI+W5zT1cYPPGKzZut:5ZGWmu9Q+W5HCYPgt

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.tool.picture

description ioc process

File opened for read /proc/cpuinfo com.tool.picture
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.tool.picture

description ioc process

File opened for read /proc/meminfo com.tool.picture
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.tool.picture

ioc pid process

/data/user/0/com.tool.picture/.jiagu/classes.dex 4615 com.tool.picture
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.tool.picture

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.tool.picture
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.tool.picture

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.tool.picture
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.tool.picture

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tool.picture
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.tool.picture

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tool.picture
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.tool.picture

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.tool.picture

description	ioc	process
File opened for read	/proc/cpuinfo	com.tool.picture

description	ioc	process
File opened for read	/proc/meminfo	com.tool.picture

ioc	pid	process
/data/user/0/com.tool.picture/.jiagu/classes.dex	4615	com.tool.picture

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.tool.picture

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tool.picture

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tool.picture

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tool.picture

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.tool.picture

com.tool.picture
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4615

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tool.picture/.oabugaij/.fsgkea
Filesize
1B

MD5
01abfc750a0c942167651c40d088531d

SHA1
d08f88df745fa7950b104e4a707a31cfce7b5841

SHA256
334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b

SHA512
d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

Download Submit
/data/user/0/com.tool.picture/.jiagu/classes.dex
Filesize
2.7MB

MD5
7ed2406cfdf62e726231ce040d3c4ef2

SHA1
ae383ed9d7903a5a8dfd29e8cc7dd414ad35a702

SHA256
4e10a1898204469f0e039e8af9640b253c0360d586055961210761ef02834cad

SHA512
c10e86cecbd8aa832fbbda75989686d134ad4f2898fbe330546c3ccfc9db8c3d93c5bc85ae8252066c6256a247bfe1000860e5f1f0b5cd49cf59bcaf5badd664

Download Submit
/data/user/0/com.tool.picture/.jiagu/libjiagu.so
Filesize
558KB

MD5
98736de515958ae37ae93a0a0e997098

SHA1
72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

SHA256
335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

SHA512
cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Download Submit
/data/user/0/com.tool.picture/.jiagu/libjiagu_64.so
Filesize
569KB

MD5
64f0958be2a8e6862b90faacb40129e0

SHA1
389c618137db70dbf84adffcdc3c5d4850a5ff24

SHA256
4f38bee50f32a8c64f4f9c671b7cece34d4a1cb926087fec8ef505327d4edfaa

SHA512
793cb7104013b7841c38e4aa14f4d9246aefa61aa9803160e6398c4115a2df5c6af304bad045c687467547deaab3bb77272a675b0d673f81f2df3dee2d1fe94d

Download Submit
/data/user/0/com.tool.picture/databases/ThrowalbeLog.db
Filesize
32KB

MD5
46c395317e28e11272710a9619cbae7c

SHA1
7e7c8b9c3bf805bda17b3fd20cf6a595fca9968a

SHA256
66762cdbff7cd1b952936e44f25d8314ca9490b069fd60d11d4b0fdb1ec7a37b

SHA512
e9ed69d0168e32bcc3508bb6e1f3b4322e66b7034936e829112e687f3ce7450a18be0bcf21b9156d1d37cac1f162da4d015d7ab92b82cc786ba65805d17b33f4

Download Submit
/data/user/0/com.tool.picture/databases/ThrowalbeLog.db-journal
Filesize
512B

MD5
41367ba329a10fd08634fc6a9c623d0d

SHA1
f027bcc1f1daaa038dfb515d0fb06e67ad8bbbd5

SHA256
a7df1f7bc5319fae36ae02c84eca1fd8d063bf1ffc3f86a37323486f9331c034

SHA512
a3364f2458d4aefdb18acac4911b4c4b5348ec15e22f202e92ccd1144638193a0cf540d653d489af31322f99288ce734ea3ef694bd525f7273f4303a39ea511f

Download Submit
/data/user/0/com.tool.picture/databases/ThrowalbeLog.db-journal
Filesize
8KB

MD5
babeb5ce79bc225e14c38dba49d1c4bd

SHA1
c5788c9367c73a3503aeb7d3cce6187b1ab17c67

SHA256
cc38487f0b2a5c6e1be5e2835d35f687cce2c979f97b00f107bef74a9a7c6545

SHA512
e8a1906413c2090d7e9c5e88e16022e1bbcda03eaf191a0bd98780a7552d439c08d6d8417314edc384062dcc78240e3a992533e750e8328d9e2fd0d8c6af19e1

Download Submit
/data/user/0/com.tool.picture/databases/ThrowalbeLog.db-journal
Filesize
8KB

MD5
ef98d2c73049c9e6c06d5ffa30d6a51d

SHA1
a6ed7d78f7e64d2d8abe34e94eacc119fcc8fc2f

SHA256
51e951aaadb35a297c48a105d66084074248e7d38c2635d4af25aca9e52a2b8a

SHA512
76301ed091332a59de04f47559439bf8454ec73025beb9447ab7800fc48a99fa01c5694d363613c1e2d8f1de8129f5825f57cf8a0e7b591a87f4c2d17eb65d79

Download Submit
/data/user/0/com.tool.picture/databases/ThrowalbeLog.db-journal
Filesize
12KB

MD5
2d916d28622676c66a093bb2822d65e5

SHA1
d95563fc3e15e7e9a85f4e4a6ad3eaa184bb9c33

SHA256
95e0c0e2d9694d43c4017f8339a26a4b18b8673a67460d197bcca27b09a5ce96

SHA512
7485d0c2f41c3647ff4d8380006ecf4d899fc1471d619fb58a614bac159700fd93502690dd7fa6566665de99e7ad9a749167b09614627207df3475b46e361ead

Download Submit
/data/user/0/com.tool.picture/databases/ThrowalbeLog.db-journal
Filesize
12KB

MD5
29135fe5dd83faa34bbb41c32d7bcbdf

SHA1
2c2eb56743f78a3fbf2a99c021e2717fdb61845d

SHA256
cd1a8c0b639320fcb142b11e58962d76b9e4d9c4d857e04b129346ff270d2fa9

SHA512
9c70d9e08d3f5ca1b4956810fd2fe223f68639d0816cd24c6210c49dd11f9d1b89f24cac0df6413e4532198aefa9c4c760f00b6e72bbb0944a7b8875b684804d

Download Submit
/data/user/0/com.tool.picture/databases/ThrowalbeLog.db-journal
Filesize
16KB

MD5
5f086d5f29d70cee94b09c1ec6cd2008

SHA1
9c2391d4bf0253aa7edf8bd77f644f902e73faf3

SHA256
4727194d07697dc0e9543174121f73644d29fca4c5974b90ffbbb47d9a348c7a

SHA512
74451930dddf455105a2acad9e2dc41c00a63562837d40f78232c598817ffd58944e517b161dd87bc12b59cb204ec146a55494fe169e9a061057339c95bb307c

Download Submit
/data/user/0/com.tool.picture/files/.jglogs/.jg.ac
Filesize
32B

MD5
961a93ea76476aba10fb45d878165e81

SHA1
616e57425bbfb1b6c765d86fd92d7bdfb4f9efdc

SHA256
c4b6991037feb0bb5d23af63ef768942cb9cf1d9b4ba392003e6822d4fd77ecb

SHA512
31ecce4b21a9fe9d7ab6e9c3b7e9cc7670d55becfb61020f89442e072ebf4d43ae334fd636ed869105b6453d3981771319ba402bd069c5b62cbc806495ae936c

Download Submit
/data/user/0/com.tool.picture/files/.jglogs/.jg.ic
Filesize
32B

MD5
30869a3d18d5aeff048dda010b4bbd81

SHA1
313b179e1c1a2f0477c5d859f41001656ab8addf

SHA256
0453e69a9f2638f93d5a64b21c8cb820b7bbfe7dd54c26b8cc827c5cdd40302d

SHA512
56963040b5836cf50a833409826f42c8c45e11066c6f4994178360e564095452499d934d85bf5a264ee26cf4eac54dfad0a6b5e5369b86aa0ba892b495254c54

Download Submit
/data/user/0/com.tool.picture/files/.jglogs/.jg.pk
Filesize
32B

MD5
5fad63accb90af9f331573add728e411

SHA1
558ad1b1dad6b5af28ceb503db743a1849a9d6c0

SHA256
d5296cd4c674e7724ecc6289e82c17f2cab795dc2fd35d646d387297bd48bf81

SHA512
f6aa5bb2b2b1b153aa3fde5bac07713789c3675ade9548ab3efd6e1c38a18cc4aaef7a2efe7409ee22c14117ddd10db77e10462f0bf8b2161e898a469081058e

Download Submit
/data/user/0/com.tool.picture/files/.jglogs/.jg.pk.h
Filesize
64B

MD5
c7357f4a6a3d9868b1dd28f57618fe99

SHA1
4f0eb2da2e8444a8762407b4d8a7cad851dfc95f

SHA256
6d48e1307f06368bd946519de28a0eb7267267e7bcb15f5ed8a2b382f80d067a

SHA512
778427c6ec626b24ccb17f0689c2317f9983ad021c77d7a1308dd320af778d38b9aeff3683fabe573c2854ac35c4890af1f24d4ab13c241f37883086e869f8e9

Download Submit
/data/user/0/com.tool.picture/files/.jglogs/.jg.rd
Filesize
32B

MD5
742405d4f9b527c5d72cd8aac1f49263

SHA1
b2f3532a8829c26a2fdc5b8813dfbf5f962b0495

SHA256
9cab202432a39b1d1fbfc4bf2bc56f7fcee21c0a223dfe12c5b34f42445f82b4

SHA512
54d272a6016a72e3565937909a077d0d544341f1f724d027c815e1620386f81e45f25085381ae02b1b583cec2d553881aac53a8baa951327f14508c54f11a7db

Download Submit
/data/user/0/com.tool.picture/files/.jglogs/.jg.ri
Filesize
307B

MD5
ed4de2a404507a846fe821df285e148a

SHA1
d3761f9f10f031fa91ce1dd0a009f09be2899ea4

SHA256
ba9701a867250f58918e828b7f86325931b4ac3c18c74f11f81e0cf99669b60d

SHA512
ad38a70684762f8b1b1956389c6c12922a6901b31f9c20d13ee0b7a007da61c60d8702f62b3a9a5b0471ec158d0551beaf08563df0a858da50d42615d7386b70

Download Submit
/data/user/0/com.tool.picture/files/.jglogs/.jg.ri
Filesize
314B

MD5
a4511ce7b3676a58255ed9e451d1ab84

SHA1
ef2cfe08454f68cde0392a5d6ea0f9972abd689e

SHA256
f58abb6fc9d777b00232780fc9e80bc3abd8fba9a1316ed6bb92af0b5e5ccd44

SHA512
e231979056f47bbc89a33366b90997f54da5d7f3391b45107d625891f75b9f04897656b15a7e6f951ccfe81399d1af8a9282c9c9e711fbfcadfa9797c0e045ea

Download Submit
/data/user/0/com.tool.picture/files/.jglogs/.jg.store.report_pid
Filesize
32B

MD5
0df2891adc9505423d3c0dba1300db13

SHA1
5c576c9f74c17309a1ae86b5555a8404e4003250

SHA256
3a44845a1ed57ed9df7de4d2831be1ed124936e4b2cd11f1cc6bbee6ff119f56

SHA512
5765b0f0a3345cfc0f6b4025d7f3db1ba2d5fe1e87bf8ce31d067429fe95a2b3415f2028041b14a51f25a050abde3c0db0b822485d25121b81c7f38d6b506ba7

Download Submit
/data/user/0/com.tool.picture/files/.jiagu.lock
Filesize
27B

MD5
00dd2a13c0f62943f375476c54fd959d

SHA1
31935dc885a147236a23c44d7f1182e0922a8f9a

SHA256
a1fe246d8cae6da619df113bdcc7ad250fd4c76922dc9974f0e0b0dae046b020

SHA512
f82d7c65c29261611206ca15d6b50080f1f26cd9b05a95c27a4e2ac2d4c42cc550ee17b07ef41ab25661bd72c48b3863ba6158c69576d566641590144a7e2e3f

Download Submit
/data/user/0/com.tool.picture/files/Mob/comm/dbs/.duid
Filesize
132B

MD5
7c6e61d2e7880722e2151686480cc86e

SHA1
49cd71e412db8ea0b5e2fb1928f14838f331a181

SHA256
776d181dc5f96656f2a6834635b6312c0abf48b6d84ffb907d5dffc5e13a2be4

SHA512
b67b44b64c9eaec073a1da030164e217dd5b6a15f5ca9facc47dd1535a778300213f7d05708310461d49a5df26c0f6fcee2070fe5cd9f882d225a9a59518b954

Download Submit
/data/user/0/com.tool.picture/files/Mob/mob_commons_1
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/user/0/com.tool.picture/files/Mob/mob_commons_1
Filesize
39B

MD5
06921190a9dd8ee97828eccbd35092e3

SHA1
5670a52ba18db050341529b41b38f94861406aef

SHA256
ad900881699b7c070163e4d816162ea85be4d0b5307bfdc2685217dea1a68053

SHA512
6029d90f8765f82dbb9ed22ee7dbef1f4435ca3f74f979aa56422cc15206782719fca6440c56154d322573a86aaf30d9d26d0bb51964cb5e59e23a8086cfb65f

Download Submit
/data/user/0/com.tool.picture/files/Mob/share_sdk_1
Filesize
23B

MD5
8e24e79baab91c4d0604eaa9006a0cb3

SHA1
e427afc94a4b957a7096f73e395a10ea404c076b

SHA256
65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

SHA512
45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

Download Submit
/storage/emulated/0/.mn_-1226295269
Filesize
146B

MD5
c780ebdf203332f7120db9fca848c9e5

SHA1
c1daa0b0cea15354c10a2a0fdb7b721fb730ad4e

SHA256
14471b1f291c8bbddadf856b50452bac0fd7c5cef160f3960066b019c7d1fb59

SHA512
2f08f4048e70ed4d8d250cadfe606de7b0dbefe9319e49b2c97ae3e113dcfd720f79fecaf80a36cf05efd8e67da325cba8e35c767cc556579f8ad4db2f512210

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads