Overview

overview

8

Static

static

6

75849c6a7a...18.apk

android-9-x86

8

nplugin.apk

android-9-x86

nplugin.apk

android-10-x64

nplugin.apk

android-11-x64

Analysis

  • max time kernel
    33s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    26-05-2024 12:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75849c6a7afe9b705dbdf6a0734f9bc9_JaffaCakes118.apk

  • Size

    5.4MB

  • MD5

    75849c6a7afe9b705dbdf6a0734f9bc9

  • SHA1

    536c4444da9187cf6191123792360efc162fd008

  • SHA256

    315811613091c8ef89b8834166f6aee288acdc015b6faa7901da0ac962b127ed

  • SHA512

    5646c1b88a92e2b9756c8aae47df2c9b8f2785cb5c1c4acd3004b3ffea43ad1966e5f12213c16f667140e3c314b2be45a70b64566f6798721acf16f896106753

  • SSDEEP

    98304:PMrYGW0cSGeYQ3B/gd4UNWfo2Ry/IGjk0KY+4eaeaW9jzwKhUDwCR12:Ur20i+32WQ2RywGjSYe/uR12

Score
8/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.bigger.swgxhb.hy
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4263
    • getprop ro.product.cpu.abi
      2⤵
        PID:4293
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bigger.swgxhb.hy/files/.androidna/nplugin.apk --output-vdex-fd=114 --oat-fd=115 --oat-location=/data/user/0/com.bigger.swgxhb.hy/files/.androidna/oat/x86/nplugin.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4478
      • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
        2⤵
          PID:4502

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.bigger.swgxhb.hy/app_tbs/core_private/debug.conf
        Filesize

        101B

        MD5

        a0f7a0a68ce047b7fd6d77f0bac9867e

        SHA1

        b8f564b9e1469cd04f42178a5103a7978dfc6c40

        SHA256

        c4833df599f23e4f25d555899995abae5f10d79f458a5393ccb80f47b9549cf3

        SHA512

        1a598673e174d9c2f14a24606f0925ed19291bc54307551c9285fb4d6f6d947478328ee70a02da8adf23e130ea7b85c148cf99a552a8bcd058cd9a6faa4ab32b

        Download Submit

      • /data/data/com.bigger.swgxhb.hy/files/.androidna/nplugin.apk
        Filesize

        19KB

        MD5

        173b848e8de1400368c3fa4b689d952d

        SHA1

        990872490beb240d9a582eb19247863114245324

        SHA256

        6871a166909bda6d19631375cad6963db629c519b018e871f216edf11bc02b9a

        SHA512

        460a85e3e9430602209b2dc8f42e3b0a996bb1917802798b6dee66516b14575f87f56b451ff66a793e15e15c99b51ae20dd4f7129d320e3e0d20e3dfab0387db

        Download Submit

      • /data/user/0/com.bigger.swgxhb.hy/files/.androidna/nplugin.apk
        Filesize

        46KB

        MD5

        58580f3728051dc18fae19ca72579038

        SHA1

        d358909ca66bb808fe4417dd9ef976cbce5f6539

        SHA256

        3d116764cc9ea4ed0ac1e0e5da7a404d56050294444e2f8c082807c22d49a8ed

        SHA512

        41a4f5a715c80b5ac522e4f996d1ae957324d230ae2843649afaa067226832324bd08fc25099a5e4bf9cf236f537dc8955df5dcaf180915e3033131043990467

        Download Submit

      • /data/user/0/com.bigger.swgxhb.hy/files/.androidna/nplugin.apk
        Filesize

        46KB

        MD5

        29a24417e7d29fcf0f1b16cdfea010c2

        SHA1

        0c01f032fba47ed4c31fa9fff0a05fec7928f1b1

        SHA256

        8dc2b176bd14ec737295a8041feb3ccb9e077a11da6ee2514f04b5b8fd66cf88

        SHA512

        48c9ed8363d3b7aec3630983ac861d0b51179fa080d34f16567060ad0dce888c2bddf7fe409822f280f573dc7f5ac3200121593b90c4043ef14a4cb4e49cf4c5

        Download Submit

      • /storage/emulated/0/Android/data/com.bigger.swgxhb.hy/files/tbslog/tbslog.txt
        Filesize

        8KB

        MD5

        502e754571a854c8a5f0448f36e03a0d

        SHA1

        81ba32ecb9e3f9a151a4c6163950f151b4f2baac

        SHA256

        759ce7ce50e167a1f7cc3de8e35fd710e521435f97b3719b73469b5624209966

        SHA512

        bbb0aeaa703379214116b27fcdfa7f70b61928202f305499416ff85638637d315abe7eae4a88e948a5c58086b7a859b51b20ab12a29a53f1395b8fd71065468d

        Download Submit

      • /storage/emulated/0/UcQkDir/qk.dvid.txt
        Filesize

        65B

        MD5

        fe98e49d9545cc52b69123d0bd466823

        SHA1

        469a9368bc4c6d5b2aa9427e1ef2a9f41330175f

        SHA256

        dba259584882b851e7c74e2ab43dda512cf7e7ca5c2bf78d8f8698ba5463973a

        SHA512

        e8497b91861117880617ecc6a9ddff1e90358a038c1794cf7d3c8452a890d742244a8e8b59bea8ea44e16eda6697c9a175197948b2209a6143d39d936e4d3381

        Download Submit