b23206e9febe071f0647d8cfa9970d5539c582037f7036eedfd342ebab0a2129

Analysis

max time kernel
177s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
27-05-2024 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7805560ac381d6523ceb9d88686b180c_JaffaCakes118.apk
Size

31.2MB
MD5

7805560ac381d6523ceb9d88686b180c
SHA1

63ba9a3b1c7d7212231f42ef91d7334b0045dba6
SHA256

b23206e9febe071f0647d8cfa9970d5539c582037f7036eedfd342ebab0a2129
SHA512

247d1aed153d0044fbdebd206d1f0fb0d28fe95569d268a9f4313850a50133207bfae8037a969f35e74b595d498d64e1513420e13213b4f3d27f33a14e34baf2
SSDEEP

786432:RTSj3kzD/AOPOjOnhxshGYqVWv680hkLK353PUCq:gj3kH/AOPOjOhxsAk66+J3P/q

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.hongcang.hongcangcouplet:mult

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hongcang.hongcangcouplet:mult

Loads dropped Dex/Jar 1 TTPs 9 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.hongcang.hongcangcouplet/.jiagu/classes.dex	4286	com.hongcang.hongcangcouplet
/data/data/com.hongcang.hongcangcouplet/.jiagu/classes.dex!classes2.dex	4286	com.hongcang.hongcangcouplet
/data/data/com.hongcang.hongcangcouplet/.jiagu/tmp.dex	4286	com.hongcang.hongcangcouplet
/data/data/com.hongcang.hongcangcouplet/.jiagu/tmp.dex	4286	com.hongcang.hongcangcouplet
/data/data/com.hongcang.hongcangcouplet/.jiagu/tmp.dex	4340	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.hongcang.hongcangcouplet/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.hongcang.hongcangcouplet/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.hongcang.hongcangcouplet/.jiagu/classes.dex	4386	com.hongcang.hongcangcouplet:mult
/data/data/com.hongcang.hongcangcouplet/.jiagu/classes.dex!classes2.dex	4386	com.hongcang.hongcangcouplet:mult
/data/data/com.hongcang.hongcangcouplet/.jiagu/tmp.dex	4386	com.hongcang.hongcangcouplet:mult
/data/data/com.hongcang.hongcangcouplet/.jiagu/tmp.dex	4386	com.hongcang.hongcangcouplet:mult

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.hongcang.hongcangcouplet
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.hongcang.hongcangcouplet:mult

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.hongcang.hongcangcouplet

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hongcang.hongcangcouplet
Framework service call	android.app.IActivityManager.registerReceiver	com.hongcang.hongcangcouplet:mult

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hongcang.hongcangcouplet
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hongcang.hongcangcouplet:mult

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hongcang.hongcangcouplet:mult

com.hongcang.hongcangcouplet
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4286
- chmod 755 /data/data/com.hongcang.hongcangcouplet/.jiagu/libjiagu.so
  2⤵
  PID:4310
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.hongcang.hongcangcouplet/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.hongcang.hongcangcouplet/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4340

com.hongcang.hongcangcouplet:mult
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4386
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.hongcang.hongcangcouplet/.jiagu/classes.dex --dex-file=/data/data/com.hongcang.hongcangcouplet/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.hongcang.hongcangcouplet/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4675

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hongcang.hongcangcouplet/.jiagu/classes.dex

Filesize
7.1MB

MD5
96847030e5bec1ad56f45e34ece80e34

SHA1
846a66e799eddef7f5921f96f611a6df4b890716

SHA256
14259359179ed3632a798cf496feaacedd5f2b7244e6b55e3c88925ff5d08380

SHA512
2ee290a395b58d9af21ce0467a5166101051a0e4ba2bc28d0f7473b242c9ed526da022109a85a12535b24b325117fddaa972ac65fbfff067817b0f63c85c3d74

Download Submit
/data/data/com.hongcang.hongcangcouplet/.jiagu/classes.dex

Filesize
6.4MB

MD5
3cee6a882f061ffcc9fa86f9917aed0c

SHA1
d3c06db1b11fa59e4da17780a87a14a2284b1817

SHA256
db19b1388722f78bce4d6bbcc91f89c55dfb778e21d2c59c8e455fdf14e38b08

SHA512
80307e937b8525cd572e0b082674d610b5a29cbb4d9c0c4c5212cb7ae3eb425f6abb907486b429c31759c2c20717d9875bc02d633be2646e0ebec762dfb6cf9e

Download Submit
/data/data/com.hongcang.hongcangcouplet/.jiagu/classes.dex!classes2.dex

Filesize
6.4MB

MD5
9b2539e045e6255c16227cbaab6562ea

SHA1
7f4aa711ca8a393ca4a4a6a75efd8e72238b650b

SHA256
6a77966c9080131bbe6a78359b18bd9442c1f939914f335507e8e54bce614613

SHA512
cdf1c1d5dea26a61abe7f5287277ff1f98b0908f5236ec97523e21fcfe54a9241c10ff908766f84768e6010feb33a9f33535a319dc85f6b7849b6cbea2d887ea

Download Submit
/data/data/com.hongcang.hongcangcouplet/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.hongcang.hongcangcouplet/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.hongcang.hongcangcouplet/app_crashrecord/1004

Filesize
239B

MD5
0f42b6d67c1d39bbc5951b50a55be85d

SHA1
d4938dd86859738651e5b4f65c48431461477084

SHA256
57f5f4391d5a7dd846e206432d992d39145aac3b0945ea8a73312b3de8104c31

SHA512
fffcf134de9537c40ffc04a9999fb9c1d8972b620f37f43ad51ad9dc8f515b158daa8b0bfa63077843b599ecb298517bcc1362fe4c93a2a079e71ef79163fda1

Download Submit
/data/data/com.hongcang.hongcangcouplet/app_crashrecord/1004

Filesize
82B

MD5
116e7b49cf45d690058660fc79fc9d7d

SHA1
569f1b189c59331ff9f40c7fabeb2c7cdefeb4da

SHA256
e2f2da2426bbdb0f2906fc95b3c08e2a0fb49e9bc3f03ee9ed7ec9865a834686

SHA512
e9b5918d5c4ab960f61101665ffd2bd830d8a4516bd6f7a4015d83596983297262b352a992f0a6988ed2d67811a8fb0b880a7c208c59ceea4b32546b8693f307

Download Submit
/data/data/com.hongcang.hongcangcouplet/app_crashrecord/1004

Filesize
244B

MD5
ff5b742cd11d080305f6f815858f3793

SHA1
1117af9b52e9c9dc0d139f456616c9548e5b4e4f

SHA256
6f829664cd078c2c05958ca1ad90f798b67cc9f6c6516869a14fd1e0f539311f

SHA512
eba20a1c35899516ef6938e33a1aa2a17b34e30be2e0a344d467d13b8d6ac9b9b77b7f5528ff7794474a6a0b2f4778be9f3254a672e3394f40dfbaa2b4cece00

Download Submit
/data/data/com.hongcang.hongcangcouplet/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
ff343414cb863443d0abe7fd8300f5a1

SHA1
9bd73feb707032e54805901079155c6dfc6184a8

SHA256
ebc864e525e5137d9d591456dcbb7434bc1827671d7d67a2cb52cd14b8a577a1

SHA512
c2bedcc27c4a0bf2a429004deabe69fe00a9ac39c1e896c291870ad0d1d1ebd805d5f7c432e764e0915fb1e71239c7cd7d6b6ae9b31d48f30e57623e02d805e1

Download Submit
/data/data/com.hongcang.hongcangcouplet/databases/ThrowalbeLog.db-wal

Filesize
221KB

MD5
79fdf6802563ef1462207ebfeca1ea02

SHA1
bffe2a87eb9ec1e56f21994ff34a7e9b333eb7dd

SHA256
b66239f9e308c684853f9b6fc1a7d35e0162ef3256cda3f0ccf8958710597ea5

SHA512
9b6d858f798711c72bfdb9f4597dfd7bfa90f034cc9442059b9d7461145c31561002cec099cd8e16ba1c2d7f0cc7ed9d7e17d0a2e59961b0349146d7e90d515b

Download Submit
/data/data/com.hongcang.hongcangcouplet/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.hongcang.hongcangcouplet/databases/bugly_db_-journal

Filesize
512B

MD5
e83211bbecaaec50c5c72198e7e609ce

SHA1
bc0f83bf4e9e7b32808098b8e0630f75f8a3d095

SHA256
66816284c0f6d804bb7745a68cc36e9acc743d73d424431fd063d574607ea0ee

SHA512
3c1efc86b0e9412dc636ee76a1c843703e0a09a7d04153edcaca365dd81620dcef062c3179e8f77b8e1e76a436c5de91c111dbc2aef62fc11ea272c5a0a44a8f

Download Submit
/data/data/com.hongcang.hongcangcouplet/databases/bugly_db_-shm

Filesize
28KB

MD5
d09c3833a2ee15acfa3a4a2c0c6fc9fc

SHA1
5db4a39c8ba3b922a10dbc63fa4d3a353fa2f5cb

SHA256
6d24c0bb5df9747c6dbb7172b812039440b4ffff47a8571e34bf141e7bcf8029

SHA512
cedb03d5d5e2061445589ed9e360fd574fb93150e7de263325363906a26a7b11474d0db8641d068956ec16e8582afa75b8d415f623ba7ee6ef721a69991846c5

Download Submit
/data/data/com.hongcang.hongcangcouplet/databases/bugly_db_-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.hongcang.hongcangcouplet/databases/bugly_db_-wal

Filesize
68KB

MD5
6075890d5e9e3da5be06bca3149041cd

SHA1
6dbc8f4ae5a22bb54c1f9977800431674aa8aa4c

SHA256
f023e230debbd031abb979ce82a8ed056635e5dce6a80fe183abbe55a46cdbfb

SHA512
842593c1192bfb78acf99777bef8ea11d6c48a40ef9e3bc2e7332f2bed9f1ef9a4c62f7f4ccaf925936a97d515ad476cada2610b0f9927584a93c347682e3c1a

Download Submit
/data/data/com.hongcang.hongcangcouplet/databases/bugly_db_-wal

Filesize
76KB

MD5
32b9898c2428f3dacb8517db7d47c3a9

SHA1
d09b7035dd818764280cf7f93b812afbaff91dbd

SHA256
b3c10fa612c743314b80d74bf58286f84c89c458053cbd83ccbfdd802610051d

SHA512
8fe17131d4a37ea9a89e6748b18902e8e80fc3e6110ec5b3cf4345dc8d5a3fa3c444722239d0c270a94c7c38dbedff62cb4c2a366c57f5bdd2cd0b58dc480754

Download Submit
/data/data/com.hongcang.hongcangcouplet/files/.jglogs/.jg.ac

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
/data/data/com.hongcang.hongcangcouplet/files/.jglogs/.jg.di

Filesize
340B

MD5
05a7f692d8a69cf1193d3505cc8c18b8

SHA1
39de3f7b66ab5613d510addd2ff9c7cafbea99b4

SHA256
282729bda65310a8a748d9d47ed268a2799c73060ab841644d43108e250f12a9

SHA512
15c1e790878494c65895c96cad93033f04d26c8db2969ecbf6ba32e90f6ccc2828e521cea980d9fb09f729e55d58b9802c45009c146c94a595b1a767e44ca159

Download Submit
/data/data/com.hongcang.hongcangcouplet/files/.jglogs/.jg.ic

Filesize
32B

MD5
4a7ef17d0315f3ce28276d9ac5d5f490

SHA1
a06f4565f802e0dd0e4584a1f894222ab72ca998

SHA256
dd4c479ee638ee44db6a8ebeacb0358104584f3d5688e35e7059005c0f3ae7e0

SHA512
44e360e1a22365f1808c426fc872de0e2f0fd63a6d44ee8d83573975e45dc2d9ee5cdaa19fb93ae90e61a96684c862d60ed809572a5b6891e48cad1ab8ecdda9

Download Submit
/data/data/com.hongcang.hongcangcouplet/files/.jglogs/.jg.ri

Filesize
314B

MD5
81a12f94061263db0d5223be82dcf8be

SHA1
9807167a0e96b06d2398d27337050473f847e813

SHA256
3e5882e0c178f548bf3ffe105f9143c6614d518364a99ff556e5318a31117773

SHA512
16265ff804d586d40564cbde815304103506fb7974aabbeaad98577ad0be5894f6e252d13d59167aa79ac974994cffdf45fbf9569673018f2abc60e2d149c893

Download Submit
/data/data/com.hongcang.hongcangcouplet/files/.jiagu.lock

Filesize
27B

MD5
a6412c0a7d19b2a3e3c6aa2efbe9fd33

SHA1
eef8da076b92ac26260a6955f256c80a1ac35458

SHA256
d9136ddb149cedec031081d4425f90f6bac3c3845601dd064b345e98d324da12

SHA512
7ae32855862db885234a0c5a85c055c0d8170aaa1ba42dc25baf1ab3af2bab05c5bcc8a36cd30f1db7cc670e399f48279f5de2a40293a059b339ec5dff002ac8

Download Submit
/data/data/com.hongcang.hongcangcouplet/files/Mob/mob_commons_1

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.hongcang.hongcangcouplet/files/Mob/share_sdk_1

Filesize
23B

MD5
8e24e79baab91c4d0604eaa9006a0cb3

SHA1
e427afc94a4b957a7096f73e395a10ea404c076b

SHA256
65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

SHA512
45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

Download Submit
/data/data/com.hongcang.hongcangcouplet/files/jpush_stat_history_mult/normal/nowrap/e694a388-0dfe-48c0-9981-05cf6cd94efb

Filesize
202B

MD5
16cc3c37cdbe66476bf9e7f06b84d8ff

SHA1
dd385543cbd56b9942efd77b04f34325bfec4bbf

SHA256
1ad3e6a0b5e64185edc549106d309028a9fdc326a2279e14da2bf1bdd5742255

SHA512
3a9c6685ac8600cfab4a702c954d2908bc819ceeaad4b3a5ed55a383379962ef397d89aa115b49fe59fcefa3c16dfac2b07e8ea5ef951e63ea6f389cda39ec35

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
82B

MD5
e8be01a3d651b9f955cbb28d7fe2f623

SHA1
04010f8b539c2e98c8d7b7752e9879547aa9dc0f

SHA256
97f36bba6fac1a853fc47a62ed426b46325a58a209d20a7c232641ffba4e44f4

SHA512
19eb61bf037bcc667e6a19773beee13011faffc9a5f8efffebddeb5e27e017bc47f26e143de5e9f471668bdd9eb445fb85afda410b065f0d3ae323169ba4b34f

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
2ea4caa18a9afd097203b45e73b8b3ec

SHA1
2e7ecd3e81ced6a275a71dc2aa145e40c7d8a5ae

SHA256
0472f15e44714db490309b106afb768e49ab3d865a104fb663f2318ce066b8e3

SHA512
2f6c295f2f6af18d1a6c3c5a077505fe2d2b1728ded02359290d26d0ebcd8740e78d7f42b6f952eccf96a51057b4aa98b6e345488ea1a5d0b75eb9083e8bc658

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
146B

MD5
6d0c2042149b7596a203393412aa8e10

SHA1
4a2bd34abc36b39105289a0039506ecf285a575f

SHA256
7d482f54d820b50213d55427c4289ffcef652122640dde475bd1ae7e108f3a22

SHA512
6c50e6a292a227d0a4508a54b2fb9a93296a302e5260900dff914d9450fb2535f7aa6a73cad985bc8239ed024ad97e0b6e5d70d19add7c0a9dc2ee7375fdd8b7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads