b23206e9febe071f0647d8cfa9970d5539c582037f7036eedfd342ebab0a2129

Analysis

max time kernel
9s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
27/05/2024, 05:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7805560ac381d6523ceb9d88686b180c_JaffaCakes118.apk
Size

31.2MB
MD5

7805560ac381d6523ceb9d88686b180c
SHA1

63ba9a3b1c7d7212231f42ef91d7334b0045dba6
SHA256

b23206e9febe071f0647d8cfa9970d5539c582037f7036eedfd342ebab0a2129
SHA512

247d1aed153d0044fbdebd206d1f0fb0d28fe95569d268a9f4313850a50133207bfae8037a969f35e74b595d498d64e1513420e13213b4f3d27f33a14e34baf2
SSDEEP

786432:RTSj3kzD/AOPOjOnhxshGYqVWv680hkLK353PUCq:gj3kH/AOPOjOhxsAk66+J3P/q

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.hongcang.hongcangcouplet/[email protected]	5091	com.hongcang.hongcangcouplet
/data/user/0/com.hongcang.hongcangcouplet/[email protected]!classes2.dex	5091	com.hongcang.hongcangcouplet

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.hongcang.hongcangcouplet

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.hongcang.hongcangcouplet

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hongcang.hongcangcouplet

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.hongcang.hongcangcouplet
1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5091

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hongcang.hongcangcouplet/.jiagu/classes.dex

Filesize
7.1MB

MD5
1ae2ec47c110995a1da7e5eb75a88660

SHA1
3610bf7e6f727544a1283a935640e094a6a00226

SHA256
f427cfe8f1ece2421d4b42f540db34ff12cfeffbebc10892c1c226d8c98747b3

SHA512
fd9ecdc9b971aabf6123a69770ca38aacf0c172e3ebe2e76ee12502948b73e6ce477bb5cdaefd72d7fafca11d53e0bbf5cd617c4b9d52456f0ee9316510c7e99

Download Submit
/data/data/com.hongcang.hongcangcouplet/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.hongcang.hongcangcouplet/.jiagu/libjiagu_64.so

Filesize
429KB

MD5
05a8c3ca16893f4e6cc997a82d987fb3

SHA1
76d6c6d19e0bfa83c847e5d330bd144f58994bff

SHA256
82e708e200cebe270ec57231729413621a8904e907efac8cfe71cb2cf16a3c10

SHA512
2a878c39e713fb6ff5b457f94a1fe2b5adc456924d087a1b6abd59afc0b0e9bad68852eddd34c6441e8996e66eb5fdb711ed6f477d6e447dd48cfd151d89fe96

Download Submit
/data/data/com.hongcang.hongcangcouplet/files/.jglogs/.jg.di

Filesize
348B

MD5
efb54a6a47b04a3b29ece0e44b3c6b52

SHA1
af951ac65fbc6f9c09172f645b5a39e0db4be547

SHA256
68577e04f1db95904b98ebdc741a939b161420c3b8945a4d3d78c5eeb8ebf86b

SHA512
5c98e30fceb638ce837b128f30b2c78db76029afe1cb497a9da8914a3d5ddf7b3cbfed3548673a33335d82f28718edb1b5d562019247c656880292ad4251deda

Download Submit
/data/data/com.hongcang.hongcangcouplet/files/.jglogs/.jg.ri

Filesize
314B

MD5
68ac78b7c0876158d0f448ddd64a0581

SHA1
29e7ca698e2b75fa5eb98027ce20818df49d8731

SHA256
8aaacd3a990970b180e18cac6a87492531b1cee1661a7d4def98cebd936fa04e

SHA512
e4f374a80faea24b5312580be80735e4cd291785279cf35a4edf83d2515e7cb2a8201fa6d0667f41fd1778ca2cd61952e3f654fa922faf3140ad125c2b87a087

Download Submit
/data/data/com.hongcang.hongcangcouplet/files/.jiagu.lock

Filesize
27B

MD5
dd9a0e096ca9d2e9806c39aabc6b9206

SHA1
a99fd3522855c7118e3c303ffb9f491f283dc270

SHA256
df728c700b9f7d523511488dec725763df9fe66fbac987e53f9173fba8edc731

SHA512
4ef74d134d4d3ee9120e327fc1a05fc6d7a2a885ddb6f1dba9ff714a2f7b874117c582c733d9dba06c8d44cff1fecfb522d4e6d62c3108be797a877f8330124b

Download Submit
/data/user/0/com.hongcang.hongcangcouplet/[email protected]

Filesize
6.4MB

MD5
3cee6a882f061ffcc9fa86f9917aed0c

SHA1
d3c06db1b11fa59e4da17780a87a14a2284b1817

SHA256
db19b1388722f78bce4d6bbcc91f89c55dfb778e21d2c59c8e455fdf14e38b08

SHA512
80307e937b8525cd572e0b082674d610b5a29cbb4d9c0c4c5212cb7ae3eb425f6abb907486b429c31759c2c20717d9875bc02d633be2646e0ebec762dfb6cf9e

Download Submit
/data/user/0/com.hongcang.hongcangcouplet/[email protected]!classes2.dex

Filesize
6.4MB

MD5
9b2539e045e6255c16227cbaab6562ea

SHA1
7f4aa711ca8a393ca4a4a6a75efd8e72238b650b

SHA256
6a77966c9080131bbe6a78359b18bd9442c1f939914f335507e8e54bce614613

SHA512
cdf1c1d5dea26a61abe7f5287277ff1f98b0908f5236ec97523e21fcfe54a9241c10ff908766f84768e6010feb33a9f33535a319dc85f6b7849b6cbea2d887ea

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
5eca4dfe91289576ee15c03eceb280ed

SHA1
29a9f6440f47b224b6df20661e5bf88db65a12c4

SHA256
02358b94cdaa5d6055a8c1658eb2b9f5c124a5b133116796d3a21c2d025c0c95

SHA512
69192c64182e7cef13ae55c55f27aaddbfadf8427adb1d1012cd386d84b1ba559c92bc68bb6c2bde4797731339c13fba55e2a4e3614bd7fc2367e2a6c465b6f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads