Analysis

  • max time kernel
    155s
  • max time network
    153s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    01-06-2024 03:50

General

  • Target

    8949113d36ef384f47cc70a1dffd18ab_JaffaCakes118.apk

  • Size

    4.8MB

  • MD5

    8949113d36ef384f47cc70a1dffd18ab

  • SHA1

    c9e3c4a147f63bef5035764ec4b59336646b13a0

  • SHA256

    35c3b2b50dc85b260fb98e5cb1ac33ec10a29946de0d2bf40f054e0d0dcfdea2

  • SHA512

    49f253e692bcb644f915c35f653aa459caab27e13f0d3c6a580639b8935b370cfa8a6fe4ae9250189632b529fa85205d37cf9276a3b048c8f730fcb360343b31

  • SSDEEP

    98304:ElBxnXLS/e95HdmnKotNYaXxhZ0W8NrKFD7her3D3fJvd:EdLGCdmK4YaYrqx6391

Malware Config

Signatures

Processes

  • com.coolsnow.gif2video
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Reads the content of photos stored on the user's device.
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4623

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.coolsnow.gif2video/.oabugaij/.fsgkea

    Filesize

    1B

    MD5

    01abfc750a0c942167651c40d088531d

    SHA1

    d08f88df745fa7950b104e4a707a31cfce7b5841

    SHA256

    334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b

    SHA512

    d369286ac86b60fa920f6464d26becacd9f4c8bd885b783407cdcaa74fafd45a8b56b364b63f6256c3ceef26278a1c7799d4243a8149b5ede5ce1d890b5c7236

  • /data/user/0/com.coolsnow.gif2video/.jiagu/classes.dex

    Filesize

    5.9MB

    MD5

    dc59811ad8212f0b7e1d78e273dda0ff

    SHA1

    3ee6f5766f69bd9c78c2442b654ea493894fcd20

    SHA256

    4eee9700ea2e4c99dcd4ccc9fd3c477f1ae344eebdf2015f84e2c1374eb15771

    SHA512

    35c22b76dbc86273548f72434beeec4ab907f11588ddf8cf405e2a488063f764f341ccb584bde968d110082d05c24d5d768c64338bffcebbc5db7e2ddf4293e4

  • /data/user/0/com.coolsnow.gif2video/.jiagu/libjiagu.so

    Filesize

    558KB

    MD5

    98736de515958ae37ae93a0a0e997098

    SHA1

    72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

    SHA256

    335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

    SHA512

    cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

  • /data/user/0/com.coolsnow.gif2video/.jiagu/libjiagu_64.so

    Filesize

    569KB

    MD5

    64f0958be2a8e6862b90faacb40129e0

    SHA1

    389c618137db70dbf84adffcdc3c5d4850a5ff24

    SHA256

    4f38bee50f32a8c64f4f9c671b7cece34d4a1cb926087fec8ef505327d4edfaa

    SHA512

    793cb7104013b7841c38e4aa14f4d9246aefa61aa9803160e6398c4115a2df5c6af304bad045c687467547deaab3bb77272a675b0d673f81f2df3dee2d1fe94d

  • /data/user/0/com.coolsnow.gif2video/databases/ua.db

    Filesize

    40KB

    MD5

    4a7d7a879469bee7fdadfe97aee8c722

    SHA1

    cf7d1142800de9b07f098787b16b601bee9f803c

    SHA256

    5dc7460e67ed8400bb5706b1f4c7338ec6f4a76767a725c4b48ab73680bffc95

    SHA512

    4e0e2cb7f3dcae5587a0e31d71efa46bfd8cab6447faf2c0d98fba57f830525f374d87ee4c1e7a5ca27c366f8c6269bab41bcaa6dbf7b88cf32eb973f9312053

  • /data/user/0/com.coolsnow.gif2video/databases/ua.db

    Filesize

    24KB

    MD5

    081d678d0a88189f50e94a35d7ec3966

    SHA1

    8554e94db0db00e7a4491965d311634fc7b269df

    SHA256

    f4fc10b8a5c48169b4f61fa2f9dbd68c2c9ae8e9a29f98eee82ea9837a5a7161

    SHA512

    0b036cb64b1d3e16c1220c38d8522db815ac08cbf7520e6ade125f05624a0f34eeceb0964e3ec24092c001d495349ca82eb59858975d3ae621f9cba99f6bceba

  • /data/user/0/com.coolsnow.gif2video/databases/ua.db

    Filesize

    32KB

    MD5

    1b36ac4ecff189833c3c38d08c5b27d6

    SHA1

    01e475350fbae4a633f3411575b9db4169aa4534

    SHA256

    9a097f0b86e7cb21c0e7cd3fac32d32f7d92893307cb1cb26316a519ab3270a0

    SHA512

    187e08006cea4c71e017d864d34237ba9734792fcf1386baeeb15d1d2c2e77472baca03a66fea528564c337e43ab37322215df136cfaa7b091abdb593617cdfa

  • /data/user/0/com.coolsnow.gif2video/databases/ua.db-journal

    Filesize

    512B

    MD5

    8432dc41e5f93331fa9dc748d060b50b

    SHA1

    7706807ab5589c510b570ead0c35e5cc1766da39

    SHA256

    4b55fe4384b9454d9529bf3c0044de6e9ccb5cc52ae760d0b37c5721c6254b71

    SHA512

    e791b1db8d3a0fa49c7f5db49b3a4da8a4f3339de79083e057c03f72488b1c3fbecdd5502940beb39cbc385d447064f90304c2a94e08f838bac5555c6af86d14

  • /data/user/0/com.coolsnow.gif2video/databases/ua.db-journal

    Filesize

    8KB

    MD5

    f093591cbb636b35268d4952c68f4741

    SHA1

    cc3036cb75c5db92ddda5c94e2386fc0e304bfcd

    SHA256

    90089fdfcc6348671198b8fca985de877f09f3b5d93cfd71a1b127bd146f593e

    SHA512

    7882a4a446b5174ad212a89b46ad361af26ed686bf42717458b27b2fdfde36c8fd6d852f8ab703f5fc3fc07f1d56d0c37b18ea2b7d464dafd2bcfdf13880d8b6

  • /data/user/0/com.coolsnow.gif2video/databases/ua.db-journal

    Filesize

    8KB

    MD5

    ff3d74703fa20cd8d83946b10cab9248

    SHA1

    d1f7c22011992491e4912b2c7a7f03eb37083814

    SHA256

    08cf3f21d06c04dd73a932e5a7918c91a8e0813f1f60588037cceefe2633e989

    SHA512

    4bd1b2fcf70e77183c3276866915315ced5ffbd9d36c9c9f576ea457f3ba2b05986fb216c647b6f547f5677ec2e28a8315dcd9e6770d0b4e530a6665f3ac311c

  • /data/user/0/com.coolsnow.gif2video/databases/ua.db-journal

    Filesize

    16KB

    MD5

    b52f041539082d47945e85370e7e517f

    SHA1

    623248292e9a6219c052dc921db4a142282d12e9

    SHA256

    6e3164e43a6ebd94e4817f421a9fe0b44214de13ce4590b717961aafeae920c2

    SHA512

    912bb25341158db83d8c6c702744019b5f578b551a0208caea447ea8b5164997d836e077cf0c548adf28424cf1485b2cf61f57516b959056df231a0de4e1cde6

  • /data/user/0/com.coolsnow.gif2video/databases/ua.db-journal

    Filesize

    16KB

    MD5

    17e81d0f129b93f793a9900543d7270d

    SHA1

    f2eb595d813ef16d214b929333a474083e81f5ef

    SHA256

    cf90e4b86c8410bb77a694cea00a695bad1734d2cce4e7a2fec2df0ebc73dfcf

    SHA512

    aec6a1f1f7677a0e6d8ae4d6eeae0bfffc4402c3ac7c5d6200c1f44b84e40284834f80ee7c0804e0a40ad59789ce89377a1d786f507fd1a6157fc7533d6112b2

  • /data/user/0/com.coolsnow.gif2video/files/.jglogs/.jg.ac

    Filesize

    32B

    MD5

    45ed1541d7f44071e210968f2b7dddfb

    SHA1

    075e15e7937a7778057219f67c262bd7e2aff310

    SHA256

    5b357b0ae5f1193bc054c43a2a7f3ba4197d3a40e9a0f95f2af1668fadda8e09

    SHA512

    24b4b28e13b9edacaa0373f78b313f04498e501789b01186155244823708c188a481840c34045447244e70184cb9af013cf23a90860bf74de722b38bfafa58fe

  • /data/user/0/com.coolsnow.gif2video/files/.jglogs/.jg.ic

    Filesize

    32B

    MD5

    62c56cb6ea0a495b2ff2e999a4591d8b

    SHA1

    c3c359a73d3e558d4cfe94317681bb76b638d5f3

    SHA256

    ae74a2af8fc9b3b620393d6891ba8679d368a9205706e655a063fa5a31b64020

    SHA512

    6a022ffe606ffc03d7819cad3666dc9440a36c4e916f3aa1a76f41d52bf6147b8b51461050c6d0fe40f0b180a324bea88259a7649038a4784c4221707240bdeb

  • /data/user/0/com.coolsnow.gif2video/files/.jglogs/.jg.rd

    Filesize

    32B

    MD5

    74c5be926c91af4b5ff7be685b48adf5

    SHA1

    2a299d3dc6a086d25ebf6a1d8a28b739dfaf3180

    SHA256

    91bddc926355aa817daef947f53684da7db10d44b1a4b7f5e877670f8ea97880

    SHA512

    d21aa59438716382eee33becc58c23b66637d37b152b50b1dac5a5fdeef960f41314ff6be58c884dd0772f896695463ddd8e344ceb2dbb5023cb1a4b6ad6a950

  • /data/user/0/com.coolsnow.gif2video/files/.jglogs/.jg.ri

    Filesize

    307B

    MD5

    68abdf12075d9082dd57352e11a7188a

    SHA1

    fa2b7bc45fa299b2c8b21c1935dcb74d2e5cbe7d

    SHA256

    f4a9c44a497a40a790d711d75d1085b1ad46c8a77cd49449d4d0def96abc4086

    SHA512

    78dd6364c299af485f906bed90b924479678cb44cbf0e187a076f0b90745cb957c5620178382463f4707359fff94391d9fd122d8cd460853757b4182c0759d4f

  • /data/user/0/com.coolsnow.gif2video/files/.jglogs/.jg.ri

    Filesize

    314B

    MD5

    dfc91b4284fb0993cd1479c21f908224

    SHA1

    dad095d0c0d601faeddee15bd090e55ba007c2cc

    SHA256

    5eb7969f6ba7c005a2110bf28bdd3deb8ca3707d34571a9f8c6d0c0ffd5f0514

    SHA512

    bbf9161db69aaef36d35908c46dce4587b0be5cdfaef2988d5b30e4a179f054347f85a87118b4da847c17c112b5de98c939a17de06bc733bf6bc00d71657edd3

  • /data/user/0/com.coolsnow.gif2video/files/.jglogs/.jg.store.report_pid

    Filesize

    32B

    MD5

    da5451d88bdbd4c7b30e95ced4a90be6

    SHA1

    bef393923343a5a5fc24af96f6be708ebce937ab

    SHA256

    e9a559dc2f5998826ddea5bf7cb3711b4815a874fbb6d9d6e8e403cc19076626

    SHA512

    a5231bda44b94cd6af44bc6cd663f9b05b0f30e63d51e18d2e0a45d088e4e8e8d980d5e03a94789490714636bc4845387c86cf402d80fa1c4aeff5ed8f394fa3

  • /data/user/0/com.coolsnow.gif2video/files/.jiagu.lock

    Filesize

    27B

    MD5

    742399ec654e9fb48f36eb94ef0804df

    SHA1

    09cf1ada88f7f6194ce37ec0e3e105d21912c623

    SHA256

    f82c3eab6a142eb2b41f78a74620dabc702379fb2ee17bc4ff78f7aea1f939c2

    SHA512

    706d3019526beb2fc13a184eb2fece36695d1dc86a4d696fc2298ffc3d4c452d02276b81456efcdbba2845a64a8777a67268fcec06c3a85021adad2e33ed0415