Analysis

  • max time kernel
    70s
  • max time network
    141s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    02-06-2024 14:14

General

  • Target

    8e5a7f1ae66071f859563fb36c480f77_JaffaCakes118.apk

  • Size

    4.3MB

  • MD5

    8e5a7f1ae66071f859563fb36c480f77

  • SHA1

    ec43a099d70123301049e6d6abfdd0a778bb86e5

  • SHA256

    8f7287ba377d7188a6520951d9622e9dd62232152f2f16b4d063d78aeec24d6f

  • SHA512

    0169800eec13b5b931cdfc666aa59dd4c7cad04b329926993aa4317ff57d161d9e702f9132f0590441c378be163fb2515673fadb26404756070c2e7a3cb414ee

  • SSDEEP

    98304:1OKW+OQ2b74TNQ3mCSZFBJqXdTVl1bidsBDWR/005gaLc6mwQ:1ONi2bUFnJERPQAM0Krgx

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs

Processes

  • com.touhao.caishen2
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4325
    • sh -c ps -ef
      2⤵
        PID:4531
      • ps -ef
        2⤵
          PID:4531

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.touhao.caishen2/.jiagu/classes.dex

        Filesize

        4.0MB

        MD5

        8761f21a03aac949bc158028517117f9

        SHA1

        194557e7bfa5ff528516881a4498f71e08ccd67e

        SHA256

        03a4c1183768252266b894630c3de46dc451474c8edba24c820a5ac9ac75489f

        SHA512

        67f138fd73d492e9963bf1936bba2f584208ccfa22f594d4e575c593bdcf38fcc42af6c25610f761300c2f385e86d86f5300b79ed6c6a44161832e3b4f7a2957

      • /data/data/com.touhao.caishen2/.jiagu/libjiagu.so

        Filesize

        491KB

        MD5

        940317093cc329d45cf45ea8713b1c1f

        SHA1

        3f9ff8cef8e41d03ea714b8d5f030ad1fcaec0be

        SHA256

        57f0ffa7062aaa03074648a0c9df78ed9d3f78c2f07fb846b11bb1b667e246bc

        SHA512

        3f40076d241bc3a2b83e56d01e826b8cb7d310a67128ac8b1165bdb93dd917c6a7219c1e65dbd8a40432fb38331828c7171e266e8474dfc69db2675e29e2723f

      • /data/data/com.touhao.caishen2/files/.jglogs/.jg.ac

        Filesize

        40B

        MD5

        fef6e4de7c1f4563fe8f6c5687d2a665

        SHA1

        fe50d5137208fabe770d3f2f3cb9eb4f7c9cc905

        SHA256

        aa73cbc4148ef4c6d8d3c5ac69f7b23411663b8e98cfd9512fbfcc4473ae4673

        SHA512

        5cdec1a7ec8444bd7ab3b1de7eb192035eb08afe143ed539be4034de29fcb82c2aa2f0ac4fbca5887d82b89b9b704c7b61785c83d6d7118d2453e751d82fa0d7

      • /data/data/com.touhao.caishen2/files/.jglogs/.jg.ic

        Filesize

        32B

        MD5

        103ac50fc259d4e95134700690593966

        SHA1

        2b4a978aa6a4269bdf0bbbd43a474efa923e0c9e

        SHA256

        9b306c484429ddb09cecdc1214d9a9bfddbd81beaffb7ee10e688acdb9301a15

        SHA512

        f4ce7d4993b581da4a6fe26e1b76aa4ef7b705cadf6fae19493b1379f16b8f44a26612c350291dc5a0619d94b742ed4051f7ba27a04cf6a919682b47381c666a

      • /data/data/com.touhao.caishen2/files/.jglogs/.jg.pk

        Filesize

        32B

        MD5

        fe94c9a921bf715f3f22abc0cc700ed3

        SHA1

        a2fa6df85a12adf879a9d248d6c6b91c889ad16e

        SHA256

        10dd7602ba4f529216e4a15916d3a6a30e2fc19b9d78b5beaa43fa631ba01ad0

        SHA512

        0ce2de5821b7f3acf46863dfc09c1a7f24739160834c464a09c3421d479fe72237f972645c3c5389cfdb4c5f36afa5af2dde33e37b03a22ad8656c0c5cb65535

      • /data/data/com.touhao.caishen2/files/.jglogs/.jg.pk.h

        Filesize

        64B

        MD5

        f85c8bc2712b61148e88e757c28f8531

        SHA1

        02d5f576fcd872b45dbda21edab77b8c26ef874f

        SHA256

        f7a773ee9938888af788df75d90a300e7d1ee03c8f8e9ad7ee4db44c67aae6b7

        SHA512

        3c85d32601bd3c8cfc68c9820605e67c1927494661fb70365e0cf8d950d05ec2ad76ddd5495793f6156f2cece528e08ea33ce926a27625ba5cf336ed138c7b8b

      • /data/data/com.touhao.caishen2/files/.jglogs/.jg.rd

        Filesize

        73B

        MD5

        1bca7af1809620971bdd785c952c4e98

        SHA1

        3fd2fec873e737f1990c95266e48a6b0a701c491

        SHA256

        2e3768c651d893ed901fa577000309234c7d4fdfba802c42be338fa3f56fb75d

        SHA512

        c33c3f998385a8cc1cd20ce9f01bfbfeb5cebc5472cd1eada1b3fa169a73f64ff2d7d5eb385cec31f68ed2f2b30e7b21c59bf714af5bfe714e5a7ca308d2fb03

      • /data/data/com.touhao.caishen2/files/.jglogs/.jg.ri

        Filesize

        307B

        MD5

        88e5637f1059d92e3035f261c349a12f

        SHA1

        47458980cb9bf1ec58ecb8487234c446375bf885

        SHA256

        764c5278ce06899baad56cfc4e080d8a85c257ba8b5b2b1d141d4f9bc2813a48

        SHA512

        7768084b45c8d3ccef5d276c07b4572774be1320306fae7323c130bb024809b9c7209621c981b401445dbf0b1367a50ea17f01b8b5817e131c552de66e65344a

      • /data/data/com.touhao.caishen2/files/.jglogs/.jg.ri

        Filesize

        314B

        MD5

        a6dad250573dbcbb6a7a7d4763379df8

        SHA1

        8344c559f1515033d683004721d448e339149619

        SHA256

        ff478551295e1979fda9f587dcd7f23ff7247eb5ce4f9cde74b1e30e6b57d2dd

        SHA512

        e96010fd905acae26ec42f3ad01e0fa883d9fe9eda49e7836056334c6db7113929a98dac57b5b61337c7d2ca2a97e87e965e5eeb90a7a662a0af16ba5bcdd3b4

      • /data/data/com.touhao.caishen2/files/.jglogs/.jg.store.report_cf

        Filesize

        32B

        MD5

        a050e91cdf07b050dae58083db0360b8

        SHA1

        1cbf2f2e4bb1400e3dcc324684dfef716b4bd303

        SHA256

        e9b000db10b0179d5c9a4e64f32991a4a852773434523e539e28f0812844e5d7

        SHA512

        b1db9924e0be703d4a518726df7212bb0f17fe8d0af80789bf6396116b02e8f3d3aba1e4845826a38f107ccc98ab093a6b7608282aa4ca28d000fee93211207c

      • /data/data/com.touhao.caishen2/files/.jglogs/.jg.store.report_cf

        Filesize

        54B

        MD5

        429a6d36e63eaa5a7069ad2952d8cddd

        SHA1

        9b938e2e896ff0cb6cc213a4f587579d9174a7fa

        SHA256

        9664cce22f44ffdc9110cbbe6f0fd95dcabd77e1d580c3bd9140d4b0aa3d09ca

        SHA512

        c592fe064a100b52cab494310e6217cfccae54c98ccd6814187a345ddc1337f73e8771741afb296c458fc3828951fe8107ffa4b5eae9b17f72dc52d70ebdc101

      • /data/data/com.touhao.caishen2/files/.jglogs/.jg.store.report_pid

        Filesize

        54B

        MD5

        0ef7d16e354e3cd2e75625a675928817

        SHA1

        7a3a7052f17934574043c6537444e74a49cedccc

        SHA256

        be2e526a02fc752d3dcf41a641779d3016679f9065e0e15d85ce296a27cd8394

        SHA512

        15742ae7ceb65cccae48c633ec47fe544becf7c5ca524d43a9c22af26d9dee83a265fe2b7ab707a00a78612f363ee29476b491b56ba0c794f9a0c644f70cfa8a

      • /data/data/com.touhao.caishen2/files/.jglogs/.jg.store.report_pid

        Filesize

        32B

        MD5

        ccd8e739df5ca8c87d501eb4af5882b1

        SHA1

        addb13d828b4062f3728f5dd3ab40f5ba461686b

        SHA256

        021f1e9ad2d333f11235ea302c9ffaa5a547b5fbe0cd585f972756cb6a1d9e89

        SHA512

        7ebb1bc52cd61ae915c9c712df9a0162ae3529c37d3be54cc180e89280b9ed2fd0d9600587a4c92c5e1bc5b15383c7e9cf9fd06cb74d3af3f4a7acba606e89e0

      • /data/data/com.touhao.caishen2/files/.jiagu.lock

        Filesize

        27B

        MD5

        0d5cd0d12eaf2b0b3b7e63f9f1eaa289

        SHA1

        b4c42deee7eb72a4ad2dfde1c66224ee825324dd

        SHA256

        1f65d6c932d6fecce23cb8d995dd2d6599cc9c6dee405ff045adb985e58b8e9d

        SHA512

        8eee81ba8c35e2dc0198c764054051dfaf1952b9c2bb18b0ee21ddb5f070986bfdbf4d66090059ebbb73f95a2b4bfb85790e132540e61ef8529c1a97793993e1