57fc6a1943f334893132912ce1da08341440505570e03f155e2b9c55805f2cc4

Analysis

max time kernel
3s
max time network
154s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
03/06/2024, 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9034aeeac974c705d0209094f12d7f8a_JaffaCakes118.apk
Size

15.0MB
MD5

9034aeeac974c705d0209094f12d7f8a
SHA1

935d22f9b09c0ba80d4950f69ffe5f24bbf09f67
SHA256

57fc6a1943f334893132912ce1da08341440505570e03f155e2b9c55805f2cc4
SHA512

9de60a3f5f5626b0af660882e53aa4da7406a0a872e0b413bba1fe3d6fa03ff9c8dbccfd02ba4baf212ae48a9968a051556810e3868129be49afcaf77501a2ca
SSDEEP

393216:7cxT2XmyM1k+8wpwnyvAtqI9tSL6KzD/mL7Qie:7VmyM1k+JwyTIM6KHeQd

Score

6^/10

discovery

Malware Config

Signatures

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yc.phonogram

com.yc.phonogram
1⤵
- Checks if the internet connection is available
PID:4282
- chmod 755 /data/user/0/com.yc.phonogram/.jiagu/libjiagu.so
  2⤵
  PID:4309
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.yc.phonogram/.jiagu/classes.dex --dex-file=/data/data/com.yc.phonogram/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.yc.phonogram/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4337

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yc.phonogram/.jiagu/classes.dex

Filesize
5.7MB

MD5
c4ca1731864200bcc748c5630c646883

SHA1
24e487bccc9e5f7418398ddc2ac591719ffee4de

SHA256
361da113738fff9bde064eb1913ca1fdd1d52e61513ac71cbd9aa409a8d4b843

SHA512
2191d43c374413a49c26d150ce93e22ace90212b3b48a9d204cf217cedb1a8695dc4d6a9f6b232dc7d51dbf9e1032307b8867150a8f7d2919f2e9f011e375f35

Download Submit
/data/data/com.yc.phonogram/.jiagu/libjiagu.so

Filesize
344KB

MD5
f07c10fa1727a4d7395f07d20d77892d

SHA1
a7c2f367daea205bda6035a739bff81003554b4f

SHA256
b33b45d44e01f762b2678eb5fda5a804650b74cced4ea7362e3a19b37049e2b3

SHA512
83411cbcf78a99fed70dbebc46d626c85f61ba729ea0b3c93d2e109c63bbe6a739eae09d61af7fa0ff127502f3a13034d45a130f581e8ed3f66db892712736f1

Download Submit