f39c58038666954591eafc35299eaa3b484710dd017c1629590abc41eddd5a81

Analysis

max time kernel
47s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240603-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
submitted
04/06/2024, 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

966fb0b361a44eea210a1dc452ec697a_JaffaCakes118.apk
Size

6.7MB
MD5

966fb0b361a44eea210a1dc452ec697a
SHA1

009c73d4b6ff230334861d76a26f0651b8cc406d
SHA256

f39c58038666954591eafc35299eaa3b484710dd017c1629590abc41eddd5a81
SHA512

8dc0748819e6305232d60cfce31ef4078857b7e06ae4aaab1092df3ca88c14e795b0f5e4fba4a85cf933466751f15cebb83e08e869a9381456a86f5872849dda
SSDEEP

98304:6Xe+ASAJxtd3Dsls76GZzgtBS8PFOPL8mrd5H2A67Sy7BQnzYiF:6umw7d3Qi7rcROIfNSy7Cb

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.fdoesf.edfqwe/.jiagu/classes.dex	4283	com.fdoesf.edfqwe
/data/data/com.fdoesf.edfqwe/.jiagu/classes.dex!classes2.dex	4283	com.fdoesf.edfqwe
/data/data/com.fdoesf.edfqwe/.jiagu/tmp.dex	4283	com.fdoesf.edfqwe
/data/data/com.fdoesf.edfqwe/.jiagu/tmp.dex	4317	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.fdoesf.edfqwe/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.fdoesf.edfqwe/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.fdoesf.edfqwe/.jiagu/tmp.dex	4283	com.fdoesf.edfqwe

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.fdoesf.edfqwe

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.fdoesf.edfqwe

com.fdoesf.edfqwe
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4283
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.fdoesf.edfqwe/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.fdoesf.edfqwe/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4317

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fdoesf.edfqwe/.jiagu/classes.dex

Filesize
5.5MB

MD5
3c93913783408d190ba33c4b741596f0

SHA1
1a337c33d46a51d3627f2232598ae9fab9329fdc

SHA256
4c65a191cf9afc9bf76b748d672187c2e70fbfb239f64954fad65962a6c3f0e7

SHA512
94bf8bf0c86f2888836419853c7470f9dcc0a4377d383e148b34f1c936dd13f3087359ca62a40c6fc96cad786c3744052befcc8d7f7f743d4208a8511ce5bde7

Download Submit
/data/data/com.fdoesf.edfqwe/.jiagu/classes.dex!classes2.dex

Filesize
1.3MB

MD5
f138c8de4a07d02f550f31e42d1b35f2

SHA1
4c56771e1e4cf3d8ee24b044799c9ce7f0b1d74b

SHA256
e8c0dcffb0e5e0b345b4f8e2d881ffebb82f332e5bf68eb5cf45422a8a3d4f7f

SHA512
f1b26d711788171edea22c5ce9538b85b3152088d91cd62332fed2ebcb69f75a38c3d21a53e1d3db927bd3abf034fff69475d54b086716a4f88981e988b45ac5

Download Submit
/data/data/com.fdoesf.edfqwe/.jiagu/libjiagu.so

Filesize
568KB

MD5
40b17436e92b03b70e0098a4b2ddf83c

SHA1
c8e8b1c0a86e291d0441b606a3b70044823ca474

SHA256
c7845ea6921498271c29010673d0ea315c34e9a3fefd95edc3ea62a3ff670283

SHA512
ddf08eaa3c226bba312e81501e8963435da312182ce21aca9b518bce2c7e9f835f9c8d3516210f67633c607c243ff7f6ebf366635256818a559c2c40c4a443c6

Download Submit
/data/data/com.fdoesf.edfqwe/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.fdoesf.edfqwe/cache/ok-http/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit