b23740891b764ddf43f753b1a0a67612576f35a7db2a821fc2c0798b209fb64f

Analysis

max time kernel
11s
max time network
170s
platform
android_x64
resource
android-33-x64-arm64-20240603-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240603-enlocale:en-usos:android-13-x64system
submitted
04/06/2024, 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

943123c983dcbfae35ebf11ffd83a06a_JaffaCakes118.apk
Size

9.3MB
MD5

943123c983dcbfae35ebf11ffd83a06a
SHA1

76a51b3a8d86fbc948a4ae060f420d2b9df356c6
SHA256

b23740891b764ddf43f753b1a0a67612576f35a7db2a821fc2c0798b209fb64f
SHA512

dd49dfcb409939b9366255f40e979b68d7a5e81cd95e20e6bcd03fef086e4cb693950f00b60999b44073a62b7d53873e7b0b9b8dd106d95677ff1bc11f14078e
SSDEEP

196608:f6nHYiLbkSUTzVfG+R2YO61AI0LOi8ChjjoiIDm5ghBhfjac/WZghEC:G4+kSB+kdQAIi1oiIDm3cOI

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.xrzh.lfh/.jiagu/classes.dex	4239	com.xrzh.lfh
/data/user/0/com.xrzh.lfh/.jiagu/classes.dex!classes2.dex	4239	com.xrzh.lfh

com.xrzh.lfh
1⤵
- Loads dropped Dex/Jar
PID:4239

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.xrzh.lfh/.jiagu/classes.dex

Filesize
6.8MB

MD5
25a4fb820c44eabba349508ecf28cec1

SHA1
783fe0b2a571aa53b8f4928cec1d2b40b011683d

SHA256
97b80a4d53aad4a777b9dd853511587aa725e75de33c8db03ac59ba9511a9ad4

SHA512
9fdfd4f6bf9dd36cdbfe0122c7942ace2d98e453b38de7730da26239b281b95d8dce2fc9d516b9f5fe9c228b6589f6f985f44292436d6685597acd3a4021df65

Download Submit
/data/user/0/com.xrzh.lfh/.jiagu/classes.dex!classes2.dex

Filesize
100KB

MD5
4343a074adc7a68dc2b98fd5b0981263

SHA1
963540bcd11e7f1d7834e1e1cfd142a9de9006d1

SHA256
be42b107857380d496b815b8f38790bb47d754f0c791687588d27388bdf47303

SHA512
c441652c446c1fc5fd8e187db1aa340ddf56a1be64649ff0e19d42a1077438c1385393bc5a2adc3a4492afe28869fe37ca44d23229ea166b8349911a28771e4d

Download Submit
/data/user/0/com.xrzh.lfh/.jiagu/libjiagu.so

Filesize
477KB

MD5
39d77dcad8e2a44dd7226f442b3a6c92

SHA1
6560fa96c6b5a038abaeee5f139a16e46088d9d7

SHA256
99cba035cae818dbdef989e70e738463798528b8ca52dbf38d2b8a72152680c0

SHA512
7ddfc6c05839160813e58e8f8c50d2dcda7e7b5e7f1d27cffb802ee91de4bb664bc5c257137d39152ed6e8cad0d3c1b067bf8aeb7e53f884893887b54480a5e5

Download Submit
/data/user/0/com.xrzh.lfh/.jiagu/libjiagu_64.so

Filesize
513KB

MD5
db22c5992479681884ab1805a6c9c441

SHA1
8e7c8a8aea4a6f7630871c1525355fbc0d7e9500

SHA256
eff32c4751a44e601ada9133b68c81ea5fd4dad5e3e88fb85d6b452f1dcc8324

SHA512
4c46486f7c8be5848197776a65d7c1f4f9d898c2278cee657a2e6e2cfd003c2efc4f6e76f48511ca1c696ec0339ce649d601bd8c3abe5c7a2e6219e263222e54

Download Submit