Analysis

  • max time kernel
    34s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    05-06-2024 16:47

General

  • Target

    98ab999fe68b6acf58db5c671892c3f6_JaffaCakes118.apk

  • Size

    13.2MB

  • MD5

    98ab999fe68b6acf58db5c671892c3f6

  • SHA1

    4b2e605f7adb31fe6ad76a2503063f9cc53ed5e5

  • SHA256

    091b35b1278e431cbdb97ee05657a3efbd3a6f889148289c99a67cfdc32d9fb8

  • SHA512

    760c9b2b88806a979134ce4f410bd3a715cb7c4ad26b040f024ed484bb44f9fc703e722416f6869e4ce621c583bf0cf69e89a38b91ce689a8e6270e8a78dd248

  • SSDEEP

    393216:gZE7dcwxbbw6J9h48uKXRTOwcaIOaVF/rYs3akrP:gypxbEq9S8nyfGiF/rYKHrP

Score
6/10

Malware Config

Signatures

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.glela.huixiang56
    1⤵
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4276
    • chmod 755 /data/user/0/com.glela.huixiang56/.jiagu/libjiagu.so
      2⤵
        PID:4303
      • chmod 755 /data/user/0/com.glela.huixiang56/.jiagu/libjiagu.so
        2⤵
          PID:4370
        • /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.glela.huixiang56/.jiagu/classes.dex --dex-file=/data/data/com.glela.huixiang56/.jiagu/classes.dex!classes2.dex --dex-file=/data/data/com.glela.huixiang56/.jiagu/classes.dex!classes3.dex --oat-file=/data/data/com.glela.huixiang56/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
          2⤵
            PID:4391

        Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.glela.huixiang56/.jiagu/classes.dex

          Filesize

          6.3MB

          MD5

          09fce1ceb80e395a20b99ac9b08cdca5

          SHA1

          821340a6fd7b3a155a046cb96f1a8fe391d8508f

          SHA256

          4546e49ebbcaf1d8ea8244b686b41ca8fdf2a3c823966703ec9fad2c94015d37

          SHA512

          a04cc840ed9bc40368d6bd7a2c64adf38d7dffc9d9e2c043057a4e8d6a89585d15f7db4216f56659c5e68c4794d4a8020b2f79214007bf92f485e462ce43a559

        • /data/data/com.glela.huixiang56/.jiagu/libjiagu.so

          Filesize

          363KB

          MD5

          1383b616dee6678b3591e577ace67225

          SHA1

          f2b0f5968b52f9c3ed022f3b3ba67e6142df89ba

          SHA256

          945e12ea3019404a01754579a234b21ff3c7c17c175750e514c0d404e9f30554

          SHA512

          72dda5b9833701c52e44260d979f6b91dface07899aa20ea686ef3d09f3225826140b7e8c336072aca21d51e88151a3fdb6952fc53b9749051f16197e8086b60