Analysis Overview
SHA256
b847be7178d00f7dab3007f17c3ed3c70deed6d41f59e6178e53a545322a1823
Threat Level: Shows suspicious behavior
The file 9f73d70a5645fed3661eae61d9261db8_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Loads dropped Dex/Jar
Queries information about active data network
Queries information about the current Wi-Fi connection
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 20:42
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 20:42
Reported
2024-06-11 20:45
Platform
android-x86-arm-20240611.1-en
Max time kernel
6s
Max time network
166s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/com.xiaozhilc.app/.jiagu/classes.dex | N/A | N/A |
| N/A | /data/data/com.xiaozhilc.app/.jiagu/classes.dex!classes2.dex | N/A | N/A |
| N/A | /data/data/com.xiaozhilc.app/.jiagu/tmp.dex | N/A | N/A |
| N/A | /data/data/com.xiaozhilc.app/.jiagu/tmp.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.xiaozhilc.app
chmod 755 /data/data/com.xiaozhilc.app/.jiagu/libjiagu.so
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
Files
/data/data/com.xiaozhilc.app/.jiagu/libjiagu.so
| MD5 | e5a53000766ebc433b27d6a66ec4f555 |
| SHA1 | 2c8f53f1c03aec2005bcad67d731f07261dabde0 |
| SHA256 | 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e |
| SHA512 | 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d |
/data/data/com.xiaozhilc.app/.jiagu/classes.dex
| MD5 | 9db166176d3183dfb3e3c24e31f16c9a |
| SHA1 | c3b77e60db6f5f7d7aec68c96a96ed7c5e4a83ce |
| SHA256 | a7f5231c413810b1a41578fbe80d2a2f5a146075ac763888d2be35a5fcc2348d |
| SHA512 | 8478ea2115ebeb90937bf320b0d1ea66e2c7955b1c364282fab3747a7577526d6e26f598c99ed856c45563cba7a6c6819e9ea7bb08ef2ef046b2b07651505605 |
/data/data/com.xiaozhilc.app/.jiagu/classes.dex
| MD5 | 6534055060d74b0d96c07accf8c07c52 |
| SHA1 | af138566a2297ec11c3151c33fe3aac6d4367661 |
| SHA256 | 3220e4cab4261e033c667c8c6e03ce67af22acd883102091b25e52dfb9aaf474 |
| SHA512 | 5bc5a1ff99bb36fe33134aec8f2956e99393cb287de3a13426150b93e9ebd32d415b283f4a31d676bcf57f2dbecb49966e57c48c51af0e6a034d4a97596fe5e9 |
/data/data/com.xiaozhilc.app/.jiagu/classes.dex!classes2.dex
| MD5 | c3db23fe20574189cd1c3b941243fbaa |
| SHA1 | 6cc98494e61610a9c07950cf22395ce43ea66f30 |
| SHA256 | de2afa7fe226897d0a106b6a99c9f9ee71cbecfcd1c26c3cdd1aaa52d93138ff |
| SHA512 | f9807b037e97c692ad63768120c945baad095fe11b4fb6bccf6ee50c16df6c7412dfcf3601e475fc2ab3134bef181fc7864478b76122e31555cf3054cd48ec3d |
/data/data/com.xiaozhilc.app/.jiagu/tmp.dex
| MD5 | f1771b68f5f9b168b79ff59ae2daabe4 |
| SHA1 | 0df6a835559f5c99670214a12700e7d8c28e5a42 |
| SHA256 | 9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939 |
| SHA512 | dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d |
/data/data/com.xiaozhilc.app/files/.jglogs/.jg.ri
| MD5 | c1e49c00b9791313fc93d19d3f5e1b1b |
| SHA1 | 5e10c9a6d1854ba7e0e331144a2bd5c5632d12d0 |
| SHA256 | 70c336ef02ede7173e223253dde4d0456600ec549bd59cb513818f8521a495a6 |
| SHA512 | 0710e72c984f57a9480cff7ed02ff7b24c829d01099215f853071a1fb9d7597681bcc3c49ada70bb0f7e497d3d6d53543bf9b7dc05326a6500d5505e0716051f |
/data/data/com.xiaozhilc.app/files/.jiagu.lock
| MD5 | e38723ed39235e6670a26240ccdb5f89 |
| SHA1 | b00046a8da057733c651af10deb5742094b24f79 |
| SHA256 | 6e70fbaaaeeaadae119ff9ce8e0707c288bf415935981acd6eca1bdf31c8705d |
| SHA512 | dfcc0d09389d3af3c3d035c39d1603d22dc8ae66bd537cc5c91216b41cc06545df6ceaf7290ffc3aea27cb9d65fddd967008eb65b41106e589d5943c4cd5c91d |
/data/data/com.xiaozhilc.app/files/.jglogs/.jg.ac
| MD5 | f7bfe666032a7229d233a01031daa755 |
| SHA1 | 401652eab7a64896cf9ade9d68afe6a9c73552cf |
| SHA256 | 832edc37aa493bf6a151f69cfcb55093b2b690df15893cbfaffaa4222f657ee8 |
| SHA512 | cc0aa5e09b87b19ff9562cb3f8ec67c1d17a892991418e087ed3673bacc6d80cc9687ae86ca28893738731f9a6dd0b97749b105580ef7264a25672ff49d34c71 |
/data/data/com.xiaozhilc.app/files/.jglogs/.jg.ic
| MD5 | 8d3d75c2b206fc4b0a8175fc0679bc90 |
| SHA1 | 57ed0f3f7b9f87230e5b95b8c10460f373b31b79 |
| SHA256 | 5a5438487b3838d3001e5895fb0e0ced67493d041b2387ec9e34ea3733b69648 |
| SHA512 | 96bd9ba9b8c6256bc555428b8baf092408b2fc03ce9b5a41dca17478e55cc6c5fbb4cb6d785a4ab55c3e0f7f81df4e7c4b97544fad45a331f28db705d3322b22 |
/data/data/com.xiaozhilc.app/files/.jglogs/.jg.di
| MD5 | d647859ac6eae26d792ffbe487d16fd8 |
| SHA1 | 1bdafd737b10b30c40fd18d51e2649ae1096fba0 |
| SHA256 | e7f5c21e8c2940e383f73026880a01709d2d183a3a3c55302f78d4ffd7065ce0 |
| SHA512 | b2c5a374b60b274a55b9e765f67bcff2c5570e9672668487cb77fee786e5d27d899d2a86e539c41aac1fcaba795bb835bf3a9150c72cbf8fde8028f699985b1f |
/storage/emulated/0/360/.iddata
| MD5 | 1546b4d0d6fb7764c5f7e114c8324786 |
| SHA1 | 7d8e47c38cb0c0a80875dde01c37fb86bfa820e5 |
| SHA256 | 0251b5e572ad469da3ec374f4fe2096c90f84987d409c0dbf9b7b449eed084db |
| SHA512 | 2e40e5b5a5079ca0ac5459eb0021feb8eb7cb0792bbe2ec8bfe90545ddaa0737b8416c703513c532d57c6ec81ea52bc0e4ab25f30ddb22934ea40a989c314e11 |
/storage/emulated/0/360/.deviceId
| MD5 | 1d8d16c4e3b19ebf18988530d9b9a757 |
| SHA1 | bc94c1cce05cd848a53271ecb9c5311e27ffebf5 |
| SHA256 | abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7 |
| SHA512 | 4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82 |
/data/data/com.xiaozhilc.app/app_crashrecord/1004
| MD5 | cd3133a94883ced9de74f197e3e98d37 |
| SHA1 | 396f9750537f0f0f1a73b51294b143c90fd4aba0 |
| SHA256 | 57435c8725887369644da5743c159f35e6d0395e1ec40f994749fd30c9413a99 |
| SHA512 | 67efe3e27dcafed89d479b2759897a22448fff2c32f30347a7306f850eaf0d6dddcb1a5f91947186479ebb862d9603ed217462af897494c3c1750461185fa633 |
/data/data/com.xiaozhilc.app/databases/bugly_db_-journal
| MD5 | 55e5bd5aa6e4e62e2cf1f57e56631196 |
| SHA1 | bfe976c40a0a80afc3877c2039e77ea852d12338 |
| SHA256 | fcf382db7384d917209baf3a3c1c4c49911ec0090d09ba49bc9a86ec184ddd5e |
| SHA512 | 5ad0aad6bc1684b38def414fbb7fee8428769d93e9bd03a5a5905ba10f8e7f38fde8283de7899a2b78e15d70fba0cba9ea7af0014224eb76ed4c264a5d051364 |
/data/data/com.xiaozhilc.app/databases/bugly_db_
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.xiaozhilc.app/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/com.xiaozhilc.app/databases/bugly_db_-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.xiaozhilc.app/databases/bugly_db_-wal
| MD5 | 29b742a956b291e23f059e0db8cbd7d8 |
| SHA1 | 4f2761602dca89d6acf0237b03f4e0c135c27a59 |
| SHA256 | bf14ccd490cec5b47252ce291c4d67ea6b66e856f7324b57ae95cda69c72d01c |
| SHA512 | 9d9e095975385381d606e11ff9b4754f03f679d23842032a085a46aabdcfc3f20668aa6d482e10ef512bfb63c06ca86f23e3d3ffd8265d2630ba982ae7797c4a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 20:42
Reported
2024-06-11 20:45
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
7s
Max time network
170s
Command Line
Signatures
Processes
com.xiaozhilc.app
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.228:443 | udp | |
| GB | 172.217.16.228:443 | udp | |
| GB | 216.58.212.196:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | udp | |
| GB | 172.217.16.228:443 | udp | |
| US | 162.159.61.3:443 | udp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| GB | 142.250.179.227:443 | tcp | |
| GB | 142.250.179.227:443 | udp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/user/0/com.xiaozhilc.app/.jiagu/libjiagu.so
| MD5 | e5a53000766ebc433b27d6a66ec4f555 |
| SHA1 | 2c8f53f1c03aec2005bcad67d731f07261dabde0 |
| SHA256 | 78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e |
| SHA512 | 370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d |
/data/user/0/com.xiaozhilc.app/.jiagu/libjiagu_64.so
| MD5 | 05a8c3ca16893f4e6cc997a82d987fb3 |
| SHA1 | 76d6c6d19e0bfa83c847e5d330bd144f58994bff |
| SHA256 | 82e708e200cebe270ec57231729413621a8904e907efac8cfe71cb2cf16a3c10 |
| SHA512 | 2a878c39e713fb6ff5b457f94a1fe2b5adc456924d087a1b6abd59afc0b0e9bad68852eddd34c6441e8996e66eb5fdb711ed6f477d6e447dd48cfd151d89fe96 |