Analysis

  • max time kernel
    8s
  • max time network
    135s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    12-06-2024 23:56

General

  • Target

    a30759feac44f4b571dd3ae82f7aeb8b_JaffaCakes118.apk

  • Size

    9.2MB

  • MD5

    a30759feac44f4b571dd3ae82f7aeb8b

  • SHA1

    ca543fed648e2d0cb74a2e579cdf686e44c3e4e7

  • SHA256

    f022bfbccbc5cec1a00ff5b459753efaf13927ef68794b314b5e2d870e32f041

  • SHA512

    85a757cacf08a14cc2bfef4cc6853392d76f0d6de8dcaa56e1770a48eaaba7f5c21b39caef97067191f9fb7f04c431ad5d40b8775771b5530617819dfde09087

  • SSDEEP

    196608:idHEzVMj1++81QH+U/Ah4tcmiQrIn79kud50yYyb:EGVMj1++H+dh4tcmAn7muz0Yb

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.yghys.doctor
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5133

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yghys.doctor/.jiagu/classes.dex
    Filesize

    3.5MB

    MD5

    8fa88efa13f592e38a4904c4fb3248c3

    SHA1

    a10b7a7b0fe18450bf8217a7cbe256762ef1be75

    SHA256

    d114c5dd531cbbdcef50763c51bdd3c9f972ccaea9b89d409f27cafad6b836d4

    SHA512

    2ae90c4d007c2d6427a7b81d2e728c6386504ce9a9882a54d8b31f27dca290fb84a1da5d88c201c06a3d439f9a7fe8dd79b1e1dfe7ea6e2c87718d8c1b1cee58

  • /data/data/com.yghys.doctor/.jiagu/libjiagu.so
    Filesize

    456KB

    MD5

    7e7125a1193cfa8a696c1b8a6d2a103e

    SHA1

    af193df6127a47f455ebb7d5b792d2e982f4e004

    SHA256

    707cbb7d210699b111f050a382224f04ba2dbf72ecb4ee8f420d5759b6a23681

    SHA512

    91a62f00c2a9dc3c28348ef512ca56ab44d999e11dd806d565109159e79f25833c9141023ad639c7f5132acb8038ca0d7cc049ca2118534570d3ef1b36798b03

  • /data/data/com.yghys.doctor/files/.jglogs/.jg.ac
    Filesize

    32B

    MD5

    38d891dbe6cb77063cf764f287e6de32

    SHA1

    ac7f548f7020ca02072130358c2621a686eaec8d

    SHA256

    b471d7092c334e8d5153da23e3cc0bc57a7c68dd20426f074a367aaad20964ee

    SHA512

    b95de7a26daa85f13ea8915dc277619bf81653e2b391fb79ce311e8eaa8ad0e935259fabc9b237bea30042e63b5797ac4576307aa0ad8052b7a02dab2f5815ce

  • /data/data/com.yghys.doctor/files/.jglogs/.jg.di
    Filesize

    340B

    MD5

    94f4b4dfd108dbcd64a4855eeefb18b3

    SHA1

    ece001b995fb877bc0e481453247ca013031cb3b

    SHA256

    d6b1f198f2b85a4b8afc92086992b2f87e75af253ecdbe40ab5cfeb2bca04e5b

    SHA512

    dd261a2b2f30c84d23a7cfb051c9c4c16a3c3de501cc910fa4d975d1b3f897c5485cebad59523766552b32694e2278f2b9f892114dd0967abb463ac6a9e40fce

  • /data/data/com.yghys.doctor/files/.jglogs/.jg.ic
    Filesize

    32B

    MD5

    cf0fa17aaf0a8a682fc32aed1b0460e0

    SHA1

    f4f9ef86a604ebc591ff5af85ca6d90a75158f9d

    SHA256

    1d2f6053688f4164291a24c45b4a7076db22a4020ad7f726767f606bf00a5ae7

    SHA512

    c15e55d8472bef6572be38001fe167c02676aa0347e29c22483086c51f39376c8442b94b1f9b814340316e5bedf60ca82b5c3ef7d9b9a3e66dfd4986a43b2f88

  • /data/data/com.yghys.doctor/files/.jglogs/.jg.ri
    Filesize

    314B

    MD5

    3d8f52ea7a7e075d0869aea3fcfe0006

    SHA1

    7fd7788c189bdaf58c9e9dea06f4c8e61954029a

    SHA256

    2be34e39f6d67977b19d018c54d31753fe940c667c5d9936ad2fc82a9d9cc54e

    SHA512

    dd4d1da28dd12a89850ba96d8e155e6922c07995cf8aa7bb00e189e94fd24b23007412418fdacb219863d2a4cc8303f6e89663075483055973d488ca094ba817

  • /data/data/com.yghys.doctor/files/.jiagu.lock
    Filesize

    27B

    MD5

    866640d6904c9f92644669d44d990541

    SHA1

    2701acd8b091541efa1450f72de11111ddac2b97

    SHA256

    b69c77eead2179ac94200bbd2f9a0ccc97683dd0ada5a01b2aa1989b0a46262b

    SHA512

    ce6b2139ba275daa3a1798a8f935f2345504c84ffb58a369fa0c9de4454e9ff211db4b94821046c0e7fcae2c18569425f190fb0820e71d670f778930b870bd17

  • /data/user/0/com.yghys.doctor/[email protected]
    Filesize

    6.4MB

    MD5

    5ce8c72a6acb4dea0b907f31c71f1638

    SHA1

    c32fd2d1f50b23e2504fbefd282e255ef7694dca

    SHA256

    3d0d1b7969ea11bf1cb8edd2fcf315556a3fd989cb09f5d31c5f4c755b2a404b

    SHA512

    d84494057ae4f337aab1f315e84e1e4bbf5cfd6cf3585f19b12151c3181d71bdd12c4866abc5ff9172b00de6497ca4a55268bf54f9ac90fef05c96b42a892c3f

  • /storage/emulated/0/360/.deviceId
    Filesize

    48B

    MD5

    4c4c5285293d5141f582aefa4e038669

    SHA1

    e01852a72e5a8e6f7d63a21426b515118196047b

    SHA256

    36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

    SHA512

    097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

  • /storage/emulated/0/360/.iddata
    Filesize

    32B

    MD5

    175990baa143138d5cb4a712e172c3f3

    SHA1

    fac3640580ef9443529023878fa50795431b5ab1

    SHA256

    598adf3b09f46774a6cd40b947903d2aa2544a8948b3ffdf188117f7dd9b802e

    SHA512

    5611281fb2a9d0a9cd1287108b032bb33eb06817e2f6d86edbf34ff9df8f3993429dc15685090e70fc95b7730d66b66073c84af14d2517b3c672a40184bbd8f2