Analysis
-
max time kernel
8s -
max time network
135s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
12-06-2024 23:56
Static task
static1
Behavioral task
behavioral1
Sample
a30759feac44f4b571dd3ae82f7aeb8b_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a30759feac44f4b571dd3ae82f7aeb8b_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
a30759feac44f4b571dd3ae82f7aeb8b_JaffaCakes118.apk
-
Size
9.2MB
-
MD5
a30759feac44f4b571dd3ae82f7aeb8b
-
SHA1
ca543fed648e2d0cb74a2e579cdf686e44c3e4e7
-
SHA256
f022bfbccbc5cec1a00ff5b459753efaf13927ef68794b314b5e2d870e32f041
-
SHA512
85a757cacf08a14cc2bfef4cc6853392d76f0d6de8dcaa56e1770a48eaaba7f5c21b39caef97067191f9fb7f04c431ad5d40b8775771b5530617819dfde09087
-
SSDEEP
196608:idHEzVMj1++81QH+U/Ah4tcmiQrIn79kud50yYyb:EGVMj1++H+dh4tcmAn7muz0Yb
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.yghys.doctorioc pid process /data/user/0/com.yghys.doctor/[email protected] 5133 com.yghys.doctor -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.yghys.doctordescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yghys.doctor -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yghys.doctordescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yghys.doctor -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yghys.doctordescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yghys.doctor
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yghys.doctor/.jiagu/classes.dexFilesize
3.5MB
MD58fa88efa13f592e38a4904c4fb3248c3
SHA1a10b7a7b0fe18450bf8217a7cbe256762ef1be75
SHA256d114c5dd531cbbdcef50763c51bdd3c9f972ccaea9b89d409f27cafad6b836d4
SHA5122ae90c4d007c2d6427a7b81d2e728c6386504ce9a9882a54d8b31f27dca290fb84a1da5d88c201c06a3d439f9a7fe8dd79b1e1dfe7ea6e2c87718d8c1b1cee58
-
/data/data/com.yghys.doctor/.jiagu/libjiagu.soFilesize
456KB
MD57e7125a1193cfa8a696c1b8a6d2a103e
SHA1af193df6127a47f455ebb7d5b792d2e982f4e004
SHA256707cbb7d210699b111f050a382224f04ba2dbf72ecb4ee8f420d5759b6a23681
SHA51291a62f00c2a9dc3c28348ef512ca56ab44d999e11dd806d565109159e79f25833c9141023ad639c7f5132acb8038ca0d7cc049ca2118534570d3ef1b36798b03
-
/data/data/com.yghys.doctor/files/.jglogs/.jg.acFilesize
32B
MD538d891dbe6cb77063cf764f287e6de32
SHA1ac7f548f7020ca02072130358c2621a686eaec8d
SHA256b471d7092c334e8d5153da23e3cc0bc57a7c68dd20426f074a367aaad20964ee
SHA512b95de7a26daa85f13ea8915dc277619bf81653e2b391fb79ce311e8eaa8ad0e935259fabc9b237bea30042e63b5797ac4576307aa0ad8052b7a02dab2f5815ce
-
/data/data/com.yghys.doctor/files/.jglogs/.jg.diFilesize
340B
MD594f4b4dfd108dbcd64a4855eeefb18b3
SHA1ece001b995fb877bc0e481453247ca013031cb3b
SHA256d6b1f198f2b85a4b8afc92086992b2f87e75af253ecdbe40ab5cfeb2bca04e5b
SHA512dd261a2b2f30c84d23a7cfb051c9c4c16a3c3de501cc910fa4d975d1b3f897c5485cebad59523766552b32694e2278f2b9f892114dd0967abb463ac6a9e40fce
-
/data/data/com.yghys.doctor/files/.jglogs/.jg.icFilesize
32B
MD5cf0fa17aaf0a8a682fc32aed1b0460e0
SHA1f4f9ef86a604ebc591ff5af85ca6d90a75158f9d
SHA2561d2f6053688f4164291a24c45b4a7076db22a4020ad7f726767f606bf00a5ae7
SHA512c15e55d8472bef6572be38001fe167c02676aa0347e29c22483086c51f39376c8442b94b1f9b814340316e5bedf60ca82b5c3ef7d9b9a3e66dfd4986a43b2f88
-
/data/data/com.yghys.doctor/files/.jglogs/.jg.riFilesize
314B
MD53d8f52ea7a7e075d0869aea3fcfe0006
SHA17fd7788c189bdaf58c9e9dea06f4c8e61954029a
SHA2562be34e39f6d67977b19d018c54d31753fe940c667c5d9936ad2fc82a9d9cc54e
SHA512dd4d1da28dd12a89850ba96d8e155e6922c07995cf8aa7bb00e189e94fd24b23007412418fdacb219863d2a4cc8303f6e89663075483055973d488ca094ba817
-
/data/data/com.yghys.doctor/files/.jiagu.lockFilesize
27B
MD5866640d6904c9f92644669d44d990541
SHA12701acd8b091541efa1450f72de11111ddac2b97
SHA256b69c77eead2179ac94200bbd2f9a0ccc97683dd0ada5a01b2aa1989b0a46262b
SHA512ce6b2139ba275daa3a1798a8f935f2345504c84ffb58a369fa0c9de4454e9ff211db4b94821046c0e7fcae2c18569425f190fb0820e71d670f778930b870bd17
-
/data/user/0/com.yghys.doctor/[email protected]Filesize
6.4MB
MD55ce8c72a6acb4dea0b907f31c71f1638
SHA1c32fd2d1f50b23e2504fbefd282e255ef7694dca
SHA2563d0d1b7969ea11bf1cb8edd2fcf315556a3fd989cb09f5d31c5f4c755b2a404b
SHA512d84494057ae4f337aab1f315e84e1e4bbf5cfd6cf3585f19b12151c3181d71bdd12c4866abc5ff9172b00de6497ca4a55268bf54f9ac90fef05c96b42a892c3f
-
/storage/emulated/0/360/.deviceIdFilesize
48B
MD54c4c5285293d5141f582aefa4e038669
SHA1e01852a72e5a8e6f7d63a21426b515118196047b
SHA25636c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399
-
/storage/emulated/0/360/.iddataFilesize
32B
MD5175990baa143138d5cb4a712e172c3f3
SHA1fac3640580ef9443529023878fa50795431b5ab1
SHA256598adf3b09f46774a6cd40b947903d2aa2544a8948b3ffdf188117f7dd9b802e
SHA5125611281fb2a9d0a9cd1287108b032bb33eb06817e2f6d86edbf34ff9df8f3993429dc15685090e70fc95b7730d66b66073c84af14d2517b3c672a40184bbd8f2