Analysis
-
max time kernel
176s -
max time network
185s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
12-06-2024 11:41
Static task
static1
Behavioral task
behavioral1
Sample
a08ae7f9e72abc34b74fd74289d05ea4_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a08ae7f9e72abc34b74fd74289d05ea4_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
a08ae7f9e72abc34b74fd74289d05ea4_JaffaCakes118.apk
-
Size
18.0MB
-
MD5
a08ae7f9e72abc34b74fd74289d05ea4
-
SHA1
44169676a5b2003eb20c6b434055aefd58460ce6
-
SHA256
c6f1bf7d3abd0ca101f6572c7ceaed15a4f823388cc99140594f8672c6d20536
-
SHA512
d3ee5f7d72c0bd79d847aa50fd704d16522ef4cdee93a06974088835010ff5c27607d7d030950c78beec27cbfe9979ff6e045ff860e1825724c851e6c5840ead
-
SSDEEP
393216:+NKMf1mAplwBcHUcd+r2tF9Ya3g7gf/dgSRYe3us:+NKMf0ApyqHLF9Twc2SWeZ
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 10 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoreioc pid process /data/data/com.xgbuy.xg/.jiagu/classes.dex 4169 com.xgbuy.xg /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex 4169 com.xgbuy.xg /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex 4169 com.xgbuy.xg /data/data/com.xgbuy.xg/.jiagu/tmp.dex 4169 com.xgbuy.xg /data/data/com.xgbuy.xg/.jiagu/tmp.dex 4169 com.xgbuy.xg /data/data/com.xgbuy.xg/.jiagu/classes.dex 4220 com.xgbuy.xg:pushcore /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex 4220 com.xgbuy.xg:pushcore /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex 4220 com.xgbuy.xg:pushcore /data/data/com.xgbuy.xg/.jiagu/tmp.dex 4220 com.xgbuy.xg:pushcore /data/data/com.xgbuy.xg/.jiagu/tmp.dex 4220 com.xgbuy.xg:pushcore -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.xgbuy.xg Framework service call android.app.IActivityManager.getRunningAppProcesses com.xgbuy.xg:pushcore -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoredescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xgbuy.xg Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xgbuy.xg:pushcore -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.xgbuy.xgdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xgbuy.xg -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.xgbuy.xgcom.xgbuy.xg:pushcoredescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.xgbuy.xg Framework service call android.app.IActivityManager.registerReceiver com.xgbuy.xg:pushcore -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.xgbuy.xg:pushcorecom.xgbuy.xgdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg:pushcore Framework API call javax.crypto.Cipher.doFinal com.xgbuy.xg
Processes
-
com.xgbuy.xg1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4169
-
com.xgbuy.xg:pushcore1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4220
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB
MD5af40ddebf367d3418c410ba2bbdb34a6
SHA19a5c0f557da523fb37d3ea9f1dad84e45b78b8ab
SHA256fd4c1d3b24b0138f6f355235f35815ff43de7e73e5029854ac0581f6d5b4cb45
SHA5126ca004321a8ef7f6a08b5be12833971bf017ff58c753ebe73d682abcf5633f084b9b1f5c3453432894f8ce8c9b306963b345cc0d6503450667d9ef66d3ac0ae7
-
Filesize
6.5MB
MD556a56032a56816197231ccd2c1447841
SHA142b24c7723619c5bbfff5625ee1f4ff7a9afb34a
SHA256920b1975141f98268ddde30a18db00a3c92776c8472763640b06009b90ccf039
SHA512f47a2ee1f15a58887d5158bf141277a7d6488fcd31a9c85ca0d6706a4252433b812e8a49e956fba313393ac55333bee777394d300e136d489a484f5e883e3165
-
Filesize
2.1MB
MD563eb01b23dce33b6abd34b5693031ca8
SHA1870abc96ae069aa034b1b647244af5465a881ddf
SHA2563798ad86a5974af83d89bc71f1737c1747ca4561beb07f74a214675efab02629
SHA512eac344e6167fc50acfca60a177bccf404cd0eb595b0b3e948f88af21ac3d7c14a49d0d7162bc5ef529b9107132c8ac3d0242186ac1b0ac231acc31e8f969311a
-
Filesize
486KB
MD550750315eef281575611bc425174b939
SHA1acaff02526d7b4c257e00002ed09af364f66a401
SHA256c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef
SHA51260584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32B
MD51264f30db5bc978090c891fc9ba97820
SHA122a1664ca5bac8af36bdaf8e4098c02c7fc9c1fc
SHA2566383110e70c2cf20a67539bbf759d99229ac2dcd214cae6a3c5de840497bab2c
SHA512f3ec53223344ea4763479b39ae62a3dde4b83e0db05d4707c9e2c914725943063706c6c53e6fc043ee13640ac98242775c901b84ec76eb3edf11615bd0084488
-
Filesize
340B
MD5bc50299365ea35d0101eb3d9116b49e4
SHA1f6c182d394346873182a9c7a957b1cf04eac74c2
SHA2568b687fc211b3762b8bbc4641e7c3d5845edc6dd49c7bdac6054f3e5f26a2b90c
SHA51213fbc1e542a16eca3b51d0239dfd9a62ecff46515768fda3d026e579ef1b3a2c5e701db9cb2ff8afbefd57b963cfaedfa5b50ef1317499fbc3750938fb4bce35
-
Filesize
57B
MD570a42cba408700f9a6c01c7941a8829e
SHA1eab01cc2c0671538795fb0b1146017dc099d0984
SHA256499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA5128900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c
-
Filesize
73B
MD51a5d276d1e61ef6ab8262f83cc23eeb4
SHA1d0979b7b2304f4a8540b132a87ce728637359431
SHA25654b74f17e1010d576783577bcc52009aeaae6f9c58f3b29f6becd0bbd248091d
SHA512dc3ab8cdd7c8b549601253ecc5612c6efbd8bddd0fc26f7a463e94eadbea5c8c42e531996a3826bfa6760fd9676f5ece376d8020dda0896f024cd5427fa62f05
-
Filesize
314B
MD5a5250fd612fddb1d5533a0e023ea9d7d
SHA15716213446cf2a4fb070503b06fc218c62a5e648
SHA256589716a49d891158222094716b1217dd64a2b6ffbd787cb21fe75d99d7dc8ffe
SHA51291bc66c13515e8a5e00bf37a972927e645d1c5ffac470452c5fc1e3470889750a38eebd309dfb189f35154d0709bbbbca9e98de8587e3527a6c2338358a2d80c
-
Filesize
27B
MD575e6fa5557500883cb909d1fb0c0ecfd
SHA1eab9ac1c82579b7fbc8540969c48e461160f4836
SHA25610f6ba5e0621c713ebcc8e04287bcfac7a7621a4a28109132d44832768c00a71
SHA51286c1ab55d4ac995c523532f40a8997a01765793cb7fb4ffe3c23c5694d428bb52ac97200dc5f783a985c02a815c2736fe8060caf8522fea18764842499cf96bf
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
/data/data/com.xgbuy.xg/files/jpush_stat_history_pushcore/normal/nowrap/c5ab308f-84d8-4821-827b-5b9ee859b387
Filesize202B
MD5e6eea8d2650613c33f7f2cbcebcf5aac
SHA17a69a50f9b40032711ec9037aee36331b9adffac
SHA25653622047afa2b45a69786538353e44b275cfcfce39811949d2498c7c23d1fede
SHA51240fb27426db20960b86da827bafb3396557ae9795dfb1269e0e6a0d790fd4e934c86c0df44ed3b95e61c2e921d9d8def2faa9cce0d26077387756187d583f8eb
-
Filesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
Filesize
66B
MD519402718bfb1c685a726b4e1d846ad98
SHA102a7e30044a67085f2f1da24e16e4ecfede65b72
SHA256079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0
SHA51225254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b
-
Filesize
66B
MD55376297da698294a17e3200d3d0d3b7d
SHA1675745b8d8992ddd3e476b330891cb4a5cad8b53
SHA256b9bb70904e233150e2037f5f682d676721526f651be7072329c44bce14f30261
SHA512cb2f974a65173fdcd523d7d15017ad6f56eee431e4c3d3581fac31a1f7a9bdbd04272c163c1035bbd8c6e2338f6227a9f4b7edf17487d86e8ed98e2ebc2526b9
-
Filesize
112KB
MD5db0466133e5113802420152079c59c0e
SHA1d4ec6c2f91656a490408c32ca0710c95d35315de
SHA2566b1f78e459440984be238561e6aa7b14ac4cd4900de90ed014f3a9a12bcf41cd
SHA51251fb128802e3c7d0b3e5f17e0210c92570b529a4e9a86482d1636eb5e95164fd7c772051268f47715c12ae9e00ade1c10cb388ccb4dbfd12bc3b0a7ccd2766b4
-
Filesize
32B
MD537d995a8f5b42fef7a6814e7328c0891
SHA173c94164b0673cfb0dc8f8130bc9ecc4d6b68148
SHA256c407dfc521edf668060c36cc8ba63a87ae4b9be472094b32c9dda9f49c9a1ed8
SHA512419654507d0f215e7aa124fb4bfab2329ff3a82d8b01dbbc812db4e4b562f40314dfb46431e9f4b255d25991d561a54c79e94dfd2a16dd079630542e586a34b5