Overview

overview

8

Static

static

6

a725eefb2c...18.apk

android-9-x86

8

a725eefb2c...18.apk

android-10-x64

8

a725eefb2c...18.apk

android-11-x64

8

Analysis

  • max time kernel
    37s
  • max time network
    178s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a725eefb2c39e77f5577de62e0240b92_JaffaCakes118.apk

  • Size

    4.0MB

  • MD5

    a725eefb2c39e77f5577de62e0240b92

  • SHA1

    82745b334df3aa81f42fc8a847eb64a81b705106

  • SHA256

    49837c8a99e29ba8a14cf9e0e2abd3770e5c289862d6c0a9016e0983aa9f3294

  • SHA512

    b354ee437edd687dcdefe8d97bd068060aa5aac27845b151fb7866b5e43cc84f8036c3959756a7a35dd9d3b4b16b70177b4e9bc81872ae1482fe5d37bc69fbc4

  • SSDEEP

    98304:M9kd7v67UOH7IiSFXUz6rQD3ikrouyx1wPeRy:MOdb6I2cXkClkMRs

Score
8/10
bankerdiscoveryevasionpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • org.github.magnet.search
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4289
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
      2⤵
        PID:4437
      • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
        2⤵
          PID:4461

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/org.github.magnet.search/.jiagu/classes.dex
        Filesize

        4.0MB

        MD5

        922a7d316e17debf88142a756aa18e57

        SHA1

        2cfe2d4f130740cb4493326a7b41cc7965500188

        SHA256

        021775204a5d9facb8a5ae5cc1fac28df8c5c0b2aa485cea0791fc79e8be61af

        SHA512

        243dcc1f9513c0d942ef2a3761998fc92475564cb9bd224793e58d58db0c2e3ca9c489300717d5377abf46faf67e03e816245de5035f9b6942fe0dda413f792d

        Download Submit
      • /data/data/org.github.magnet.search/.jiagu/libjiagu.so
        Filesize

        558KB

        MD5

        98736de515958ae37ae93a0a0e997098

        SHA1

        72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

        SHA256

        335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

        SHA512

        cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

        Download Submit
      • /data/data/org.github.magnet.search/files/.envelope/i==1.2.0&&1.0.1_1718322153065_envelope.log
        Filesize

        2KB

        MD5

        53527e695a6804c8bb6e1fa71a34e645

        SHA1

        c173c65e06b5a886682a9d8171ff849361e92d6d

        SHA256

        071e1b843775709c13b206c806af900fe374b58d829211a88e51484c6dd5c5ee

        SHA512

        92f3db0b40b89401f18de0869d00de1b774f122a2db5c2a27ffdb4322c7ddc5e7b7b3329b09977e9359fbf45e73c7506adc208dc0b833381b3fca3644fc189e7

        Download Submit
      • /data/data/org.github.magnet.search/files/.umeng/exchangeIdentity.json
        Filesize

        162B

        MD5

        c2816792c53d3b2088095b70ac4a2537

        SHA1

        9e715feb4111f77b07e965bac8adfe3be2fc0d5c

        SHA256

        8633f2c6e02662d7ed5cbc6ee7dd206d71fa165c1969a2be0c1f24255c74dc95

        SHA512

        610ff59060b713ede2781961d5a5e59c902cd39dfe50e7916d8e00d8f6a00f2bb6e26ec7950e8c41a9fb72dd01827eacca2f8a0b61294f67d6fe6b33cee1c381

        Download Submit
      • /data/data/org.github.magnet.search/files/exid.dat
        Filesize

        56B

        MD5

        96dce3764fce893406118e5c1be6505c

        SHA1

        0b77fd9452067a3b6996271181ffc4d378a19396

        SHA256

        a68d5589a2f238e5b7a1860155294ba028852df00bbbcda3abfb5dc33b8ef6f9

        SHA512

        bc23b164fee5bf073fe9f5e34a04f62d0bdd1b156b4808cf2254e723d763fd554edc3cbb80c9e99c1ae397e87d5917cc165a2f88055d463a4c9f896a5dfdf548

        Download Submit
      • /data/data/org.github.magnet.search/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzIyMTUxMzkz
        Filesize

        1KB

        MD5

        723c7de364f3f827f46d1b2118f4d8ce

        SHA1

        f5eeefc6b5837c57e920fb45548e1db3cbabc591

        SHA256

        26ad8a9f5c06b787e68b582afc31ea9dd810bf475cba1f4d9056600a54737d5b

        SHA512

        43c2fde7048373dd999077386981f5403b54d07f2710835f9be57358da965683045d3206d01cbc12477ded638ca834bd547fcae62509fbb1e2e7d0b6f77b6aff

        Download Submit
      • /data/data/org.github.magnet.search/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzIyMTgyMTk2
        Filesize

        1KB

        MD5

        9fb5cf6db8679a42e3f09bf822def110

        SHA1

        3978dbe531bbbd6f726978c46f30bb7e0bd829e9

        SHA256

        386d84d6471bb168a278670e365f90d938a42b21784cbd0f42f5518b6fb889a2

        SHA512

        82a62c1a7688e558fd97dbb75add40313133052174762b85e55ad8f11674b4e539c5d4d718527a84a9f127b3cf4582ceb15957c24aced72b72c56a6483944e0c

        Download Submit
      • /data/data/org.github.magnet.search/files/umeng_it.cache
        Filesize

        350B

        MD5

        a6148547df22f16fc3afc4bbab762f39

        SHA1

        a5295e639be76486743cec6bbaed503f2f8a70c6

        SHA256

        d7379cec6f02f6dc3c9480c2f6b7ea471ebabaeaeddb20abe48d3be9e800a322

        SHA512

        030a1c814973e6656c4ba0a854b397812b79bc65529f82d94a8e9deb72df7b559fb7d067fceb7372610317fb04af127bb77da531e9bd9b9002005cf0798bed38

        Download Submit