Overview

overview

8

Static

static

6

a725eefb2c...18.apk

android-9-x86

8

a725eefb2c...18.apk

android-10-x64

8

a725eefb2c...18.apk

android-11-x64

8

Analysis

  • max time kernel
    48s
  • max time network
    154s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    13-06-2024 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a725eefb2c39e77f5577de62e0240b92_JaffaCakes118.apk

  • Size

    4.0MB

  • MD5

    a725eefb2c39e77f5577de62e0240b92

  • SHA1

    82745b334df3aa81f42fc8a847eb64a81b705106

  • SHA256

    49837c8a99e29ba8a14cf9e0e2abd3770e5c289862d6c0a9016e0983aa9f3294

  • SHA512

    b354ee437edd687dcdefe8d97bd068060aa5aac27845b151fb7866b5e43cc84f8036c3959756a7a35dd9d3b4b16b70177b4e9bc81872ae1482fe5d37bc69fbc4

  • SSDEEP

    98304:M9kd7v67UOH7IiSFXUz6rQD3ikrouyx1wPeRy:MOdb6I2cXkClkMRs

Score
8/10
bankerdiscoveryevasionpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • org.github.magnet.search
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:5111

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/org.github.magnet.search/.jiagu/classes.dex
    Filesize

    4.0MB

    MD5

    922a7d316e17debf88142a756aa18e57

    SHA1

    2cfe2d4f130740cb4493326a7b41cc7965500188

    SHA256

    021775204a5d9facb8a5ae5cc1fac28df8c5c0b2aa485cea0791fc79e8be61af

    SHA512

    243dcc1f9513c0d942ef2a3761998fc92475564cb9bd224793e58d58db0c2e3ca9c489300717d5377abf46faf67e03e816245de5035f9b6942fe0dda413f792d

    Download Submit
  • /data/data/org.github.magnet.search/.jiagu/libjiagu.so
    Filesize

    558KB

    MD5

    98736de515958ae37ae93a0a0e997098

    SHA1

    72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

    SHA256

    335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

    SHA512

    cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

    Download Submit
  • /data/data/org.github.magnet.search/.jiagu/libjiagu_64.so
    Filesize

    569KB

    MD5

    64f0958be2a8e6862b90faacb40129e0

    SHA1

    389c618137db70dbf84adffcdc3c5d4850a5ff24

    SHA256

    4f38bee50f32a8c64f4f9c671b7cece34d4a1cb926087fec8ef505327d4edfaa

    SHA512

    793cb7104013b7841c38e4aa14f4d9246aefa61aa9803160e6398c4115a2df5c6af304bad045c687467547deaab3bb77272a675b0d673f81f2df3dee2d1fe94d

    Download Submit
  • /data/data/org.github.magnet.search/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzIyMTYxNDI3
    Filesize

    1KB

    MD5

    0ad240097a40ec1a1412827dd11ed676

    SHA1

    a1c0af45e03c8dc4c8963e45a465783dc48d7ac9

    SHA256

    87252cf8ba98388e3761a2a6824db7fb943f31c8b5d7036fc700059d19ffc383

    SHA512

    452333e6d1a9c4ab849c254e7c943443090525d6b20be370a7bcae48fa4e16880041d997eba72f1eb7ea9e647df3e2045c389915227af5c8bc09482489ad021f

    Download Submit
  • /data/data/org.github.magnet.search/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzIyMTkxNzAw
    Filesize

    1KB

    MD5

    6714567429ff1fc8d2343156bfee6063

    SHA1

    880f72c41a21ad13944e50f57322558d55b3e136

    SHA256

    6838ecde57b32109bf1d802482cd13848938baa6c240f02eaf706c92a7412aa4

    SHA512

    766d324a6d76b347f08c20129a6b62d1180ab919b8b390b47a12be4c0f0cd9fdf950c470a81a9bf38dcee6ba749eace17bd7c14e60660ba195c08ff271d44a13

    Download Submit
  • /data/data/org.github.magnet.search/files/umeng_it.cache
    Filesize

    350B

    MD5

    8879d5d5fd5e93aca7804e0ae4ab4fe1

    SHA1

    608ed42e0c82b5840e95a78b56848dd0c8c48a2d

    SHA256

    e1bdc6f755d46a2aa2db007502de1994df217e26b66b3ef37361b724d8dcf863

    SHA512

    8e9b58a1b2be9245bab8c5af8d92fb7e9d1daf5da69f566444e50a2afa87b08e9e3e3b2784c706ca0d4b0cc447e0867057652feab8f74400d40d967133cec64f

    Download Submit