Analysis
-
max time kernel
48s -
max time network
154s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
13-06-2024 23:41
Static task
static1
Behavioral task
behavioral1
Sample
a725eefb2c39e77f5577de62e0240b92_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a725eefb2c39e77f5577de62e0240b92_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
a725eefb2c39e77f5577de62e0240b92_JaffaCakes118.apk
-
Size
4.0MB
-
MD5
a725eefb2c39e77f5577de62e0240b92
-
SHA1
82745b334df3aa81f42fc8a847eb64a81b705106
-
SHA256
49837c8a99e29ba8a14cf9e0e2abd3770e5c289862d6c0a9016e0983aa9f3294
-
SHA512
b354ee437edd687dcdefe8d97bd068060aa5aac27845b151fb7866b5e43cc84f8036c3959756a7a35dd9d3b4b16b70177b4e9bc81872ae1482fe5d37bc69fbc4
-
SSDEEP
98304:M9kd7v67UOH7IiSFXUz6rQD3ikrouyx1wPeRy:MOdb6I2cXkClkMRs
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
org.github.magnet.searchioc process /system/app/Superuser.apk org.github.magnet.search -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
org.github.magnet.searchioc pid process /data/data/org.github.magnet.search/.jiagu/classes.dex 5111 org.github.magnet.search -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
org.github.magnet.searchdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses org.github.magnet.search -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
org.github.magnet.searchdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo org.github.magnet.search -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
org.github.magnet.searchdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo org.github.magnet.search -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
org.github.magnet.searchdescription ioc process Framework API call android.hardware.SensorManager.registerListener org.github.magnet.search -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
org.github.magnet.searchdescription ioc process Framework service call android.app.IActivityManager.registerReceiver org.github.magnet.search -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
org.github.magnet.search1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/org.github.magnet.search/.jiagu/classes.dexFilesize
4.0MB
MD5922a7d316e17debf88142a756aa18e57
SHA12cfe2d4f130740cb4493326a7b41cc7965500188
SHA256021775204a5d9facb8a5ae5cc1fac28df8c5c0b2aa485cea0791fc79e8be61af
SHA512243dcc1f9513c0d942ef2a3761998fc92475564cb9bd224793e58d58db0c2e3ca9c489300717d5377abf46faf67e03e816245de5035f9b6942fe0dda413f792d
-
/data/data/org.github.magnet.search/.jiagu/libjiagu.soFilesize
558KB
MD598736de515958ae37ae93a0a0e997098
SHA172d0f9d43f7c9bdc9f19d13834c0872f5652c0f9
SHA256335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421
SHA512cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf
-
/data/data/org.github.magnet.search/.jiagu/libjiagu_64.soFilesize
569KB
MD564f0958be2a8e6862b90faacb40129e0
SHA1389c618137db70dbf84adffcdc3c5d4850a5ff24
SHA2564f38bee50f32a8c64f4f9c671b7cece34d4a1cb926087fec8ef505327d4edfaa
SHA512793cb7104013b7841c38e4aa14f4d9246aefa61aa9803160e6398c4115a2df5c6af304bad045c687467547deaab3bb77272a675b0d673f81f2df3dee2d1fe94d
-
/data/data/org.github.magnet.search/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzIyMTYxNDI3Filesize
1KB
MD50ad240097a40ec1a1412827dd11ed676
SHA1a1c0af45e03c8dc4c8963e45a465783dc48d7ac9
SHA25687252cf8ba98388e3761a2a6824db7fb943f31c8b5d7036fc700059d19ffc383
SHA512452333e6d1a9c4ab849c254e7c943443090525d6b20be370a7bcae48fa4e16880041d997eba72f1eb7ea9e647df3e2045c389915227af5c8bc09482489ad021f
-
/data/data/org.github.magnet.search/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzIyMTkxNzAwFilesize
1KB
MD56714567429ff1fc8d2343156bfee6063
SHA1880f72c41a21ad13944e50f57322558d55b3e136
SHA2566838ecde57b32109bf1d802482cd13848938baa6c240f02eaf706c92a7412aa4
SHA512766d324a6d76b347f08c20129a6b62d1180ab919b8b390b47a12be4c0f0cd9fdf950c470a81a9bf38dcee6ba749eace17bd7c14e60660ba195c08ff271d44a13
-
/data/data/org.github.magnet.search/files/umeng_it.cacheFilesize
350B
MD58879d5d5fd5e93aca7804e0ae4ab4fe1
SHA1608ed42e0c82b5840e95a78b56848dd0c8c48a2d
SHA256e1bdc6f755d46a2aa2db007502de1994df217e26b66b3ef37361b724d8dcf863
SHA5128e9b58a1b2be9245bab8c5af8d92fb7e9d1daf5da69f566444e50a2afa87b08e9e3e3b2784c706ca0d4b0cc447e0867057652feab8f74400d40d967133cec64f