Overview

overview

8

Static

static

6

a725eefb2c...18.apk

android-9-x86

8

a725eefb2c...18.apk

android-10-x64

8

a725eefb2c...18.apk

android-11-x64

8

Analysis

  • max time kernel
    9s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    13-06-2024 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a725eefb2c39e77f5577de62e0240b92_JaffaCakes118.apk

  • Size

    4.0MB

  • MD5

    a725eefb2c39e77f5577de62e0240b92

  • SHA1

    82745b334df3aa81f42fc8a847eb64a81b705106

  • SHA256

    49837c8a99e29ba8a14cf9e0e2abd3770e5c289862d6c0a9016e0983aa9f3294

  • SHA512

    b354ee437edd687dcdefe8d97bd068060aa5aac27845b151fb7866b5e43cc84f8036c3959756a7a35dd9d3b4b16b70177b4e9bc81872ae1482fe5d37bc69fbc4

  • SSDEEP

    98304:M9kd7v67UOH7IiSFXUz6rQD3ikrouyx1wPeRy:MOdb6I2cXkClkMRs

Score
8/10
bankerdiscoveryevasion

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • org.github.magnet.search
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Checks CPU information
    PID:4431

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/org.github.magnet.search/.jiagu/classes.dex
    Filesize

    4.0MB

    MD5

    922a7d316e17debf88142a756aa18e57

    SHA1

    2cfe2d4f130740cb4493326a7b41cc7965500188

    SHA256

    021775204a5d9facb8a5ae5cc1fac28df8c5c0b2aa485cea0791fc79e8be61af

    SHA512

    243dcc1f9513c0d942ef2a3761998fc92475564cb9bd224793e58d58db0c2e3ca9c489300717d5377abf46faf67e03e816245de5035f9b6942fe0dda413f792d

    Download Submit
  • /data/user/0/org.github.magnet.search/.jiagu/libjiagu.so
    Filesize

    558KB

    MD5

    98736de515958ae37ae93a0a0e997098

    SHA1

    72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

    SHA256

    335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

    SHA512

    cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

    Download Submit
  • /data/user/0/org.github.magnet.search/.jiagu/libjiagu_64.so
    Filesize

    569KB

    MD5

    64f0958be2a8e6862b90faacb40129e0

    SHA1

    389c618137db70dbf84adffcdc3c5d4850a5ff24

    SHA256

    4f38bee50f32a8c64f4f9c671b7cece34d4a1cb926087fec8ef505327d4edfaa

    SHA512

    793cb7104013b7841c38e4aa14f4d9246aefa61aa9803160e6398c4115a2df5c6af304bad045c687467547deaab3bb77272a675b0d673f81f2df3dee2d1fe94d

    Download Submit
  • /data/user/0/org.github.magnet.search/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzIyMTYyMjA1
    Filesize

    1KB

    MD5

    85a9be19c09391511c53bbba64ab4af8

    SHA1

    b36175af0bb351c85a9ac14ca11dd86e369cb0d6

    SHA256

    89dd1633f6b0d88f4fcac2470d2d8fd1926baef5e3c200fc361ddc5f89c730bb

    SHA512

    82cff134ce0777142fe9d623d1aa9bafb1a332f65530c3f9d715fc114ef3f4b714d5391f098691059379d63ec60035571ce9330d0c6dea5ede4bcddff2a2a61d

    Download Submit
  • /data/user/0/org.github.magnet.search/files/umeng_it.cache
    Filesize

    348B

    MD5

    6b797b4d5c0fe9b4042ee9e8f230088e

    SHA1

    1d79109203f4d076c561f9de9359b546b6d23c5c

    SHA256

    de90d37a695e3366d91b5428ba2a44ff6c1470e40e7636e2fe8c318a7437180d

    SHA512

    ef47251d0c569eb13ddef16a185df3463de4684b7780442657c42e635f7e729679554b8820c4bed39596675ccb2ea02470c30c843805c823fd45473985aae656

    Download Submit