86b8c3507d2115b523da90444288d95cf268588a28ea20ffc32851f04af757d3

Analysis

max time kernel
11s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13-06-2024 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4b26e958af95a3fd7bd1a196e70359d_JaffaCakes118.apk
Size

11.5MB
MD5

a4b26e958af95a3fd7bd1a196e70359d
SHA1

dffc1a2f1cb501756be251b6dc9ac3cd5c94557f
SHA256

86b8c3507d2115b523da90444288d95cf268588a28ea20ffc32851f04af757d3
SHA512

f0112c84bf8c9df471153f1211eedde6480e271282cbe30320e797f328cc467178197d968fd3911e88685b9caf0be4359657cc70ca839fecb931639773de69ab
SSDEEP

196608:AWD5Ni1azgfC8QNRYbqLV7v1jP9sy0Wfjyc/iJ5wPtKX34Pcy25ny6IUsGEk6Ms:AITzg68URYbIv1hsyxyc/iJ5w+Az25nk

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.sgn.popcornmovie/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.sgn.popcornmovie/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.sgn.popcornmovie/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/com.sgn.popcornmovie/.jiagu/classes.dex	4240	com.sgn.popcornmovie
/data/data/com.sgn.popcornmovie/.jiagu/classes.dex!classes2.dex	4240	com.sgn.popcornmovie
/data/data/com.sgn.popcornmovie/.jiagu/classes.dex!classes3.dex	4240	com.sgn.popcornmovie
/data/data/com.sgn.popcornmovie/.jiagu/tmp.dex	4240	com.sgn.popcornmovie
/data/data/com.sgn.popcornmovie/.jiagu/tmp.dex	4304	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.sgn.popcornmovie/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.sgn.popcornmovie/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.sgn.popcornmovie/.jiagu/tmp.dex	4240	com.sgn.popcornmovie

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.sgn.popcornmovie

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.sgn.popcornmovie
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.sgn.popcornmovie

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sgn.popcornmovie
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.sgn.popcornmovie

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.sgn.popcornmovie
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.sgn.popcornmovie

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.sgn.popcornmovie
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.sgn.popcornmovie

description ioc process

File opened for read /proc/cpuinfo com.sgn.popcornmovie

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sgn.popcornmovie

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sgn.popcornmovie

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.sgn.popcornmovie

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sgn.popcornmovie

description	ioc	process
File opened for read	/proc/cpuinfo	com.sgn.popcornmovie

com.sgn.popcornmovie
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4240

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.sgn.popcornmovie/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/data/com.sgn.popcornmovie/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4304

cat /sys/class/net/wlan0/address
2⤵
PID:4338

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sgn.popcornmovie/.jiagu/classes.dex
Filesize
5.7MB

MD5
fb9f8a351cec33a76f442e5f60a81b9a

SHA1
fcab2e611f62954f9394c49b7055a064f44f0cb8

SHA256
24c47bdc78e7a748ca14fccb50c3f5391e4b9ff5d35c8b0682594d2fe3844cce

SHA512
71415dae8f5e8da8b962ff3553d892d1fbc17498a70e0c51040eea838ba3877c51521395ab08efb251af0516f441d7dda02dc2e7f1af178952e02447cdb9459d

Download Submit
/data/data/com.sgn.popcornmovie/.jiagu/classes.dex!classes2.dex
Filesize
6.3MB

MD5
32ef01f4721e30cc0dd1fc3307ebfdba

SHA1
9b130f9304751f9d5d1573fe6ff493a11be712b9

SHA256
1cc310556b5d42c18433a6deb9c1876c2132b126c66111f01fc82076cf2e726e

SHA512
1e1cd531b92e34582d0784d86933d811304349af717a50adb74fa7c89bc25ea9882b1b280a4e266f2bb2b86158497ec18bad5f519842271a8e548cf939cb9c22

Download Submit
/data/data/com.sgn.popcornmovie/.jiagu/classes.dex!classes3.dex
Filesize
4.1MB

MD5
862fc34f7bdbe05dc8b5db9c0faebff0

SHA1
83243c85cd40e93b8f4115216c331f9d4a0bac02

SHA256
d32b0179081a1785e39fd30498b1ab99877be98427b0d58649b5b4b11ea6630c

SHA512
bf31f949710342b8aed219f91176703a8c0654c2389028791ededc7fc1df6dbf587886ae9b93f34c36474ad790706ed117ee0afc51fe30dcf1bb310d2a99ce0b

Download Submit
/data/data/com.sgn.popcornmovie/.jiagu/libjiagu.so
Filesize
487KB

MD5
610a895c4a71bbeeaea16eddb1422bbf

SHA1
9f919de42ed1e80bfadfef48f8202b202166f869

SHA256
baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217

SHA512
ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

Download Submit
/data/data/com.sgn.popcornmovie/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.sgn.popcornmovie/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.sgn.popcornmovie/databases/MessageStore.db-journal
Filesize
512B

MD5
1556b2d8949f02f5ed79cc462ed4681b

SHA1
1b257d51b678d07d9461597e1ac409ef466babd9

SHA256
5e804ae4ca058bf4133037065dd1cc0c841881294a55c29a00811f6ea7f65668

SHA512
3ed0f7cb7ed8d58acea22a61ef875f52540f1a55aef7cd42f4e27a27c8b1c12c6aa307071939e42fb8cf017abb483db1f08d0831aac11f9ec93e2e23ece5b99d

Download Submit
/data/data/com.sgn.popcornmovie/databases/MessageStore.db-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.sgn.popcornmovie/databases/MessageStore.db-wal
Filesize
48KB

MD5
ac67660e923186193bd89ff6edf3cedc

SHA1
f2e4ef5c1726e0230e8a0f889a13b73de3df5c9a

SHA256
e60805640122153a7e4809fba2551c67d018af13609b0aeb8b8d29a4420bf882

SHA512
74be927404b5e706f60a87b4a1599ed860587cb48035177b93d5edd2df40295f9caca936f0725b43dc0dd7df407c92bce5e0e5581222396124418adfe203a3e0

Download Submit
/data/data/com.sgn.popcornmovie/databases/MsgLogStore.db-journal
Filesize
512B

MD5
8f3bed6e25447ed88411d592d7458ecb

SHA1
a1e7b0d55d0dfc2c5002c56657f9431df2d256c4

SHA256
ccaa32b3e2fe28dec9669ac6014af0eb6c3111cadb0b826f10ff72423e13bdea

SHA512
555d8d0e976703931137a0a48ab09f837bb26dbb7b3941f1775e17ff562f306faec6203dad1e4462096f8482dade9a5478966dd2f6c7f4ff7586e60df1eea383

Download Submit
/data/data/com.sgn.popcornmovie/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
9a211edb7a2206808a03457a5a5a281a

SHA1
61efc0d332e9b64b86727ce67eaadeb9c70c0dc4

SHA256
72af9e3223806f61ed45b31ae238c5138d63ec085c4d3d74d0909ed0aafc6492

SHA512
ebcf727766e14fbdf0f2f1f119e8cf5316fc3c31bbc63f81d9e5e7ca1147c5582e781b0ee0a1a0fe2694eb779faa24ce66f09cd48a13cb6256863c55deff1fa1

Download Submit
/data/data/com.sgn.popcornmovie/files/.jglogs/.jg.ri
Filesize
307B

MD5
2dd47b0d7c2ece00bfa39b9fe13f260f

SHA1
7b89474c901c17eb845ce809384822eef070ef1b

SHA256
d7e8580ee0698d94453a37b840e386959a5577105b237006adc7cd4dc8f0de41

SHA512
8c4e9a3f4d1f695e72f6c7a6ea7ef13bc2f54d8c25975291197a7ca389b0f2f72c3691c4e33bbfa9aec203789ce6cbeac804c2d4e4570acb087d1c959a5fbd0a

Download Submit
/data/data/com.sgn.popcornmovie/files/.jglogs/.jg.store.report_cf
Filesize
32B

MD5
16f993ccfd05c68a16bd40b07b9096e8

SHA1
edcb9f57feb0d2ca5cd3bf7035e067b64b650cbe

SHA256
aea37df4690116c5d1fb430615b37a48fecefec48ae1dac20f71b746dfbd296a

SHA512
1fc1f5e91537df4730f8486e0a52714d7015bc12566337379aa6533c2fefcd29f787ce4541a28f314a0ebd443df08a5b17d61ecb271565bc4980d8bc502d89a6

Download Submit
/data/data/com.sgn.popcornmovie/files/.jglogs/.jg.store.report_pid
Filesize
32B

MD5
1f52eee633f42028a6fe95fecc925b86

SHA1
59300d24a937013ade298cddc618a7b4e197e3fc

SHA256
540f0349c9f97b9abbdf90bbb6e4bd02b5aa0d225932730b331eadd3adf58bc3

SHA512
1cf6a4f1b425157f1251c51948157f2047fd736e6c697cbd1bd11f1572ffc4630140d21f93d352b65f57b5d0a24eff47365652206df87fd96d5dad8cf63ac1bb

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
ee00160809e6bc70d4e14f97c6cbd762

SHA1
5db87d470423bc0e42b91a7b31fe1c7761aae5b0

SHA256
0b824d933354c12a3b9afdcb6a06e1cbc5534e335da97c0e96b8ffd0bbcd6228

SHA512
43738f1edc7a41aa19fc02fa4885ea30513f0b744e35993121ca639da6c208457a466bcc721ad821c151174dff20deef969f6904f03d7836086f8c10f00323ea

Download Submit
/storage/emulated/0/Android/data/.mn_410185822
Filesize
130B

MD5
f321656a466363e5192773d92000e401

SHA1
3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a

SHA256
53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c

SHA512
fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d

Download Submit
/storage/emulated/0/Mob/comm/.di
Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit