0ad2f0e88641b3c90da8034902b241eec08e8af870c041ab222dd81e321d0ff7

Analysis

max time kernel
6s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
13/06/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5e2821ca5cc83d8f2aec8929e5c3ce8_JaffaCakes118.apk
Size

31.6MB
MD5

a5e2821ca5cc83d8f2aec8929e5c3ce8
SHA1

aae0cc4f85464af795b6ba9ec6140ffe1fb546ef
SHA256

0ad2f0e88641b3c90da8034902b241eec08e8af870c041ab222dd81e321d0ff7
SHA512

27a33c21aebd8a3ce5f35768dac194cfc998609c53f1d65885584382493d3015f801e41754e8d8e3868c07d91f291aac2f3c632748579c89ce66df59e34ea810
SSDEEP

786432:tE8iC80Zf4SnedvzFdjih0Pk+Zka21Wp3MY3j:Hi2f4SGzTiePkw721SM8

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.ae.olddriver

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.ae.olddriver/.jiagu/classes.dex	4639	com.ae.olddriver
/data/user/0/com.ae.olddriver/.jiagu/classes.dex!classes2.dex	4639	com.ae.olddriver

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ae.olddriver

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.ae.olddriver

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ae.olddriver

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ae.olddriver

com.ae.olddriver
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4639

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ae.olddriver/.jiagu/classes.dex

Filesize
6.2MB

MD5
61dda5c9a3a99fa5137a9cefb2c158ea

SHA1
e3ff0cde2eca9520bcda4be7032682acc214829a

SHA256
15f7090c5077dd31879cb956ca38c1a91d24eed5d366681c25d0a0c71bb91c39

SHA512
eac62cc71a65669dd984ade3988efa4c61e809392f55b5e69a1f9acad1f582e4462497ce01061dd153b40e229c2e283b9420221bb878ec9d583ce41ba4c07b7c

Download Submit
/data/user/0/com.ae.olddriver/.jiagu/classes.dex!classes2.dex

Filesize
1.9MB

MD5
a1bdf63f26dd0dec6c2115877f7bc515

SHA1
0283fb5deb3477ac0f73049012e5407dcdbfb187

SHA256
f25d400a7ac8d12c7b2e7ac6c1e9b29aa0b5ac0550f7b471d33fc550bde7477d

SHA512
046bbc3c55b97a927c729b6b6581c8cb940f8c6b837512b06e03758192812f75b6cadedab3fd36aee1f8959dbc7977d4141e9c809a5cbde42dcc13fb6e513ece

Download Submit
/data/user/0/com.ae.olddriver/.jiagu/libjiagu.so

Filesize
491KB

MD5
940317093cc329d45cf45ea8713b1c1f

SHA1
3f9ff8cef8e41d03ea714b8d5f030ad1fcaec0be

SHA256
57f0ffa7062aaa03074648a0c9df78ed9d3f78c2f07fb846b11bb1b667e246bc

SHA512
3f40076d241bc3a2b83e56d01e826b8cb7d310a67128ac8b1165bdb93dd917c6a7219c1e65dbd8a40432fb38331828c7171e266e8474dfc69db2675e29e2723f

Download Submit
/data/user/0/com.ae.olddriver/.jiagu/libjiagu_64.so

Filesize
522KB

MD5
a44c75172a12b00d8b420d9209fe2862

SHA1
a7f4b181857ba570d3942bf26e59cbd1ec445610

SHA256
1be9b3aae5673a5682250fb218d427aafe3ffb4e6f54ab701a025dafa19c4c20

SHA512
697e5d18f2278147f03df34c6d5065c34295188b13ccdba73a6ac48e3424b29dadeb96a9e35c3106eecefe49b6717ad2fc9a36ec4e85a2b2b8fda2de78943186

Download Submit
/data/user/0/com.ae.olddriver/databases/bytedance_downloader.db

Filesize
20KB

MD5
40b7d099fc8c4320b1bb8dbc6e03151f

SHA1
bb556886aaa719ae155b8e499f530fe970e6e5c9

SHA256
02fec0e756afa49755e14043766cf3ff533addef9567b0243e06beeab805ec0e

SHA512
dd476b16caee9c451571a95c98fda38496c8a75a4f5e778b4900e122ce34a7b474831c6ca84d1b42e83af4e6cb0b693ef0fcc8fe5c3e4162f7effc6c85f6fe3a

Download Submit
/data/user/0/com.ae.olddriver/databases/bytedance_downloader.db-journal

Filesize
8KB

MD5
1ef2acd26a4a2985289b76b4624989cd

SHA1
56e57f4d438a85057822de0fb311de077a10b24a

SHA256
20912683c13a585864a11581f6aec739ee437f5ad7b0db3c7c78d18fbccf6039

SHA512
d314e6d18b2df665dbb539f5e75de202ab6e10c78ce3d9e7850e65c05c52b10f4911bb0fe9025989ae7f724605b8c4a40bfcb9315115b6e6dd7d636ec3739abb

Download Submit
/data/user/0/com.ae.olddriver/databases/bytedance_downloader.db-journal

Filesize
8KB

MD5
c40c507393068c18741298bcd27d798d

SHA1
1538e4fae581991debaa59afe26eb52fe8f3e755

SHA256
69afbb0690dc50f367976ced41721e8e891188c54dd49d7836910c17a4c7b5a5

SHA512
c91ab593ff59e8e499979ad30f6797dd67c01785b23bae06a4f67773aa651e50be8271c28d42d8e3df703f7f46e53da58164857f205890cd4dcec26e58e7e2a3

Download Submit
/data/user/0/com.ae.olddriver/databases/bytedance_downloader.db-journal

Filesize
512B

MD5
ade8454c8cc7b230fd2879ff97c540b4

SHA1
1a93adb67ede223adf892d9362888c24134642f2

SHA256
97baa548f406b5303ee338cc158c6c1b5cb694ea7f6d198091291cce510bb305

SHA512
b3e336b63a69ed4339a5190e438b63e342c9a864651c097d7b71ff2cdd8382cfb0f7f1780aac69393748f90a791e6c544d5e3cc1c1e8f55bd15ea2d807e55b22

Download Submit
/data/user/0/com.ae.olddriver/databases/ttopensdk.db

Filesize
20KB

MD5
3415effe4c4e1aa5a7e838479080f4f1

SHA1
b497772d7ca8970f7dee411a7f51003b77f6d686

SHA256
9ef5ed070adfe5f046269edd296ea3ffb03b043799a8f0a7a389bbd5162899ba

SHA512
fb8230206eb45abe1ef48968b448aa8e5fa189d7caff92a4bc61a7de9f4270a317046e1ff7027412e592ec321f3fe1e712f82c104728d5f1442f67a60147be75

Download Submit
/data/user/0/com.ae.olddriver/databases/ttopensdk.db-journal

Filesize
8KB

MD5
d684790c7a04e90eb555a4d6f0dd9fd1

SHA1
f66d80938b4afab2b2fa4f288d7158956f96d884

SHA256
572506a0b2f0844703c844906aae07d110dd27c72239fd00b08c2662e9667a95

SHA512
a834a46ed8405ba7eaed0d6ac77e51928f7b05ae195ee61d3629822602ece07e4f25c023e54787883cde505f0ba85c934d2ffd6c0903600bb1d0c2431fd5db34

Download Submit
/data/user/0/com.ae.olddriver/databases/ttopensdk.db-journal

Filesize
8KB

MD5
e8a7ca832d370e1c8f5ab70ef90f88bf

SHA1
cd97cab06734d71518b6de0ae10714c47e7b70c8

SHA256
c1d7884754a3f55992a0cb5cd4b3beac741f4361adb645326171ad94d1f6e266

SHA512
35b8a1ea684a4e9ecd20ad0a1a218a229d4e9ae2d5206f88dd1c1e8eb4f922c544031eb450175ea2b502edce5aab024829e5c7b64864c6574d128081750d5ef9

Download Submit
/data/user/0/com.ae.olddriver/databases/ttopensdk.db-journal

Filesize
512B

MD5
999aab69a8464831d6a4447302adc716

SHA1
49ce87684c57eb07d0dc1859b0a3d1ef85c61674

SHA256
298478c2de33dcbd717812cf174dcdd6dee1816dee5dadb20b759f9198362442

SHA512
884b058b5c178f376bc11ed7ebbce4c31dbe85464b86e9a87e62e9a25689bb9d4baec515dfa6dfb34c9bbd4a6ee22745b1887f38b76b00f4a8180dda2a55e28d

Download Submit
/data/user/0/com.ae.olddriver/files/.jglogs/.jg.ri

Filesize
307B

MD5
da92d58ecaf5170a07e347737359b19d

SHA1
a662beb6a68a10719a6bf0e9c9cd8ffb7448a22f

SHA256
3eb28ef85eb6ee8c5a4626b4ae8647d8c5e7208e7e2ba3caec8e3a4d00dc7f74

SHA512
aaccc67a3d54d0e522172c431b98087a94d6d516f32b442703e9211a0d110bcee1ecae7001c0824cc53d3ba722094d44570a48ea082c3de297f543d55754d6fb

Download Submit
/data/user/0/com.ae.olddriver/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
f2f957ca86d493628ba257373baf981b

SHA1
d1ef7dba8e8dec094868fac19f119c4f28fe9e9f

SHA256
583ffdec5752919a4fe03266c394666eab51ef968fc0db6d756f2987b9ec0079

SHA512
0836a130b87ded3d482c47a107ed338c00a384bf3c03953e2d8e67197602751babafa2309a990d7b9f9e5c0e22b27e12ec3aec70c9af8d27af51e3219c9c2997

Download Submit
/data/user/0/com.ae.olddriver/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
bb79ada89d80ada78e636ed23a3decea

SHA1
349bf3b72217d687e346bab5b5b94c440f434aab

SHA256
df7766603e92f93063753ef8fe5574b79f3a7c27698a0736c608756ce9d3287b

SHA512
dd10ce1c55bb4085dce07d866e64842b237a2e3316d55718fed61d3b7083fd921959a148d356ce2035ca6c967b93f7fe722a2464b59e9fe0b43c587c77bac863

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads