22534caa7e5aeb5859cb614f9f26eab6acd3a5b750e7d7c598a2e3e91cfdf7f5

Analysis

max time kernel
10s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13/06/2024, 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a610a90f0f044b87492a8ba9281a21ba_JaffaCakes118.apk
Size

12.9MB
MD5

a610a90f0f044b87492a8ba9281a21ba
SHA1

63215896bc2147d2eef379ce483a70d383b97d19
SHA256

22534caa7e5aeb5859cb614f9f26eab6acd3a5b750e7d7c598a2e3e91cfdf7f5
SHA512

e3f093a5c98bbbbce9600bec9db8fcb3b58c0dd4b5f43d75130b6834810c667763ef86334f9227297fe84cd35dcd3b1d6ad7c1c76feab8cb3b26f7e321d2b5af
SSDEEP

196608:qW0+MGPU6IxYZ53u33Ajuh8Zl0DAsMy7WRBSHD9/434QkFyUUzaRRTytWTvK6:8GJZ53uHAqh00D4y7WqHJw3zpzoFy0G6

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex	4263	com.lushi.zhuanbao
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex!classes2.dex	4263	com.lushi.zhuanbao
/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex	4263	com.lushi.zhuanbao
/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex	4331	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.lushi.zhuanbao/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex	4263	com.lushi.zhuanbao
Anonymous-DexFile@0xe84b8000-0xe84c4338	4263	com.lushi.zhuanbao

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lushi.zhuanbao

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.lushi.zhuanbao

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lushi.zhuanbao

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lushi.zhuanbao

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.lushi.zhuanbao

com.lushi.zhuanbao
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4263
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.lushi.zhuanbao/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4331

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lushi.zhuanbao/.00000000000/37CF018B.dex

Filesize
48KB

MD5
75d46252620a12dd7343e91c8ba209bb

SHA1
6615b67e21963e5689685f8494f442dcd729d4d1

SHA256
c433c8e3f847da2b98ee8b704ea3b7d0f38d6249626dfe26a22bef0c08e5fa71

SHA512
9ae5f0ae0a77bc8c9a27a43252ba01d4bbb69a326eb028d2e887d701b202b66a7065765f2f0214d2b0701493634ff33c2104becdb80bf7e8c2657175857b7af8

Download Submit
/data/data/com.lushi.zhuanbao/.00000000000/37CF018B.dex

Filesize
48KB

MD5
4e93a7a07efedcc6e3c741526d2d89a7

SHA1
e25833d7a51783c17978a7c5e7953d7cf1df80f5

SHA256
26fd97dcb56a0ae4ffee7b9514cb697de101ad39e3b2af2933b1eadf409b740e

SHA512
94a5e0b50c0efc69b79fe9b46513537b798a45d00234a7fe1c529e7d5eb153704ec9966a0e0819983f726260579707d7b82e7b31f845fa7602e06c078b98319f

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex

Filesize
5.9MB

MD5
4f32113d809dd75b14e5667c8f45e6d2

SHA1
ccd07779536ac42369fedd9867b6171acaacb706

SHA256
3b6fb7085882bf08371c6acd9390725f0b536a64a45225d26e6cc54d70ca1cc1

SHA512
18fcc76d8b8953b04c00668bfb9d8341076edf3acdc008b92080fbd9942887550d2294a9278606da89c656147f5b5b42d9bd84d058707cbd7acaf02173d41466

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex!classes2.dex

Filesize
5.8MB

MD5
0141652b34bdac808871b61f484a565a

SHA1
5bbc8bf7134b6f68f6ce517884dba68922a420d7

SHA256
b417af1130ba5bb7e14fa4aa513e6bda377d9b8d236ee662be29047d2f1ae94d

SHA512
671a30df30b4349236606fc33427afe3fbcc8cd53b0bb895bc58328f93df3187f2befa9fe9ab2bb2af9d38a7f10e25ec354045e9ac06badbd484084db259b02b

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/libjiagu.so

Filesize
558KB

MD5
98736de515958ae37ae93a0a0e997098

SHA1
72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

SHA256
335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

SHA512
cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db-journal

Filesize
512B

MD5
e2eb851b02cc32663026d2e9c7fbf015

SHA1
12b3eb858a8a804c90b03697a00059890751ce4c

SHA256
9c38b7dc6d830d042822130c4dd45f1e27743177f02d30443dca741692ecd501

SHA512
d3715f116fcff36356a2d6fd514732fcf4d44ed7a99666de21b0d0461a0ac9f74950780ddc0dcdb8e963dd449d97630350d7ed1d1487857f1e4e7616df24e628

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db-wal

Filesize
32KB

MD5
650ec2386da256db5551fef669c01b35

SHA1
faaa820f2b7297e81076c8ec7f41ff91c912f45b

SHA256
5ebaf81020d9795a7a7bdf227c2cc4e9a5e6d882ef83d0e7edffde5c336b6314

SHA512
0fc269ab94678cfeb784b9f19d2e5cb082590e207e1527a4f9cb7ef966bfa52f13e17eb299628e8e9436df7402c69d0c4b8cbfbde4dc3513cb66855e1d71c33b

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ac

Filesize
32B

MD5
b9c64f04129ffc89111b5e5d879dc0d3

SHA1
7fd48d28f8720e82108283d95d14b277731825a1

SHA256
9261dcf52bcb9f2c8cbeebdb93f6f6d1ccecf1da6a5600d06afd3c78003ad89f

SHA512
1c3c28f3939fdfb3a06729c5d9d77f1c7a58b8850abbdbf89ac2eaedebcccbef5db1804ac07ad56224f9e060b2f2eb7e90bf7b450b89bd4bfa939646237ec9e4

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ic

Filesize
32B

MD5
c45c23630cfcf468ad03b4e9877aa5f2

SHA1
cf30d569f48cdca48b50e4081915ea9fb9afe1a5

SHA256
db2142b77a6511c1f110f2e65c5b13e8456309d106e33b99ad7a7e3eb2f9fdc6

SHA512
a17cb02f69eb27f0ff3215380b398f8f16c8f3ea9fb787a5004ab6fcd0263fcf819f8e8fb19e8d529fcadc57b190f0191ff1c3ae4da5ed03316c29a5bc63dee2

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.rd

Filesize
32B

MD5
1d2ea4b5d937561a94a9a3a39976081a

SHA1
6e745905dd297b4ac6b2d423777e84cba406bfa9

SHA256
472d7e167a6f26d7223a7ff84053df9b1d083484ba1299223551bccb31ad7537

SHA512
109deed33298ff01e28dc7d44c04eca3dfbc94c1a7ed034920c60be4ab543f501485f65e9a963857b3480cb85191ca6714a8c94c5f7a619733f9e1e1e99fb224

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ri

Filesize
314B

MD5
9d10c47211aee874cfde270021e9d8bf

SHA1
d9d5689939ef28939d12763275fdb0a4aa4cc7e9

SHA256
e91140b21695980245d9e43c8acce482e993fa94a134270dd82d3632267beafe

SHA512
58d1da28d0a1c1f3a74795260952874708378cb26ad2d936c55bfa5034531326dc145094f6cc77bc9783d3f071c09eaef53096f71d6ef1b3a30119f5dc2a6c9a

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ri

Filesize
307B

MD5
76bca2a0b5ba409950a8811037aad06c

SHA1
8fc3d298a75cad81ec49686d1326f2d3859ad77a

SHA256
7f43a864772f6fad9d8f53e7db977c5f1f71777f3005804820523186b4d67de6

SHA512
1fb3c26eef49847a89b7f0131dc30afc4394e4313f73e0f7282d32a5c52cc8339315d3a463b4330bb25598ae895ab8285c6628f57ab9978941cd01fc101d62b5

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ri

Filesize
307B

MD5
46a70faac815efcc73f337717285e953

SHA1
9f478e43a044ab3ab3b19a69951c5852b994536c

SHA256
b4906c4c9df0bcbf9340dd141a705d6eeda02d24f621de0fd61beb0e7d2b5402

SHA512
e7ede74ddff90afbc331b71ba6eb607f5fcbe893c5745f59983e68ef766cb33c82f92a62f0a4b3de7c8c5495d312272c7e92f6cc73be91f706494853c37dc3a2

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
5007307710aa02ef54e9c52620567eff

SHA1
e2c9146571581a3cd686689818e1b00a14d61c32

SHA256
8f7bb88998b3e94f74ee7e3b2fcb85b218fc76dae157dbdf351c0f6345a10c88

SHA512
6f456322312bf236786b003fba4c2580aaf93569f17d985b57a1486f90cff86ebba708f8c8edabaca82b48425ae07a5dc702d2859af7dcd6921fbe577c2f0d6e

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
ef5deb235397f07548506e64c37f7677

SHA1
00b24a7cb177ba9db01d6636058c72477f0bd7b9

SHA256
af7b021d73886155de7f474f254874043c81cbe14983c6340dee71714ac23cba

SHA512
76ea307987f6e0c8c9a03bdea8a32c9b93f44f6a8de6891aa6ffb3e3a4590d6ded4ebffdc98c3fae2edca7e1ababd44d5dba5996a19d7e60125fd6c28f673be9

Download Submit
/data/data/com.lushi.zhuanbao/files/.jiagu.lock

Filesize
27B

MD5
e61ec60d5c13d445be572a6e2e6c4dce

SHA1
1707a4d6f21fd62f559d0e929f58d63c5d649525

SHA256
d55a44e42296d33b1e4ba26dfdfcb37e06aa22618e48034824e953c927e7dcb9

SHA512
418bc257955597f73cca82353a501b034c91d42afa9a4cbf2838ec2eb149a39f4f5f0a4ec136a0d5a871bd589688686257351768a7530b8483199a013626b66c

Download Submit
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat

Filesize
36B

MD5
5fb47c9d821073eb6337fdc921ecb211

SHA1
e7ea30fc609b99d7179ec43aeb40a5238dbcb191

SHA256
b4bd29e62a7d532f46197e657eefcceae7561d2663fe88a772c5be1430ad086f

SHA512
660ed5e703fe54ba110d660fd98884a7039a611f725dfd1e0a8abd990a5316d1a25d98083c5b96059e73bdeffa59e9eab2320b9ae7b433739ea1bd6e66b90c26

Download Submit
/storage/emulated/0/com.lushi.zhuanbao/config/5ac714da7be6d534dd74c84a097f98e0

Filesize
344B

MD5
4ac291fd990a7997c603129c524cdb10

SHA1
8445b41c0033079bb9227cadc3744d3b7f9a4d19

SHA256
bad46e50382b73c66bc73a63a90c66f198d7a387ebb890279eb8ed1960e5dbf5

SHA512
f41a4b242355e4108cd04f2d66b5b3f7ed94383c4a18b1a47e0ad4b7c3edaf4649721130ba3cbdb8252e5854d5914fcf297d56d1defe9bf71ea912695005f695

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads