62609ec9f573dc48bb7b603f04775297e0e626b4f03436e68ebd42c83050b11c

Analysis

max time kernel
11s
max time network
136s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
14-06-2024 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7459f38ce11c72b0c0549bd0deda330_JaffaCakes118.apk
Size

20.2MB
MD5

a7459f38ce11c72b0c0549bd0deda330
SHA1

42aa064f3df6eff4db1f0a26e4abc941d03a7b42
SHA256

62609ec9f573dc48bb7b603f04775297e0e626b4f03436e68ebd42c83050b11c
SHA512

671c12b51c348970fd9bd29c01d7e5cc9f8ae28cedd7aeb31ac5fec9a02131aa78b6feb93a7c1e74305e59934d95e8372f1f187e13ccac8cc11ebcd47be674d5
SSDEEP

393216:SjQmNvrE1OM6m/LQuUpPH4tBlRn2Oe7Yg2WpfbyO7PRceX4UnBlpotn:SjQm1rE1N6m/UDpPH4tBXo7YgvDyESUi

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.cdd.cddmall

ioc	pid	process
/data/user/0/com.cdd.cddmall/[email protected]	4633	com.cdd.cddmall
/data/user/0/com.cdd.cddmall/[email protected]!classes2.dex	4633	com.cdd.cddmall
/data/user/0/com.cdd.cddmall/[email protected]!classes3.dex	4633	com.cdd.cddmall
/data/user/0/com.cdd.cddmall/[email protected]!classes4.dex	4633	com.cdd.cddmall

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.cdd.cddmall

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.cdd.cddmall
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.cdd.cddmall

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cdd.cddmall
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.cdd.cddmall

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cdd.cddmall

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cdd.cddmall

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cdd.cddmall

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cdd.cddmall

com.cdd.cddmall
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4633

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cdd.cddmall/files/.jglogs/.jg.ac
Filesize
32B

MD5
0e119dbc2c4f5636ca57018a7b25897f

SHA1
34f112f19e118dbc6593800182c864ac2d037b2a

SHA256
b065dd33aa0e4f47fc64cfdb466d3b71410af4fe18853e696261db8c75c81204

SHA512
8b143a13963340e871589c0cab0876cd9e72fafb848ce8855b71a7fdfb0df2b55f4c6e832103d02f2eb478f8c23780ab1a215874f06f247985b8c7c4d7c0069f

Download Submit
/data/data/com.cdd.cddmall/files/.jglogs/.jg.di
Filesize
340B

MD5
1ccf7fd1c9dbf6735e5b44d7699dc43a

SHA1
26e9b4ca38a3e24fcbda4ab137e064016ae27226

SHA256
49e83c58cfd07f41f6dae149d84d43900f4bff20dfd1c1e7cb49b32016dee021

SHA512
8efd1329aca011e35851cd66dc8dbdb50594b7de2571c5ec01cb71341f4c70351e8d77226545b93871c9e181e2b1a8b0f220e0b60fe00a7585af4fd9317b8213

Download Submit
/data/data/com.cdd.cddmall/files/.jglogs/.jg.ic
Filesize
32B

MD5
67805850cb8409c0ddf4b9bf8f35c9f7

SHA1
96f774c18f6bfe5e6ec3175bf2ffd28af4bc2831

SHA256
067d5f3f2b187d8ef781078129d11f172c4736e2c2575522a56c695835807640

SHA512
952d53cee64bf71b54139876fc142316859ee61eaf70ad62a3ffc2b10680ff35ae0532fd02f2012f71b9c845f7333a68f09b46342764f7ef8e8672f41c9b3155

Download Submit
/data/data/com.cdd.cddmall/files/.jglogs/.jg.ri
Filesize
314B

MD5
e95c44e32596c81778adf63cdc0655e9

SHA1
7203ba126703108d2dafa16c2c760409cbb36794

SHA256
ccd4eb58cf344ca1eb51fa3e4ea4d33632563f315c3e0084d53ee06cd3b18c93

SHA512
257af707e8b66f42eb90891d50de6b93f749708dec1f6c8ff35957548f16ba0c072d784707579ba0d27f676805a2c00ba793b8fec35a0f8285e1ad003323c2df

Download Submit
/data/data/com.cdd.cddmall/files/.jiagu.lock
Filesize
27B

MD5
9f9002223d0d0920f0b34209700191d1

SHA1
944ee4fb426cb101305e3da463aea7d4a749dfec

SHA256
7a96a163a9b25b9cb2d8d7aec55ee2e6552311d29979a58431549c16b7768a1c

SHA512
f259b7db994d9ca25786b24b732fb9cc6f21cee7ea53c172aaab8eb42463286b2995ba9334bc01d4ebfcaa62e845ac1fcb2546833e4fa6f253e9f62f03c0f339

Download Submit
/data/user/0/com.cdd.cddmall/.jiagu/classes.dex
Filesize
12.2MB

MD5
295ec01d15e31ca5126b7b3f5fa2e061

SHA1
f941a9cc22094decc567243188186ff68829183e

SHA256
18d9724c55a42c8491778ab1458984410c8aea51859127e714a1003cce30301a

SHA512
4883e9923c90d6d3023c25eeac9eb25abc71739885881f89cded9018f1d49d17860fb7dd651b3bf4198940e3d02af5570cb013f603a0e6540f9234a7cd897742

Download Submit
/data/user/0/com.cdd.cddmall/.jiagu/libjiagu.so
Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/user/0/com.cdd.cddmall/[email protected]
Filesize
6.8MB

MD5
f968a8775ceef03b71c990157743ea20

SHA1
f9648c3cf43c835b70305f4cf70e31ed09487f94

SHA256
4f2dd6f769961bf0dc49e0c11efa2cb34146d10202bd4a4047d2406adc288ea2

SHA512
b3a99a9e4fd9e59270cbf847ae6d7180da3780a5fe5b955e6bc978d257c3b3ee2f0295f48e811c52f886d0bf0b88c6459efa7af5ecfdd3bc7bb0f4c453a6ae0f

Download Submit
/data/user/0/com.cdd.cddmall/[email protected]!classes2.dex
Filesize
6.5MB

MD5
c7faf91561694724d0a064e724af91b5

SHA1
4585a7dc596b430af47deb719368f5387fdd8aea

SHA256
6ef7b3abd6f78c3b3fc31ea2619e8a50b3b965248b04501bea2f7663b6f38849

SHA512
7bb9decfab662c7fda95d4489cef89286e4c227aeb25856f7f4f1b0459c00d6e640977fcccce5d058a3935451e7c08d25a4413344ecbbd01259402796a018ca0

Download Submit
/data/user/0/com.cdd.cddmall/[email protected]!classes3.dex
Filesize
6.9MB

MD5
ed9a8864f82e747f93da8ec4a31d4742

SHA1
221a4c122def71a23b50d8a302350c98086abf5b

SHA256
1298499bdd88d29678134d679ea1cf8e37703e2a6ed1c29de2780607a9bfd5b3

SHA512
7b6ef1165255e5c6e76eb35c3ab982e1f1b96139431f0678fc90194231316235e742066871ba295fa6eed27e9552b47b2b6d61830e10e18415a1521087c1d690

Download Submit
/data/user/0/com.cdd.cddmall/[email protected]!classes4.dex
Filesize
1.8MB

MD5
ab5b7ec406c0d0ae108e27823b4726aa

SHA1
34f60e6fa358cd5b131bea3d2a85db29632007b4

SHA256
7123110a9f120bcf33e5f2823ecc770e6427ea8fefd608fd2a13f244bad9e069

SHA512
91594d329fcbb3144044f8daa699088584681bb3bcf6665e872452adbacdac8b6cc3d6018e511d3a18c5f95b1dc65f9aa64b80cfb58175d777221fb901ce33f1

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
b41ee137ad3223086a68724a74e2e363

SHA1
cbb8e2266298fd7fd838dfa0d3ab3c23877fe3ca

SHA256
5603c333bfb0f90aafe97978abc8f05995fccda9eef646ba65340d0ba4d40b45

SHA512
7b5b7bb84cee3898a9f322e88d5c344e0afb33b6c958a5959f33a327b36200f627c573c222e1ef22d62030dd52f37d679c52c84e917f78dfef42c765af431ad0

Download Submit