aa62c3f610b18677d442b3bc89c6da5c55cf80de11972446a428577436de9f0d

Analysis

max time kernel
20s
max time network
151s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
14/06/2024, 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a82a79d91c473e8a321a2330b17462e6_JaffaCakes118.apk
Size

24.9MB
MD5

a82a79d91c473e8a321a2330b17462e6
SHA1

541085b010bffdec6704175adac91f00d7d20052
SHA256

aa62c3f610b18677d442b3bc89c6da5c55cf80de11972446a428577436de9f0d
SHA512

b10c99f25169581a432fbb67e548acb85d2588711f94631683281b21889779e56122fe4045e97856e21ebee9e29d21b2b7a026c4bd7533dc1df3e12f886746f7
SSDEEP

393216:YaE6dEJZjjqFgqq59dqkXL9uZ3Qgs/IUlLsxLcVJndRDBNkF:YN6dMj1qPwEigs/Nudc9dl+

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.fgjkr.poghjf

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.fgjkr.poghjf/mix.dex	5122	com.fgjkr.poghjf
/data/data/com.fgjkr.poghjf/mix.dex	5122	com.fgjkr.poghjf

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.fgjkr.poghjf

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.fgjkr.poghjf

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.fgjkr.poghjf

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fgjkr.poghjf

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.fgjkr.poghjf

com.fgjkr.poghjf
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:5122

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fgjkr.poghjf/app_bugly/rqd_record.eup

Filesize
354B

MD5
239b56ea83124b1f9639cb136a3846b0

SHA1
3106e34435d2717b06e7e386db6b2044e4173bb0

SHA256
7d6d6df5b301aedcb0a029f4dc4dc0cd25c042ee14ab4ad9a32dd33e7ac8251f

SHA512
ab03b20b67380d40f2217f453d5734309b5914c649125bce8c1ca679da411c8712bae21680e4f0ee48344b8f298e91b37b416d540975448cdc1365b5dc260dd8

Download Submit
/data/data/com.fgjkr.poghjf/app_bugly/rqd_record.eup

Filesize
1KB

MD5
34bd00fa1073364705e427a0239c9588

SHA1
c45efdd9f802462b4afadeab0a94bc5b575cc5ad

SHA256
567f0f205e8821f8b9e8cd09cbfa5e7d7d9e2f4b6c4c7c59f2ae0e08036e45ff

SHA512
28db5d4788875e4b518ccd7fba150c14fc51517cbf213ba90345b8eccb6b94cd86aa0fe91e1cf5d62226184741cd768b8786a1069460270d0a2f33207e0685ce

Download Submit
/data/data/com.fgjkr.poghjf/app_bugly/tomb_1718343182528.txt

Filesize
19KB

MD5
8797253aab0a3e2c0137fb89564695d4

SHA1
4fc5a17e23842cccea76d0aa3a5bdaf9793b4c09

SHA256
116ee5f93c687bcb4b9418f5a76c40f7efc5436967fc32a8f99b0d358db8f6ce

SHA512
e3c454b6b5f20f26078588566c0529074fe54828d25a6144efda3f8b890ea523e27f1597f10cd1ddc325712dc9d2003f394055288dc56169ee62cd93ca6aeed1

Download Submit
/data/data/com.fgjkr.poghjf/cache/tomb.zip

Filesize
4KB

MD5
f55fa9239e41088d9c1977272d590546

SHA1
a8cfba5d57fcb468c6c6ea273da02eb76feca185

SHA256
43a01f2d4749444ae3a2ce6e458fbb4b9bd648a3a297fc08af2c48a87b7a1ecf

SHA512
e86428fc5346bc4da49cddde1ac3e5952fa3c18616025240fefb0a4ea21b63130992b2a8e414929568a58bae82cd27baf19f36f3fd37d86108367fe6cfdb7b03

Download Submit
/data/data/com.fgjkr.poghjf/databases/bugly_db_legu

Filesize
152KB

MD5
c56627fe799b71c2d6b4d768e7d7b5b9

SHA1
f6e769d7b701e0f0950bafa7043a8412469dd88f

SHA256
d16f54569a96668f0e22219001a7c75f17027a6fe27ba8417408664f769bd317

SHA512
de79cc661d01887bf02d3f4439243a72c4af65da70eddc0348ac19003e7ab50f8030f64e6d6374e12923a55866e109689317f7b7ef5674d62d7d9454b03c6650

Download Submit
/data/data/com.fgjkr.poghjf/databases/bugly_db_legu-journal

Filesize
12KB

MD5
ee7e4754b33eb4e51f86bb09cc8c219e

SHA1
41e7eb46d7f75acd4fa77fbcf1ebd7fed7a29266

SHA256
51bc3f28427e6204f60c27679bd0472fcecab0ec88f7c4ad14e784ebca2bf669

SHA512
26984fec376d4ec567bf3784772e514f9fcd773f60176c5fdd5f29b33c80258a011406573dfc56f0bc7c54aa3a0f9ac857e0d3a54e8314eb9fa2231e6c500359

Download Submit
/data/data/com.fgjkr.poghjf/databases/bugly_db_legu-journal

Filesize
512B

MD5
44a79fd688e9ee9546f239856c425dce

SHA1
68abe437e9dc6104cd10bc07888d4ee3e0204276

SHA256
4cd03a6e43b7360008a313f67ccba7e91a8f20a0f5da3eb29100a33cbb77b28a

SHA512
483bb99d3454b14085d457c136f38a53a6dfa35e174c4d5418f4c8ff40ce13a5578958824b9c4ac2cfc442e0cad5f95b1d42faa9b68c906d108b8cdbe1ca4c99

Download Submit
/data/data/com.fgjkr.poghjf/databases/bugly_db_legu-journal

Filesize
8KB

MD5
7bf9aa3d2d958648191e78fc8bcd8493

SHA1
d1d3e316165adc8d69ceab7de07810e74d80e3a6

SHA256
252987a18358c5e48fde68d6e8f33fc29d7129d47160295bfe1be9e66c70cb63

SHA512
3ded805536a8948789245fd3565dba146935a3d3864727abdf37afb283b7df86d410521577ea41fd2001b61dfb56e1b83a8d64020af5b140ba6b62372c71834f

Download Submit
/data/data/com.fgjkr.poghjf/databases/bugly_db_legu-journal

Filesize
8KB

MD5
2c77bf89b1e6538956eec5c740f5707d

SHA1
24d3b80f9d91bd9757744d40978fdd8f6dd2eb88

SHA256
c71959555deaaefd0d349dcfa516417a48304453a4218c5bbac92914c4f7f9f6

SHA512
3bf508baccccf5cd759f76b317ba14b989fa27f202d0101fd18069a91f663f9a2e4827b404d2d3f0a4a0b3adb98d8a71bc9f58eb24bcbfb1bb8f9e37ee012c24

Download Submit
/data/data/com.fgjkr.poghjf/databases/bugly_db_legu-journal

Filesize
8KB

MD5
d40b9d1cd8eb28816ac4b2a5925fcb0a

SHA1
eaed0226658b59defec4c2eedae4e9c857b57366

SHA256
3136a13c60a2dec26dd2751380ee0c4d7ae04aadc217995630c970ffcb9e1895

SHA512
baa43766ec07b060e7d5d01af17b7d4e9c5b8c7fe1d64b2ed6e1adf9e225fadd13a0bf5d22dc95b5acb5587a0a1600a60312e97149385a771fbe3d3e587d9a9a

Download Submit
/data/data/com.fgjkr.poghjf/databases/bugly_db_legu-journal

Filesize
12KB

MD5
c7f59430e920be475c9908cef3186a03

SHA1
0138a3f7a79fbf3022b0cbfed9e61da20be356eb

SHA256
cdaf0d12678e7cf91f35932eb1a1142496e460e6ed30716b7e54a617926a1a0e

SHA512
944a874edefa4f439bb3a7c4c853ddc252218fcf9bafa98a986ed9427743498e259e696e1ed953c763b7bb459605acc786f3e6f615e99101616f97580fa483e4

Download Submit
/data/data/com.fgjkr.poghjf/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads