Analysis

  • max time kernel
    6s
  • max time network
    131s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    14-06-2024 08:16

General

  • Target

    a8b1a6b725ad093201c68e90c2c673c3_JaffaCakes118.apk

  • Size

    11.8MB

  • MD5

    a8b1a6b725ad093201c68e90c2c673c3

  • SHA1

    0d90574a8642f8ac8a3666252f98b9e11ebe944b

  • SHA256

    8e7473fe36e123b21eb41c6a7694438ac7d084d7379a0f602e88f181de85a99f

  • SHA512

    3fc8243d0ea5452b5a01c2831d569d73568e52619aa7bb0ecc2c54081a40c1e285b0b37f19af933943c26028adef583bea6b952ff04d34cdeacbc92ddc4e6ae2

  • SSDEEP

    196608:uY3OVzjMT4JAu0a3mb1Yc+YX7eNDKeBveyNiUyVvwtCHXL8IoFTAjfbpUuwZTj5:uLscJ9j2bLtXBQveyNiUywtqdoWpJ0Tt

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.webao.webao
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5007

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.webao.webao/.jiagu/classes.dex
    Filesize

    1.8MB

    MD5

    a52553150069cb7276768945a102a3eb

    SHA1

    7bf939353b151ffb3587fae55fcbe5f8c18ff9eb

    SHA256

    ca85ab3374d5740b14d3761fee5ea1ee45242e679f3a88412199786efa732a89

    SHA512

    ea968d18a91ffea9b945774f9ee86c0d9d6b4faefebbc89948b9daed229c4b6d14e37d1a900516abfb2d4c2fee2cfbe45cdd962d2f9576a3a9464944e52bf96e

  • /data/data/com.webao.webao/.jiagu/libjiagu.so
    Filesize

    382KB

    MD5

    aa01dd97609092ce310e17bf791069ce

    SHA1

    f000840a8f68ea7beb2e29ea466088daf55609db

    SHA256

    e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

    SHA512

    766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

  • /data/data/com.webao.webao/.jiagu/libjiagu_64.so
    Filesize

    363KB

    MD5

    164b659b1b75016c75a025e050ec82d1

    SHA1

    53f0156f39800db2ac4acebd1f3f97ebcf9138f9

    SHA256

    aa8d5d52b64309ea1b5337fa5042874a3f81fcf5fe286205ac9a49bad2db88fd

    SHA512

    a8e9696f179ca5915536e1d600d18c452bd90588a3d8e8bfe1a94b1ecba166cf627a3e2036421294afe4acae2a4bf12d95786d26e180440794e48f7de96fe88a

  • /data/data/com.webao.webao/files/.jglogs/.jg.ac
    Filesize

    32B

    MD5

    8f3687a9597ee2e90a3b00146ed4496d

    SHA1

    3abbbc70273ef5a17edc99714c16380c9bf37efc

    SHA256

    73bb2e5f71de2274cfa397637471a541e3bca5bb25095781617db69db01f5960

    SHA512

    91be25c4e9b5671d0a99f0123d7bceb4d5f5fbc2a4b359a7105ed690f3009295c379976e57bca90cec651d7988b1957760203de6186fe25146326940a377dfb1

  • /data/data/com.webao.webao/files/.jglogs/.jg.di
    Filesize

    348B

    MD5

    e6a6ff35a859724dee8a4a03c574c0df

    SHA1

    099087f99f6f897035f717468bdf462fd72ce7bf

    SHA256

    f5a73164d27d3cb53a4806086348743a54683e7b8a42bb563a64af2feaed06b6

    SHA512

    0e9c7bffde610a330dbccd8e5236380f3eb6d4552b4b4ecefaf9a325019cbef16ac0743b7b250b3d566d9132472c087dd4fbff3f66cdd43952ec79508aa2dad5

  • /data/data/com.webao.webao/files/.jglogs/.jg.ic
    Filesize

    32B

    MD5

    1e8a045e7e9e5330a0f5d18d5d72e2ef

    SHA1

    43cd912b784a262ec2db0e91ca67defa86a13da2

    SHA256

    039e29beed557e770bcbfe2462f58785e5befaece8c3f9990d0979a9253fd25d

    SHA512

    1114e8dddc105c491b9147dde3ebcb0e270b67f8bbe31c304a044826ef122b070a8d4dcb7179a23a12ff130ddd1c27ee563151d85a223ea8cdad63d0152b4a53

  • /data/data/com.webao.webao/files/.jglogs/.jg.ri
    Filesize

    314B

    MD5

    64c5d7b53c1c7d08ec92263c63026947

    SHA1

    9e0d1ea4b28367896be719932cdb51863ac5e7e7

    SHA256

    a2aeee00eb8af3ec4889c1a9f10a5dcb2aba83ae2827bdf8806c9c2e1e3628c1

    SHA512

    93e9570f0e1b49a10031eda03327c08f4a7220ba85cb86dc7f7288191442df47737fa221ab08afdc947df0872f4f31bdc851b469fc1b2b106cc375623a5cd9bf

  • /data/data/com.webao.webao/files/.jiagu.lock
    Filesize

    27B

    MD5

    e318ac82554d2cb5e41da227011d6509

    SHA1

    ad57f6d7f82ac034cb54b81fbeef3ea8dcd7bd6b

    SHA256

    5148ba4d0e2b601f979dee313830af358e86dc0dcc5b32dfbf86a333462b77c7

    SHA512

    65057aa264cea4370dc356965f9ef16e878742c8f1285f385591220ad787dd240cc22ad54e1d93cf59b2c76310b3b96657a1f0a3979ab9c7ade24e19de95db50

  • /data/user/0/com.webao.webao/[email protected]
    Filesize

    4.5MB

    MD5

    1bec85d698fb7b61f9a50674c60cecc4

    SHA1

    502cb0d91159bf89d5c5b3cc267ac15dd2b47768

    SHA256

    fc18325cefdcca5311fbe128bcfd7032a9f6c2940c5baf95bfd905493de66847

    SHA512

    942656dc9f9c2b6fe532379f8f19029ff071c6f04d81f6408363d496973d760fef6ae7c0cb546aa5bd521ae9b46a36e78499cfbe5dbf92a6fed0a2ab32adf38c

  • /storage/emulated/0/360/.deviceId
    Filesize

    48B

    MD5

    4c4c5285293d5141f582aefa4e038669

    SHA1

    e01852a72e5a8e6f7d63a21426b515118196047b

    SHA256

    36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

    SHA512

    097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

  • /storage/emulated/0/360/.iddata
    Filesize

    32B

    MD5

    a7514529248673ece682e37fa2a7f845

    SHA1

    722b44ca6e15a9fef6c33dc348a2e37786596fcd

    SHA256

    9c767f4a3f344c70215f9f8a9ead120aa2a8a3cea61304fdc656081945cdbaf0

    SHA512

    3234452e795a6c219a9aba1bf464ce85b2bf2e6aa0f4e629f5fb39605a4951eeab9b06ff6015d2bf85555207f11d013daf9a070bd4d37308f9454cbd0080cc85