Analysis
-
max time kernel
14s -
max time network
131s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
14-06-2024 08:06
Static task
static1
Behavioral task
behavioral1
Sample
a8a91b51afb1cc174ebcb207d5ba7129_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a8a91b51afb1cc174ebcb207d5ba7129_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
a8a91b51afb1cc174ebcb207d5ba7129_JaffaCakes118.apk
-
Size
16.6MB
-
MD5
a8a91b51afb1cc174ebcb207d5ba7129
-
SHA1
989ad96e52d21904e974da95da8c8a6437609a86
-
SHA256
af7d7ad5718e1f2b319073395ac9a8b4331a1f6a7f0a21e7e5cba8354ed43c18
-
SHA512
99fbbf5d27bf95407f44efa5f99bc465e62417ec4569865bc3ad7c0ed4d28de3a11210c5141830d601905bf7566e939f7d53e2d08f2ffcf3ffc60119eb00aede
-
SSDEEP
393216:Eu4YKsYJ74h4YjCjloVjNVL8VuK9Lwjeqz/:Eu07Jsh4HWYt9Zy
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.xgbuy.xgioc pid process /data/user/0/com.xgbuy.xg/[email protected] 5092 com.xgbuy.xg /data/user/0/com.xgbuy.xg/[email protected]!classes2.dex 5092 com.xgbuy.xg /data/user/0/com.xgbuy.xg/[email protected]!classes3.dex 5092 com.xgbuy.xg -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.xgbuy.xgdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xgbuy.xg -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.xgbuy.xgdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xgbuy.xg -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.xgbuy.xgdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.xgbuy.xg
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.xgbuy.xg/.jiagu/classes.dexFilesize
7.9MB
MD52a9391172256c79ef8abbea96b7b1450
SHA125b4e1b87a12410abac9b6931ac4045c3b09ab76
SHA256057524f76c6240486c41ce6bb5004173c81552e9a6019452025c8e28ba1e3559
SHA5121c53da79ecbed23afe1f7031d5d8029049567279e9297ca335fff52004b74f8d66bd00e3d2ea8f9f32faeb051617bbd686f05ad8e691cf5b78f450ad8b1cdf4c
-
/data/data/com.xgbuy.xg/.jiagu/libjiagu.soFilesize
382KB
MD5aa01dd97609092ce310e17bf791069ce
SHA1f000840a8f68ea7beb2e29ea466088daf55609db
SHA256e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2
SHA512766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.acFilesize
32B
MD51264f30db5bc978090c891fc9ba97820
SHA122a1664ca5bac8af36bdaf8e4098c02c7fc9c1fc
SHA2566383110e70c2cf20a67539bbf759d99229ac2dcd214cae6a3c5de840497bab2c
SHA512f3ec53223344ea4763479b39ae62a3dde4b83e0db05d4707c9e2c914725943063706c6c53e6fc043ee13640ac98242775c901b84ec76eb3edf11615bd0084488
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.diFilesize
340B
MD59844817f155ae1a9613956b982c80cdd
SHA14e999682695d325b777bd0e8eb3dc7f1766636c5
SHA2561062c4f5b1f33d569e1122f9e1e0818727fc4c6389fe512d127f0f9ee4fb8b5c
SHA51297c121e449b4bd041a2198ccc2bc2805281ef5bc6ece0e3c5f5ccdf093f5b75ad2aff5e2e14df80d703f9f7b8bd84e080c115bde2613f56622f0fae3dd2eed16
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.icFilesize
32B
MD59afbf0dc0b4a4fd0a874cfec2c55461a
SHA1a42766499eef11be1120ff87588b7f715c1b2a7f
SHA25675c6a927b6cffe50b1a48e8aff766f5d543dec5aec8010b835ab4c4d8dd3da37
SHA512863cdc25dd26bc2db5a80480a5d5bd16965ce02afc94f732f31c24bdcd3daaae24d41504f0eefead9a8ecc402aa2e798ce100e8a225b13b38b05aa433456185d
-
/data/data/com.xgbuy.xg/files/.jglogs/.jg.riFilesize
314B
MD5856360495b0c39b55eb6df1d90e65503
SHA1f8365b9ae80e0cef9aa6a559c1eacd0d664a9ca5
SHA25612a192602e5a54e9d5a8a0debfd6cb8096e0649d106f38abed8109fa5ba5eb12
SHA512fb5b47c4c2808935c2edf2633859d7712fb2d0d7bed79ea219975bd95091e20caf1dfff16b865f1f911b952cba2a430caa921af46721d89782f92e5d229a93d0
-
/data/data/com.xgbuy.xg/files/.jiagu.lockFilesize
27B
MD5ba34905877cf46cda59d5ed1d09c39f3
SHA11fb1a373201a595947316471c250bcb35bebbe87
SHA256e41a425db0a0f3bed6cdccdf6e682564372c66dbdac4054b39610fa016d804b9
SHA512ac02ab5a165c290c3e673c3565f571f93d267bee8450c5b3aeed4509c0e96ac8ca9abe76dd676c404068cf159f1d6d0a94e1995a0d8ab827e541a0eeb2163076
-
/data/user/0/com.xgbuy.xg/[email protected]Filesize
6.5MB
MD587cef9b102aaad85568ed5ee5a204093
SHA127adae802d638c1efbe07557afae0f3b1c1ede13
SHA256e9c4e1b3287e667d1999f5c892b93be28b8305bf21eec2da29fd59cfae6bb1c5
SHA5125d0a8805d4fde75e5a9c256ac13015ab15fec4e19e812eabde3f53fb66e678524809d15c928d7afecd9ef47318795aa03ac3dd625a565959f2ccb763ef19d01e
-
/data/user/0/com.xgbuy.xg/[email protected]!classes2.dexFilesize
6.4MB
MD565ed291041391a1b6c0ff144294f991a
SHA14671c8cddbadf45093b4ca5b6b76f136acbfa113
SHA25617566bfa92a31333736ef97ccecf3452705b8c8ebf4b9a76eb3d68d26ab98633
SHA512fc72d30fa6e33ae66bd2fe48947a890e8b4b67612bdf1e9ebd9ff3b4c2ab292a62e51019c6465e9d8b05a8a11059b61a3ebdcf2ee8d8a2b17584d84082d6515b
-
/data/user/0/com.xgbuy.xg/[email protected]!classes3.dexFilesize
1.8MB
MD59aa3ab46eee6fb5cdc33cd55151c1513
SHA1ae69847969f519b4140da13b2b3cfe17aa8d1f5b
SHA25618190b59e0ebf193fe76239b78d50ccd6724a1e90bf7bc992c81d3813f779668
SHA5122f871033d5156d7aec85260b2882e4f402014c022fe68c63095ab5a63a91712051ae6339279d50efbfc4cced73776f8e8a0a275bd05d83cf160122366da29ea0
-
/storage/emulated/0/360/.deviceIdFilesize
48B
MD54c4c5285293d5141f582aefa4e038669
SHA1e01852a72e5a8e6f7d63a21426b515118196047b
SHA25636c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399
-
/storage/emulated/0/360/.iddataFilesize
32B
MD5bada03a432cfd2e5d21786e5a3477fa7
SHA1c15f8d1f6543539bca95138283b6a35ce6322cc5
SHA256e796eb076476a61f6e62d7af26326309bec299da1b491307004b8f3e943d7837
SHA51216a51f49ded006fc35f85650a4ad46f348a9f8b5190ff0c3ee933b00ce7c8cd85342b0d2373bc6ee75441eb2517dbffbd6d288ebe7de1f86bf64299d4db02521