Analysis
-
max time kernel
10s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 08:34
Static task
static1
Behavioral task
behavioral1
Sample
a8c2249bcb3b74db9d777dc2567cb05c_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a8c2249bcb3b74db9d777dc2567cb05c_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a8c2249bcb3b74db9d777dc2567cb05c_JaffaCakes118.apk
-
Size
6.9MB
-
MD5
a8c2249bcb3b74db9d777dc2567cb05c
-
SHA1
cc1dc505cf6949800ef92e1a471846c554479a4f
-
SHA256
b9ffce66df35d35ffa83d15473d834e279ae1c8fe2f8e96d19299a164059b3bd
-
SHA512
dafd91ed5cc668732830ff0184dee8e5d248cccf1cb523bee9c21b877500758b3747c95ced754a52c8e5a987da5df68b231c8e40e114cd434503801e427a2624
-
SSDEEP
196608:+hyzOLUTzVfGrBoA+BJHYUeH0GeKXyNUljDyc5LC6YQJHEpVuq:+hyzOLBrBeli1mUljDyc5LC6YQJHqAq
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.app.zero_sybioc pid process /data/data/com.app.zero_syb/.jiagu/classes.dex 4257 com.app.zero_syb /data/data/com.app.zero_syb/.jiagu/classes.dex!classes2.dex 4257 com.app.zero_syb -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.app.zero_sybdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.app.zero_syb -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.app.zero_sybdescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.app.zero_syb -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.app.zero_sybdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.app.zero_syb -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.app.zero_sybdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.app.zero_syb -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.app.zero_sybdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.app.zero_syb -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.app.zero_sybdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.app.zero_syb -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.app.zero_syb1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.app.zero_syb/.jiagu/classes.dexFilesize
6.3MB
MD56eb92ccf823250024f17be90ee653586
SHA1b1cf7a5a879298a1781a23d31379c0db97629c70
SHA256f07cc3aa2b8c41692ed7ef879f5ee47b253ec92e479c98ad7477a8c6d84952e8
SHA5124bc7d8dc7db3a20d4b4f9706975aba77922766ff62df75166e607065eb9ff01b0d8b333dc88a0ad50b6767d463ca39a21045cf834296d78cce89d358c3d2726f
-
/data/data/com.app.zero_syb/.jiagu/classes.dex!classes2.dexFilesize
1.7MB
MD5ab96f9aaa662b304d027ceee8b40d614
SHA1f4bdea5a0593a81581e76f15104faf1847739968
SHA2567b981fb5ba32a98f3045d1a3928f51cca83d3d0fa2c4131270e081330c6e0696
SHA51273948c8493dc3f1878973703ecfe31fcfd603767d49767bdca1caa90ae7afa7d5c19576c37e7f8f8c1c1ea3c1ab35cf4b77c6680ec74a64a2bfb93ec61fe353e
-
/data/data/com.app.zero_syb/.jiagu/libjiagu.soFilesize
477KB
MD539d77dcad8e2a44dd7226f442b3a6c92
SHA16560fa96c6b5a038abaeee5f139a16e46088d9d7
SHA25699cba035cae818dbdef989e70e738463798528b8ca52dbf38d2b8a72152680c0
SHA5127ddfc6c05839160813e58e8f8c50d2dcda7e7b5e7f1d27cffb802ee91de4bb664bc5c257137d39152ed6e8cad0d3c1b067bf8aeb7e53f884893887b54480a5e5
-
/data/data/com.app.zero_syb/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.app.zero_syb/databases/bugly_db_-journalFilesize
512B
MD5ec2c7b3a8e55464257756600513a5bf6
SHA1ee88f919b8a292a9c2a06ac60ed10d8b8d6dd8e2
SHA256bcd10edc8058e8c0fc061807124a248da0eb7e394eccaf31154f49a5880f0e7e
SHA512cb56fa120fba99c7acba80fff89a2f19d4ffb09541b03c38d99b756bcf62506a2a764bd4593deb3355f44230fe380602db75a7b00c9fadd70b14da3485ce7130
-
/data/data/com.app.zero_syb/databases/bugly_db_-walFilesize
16KB
MD53e718e6ec2e2600ee0ed0f1ebc27f493
SHA12360ab968fa0022fafb280329b673922c89f478d
SHA2565f23af436f0533b3325f88cde30cfb4efcba33adccaed38232392902ebb78b6b
SHA5126c5a72d1934d0ee552fda5a7e373aedde2f1794ea1b512439b99c157ff98bdcd0bf79726f64ce89ccfc86be47a6406e9ddc1e599927bd5345431d9b517274d12
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.acFilesize
32B
MD5d6cded37a04422fbcf11d3ceda3998a0
SHA1695201cab0d380c8d30488b2edd649fe6f045416
SHA25607f8d416456527e0a65ab6e1c433c54a8dd1a66ac1d29462f537eaa1299611ad
SHA512e290903488e19ed9d3fca55513780f046a3d74769c4993d866342e1880f0ed3bde6d05793036abe3f29d5a36c72c9345a2d4651468f9b8468dccfbbd2667ffba
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.icFilesize
32B
MD5e4b19f253aa91a0e968b53227535e2a2
SHA1d5fe0f9fd8cdfc9cb0bbc9ca861e8629ef56dfcb
SHA256ce7002e3b649712f1801152cfb9a433898de075e3199a1d561ff6fd6e7df02f9
SHA512114def9d5b6ed7edd65bf0039b2f996cc6b45233f0f38f5811556bdf2ff3f52fff246d95773e4c07254caf6d4aa3ed5eaf45649dd53259282dc0f1a20b7a2303
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.pkFilesize
32B
MD5a44f5113a8816080e1b2e3efbff8f98d
SHA1008518053b6854959055be1f7dbd9ad4996a15d4
SHA2565ef40840192b1d297add507b8129eb0511e6e23264bafe8d00a9bfeb3ccee9e2
SHA5121b8a63fb6ce5eb0743ac0c34c534255f3ac0f641533a267a96e9affe72e9f22b7eb331cc1745e2c80237ded6d42576c664dc02ed2749bf151c374b8063cc515a
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.pk.hFilesize
64B
MD5a2c924e708404bb4fed5cd7d346bf1d1
SHA185884235845db8b137b252be261d51b9c72a4280
SHA256275c18cf31d3cdc86be1c159e53d94f57b511378c1e3d3e3e47569737b706ea7
SHA51216c392672436741464c898f365c173999fd6dd2beb990718215acbed1f0fbab9ed84896960fec34febafef35d9518791824b524012ced78b0ffb88cc9bf1baa1
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.rdFilesize
73B
MD56b2d97b39ae378b25a6079fc5e5bcd40
SHA180aefa19fdc7c1410482b82a96738fa251c9a5a9
SHA256d5fd13a2614b8635ba962c81fbfe4552cbaf84c07650778e6c712e14651a73f5
SHA51202fc5e7d181e27fa4e40eec2ec63775fb91b64bfda63251d8a01c09bc8b0d981fb8da440b398e28faa8528b2cedb6a6265d07ff76a7d429f79da0ee4f5c57c90
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.riFilesize
307B
MD5db60b4ee9f82666250b9540f5dcb3b4a
SHA1288c72e3b5b1235f93ce2bc66bf6c6cc604c01c4
SHA25657c3e7b1e02a88075d2a766c5396d79b81a818fbe37ce82a0ea646b23176b3ed
SHA512a5e79a2362b1d38ca4e719085bb67135307fa41204b7e028921fa5263748aeed3b896f183f3d113394b0e57aa4a02617537c68b205752fad7ec6b7f42733f60c
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.riFilesize
314B
MD54e740f7f951c716807d3fa2e9ec7c87f
SHA18f4a68e6c1182b514b035da11850816707b035c6
SHA256155f464f78512b2833f3dda5a43250e559c3f591f46eeaedcdb974b79355b4b2
SHA512e948424b12baaee553e58875f271b22b9141d90610bf52fbfc3e539b928ee5620534d8434909f8b2eb824521088a697a99cf44f4ccb1d685ff50fdbe5bd9ac85
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.store.report_pidFilesize
32B
MD5219b2ee2fddba0eecda6949ee0b1fa88
SHA1ac3f3548f7c54f1c911a34278ed0015826e982a5
SHA2563b174890db11c1edb68c4ca391c33a14e1e804bd1fdd1deeb2ab419b03407bdc
SHA512d92476e1d07f93f5e0ba05536e25cc01b87452943955cca9d7efec1ee08533f39a644e4eb5a3bb40c8e9f4f10fb7f5976bfd98f485a1ec133d6b1cd1a45fcd56
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.store.report_pidFilesize
54B
MD5d21fa4f3dc0c01798baa12f61514a752
SHA1cbb6be424c013fa0cbba84fb94ef7b7ac645c941
SHA2561a6a65848ead284af1665b92b9b9b44ea515f546549695fb7d7f60028bb11325
SHA512474f3b7ddb9110b745907499edda325129e71a34d6f9b8a8b584805ee426bf2815a2a75ea50957ba3e309ce9d03183dd77d435b3046e62d2826ffb2f511e2ed3
-
/data/data/com.app.zero_syb/files/.jiagu.lockFilesize
27B
MD52ed4728120f61d318503e46049a62dac
SHA1bc2ba03cd1b65ee155e27f7fdb217ed013031a90
SHA256a267761ad65ec797b64cc540ef6caf2151e9d3b2f2cf01ff718323aed0c227a5
SHA5121a0d9252bbb6ff5c151b3569267cb9798e8c51b6c6da7884094da4647374693c1cd0bdd96996654301298abbd80f1517d0d6664956711d9d95f93545f891e5fa
-
/data/data/com.app.zero_syb/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzU0MDk2ODk3Filesize
1KB
MD52d9b42f3da9e2204b4cb0e6a6d565981
SHA12ddb9dea70173650c0f7b7a6f26b07c2ef713fc6
SHA256da7b576b7aec404243c7f80a16bf7ddbf374296e818e53e3ab909a41cdf07f21
SHA5128351fdb39babd1e0ddf9a1febe2a57846bdb5a2e7801db35581d3cbe6f4e2adebe523af973193ddbdbe113c4c4ba7c5abc277403357e76ffdf88f0e56e374855
-
/data/data/com.app.zero_syb/files/umeng_it.cacheFilesize
415B
MD5dfd0d62e017e3eb92d3e08caa4300e90
SHA1db762d8a097b11a136bbef262681fbfbdb6952cc
SHA25604b4d29759d9fc1cb40496304175f902bf652a435734171bea6ab8b5a77cdb07
SHA5128dc83c099c33b1900c4762847254476c8771489a70142e7c86c9ac7f124640f9959ae0114f84bc18ed816da828d0f21fb4eb7afc43de6177ec8ab3f12a56b213
-
/storage/emulated/0/okHttp_cache/journal.tmpFilesize
36B
MD537e8e716e0e2f4a0b05cd9571d95b84d
SHA1f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA2567080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6