Analysis
-
max time kernel
7s -
max time network
138s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
14-06-2024 08:34
Static task
static1
Behavioral task
behavioral1
Sample
a8c2249bcb3b74db9d777dc2567cb05c_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a8c2249bcb3b74db9d777dc2567cb05c_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a8c2249bcb3b74db9d777dc2567cb05c_JaffaCakes118.apk
-
Size
6.9MB
-
MD5
a8c2249bcb3b74db9d777dc2567cb05c
-
SHA1
cc1dc505cf6949800ef92e1a471846c554479a4f
-
SHA256
b9ffce66df35d35ffa83d15473d834e279ae1c8fe2f8e96d19299a164059b3bd
-
SHA512
dafd91ed5cc668732830ff0184dee8e5d248cccf1cb523bee9c21b877500758b3747c95ced754a52c8e5a987da5df68b231c8e40e114cd434503801e427a2624
-
SSDEEP
196608:+hyzOLUTzVfGrBoA+BJHYUeH0GeKXyNUljDyc5LC6YQJHEpVuq:+hyzOLBrBeli1mUljDyc5LC6YQJHqAq
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.app.zero_sybioc pid process /data/user/0/com.app.zero_syb/.jiagu/classes.dex 4461 com.app.zero_syb /data/user/0/com.app.zero_syb/.jiagu/classes.dex!classes2.dex 4461 com.app.zero_syb -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.app.zero_sybdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.app.zero_syb -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.app.zero_sybdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.app.zero_syb -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.app.zero_sybdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.app.zero_syb -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.app.zero_sybdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.app.zero_syb -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.app.zero_syb1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.acFilesize
32B
MD5d6cded37a04422fbcf11d3ceda3998a0
SHA1695201cab0d380c8d30488b2edd649fe6f045416
SHA25607f8d416456527e0a65ab6e1c433c54a8dd1a66ac1d29462f537eaa1299611ad
SHA512e290903488e19ed9d3fca55513780f046a3d74769c4993d866342e1880f0ed3bde6d05793036abe3f29d5a36c72c9345a2d4651468f9b8468dccfbbd2667ffba
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.icFilesize
32B
MD5e4b19f253aa91a0e968b53227535e2a2
SHA1d5fe0f9fd8cdfc9cb0bbc9ca861e8629ef56dfcb
SHA256ce7002e3b649712f1801152cfb9a433898de075e3199a1d561ff6fd6e7df02f9
SHA512114def9d5b6ed7edd65bf0039b2f996cc6b45233f0f38f5811556bdf2ff3f52fff246d95773e4c07254caf6d4aa3ed5eaf45649dd53259282dc0f1a20b7a2303
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.pk.hFilesize
32B
MD5a44f5113a8816080e1b2e3efbff8f98d
SHA1008518053b6854959055be1f7dbd9ad4996a15d4
SHA2565ef40840192b1d297add507b8129eb0511e6e23264bafe8d00a9bfeb3ccee9e2
SHA5121b8a63fb6ce5eb0743ac0c34c534255f3ac0f641533a267a96e9affe72e9f22b7eb331cc1745e2c80237ded6d42576c664dc02ed2749bf151c374b8063cc515a
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.rdFilesize
32B
MD5db68b967b9e9cb42ef8ea966dd2037f4
SHA1297195535eb362bd213d59a1b3d2f1ef844ad67e
SHA256d6af70a762c6446c3486190c03ea46c17d2d0ce73639228b85104a5d4818f716
SHA512766a2a1b123744392407c6675b507ab3065bbb8fb2cda18125afc82501d55953801b2b4c05a606c307b9bbc213b4ba1a8813a3928f3ecafec2bf11ce88979094
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.riFilesize
307B
MD54f553a3f0859c25ca7734d66c63953e9
SHA1bc6d2044a9ec03b88872908a588b6b1290df78c4
SHA256a6e684937b3c1b1b076d6da89b59c8c71348260afff801167765acd6f8880301
SHA512da91a137d27256e856c955bb08727fd1cfd501aa079f2380281f95f17cf437f27aa1bbcd4cee1dc062b639d2c60fd3f4510779224b8e3a9051f86a324e27f860
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.riFilesize
314B
MD573be6df4462d3b3afa45906e4ad641c2
SHA106d8307ed13d73e6ea014ecaa7305c449b81e1dd
SHA256b99dfb22a898db1330f08d9005183b543de3148fe628cc0103c44e18f784da8c
SHA512e1b8a50fbdadf5a284ef56ef6d8971546a608f425cf44ae8ad7c99c331a015dd08501a171ce5fe416828e584f198fb09d838f29f0d549cda60c6e41a4d39c3ea
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.store.report_pidFilesize
32B
MD5219b2ee2fddba0eecda6949ee0b1fa88
SHA1ac3f3548f7c54f1c911a34278ed0015826e982a5
SHA2563b174890db11c1edb68c4ca391c33a14e1e804bd1fdd1deeb2ab419b03407bdc
SHA512d92476e1d07f93f5e0ba05536e25cc01b87452943955cca9d7efec1ee08533f39a644e4eb5a3bb40c8e9f4f10fb7f5976bfd98f485a1ec133d6b1cd1a45fcd56
-
/data/data/com.app.zero_syb/files/.jglogs/.jg.store.report_pidFilesize
54B
MD5d21fa4f3dc0c01798baa12f61514a752
SHA1cbb6be424c013fa0cbba84fb94ef7b7ac645c941
SHA2561a6a65848ead284af1665b92b9b9b44ea515f546549695fb7d7f60028bb11325
SHA512474f3b7ddb9110b745907499edda325129e71a34d6f9b8a8b584805ee426bf2815a2a75ea50957ba3e309ce9d03183dd77d435b3046e62d2826ffb2f511e2ed3
-
/data/data/com.app.zero_syb/files/.jiagu.lockFilesize
27B
MD542fcc58ceed7090912c27a8b47620604
SHA13b2645aef51eb84bf227b7b3fee19798d5ca97fb
SHA256be574510e964ee4ea269f3f197e65b42be32f7bedd1489e62918e77b8b8b2507
SHA5120ca84232779c45ed5a6327b3f3d4f832c497beafce9b179fb20dd0a5f9ea0ddf8fba2063ff596f89d06d4833d9cc5612b7f9b865cea4c7f627544ec0a10b5167
-
/data/user/0/com.app.zero_syb/.jiagu/classes.dexFilesize
6.3MB
MD56eb92ccf823250024f17be90ee653586
SHA1b1cf7a5a879298a1781a23d31379c0db97629c70
SHA256f07cc3aa2b8c41692ed7ef879f5ee47b253ec92e479c98ad7477a8c6d84952e8
SHA5124bc7d8dc7db3a20d4b4f9706975aba77922766ff62df75166e607065eb9ff01b0d8b333dc88a0ad50b6767d463ca39a21045cf834296d78cce89d358c3d2726f
-
/data/user/0/com.app.zero_syb/.jiagu/classes.dex!classes2.dexFilesize
1.7MB
MD5ab96f9aaa662b304d027ceee8b40d614
SHA1f4bdea5a0593a81581e76f15104faf1847739968
SHA2567b981fb5ba32a98f3045d1a3928f51cca83d3d0fa2c4131270e081330c6e0696
SHA51273948c8493dc3f1878973703ecfe31fcfd603767d49767bdca1caa90ae7afa7d5c19576c37e7f8f8c1c1ea3c1ab35cf4b77c6680ec74a64a2bfb93ec61fe353e
-
/data/user/0/com.app.zero_syb/.jiagu/libjiagu.soFilesize
477KB
MD539d77dcad8e2a44dd7226f442b3a6c92
SHA16560fa96c6b5a038abaeee5f139a16e46088d9d7
SHA25699cba035cae818dbdef989e70e738463798528b8ca52dbf38d2b8a72152680c0
SHA5127ddfc6c05839160813e58e8f8c50d2dcda7e7b5e7f1d27cffb802ee91de4bb664bc5c257137d39152ed6e8cad0d3c1b067bf8aeb7e53f884893887b54480a5e5