Analysis

  • max time kernel
    7s
  • max time network
    138s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    14-06-2024 08:34

General

  • Target

    a8c2249bcb3b74db9d777dc2567cb05c_JaffaCakes118.apk

  • Size

    6.9MB

  • MD5

    a8c2249bcb3b74db9d777dc2567cb05c

  • SHA1

    cc1dc505cf6949800ef92e1a471846c554479a4f

  • SHA256

    b9ffce66df35d35ffa83d15473d834e279ae1c8fe2f8e96d19299a164059b3bd

  • SHA512

    dafd91ed5cc668732830ff0184dee8e5d248cccf1cb523bee9c21b877500758b3747c95ced754a52c8e5a987da5df68b231c8e40e114cd434503801e427a2624

  • SSDEEP

    196608:+hyzOLUTzVfGrBoA+BJHYUeH0GeKXyNUljDyc5LC6YQJHEpVuq:+hyzOLBrBeli1mUljDyc5LC6YQJHqAq

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.app.zero_syb
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Checks CPU information
    PID:4461

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.app.zero_syb/files/.jglogs/.jg.ac
    Filesize

    32B

    MD5

    d6cded37a04422fbcf11d3ceda3998a0

    SHA1

    695201cab0d380c8d30488b2edd649fe6f045416

    SHA256

    07f8d416456527e0a65ab6e1c433c54a8dd1a66ac1d29462f537eaa1299611ad

    SHA512

    e290903488e19ed9d3fca55513780f046a3d74769c4993d866342e1880f0ed3bde6d05793036abe3f29d5a36c72c9345a2d4651468f9b8468dccfbbd2667ffba

  • /data/data/com.app.zero_syb/files/.jglogs/.jg.ic
    Filesize

    32B

    MD5

    e4b19f253aa91a0e968b53227535e2a2

    SHA1

    d5fe0f9fd8cdfc9cb0bbc9ca861e8629ef56dfcb

    SHA256

    ce7002e3b649712f1801152cfb9a433898de075e3199a1d561ff6fd6e7df02f9

    SHA512

    114def9d5b6ed7edd65bf0039b2f996cc6b45233f0f38f5811556bdf2ff3f52fff246d95773e4c07254caf6d4aa3ed5eaf45649dd53259282dc0f1a20b7a2303

  • /data/data/com.app.zero_syb/files/.jglogs/.jg.pk.h
    Filesize

    32B

    MD5

    a44f5113a8816080e1b2e3efbff8f98d

    SHA1

    008518053b6854959055be1f7dbd9ad4996a15d4

    SHA256

    5ef40840192b1d297add507b8129eb0511e6e23264bafe8d00a9bfeb3ccee9e2

    SHA512

    1b8a63fb6ce5eb0743ac0c34c534255f3ac0f641533a267a96e9affe72e9f22b7eb331cc1745e2c80237ded6d42576c664dc02ed2749bf151c374b8063cc515a

  • /data/data/com.app.zero_syb/files/.jglogs/.jg.rd
    Filesize

    32B

    MD5

    db68b967b9e9cb42ef8ea966dd2037f4

    SHA1

    297195535eb362bd213d59a1b3d2f1ef844ad67e

    SHA256

    d6af70a762c6446c3486190c03ea46c17d2d0ce73639228b85104a5d4818f716

    SHA512

    766a2a1b123744392407c6675b507ab3065bbb8fb2cda18125afc82501d55953801b2b4c05a606c307b9bbc213b4ba1a8813a3928f3ecafec2bf11ce88979094

  • /data/data/com.app.zero_syb/files/.jglogs/.jg.ri
    Filesize

    307B

    MD5

    4f553a3f0859c25ca7734d66c63953e9

    SHA1

    bc6d2044a9ec03b88872908a588b6b1290df78c4

    SHA256

    a6e684937b3c1b1b076d6da89b59c8c71348260afff801167765acd6f8880301

    SHA512

    da91a137d27256e856c955bb08727fd1cfd501aa079f2380281f95f17cf437f27aa1bbcd4cee1dc062b639d2c60fd3f4510779224b8e3a9051f86a324e27f860

  • /data/data/com.app.zero_syb/files/.jglogs/.jg.ri
    Filesize

    314B

    MD5

    73be6df4462d3b3afa45906e4ad641c2

    SHA1

    06d8307ed13d73e6ea014ecaa7305c449b81e1dd

    SHA256

    b99dfb22a898db1330f08d9005183b543de3148fe628cc0103c44e18f784da8c

    SHA512

    e1b8a50fbdadf5a284ef56ef6d8971546a608f425cf44ae8ad7c99c331a015dd08501a171ce5fe416828e584f198fb09d838f29f0d549cda60c6e41a4d39c3ea

  • /data/data/com.app.zero_syb/files/.jglogs/.jg.store.report_pid
    Filesize

    32B

    MD5

    219b2ee2fddba0eecda6949ee0b1fa88

    SHA1

    ac3f3548f7c54f1c911a34278ed0015826e982a5

    SHA256

    3b174890db11c1edb68c4ca391c33a14e1e804bd1fdd1deeb2ab419b03407bdc

    SHA512

    d92476e1d07f93f5e0ba05536e25cc01b87452943955cca9d7efec1ee08533f39a644e4eb5a3bb40c8e9f4f10fb7f5976bfd98f485a1ec133d6b1cd1a45fcd56

  • /data/data/com.app.zero_syb/files/.jglogs/.jg.store.report_pid
    Filesize

    54B

    MD5

    d21fa4f3dc0c01798baa12f61514a752

    SHA1

    cbb6be424c013fa0cbba84fb94ef7b7ac645c941

    SHA256

    1a6a65848ead284af1665b92b9b9b44ea515f546549695fb7d7f60028bb11325

    SHA512

    474f3b7ddb9110b745907499edda325129e71a34d6f9b8a8b584805ee426bf2815a2a75ea50957ba3e309ce9d03183dd77d435b3046e62d2826ffb2f511e2ed3

  • /data/data/com.app.zero_syb/files/.jiagu.lock
    Filesize

    27B

    MD5

    42fcc58ceed7090912c27a8b47620604

    SHA1

    3b2645aef51eb84bf227b7b3fee19798d5ca97fb

    SHA256

    be574510e964ee4ea269f3f197e65b42be32f7bedd1489e62918e77b8b8b2507

    SHA512

    0ca84232779c45ed5a6327b3f3d4f832c497beafce9b179fb20dd0a5f9ea0ddf8fba2063ff596f89d06d4833d9cc5612b7f9b865cea4c7f627544ec0a10b5167

  • /data/user/0/com.app.zero_syb/.jiagu/classes.dex
    Filesize

    6.3MB

    MD5

    6eb92ccf823250024f17be90ee653586

    SHA1

    b1cf7a5a879298a1781a23d31379c0db97629c70

    SHA256

    f07cc3aa2b8c41692ed7ef879f5ee47b253ec92e479c98ad7477a8c6d84952e8

    SHA512

    4bc7d8dc7db3a20d4b4f9706975aba77922766ff62df75166e607065eb9ff01b0d8b333dc88a0ad50b6767d463ca39a21045cf834296d78cce89d358c3d2726f

  • /data/user/0/com.app.zero_syb/.jiagu/classes.dex!classes2.dex
    Filesize

    1.7MB

    MD5

    ab96f9aaa662b304d027ceee8b40d614

    SHA1

    f4bdea5a0593a81581e76f15104faf1847739968

    SHA256

    7b981fb5ba32a98f3045d1a3928f51cca83d3d0fa2c4131270e081330c6e0696

    SHA512

    73948c8493dc3f1878973703ecfe31fcfd603767d49767bdca1caa90ae7afa7d5c19576c37e7f8f8c1c1ea3c1ab35cf4b77c6680ec74a64a2bfb93ec61fe353e

  • /data/user/0/com.app.zero_syb/.jiagu/libjiagu.so
    Filesize

    477KB

    MD5

    39d77dcad8e2a44dd7226f442b3a6c92

    SHA1

    6560fa96c6b5a038abaeee5f139a16e46088d9d7

    SHA256

    99cba035cae818dbdef989e70e738463798528b8ca52dbf38d2b8a72152680c0

    SHA512

    7ddfc6c05839160813e58e8f8c50d2dcda7e7b5e7f1d27cffb802ee91de4bb664bc5c257137d39152ed6e8cad0d3c1b067bf8aeb7e53f884893887b54480a5e5