bfb95983427c97c068b566af3ef5264e84533a6d25a73d22924cd1c22c220f49

Analysis

max time kernel
6s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab7c2f4c1f1a30a64bad9ebf0021ec29_JaffaCakes118.apk
Size

9.3MB
MD5

ab7c2f4c1f1a30a64bad9ebf0021ec29
SHA1

22fbe944d6597c1da7850d3b443ab948dbfba207
SHA256

bfb95983427c97c068b566af3ef5264e84533a6d25a73d22924cd1c22c220f49
SHA512

c03c6f7ee11299e1e03c670a85f2e6c97f0b1da7169dd69d3ec96dd18cbaf464faefd5a30c9a5b9bb6c229a4a0bcf325e53e6d8eeb12ede34beda5afc3549ba3
SSDEEP

196608:5C4kLGCdmKUImu0aYreisb3n1ULrhXHr0qY1TlplHl+dt1TS:5AGCcIapKisDnKNHKHlHGP2

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.jtjsb.retailmsg
/system/bin/su	com.jtjsb.retailmsg

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.jtjsb.retailmsg/.jiagu/classes.dex	4236	com.jtjsb.retailmsg
/data/data/com.jtjsb.retailmsg/.jiagu/classes.dex!classes2.dex	4236	com.jtjsb.retailmsg
/data/data/com.jtjsb.retailmsg/.jiagu/tmp.dex	4236	com.jtjsb.retailmsg
/data/data/com.jtjsb.retailmsg/.jiagu/tmp.dex	4300	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jtjsb.retailmsg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.jtjsb.retailmsg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.jtjsb.retailmsg/.jiagu/tmp.dex	4236	com.jtjsb.retailmsg

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jtjsb.retailmsg

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jtjsb.retailmsg

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jtjsb.retailmsg

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.jtjsb.retailmsg

com.jtjsb.retailmsg
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4236
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jtjsb.retailmsg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.jtjsb.retailmsg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4300

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jtjsb.retailmsg/.jiagu/classes.dex

Filesize
5.9MB

MD5
672a00fea9fed9993b0bd6124a0da9ab

SHA1
34430656e7ffd41eb10665d44942556c3935d84a

SHA256
350e9be1f2cb831d9075dc93afaf604418018b482f4c700258f964c9be29cf7f

SHA512
3a5706a424ca146a9cf3a738aabd120e42681ee2faa3bfb2a63dc7a0ba6823594a757386097ac2dfdcb9ffa43003e8b4b8bac124f8221fc1d212809ecbc7dfcc

Download Submit
/data/data/com.jtjsb.retailmsg/.jiagu/classes.dex!classes2.dex

Filesize
1.8MB

MD5
7680b3abd3cd14a8f486958ba441c95e

SHA1
a1ce929e08199d7a5bb0ad4d60d4d953866dd783

SHA256
62316df875dadb637f10b881546468a3ebba934c2636d36b6367ff53ae52da5c

SHA512
6ddd89585f465d799c5b580f4ac6fe9cc2e9809aa9b1061e772d23738b2984856373cda75574bb5971aa8725d69bf909b36ca7e1a488d0c0a5897357077ddb30

Download Submit
/data/data/com.jtjsb.retailmsg/.jiagu/libjiagu.so

Filesize
558KB

MD5
98736de515958ae37ae93a0a0e997098

SHA1
72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

SHA256
335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

SHA512
cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Download Submit
/data/data/com.jtjsb.retailmsg/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.jtjsb.retailmsg/databases/bytedance_downloader.db-journal

Filesize
512B

MD5
e9f88cf9cabf030c6616253620bec802

SHA1
bd1e143dc9e3bd243144a90f2eedcc7212233cda

SHA256
2eab7194947d7d9ff9c06057a23574214bee3e9b0c51a17dc56e8994c909b309

SHA512
080dc85a2df25170b76a2896f3f05947fae8371f48cc81396a7d4691212433fce7750e6301c47efab2035fd262865ab517ea3a8d6b61cd3645006a70711c86a3

Download Submit
/data/data/com.jtjsb.retailmsg/files/.jglogs/.jg.ac

Filesize
32B

MD5
3e540c2a58e07f45d6b24b917439308c

SHA1
87916369aeeb45cf0683e4db78d7c6e30057b160

SHA256
c2c2816be6e9f1b17fa9f58e07f822fdd8ae1a35387ac59880e529f05e4e821a

SHA512
fc7de1111acac14f86fab57220f649eaad8a5984b8cf46a3fbb82d26d7e7645c2ba128fbda5dfaa84c8774d293bb8da2d91b036de61af9467251efca610f2aff

Download Submit
/data/data/com.jtjsb.retailmsg/files/.jglogs/.jg.ic

Filesize
32B

MD5
7f203d3643f82fde9f75fffd310f3d15

SHA1
03efb3b5357682cd8b187c365d7176b1959dde77

SHA256
b582738664a436f35ca6f970e55a6a7274787ab02a1da8d776efb5df08b725f5

SHA512
6d5df01653749eb0871201c61e1627b52beb281e091905541f4662437131a7144cb2795ad78b9de8db47b07e3be66acc92c8072c8fa5cfc12016975d52c4877c

Download Submit
/data/data/com.jtjsb.retailmsg/files/.jglogs/.jg.pk

Filesize
32B

MD5
207cf8403eee2476e912e0f58fb75158

SHA1
b6d31440020b1aa5f7348ea5ac69324cb69801bf

SHA256
59ca0d5226d5da4db2265afce1a9ac55f5bd1635284d0f11663375c1b671539e

SHA512
19f3a4b7d9ed29cf74d4de485052f604309a0411e9e26999cbb744fe994108e025693f064a33eefbc47a92986e66628e760eaf5f651e34e0f6d19624aa0caefb

Download Submit
/data/data/com.jtjsb.retailmsg/files/.jglogs/.jg.pk.h

Filesize
64B

MD5
b2cd5eb2897e2a04e169ebfc09fccfd1

SHA1
e6485107bae43352e883e5a04b2c89595deddb64

SHA256
9b5777f58de27e1beb6ad7c5353ef4bead7d2b19e4ae8eb5b2f67fb140ee929f

SHA512
ada43ba60d431044cf9d16f2ae8e8cce0e948e8df2fc65a6356b56430e9cf202b8f87a00196185be86b5a3c7f2ca0f7df8c0ec8934e32d17b7bab0262064909a

Download Submit
/data/data/com.jtjsb.retailmsg/files/.jglogs/.jg.rd

Filesize
32B

MD5
319e7a7b701020bcf0ca69727bc3d2ce

SHA1
f5d4e309c9bf9461c7ef4aedc7d057a5cccfc46a

SHA256
69b08ef824998be4db00929639b39990cd5ca3294d647fd6dbc191701169e2c2

SHA512
f260ff2bb7b849f7ba4826fd99b57d63e73a29bff33581e295e85f93bee6ce9b1b0ecf43f9805581d24e8a746c71664dcfcc7a137b52c4dea43393873172ce06

Download Submit
/data/data/com.jtjsb.retailmsg/files/.jglogs/.jg.ri

Filesize
314B

MD5
545137fb404e2fa09c70a600fa0d676c

SHA1
8a1dc0493e8e9171188ffebc7d93acf8a72ccd19

SHA256
d5f750999555f3b4a10e7490d1a19d04be2a7c0d045d6becedd41d52ad8afb74

SHA512
54a71465409b9b2eef2cec4ab066d26d67659aa42e735085deda71390ad789879f70dd02798dfad8e1e0df5583da61243c1b3701cc9795558b87b98535cfd88e

Download Submit
/data/data/com.jtjsb.retailmsg/files/.jglogs/.jg.ri

Filesize
307B

MD5
020583363c25040dc5e4ad9388efff7d

SHA1
c76c33efcd90c4c0ee69a4fa8d0dce43fccb5d08

SHA256
569277aa3ebbbe64cabf46f8816d6e095c935766ac34dee5289fbec829a4e0cf

SHA512
cebb91d9decdeed6e32ed9d8ba1a1a4b5b688dd0c854fefce5151d71741076ece8500f83f599f998837f45b0a3df58e107acd0049f2357f3ebf40b5f51b8fba7

Download Submit
/data/data/com.jtjsb.retailmsg/files/.jglogs/.jg.ri

Filesize
307B

MD5
cc33ec3724d94147f2097836005b1d87

SHA1
f826470d0910872d67753249ae79defca696e157

SHA256
c63d66e0920191b6c735d3eb3e9a171e9ae4a30b3f961c029113746e3a84eeae

SHA512
d06c612eeb042bbcd3ac22b4d35da79691d72f69c4e045c48de7efa88a7c473beeff9f5a4b3e3e79996afbcd344390db2409c18bd381dc11c819c48cadd908bb

Download Submit
/data/data/com.jtjsb.retailmsg/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
a656096d71e16dce0b3f0f98ef4e6b96

SHA1
dbc27a30b9476f35b9ebc67ee67b616a847a8edd

SHA256
8b46374a21e1f34926b8116763942ea2a8ee8ceb4d0aa4399591c09debf5cd14

SHA512
076308c430332b31937abba289f0c2d6797e93bc05326f0b9ff385c3dc158c03c426607231768ddc56db2d39da2f76eef17914b7a9430d752c9001ab21c02a1d

Download Submit
/data/data/com.jtjsb.retailmsg/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
822b5b8fd8793222117421f429cfb318

SHA1
5ea1e016c188400290152b1937f18e08661b3b9b

SHA256
810de9e67859758ee0993a4ded3016ab0e60684e45ee7d541a9bee08656c4554

SHA512
8a2cb85effa593f1fa5aba2e7b82ef4c6759326b21d94b3a96487a45a99e6c0118d4eeff043394d4973cb408918d5dce2a0a3e10227653475e5352f33a8bcfeb

Download Submit
/data/data/com.jtjsb.retailmsg/files/.jiagu.lock

Filesize
27B

MD5
763fd32befe305afd1b6f8302a64e3cf

SHA1
3d6933c6218af5e55087e2de9de6ed1487fbb28e

SHA256
469525d5bae5f83ee299dbb1ad1615e26f0bd162f1ce4b34e82818e1bd122cf9

SHA512
ccda8e52fd4a1a875a6e537d066b76fd4f8e0d57a94cb17e96593cea5f2e56cf5f436a867204b0dcee9aa33fd37030d689aa3ba8582d5614e5977786d4333011

Download Submit
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat

Filesize
36B

MD5
cfc3c3a6436577b4023c45b0fc81a67f

SHA1
3a8a369139c92695dc215de4d908aad81b57b9ac

SHA256
2eb98375cd53faa53c85c1fa25386b32eaf5e5a88d3a5f4dbb2915bd51f16916

SHA512
5de1fe9f6be4a23696b8e942ab8d11aac0141590311fbc8561c9485b04c28cbde583135efd35d7b64298dfbc0e819dacb2b13d6d50aa31aa8c072ec1bb64c5e3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads