87502e17aeb013d0b9355bd5ff796b52d212ba15b45a2067c07904c6e9414bc0

Analysis

max time kernel
8s
max time network
149s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
16/06/2024, 15:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b429a31483d8ea1d1e0adac8cd5f22b3_JaffaCakes118.apk
Size

9.4MB
MD5

b429a31483d8ea1d1e0adac8cd5f22b3
SHA1

488d020e263933a57adc29e9479f1858bb994f21
SHA256

87502e17aeb013d0b9355bd5ff796b52d212ba15b45a2067c07904c6e9414bc0
SHA512

0fd0bf6948aac8826177014cc18b5f57bb28e010077f3927a5debea037b586dd4d35a767e9f1e3926a214ea3c380392f347611aa7a23c5af00ea07b0c5c249fa
SSDEEP

196608:6+zXghiYzi1qW7INRSa1A46HSiFbzreMd4jkpflicFg:6NMYze7iZ1cyiN66Zfwgg

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.lantouzi.app/[email protected]	5119	com.lantouzi.app
/data/user/0/com.lantouzi.app/[email protected]!classes2.dex	5119	com.lantouzi.app

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lantouzi.app

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lantouzi.app

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.lantouzi.app

com.lantouzi.app
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5119

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lantouzi.app/.jiagu/classes.dex

Filesize
3.0MB

MD5
f979728d0af17dbffb6d8645710906f6

SHA1
637e76de643220030b89e564113f0492d4411799

SHA256
a01886fa4273a041f6bd0547ea0d6192a61d3df840df8314303c90491c4f47d4

SHA512
86e7f56e512321f425538a2cf998468a7ca0b0eb76050fe2ed47b91b8f47e9bfaff37498468e4259d5e31b8d72ec9ad4ae720d418b6f79f8094f74a15fd1b4ff

Download Submit
/data/data/com.lantouzi.app/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.lantouzi.app/files/.jglogs/.jg.di

Filesize
340B

MD5
390bbee8234b4f1ffee48c481f5e2d5f

SHA1
b6ffc831889c827d4879c2d766e4c3f02cdee6cb

SHA256
7e1ea7f8f31961faa02ac1f4ab9cc8a9a811c503885f8f858964fb78770a8990

SHA512
29a9292c670f095f8fbe97a14de83d2d306fbc10ee630bd1c83cd6a42a9a89c58fb909c6773c83c7c0f0c0045edca1793fa76a70f1ce5d990448c76f311ea24c

Download Submit
/data/data/com.lantouzi.app/files/.jglogs/.jg.ri

Filesize
314B

MD5
73f784eadc8f78b3d98f27ca3c0213c2

SHA1
0a9d72c73a9e986d552e3f92e583409e63c41e8a

SHA256
0f543e7e0527e759a5f079df9c4e230b3cfb5cf5f51ab86d75bacbaa73a8b48d

SHA512
afb7ffd79826690543e1a56b88b291aba67e7bdd366e58737d060a49cf9e4c0ff8b23f7eaa4a8e61136cbcbc91e32ffdc00e92c8f879cc31d083c7ee00840ff6

Download Submit
/data/data/com.lantouzi.app/files/.jiagu.lock

Filesize
27B

MD5
0dd3ea4fe60922fecd3cf07478630273

SHA1
e5369f74ddce04aa7614f35447220223a0f534f4

SHA256
218c25d771680e0898fabd9c9c44dcbdd70e023a8478b3aa4f8988aae5972a9a

SHA512
81066d5ed9fe44f073817cc740549175cd721d000f87e8294f60cea0dea681da0cdffb7c958bcd0b7b09c81d8fa2ef95858cb5f6ed9ac66a961790c93d3511b5

Download Submit
/data/user/0/com.lantouzi.app/[email protected]

Filesize
5.3MB

MD5
dbc9df2e2dd7c315b8016a056e7cb47a

SHA1
a2f29ab814e62d4b84ea56f4191ded21db2208d0

SHA256
4bbcc7a28a1abcf60d31af9669cccf72e3e6159b8f4563fc765b5d07c769812c

SHA512
8d745cbbd3d8aefe5e93f9c16dd95f99a390a17956ce4f30a94f92442c4ce134db2020533d81cccc4afa97e0b380d6f16186a454b2bf11c8633f7e8265d544d8

Download Submit
/data/user/0/com.lantouzi.app/[email protected]!classes2.dex

Filesize
1.9MB

MD5
a532eac8233a7c21be81d03a2759e659

SHA1
19534f037cdfb465e0883e758b33a808c51b48ab

SHA256
a62f554f6e677cd6a48d96fe231dbfcfa1b7d76f222893b3606235dc8a978fa8

SHA512
2789f21d2b1dab6c5f5d6826e8328cf90152c4f344ca44dd68bbcf6e4942c561cfd6430a7ec8f56c86c755b1a27d42988ba8cc687ebaeca4ba94f26a3c1cf296

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
fd179bebade515b4977ffe38470b1e14

SHA1
52ee68365c59d352ad6049ef70ba4d91c23fa8a7

SHA256
f16e164f5fc8a3a43b48d3c25a94a3f10802a1f93ffd92b518f518ea96f089bf

SHA512
c78052eb654c9e51b9b71721936606b379be833e8b26231d76a464645e2fce6e4ba48e225456b2f380cb6d89e8a9766e312179df30e51921ea26fe36c1cd06e8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads