Analysis

  • max time kernel
    178s
  • max time network
    184s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    16-06-2024 21:12

General

  • Target

    b53ae9d9056d5720bfe79dcb4d8e3754_JaffaCakes118.apk

  • Size

    5.5MB

  • MD5

    b53ae9d9056d5720bfe79dcb4d8e3754

  • SHA1

    d302fac379bfb3e4a0c1204fa4e966c40fe88714

  • SHA256

    97d0a3807f2fc67606b83a78037b4c2852c5e34597bb9b1b2230853ca9b87650

  • SHA512

    b527197a3262f9648d495f50a062f2f99b5fd1e6f680b710981dfaecd667dfbe1d388d1313c60b698c598bb3e42236342894392992deadb622b847b25b99c40e

  • SSDEEP

    98304:k4GVnnV128HtONeUWGeuhDOq5BEz5hWgaTOUywOFdmE+O4cNKnV3ueo:k4Gl79sNeYN5+ygm8wOFdYO4cNKnV36

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 8 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.lehuan51.lehuan51
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4172
    • chmod 755 /data/data/com.lehuan51.lehuan51/.jiagu/libjiagu.so
      2⤵
        PID:4196
    • com.lehuan51.lehuan51:mult
      1⤵
      • Loads dropped Dex/Jar
      • Queries information about running processes on the device
      • Queries information about active data network
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      • Uses Crypto APIs (Might try to encrypt user data)
      PID:4279

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.lehuan51.lehuan51/.jiagu/classes.dex

      Filesize

      4.3MB

      MD5

      0a6330eba710c20cc14a2d468bcfa34f

      SHA1

      1b30a7b7799b9f5f5bd4d2e824f7ff8b8fd65921

      SHA256

      e4487764b2fbc79d97b367737370ce97f7be1bd584f469ec3487f94dad7637e7

      SHA512

      d674854e0293a3964ff63564dacc730a7f57462d1ac6459bbd42e9175d3fdfd11e70c53c82de6600ade1f3632e5bfdc9c26931816da0ea74970b47e24c6911a7

    • /data/data/com.lehuan51.lehuan51/.jiagu/classes.dex

      Filesize

      6.9MB

      MD5

      626dae4a2586be7cdbe5f120c002c228

      SHA1

      534054f08745eebd3d9a983080f00aeadac63278

      SHA256

      017aedbda6c38fbf92792addbb0387a10c8c3a9ebf7d8f4c6156c32376262425

      SHA512

      d538f6cd56347961c222c80d3110dffa29e473b4b627979eb04cccccf2be13f586e1395552ef03570597d85e0e93777eb784b0fe6714b16c7f802a38f95bbe1c

    • /data/data/com.lehuan51.lehuan51/.jiagu/classes.dex!classes2.dex

      Filesize

      983KB

      MD5

      702d4e483240f81ee1d255f8e015ba00

      SHA1

      03235e0ccc7b2992bf457e20a8c3ff5e564570c1

      SHA256

      052fca698767e722ea1136376cf4139389a3585ba4d3fe35ed33fcb271f91080

      SHA512

      9cadbe4782e08083653f7f555bd52640c70eb50033bef73547a90a256dbd63980c220ca54595b8f11a55602cf2950c6fdcfe3a2521d4149f8e46fa5d7b3ceb74

    • /data/data/com.lehuan51.lehuan51/.jiagu/libjiagu.so

      Filesize

      454KB

      MD5

      4a453408e767c7470384d0a7454169f2

      SHA1

      9bbaf32ce857bd9d4b82a77c84c2395df9556a3e

      SHA256

      fd26cf273da2889704549a1fac6020ba4e0022f282187db0f0aaf3771b1d3f52

      SHA512

      98e534c96fe08fad56289b74ce12981666fbf3af6346c58d9f8888854c9dfc178363626c2fe00f74a5bbff9222859472197ef69b8c9f46b8fb6bbcae2a07d859

    • /data/data/com.lehuan51.lehuan51/.jiagu/tmp.dex

      Filesize

      284B

      MD5

      f1771b68f5f9b168b79ff59ae2daabe4

      SHA1

      0df6a835559f5c99670214a12700e7d8c28e5a42

      SHA256

      9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

      SHA512

      dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

    • /data/data/com.lehuan51.lehuan51/files/.jglogs/.jg.ac

      Filesize

      32B

      MD5

      3924e1a5472bd9d70afb55e68e59e67e

      SHA1

      cb5aff7e3de925037670c39ca947e42f3e337e45

      SHA256

      121cc5cb416a525d245cab6777c84e86ce25bb55862c4b1b6280a52919e1e9d9

      SHA512

      5eac38bea90b4c098f8db758c229529653cf3b9ab03b3616ba4e7d59e47ef6f85e59ff2f8820f573127fe949b7269fdf7a614eead6e0cf478b40d8fc5771e3b2

    • /data/data/com.lehuan51.lehuan51/files/.jglogs/.jg.di

      Filesize

      340B

      MD5

      176c335375d54949eb89c32ceb6210dd

      SHA1

      23f992946b8f2de1f89e44a58e9dda958c0038e0

      SHA256

      11c5e993ae491d3cd25ee2ac2aa380c55cd0b17bd611b21481a12d47f189d5fc

      SHA512

      f3b3f6fa59f75659477856d8480275b0b74d2bfb1699f0fc93e46f120e5ad9264124cc804a8e7595fc6a13761a05337d928e4df94358702c09272761f0d85b14

    • /data/data/com.lehuan51.lehuan51/files/.jglogs/.jg.ic

      Filesize

      32B

      MD5

      24646cc7b3016ea76c0888d7e1863946

      SHA1

      b43a5e73a1d0f6f836e958e1b8b5631e809a53bd

      SHA256

      860a1df980a42fe4b60d20052a49d0808cafa9826f9bd75c26f42dce5be4a78b

      SHA512

      f5129d707a19008234939544559463e1e15abe9ac7e04d9f8bc0cf1f8f644541de3c1a1fa7d450d599c132aa39d6ed8f355204753636582d097ce8fa7ec3b195

    • /data/data/com.lehuan51.lehuan51/files/.jglogs/.jg.ri

      Filesize

      314B

      MD5

      3c13bb213492c06b79ba5da40fb84449

      SHA1

      c46ae3904d054cf37ba6c574e3da7f25f963b862

      SHA256

      69be268d679b55966a518e90b208d28747afd98347481554dc7d06ad226badf3

      SHA512

      765ae0e4133a356cb8da124f3a114286a08bdbcffb9af6ead238fedf9be73ddb56a8a3749061be5c678dcc0fc29cc0045cd68bbb5f2a2b493f0bd8cc6fbd5ac0

    • /data/data/com.lehuan51.lehuan51/files/.jiagu.lock

      Filesize

      27B

      MD5

      4a0bb68e819e8196c45820e2abb20ba4

      SHA1

      944a4de3132326ad141c3dee6d93379d5fe4966a

      SHA256

      e369b38ec6b74c16d9449f0c0a802bb5ea0d99a4f020ca5edab12e25563ad279

      SHA512

      a5f611839dd5b80b9e11dca21dc67a565142728c4a58a613a2ca4ec8feb93846ff006ab5ff29bcaa3e5a2102ade082c2259f11688c2eb50f2f39f51e6037223c

    • /data/data/com.lehuan51.lehuan51/files/jpush_stat_history_mult/normal/nowrap/b55272ff-d068-495a-a521-13b2c6c138aa

      Filesize

      202B

      MD5

      1e4c0e6c8b2ba89d6787949ce9794e63

      SHA1

      3c15f26c19f87df7ca5c9917d50fb5dddc2d0ed1

      SHA256

      80db7f6a1eacd39d37ca11df1f5be81c649b2efeb5ed2e704a71e2969e73d3bc

      SHA512

      5f8c9f7d01d0f0b055d15a844164c4fdfe124b56fbecc333712c78e7cc87b4e3b9aaf1aa6c56513ffb25bf57dbfb2f265369cdc45d7a22ee1892e3e61842ec89

    • /storage/emulated/0/360/.deviceId

      Filesize

      48B

      MD5

      1d8d16c4e3b19ebf18988530d9b9a757

      SHA1

      bc94c1cce05cd848a53271ecb9c5311e27ffebf5

      SHA256

      abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

      SHA512

      4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

    • /storage/emulated/0/360/.iddata

      Filesize

      32B

      MD5

      3c7be30e3812369e7ffec307a44fa1e8

      SHA1

      8e565e2983d2035f8ef8e33f15dc4fc657bdf53a

      SHA256

      b383f75f946ca42ffd8edcdcf8034d97acca558bbfaaf297e3d75eb86962a1ac

      SHA512

      de3f40ed8cf1732df77619e318adfd8a38db5c91997f5f392febc13d2157c6a98d348fca3ecdefe1a2f1a261a3b4d89be0f1c9851a0729879258ab887dd1c5cf