Analysis
-
max time kernel
178s -
max time network
184s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
16-06-2024 21:12
Static task
static1
Behavioral task
behavioral1
Sample
b53ae9d9056d5720bfe79dcb4d8e3754_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
b53ae9d9056d5720bfe79dcb4d8e3754_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
b53ae9d9056d5720bfe79dcb4d8e3754_JaffaCakes118.apk
-
Size
5.5MB
-
MD5
b53ae9d9056d5720bfe79dcb4d8e3754
-
SHA1
d302fac379bfb3e4a0c1204fa4e966c40fe88714
-
SHA256
97d0a3807f2fc67606b83a78037b4c2852c5e34597bb9b1b2230853ca9b87650
-
SHA512
b527197a3262f9648d495f50a062f2f99b5fd1e6f680b710981dfaecd667dfbe1d388d1313c60b698c598bb3e42236342894392992deadb622b847b25b99c40e
-
SSDEEP
98304:k4GVnnV128HtONeUWGeuhDOq5BEz5hWgaTOUywOFdmE+O4cNKnV3ueo:k4Gl79sNeYN5+ygm8wOFdYO4cNKnV36
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 8 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.lehuan51.lehuan51/.jiagu/classes.dex 4172 com.lehuan51.lehuan51 /data/data/com.lehuan51.lehuan51/.jiagu/classes.dex!classes2.dex 4172 com.lehuan51.lehuan51 /data/data/com.lehuan51.lehuan51/.jiagu/tmp.dex 4172 com.lehuan51.lehuan51 /data/data/com.lehuan51.lehuan51/.jiagu/tmp.dex 4172 com.lehuan51.lehuan51 /data/data/com.lehuan51.lehuan51/.jiagu/classes.dex 4279 com.lehuan51.lehuan51:mult /data/data/com.lehuan51.lehuan51/.jiagu/classes.dex!classes2.dex 4279 com.lehuan51.lehuan51:mult /data/data/com.lehuan51.lehuan51/.jiagu/tmp.dex 4279 com.lehuan51.lehuan51:mult /data/data/com.lehuan51.lehuan51/.jiagu/tmp.dex 4279 com.lehuan51.lehuan51:mult -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.lehuan51.lehuan51 Framework service call android.app.IActivityManager.getRunningAppProcesses com.lehuan51.lehuan51:mult -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.lehuan51.lehuan51 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.lehuan51.lehuan51:mult -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lehuan51.lehuan51 -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.lehuan51.lehuan51 Framework service call android.app.IActivityManager.registerReceiver com.lehuan51.lehuan51:mult -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.lehuan51.lehuan51 Framework API call javax.crypto.Cipher.doFinal com.lehuan51.lehuan51:mult
Processes
-
com.lehuan51.lehuan511⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4172 -
chmod 755 /data/data/com.lehuan51.lehuan51/.jiagu/libjiagu.so2⤵PID:4196
-
-
com.lehuan51.lehuan51:mult1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4279
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.3MB
MD50a6330eba710c20cc14a2d468bcfa34f
SHA11b30a7b7799b9f5f5bd4d2e824f7ff8b8fd65921
SHA256e4487764b2fbc79d97b367737370ce97f7be1bd584f469ec3487f94dad7637e7
SHA512d674854e0293a3964ff63564dacc730a7f57462d1ac6459bbd42e9175d3fdfd11e70c53c82de6600ade1f3632e5bfdc9c26931816da0ea74970b47e24c6911a7
-
Filesize
6.9MB
MD5626dae4a2586be7cdbe5f120c002c228
SHA1534054f08745eebd3d9a983080f00aeadac63278
SHA256017aedbda6c38fbf92792addbb0387a10c8c3a9ebf7d8f4c6156c32376262425
SHA512d538f6cd56347961c222c80d3110dffa29e473b4b627979eb04cccccf2be13f586e1395552ef03570597d85e0e93777eb784b0fe6714b16c7f802a38f95bbe1c
-
Filesize
983KB
MD5702d4e483240f81ee1d255f8e015ba00
SHA103235e0ccc7b2992bf457e20a8c3ff5e564570c1
SHA256052fca698767e722ea1136376cf4139389a3585ba4d3fe35ed33fcb271f91080
SHA5129cadbe4782e08083653f7f555bd52640c70eb50033bef73547a90a256dbd63980c220ca54595b8f11a55602cf2950c6fdcfe3a2521d4149f8e46fa5d7b3ceb74
-
Filesize
454KB
MD54a453408e767c7470384d0a7454169f2
SHA19bbaf32ce857bd9d4b82a77c84c2395df9556a3e
SHA256fd26cf273da2889704549a1fac6020ba4e0022f282187db0f0aaf3771b1d3f52
SHA51298e534c96fe08fad56289b74ce12981666fbf3af6346c58d9f8888854c9dfc178363626c2fe00f74a5bbff9222859472197ef69b8c9f46b8fb6bbcae2a07d859
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
32B
MD53924e1a5472bd9d70afb55e68e59e67e
SHA1cb5aff7e3de925037670c39ca947e42f3e337e45
SHA256121cc5cb416a525d245cab6777c84e86ce25bb55862c4b1b6280a52919e1e9d9
SHA5125eac38bea90b4c098f8db758c229529653cf3b9ab03b3616ba4e7d59e47ef6f85e59ff2f8820f573127fe949b7269fdf7a614eead6e0cf478b40d8fc5771e3b2
-
Filesize
340B
MD5176c335375d54949eb89c32ceb6210dd
SHA123f992946b8f2de1f89e44a58e9dda958c0038e0
SHA25611c5e993ae491d3cd25ee2ac2aa380c55cd0b17bd611b21481a12d47f189d5fc
SHA512f3b3f6fa59f75659477856d8480275b0b74d2bfb1699f0fc93e46f120e5ad9264124cc804a8e7595fc6a13761a05337d928e4df94358702c09272761f0d85b14
-
Filesize
32B
MD524646cc7b3016ea76c0888d7e1863946
SHA1b43a5e73a1d0f6f836e958e1b8b5631e809a53bd
SHA256860a1df980a42fe4b60d20052a49d0808cafa9826f9bd75c26f42dce5be4a78b
SHA512f5129d707a19008234939544559463e1e15abe9ac7e04d9f8bc0cf1f8f644541de3c1a1fa7d450d599c132aa39d6ed8f355204753636582d097ce8fa7ec3b195
-
Filesize
314B
MD53c13bb213492c06b79ba5da40fb84449
SHA1c46ae3904d054cf37ba6c574e3da7f25f963b862
SHA25669be268d679b55966a518e90b208d28747afd98347481554dc7d06ad226badf3
SHA512765ae0e4133a356cb8da124f3a114286a08bdbcffb9af6ead238fedf9be73ddb56a8a3749061be5c678dcc0fc29cc0045cd68bbb5f2a2b493f0bd8cc6fbd5ac0
-
Filesize
27B
MD54a0bb68e819e8196c45820e2abb20ba4
SHA1944a4de3132326ad141c3dee6d93379d5fe4966a
SHA256e369b38ec6b74c16d9449f0c0a802bb5ea0d99a4f020ca5edab12e25563ad279
SHA512a5f611839dd5b80b9e11dca21dc67a565142728c4a58a613a2ca4ec8feb93846ff006ab5ff29bcaa3e5a2102ade082c2259f11688c2eb50f2f39f51e6037223c
-
/data/data/com.lehuan51.lehuan51/files/jpush_stat_history_mult/normal/nowrap/b55272ff-d068-495a-a521-13b2c6c138aa
Filesize202B
MD51e4c0e6c8b2ba89d6787949ce9794e63
SHA13c15f26c19f87df7ca5c9917d50fb5dddc2d0ed1
SHA25680db7f6a1eacd39d37ca11df1f5be81c649b2efeb5ed2e704a71e2969e73d3bc
SHA5125f8c9f7d01d0f0b055d15a844164c4fdfe124b56fbecc333712c78e7cc87b4e3b9aaf1aa6c56513ffb25bf57dbfb2f265369cdc45d7a22ee1892e3e61842ec89
-
Filesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
Filesize
32B
MD53c7be30e3812369e7ffec307a44fa1e8
SHA18e565e2983d2035f8ef8e33f15dc4fc657bdf53a
SHA256b383f75f946ca42ffd8edcdcf8034d97acca558bbfaaf297e3d75eb86962a1ac
SHA512de3f40ed8cf1732df77619e318adfd8a38db5c91997f5f392febc13d2157c6a98d348fca3ecdefe1a2f1a261a3b4d89be0f1c9851a0729879258ab887dd1c5cf