f68a71f696c2cf42bc1e6717644d7cbe975435cb28bff24f5dd4328f7f0c22a8

Analysis

max time kernel
55s
max time network
126s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
27-06-2024 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1542de6835d0a97b7edd7eb2f21aec79_JaffaCakes118.apk
Size

1.5MB
MD5

1542de6835d0a97b7edd7eb2f21aec79
SHA1

5addc9b49993dd1cc0c7243f00e975c81b5d6135
SHA256

f68a71f696c2cf42bc1e6717644d7cbe975435cb28bff24f5dd4328f7f0c22a8
SHA512

146e2ae62c1897a6ad505a075498009d058f73ae6e922171b48d1838f196e9883fad445ad7bb66e9a9aebdb8a5a4251502495f8a78cd813226e04c5b00f425a4
SSDEEP

49152:wy+a6u1yQfS6pFJoo0Eo9AOOniENtADy3MGI:wx3iSkFJo28OiER8GI

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.ddccv3
/system/bin/su	com.ddccv3

Checks known Qemu files. 1 TTPs 1 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/sys/qemu_trace	com.ddccv3

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.ddccv3/.jiagu/classes.dex	4250	com.ddccv3
/data/data/com.ddccv3/.jiagu/classes.dex!classes2.dex	4250	com.ddccv3

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
10	s.appjiagu.com
17	b.appjiagu.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ddccv3

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ddccv3

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ddccv3

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ddccv3

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ddccv3

com.ddccv3
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4250
- chmod 755 /data/user/0/com.ddccv3/.jiagu/libjiagu.so
  2⤵
  PID:4279
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.ddccv3/.jiagu/classes.dex --dex-file=/data/data/com.ddccv3/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/com.ddccv3/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4331
- sh -c ps
  2⤵
  PID:4350
- ps
  2⤵
  PID:4350

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ddccv3/.jiagu/classes.dex

Filesize
534KB

MD5
815252536c3949fa3fb91ff969d92dd8

SHA1
6d3b366163cbc8074a4d81cd87010f2504f9d582

SHA256
60370b905a022cea81a810a1262ddd7f1628b34270d462aed89fbbf53d3c5677

SHA512
fa2e6571105e7d36de8e445567086c7286af399d2183372b88d8667ae77acba177a902da09d1e55b38d7ac78679069db64052bae77f8312ea2f938da3d8ace4e

Download Submit
/data/data/com.ddccv3/.jiagu/classes.dex

Filesize
1.5MB

MD5
20898dfd3e3d0ff8a6b99ede4a08e92a

SHA1
c6a9756c2d58e723ace9d22367362edc92535ee0

SHA256
0e8fbb64fc0cad28aa62e46951ce317ff0975461fc76e58316eb4970dc37f7df

SHA512
7983c46d3b2cca27de118e466595c45d4d8ad43e06511fe0a453cd14af013d7ac4db980d8882b735a5851d290830d6367253e74de94798d907c319250b1a4762

Download Submit
/data/data/com.ddccv3/.jiagu/classes.dex!classes2.dex

Filesize
83KB

MD5
893dfcee96dbc85834e5345669d40d67

SHA1
be338a037e53ac2155d9b3664b0ca2a7c993102d

SHA256
41790ad9f29fc47051e5efebe54dfb93d2059afc73b136ccc920ffc72d5204fd

SHA512
7791ebbb0240ceb0900a24aaae18bf71b835ccccaf93bda7e78cabba381ea467fc0dbd3f67d698dbef076a0b043ffed4ee09d68b5151032abd0e3d4cfd01e112

Download Submit
/data/data/com.ddccv3/.jiagu/libjiagu.so

Filesize
363KB

MD5
f7f5e960db0c8a6f3b5b8d1a0427a042

SHA1
a8b623f9f87a6e785508befe07314da2fa903bfa

SHA256
17ac5b03f2a51ebdf2cce66314bc8e3e1547bfa0dde61357fcc07768aaaecb3c

SHA512
ec889d1d9428cdbac082d0b5ab81cf33ac417874a416daf27b02af3d207b1b02ed794fc0b3f0ea266c8edaf3bfeb8f3cef7c631af689405fa629fee948ae8cba

Download Submit
/data/data/com.ddccv3/files/.jglogs/.jg.ac

Filesize
40B

MD5
6d1e2a20ef3843617a3838a840c5d3bd

SHA1
d93427d2f5df911d179111bc474e24c83cc52fd0

SHA256
5ec9f7ab3bc9e0339b2a07f3fcb8566544f53e0cf840dc488cf9b181c94bead0

SHA512
558428c420a8c05a9c115d14b2795a2c7409e5fc2299e240e728239bafcfc0a5827546504fbd4e71f53d05e34e55dc0ac8d47113045506801647fba54190650c

Download Submit
/data/data/com.ddccv3/files/.jglogs/.jg.ac

Filesize
40B

MD5
e9c5523761d636c5cec41e2a4009d91a

SHA1
e1bf754688e0576765f5886a56ffb4d8e45b7979

SHA256
8b5574fb662878cbfff3ec4be737eb131db56dc87a6cd4dcd36f7eff6f1abf87

SHA512
0261eb17901c2a84ad8a86cea3383079e671b22190e9758c76f081ecb61f0b95b55e8cf1cd8f5cb660c8aaf478d9ef11ac0d47374272bfb754abfd4e430ae5ef

Download Submit
/data/data/com.ddccv3/files/.jglogs/.jg.di

Filesize
340B

MD5
582bec674ef057a2561eee5f2b313dae

SHA1
65554fdb914c9fdbd254391d71bcb41c1a4f5eb2

SHA256
fd74a107d15c7914930d9b608168dcc3828457644f9dc594eb2004f39dab9b16

SHA512
8c8157de20357294e219d02058875bfd2d0189eb4fd278cc444a3ed96cec231098f8fc6be3d3ea2582883b48647bfe4a6a96b29718924f8c54fea22e8fd0b120

Download Submit
/data/data/com.ddccv3/files/.jglogs/.jg.di

Filesize
340B

MD5
86de7aaefa41065613ccc6e8833471c1

SHA1
a5163af1a87133ecd29c534c80a045bde043d1b1

SHA256
d62d033ca3a56bd9c2755402aaafdb691f390cd357c8e6d19c92d350517f021c

SHA512
703593b91bbcddd036a59cc66a92bdb49805d40e8337ba410132980d557dad586fa747af5e7cacac2894a1432fe576030f93eb6847b3da81cbe0114d1ac391a5

Download Submit
/data/data/com.ddccv3/files/.jglogs/.jg.ic

Filesize
40B

MD5
d9c694484fb965c436f762de52935895

SHA1
711ae007d9f8429502de0c5eb913903eec1ec115

SHA256
5f2808bd0859f491f1056cc9fafb92aafb34bd3a10672f7bac3b10bce27f75fb

SHA512
aca34c7c8073059debe7a0bb3ffc4221718ca7fb9b74eebb0bad8f867340584ef83839bfc0449334d6f416f1b84d684171689c26b15a4af9f49d83ac3b8657c7

Download Submit
/data/data/com.ddccv3/files/.jglogs/.jg.ri

Filesize
314B

MD5
4f4ecf21bcf011ff3bca168bccbf6d15

SHA1
a12f5341df618ee990cbab4d6b5f26fa84ccb850

SHA256
e71af0e1c0e7381cb176c2473c29b7ea65f8698dd39e7880ebb8eb729f84ab12

SHA512
f2cec02cd00802f44953e84e4db42b7f3338b7b463fd2edd1a201ab4661803b4faf073db4004607cdd942b95ea2d4618a2705716e27d4276d15e58c3e4c6ae1c

Download Submit
/data/data/com.ddccv3/files/.jiagu.lock

Filesize
27B

MD5
8e383c96193bef7c63a99c13a8dd2625

SHA1
dab448a6171b0def2c2dd8cf9db6726bfd7ad403

SHA256
46bcc48775071340e5649e28e2ed26617df08fd108781b1207bbe50f53a36fe6

SHA512
85de81daa22798a8b9bfafea855437e9b2caeb094137a5c3d7abbe95828fbb132debf1982830c81a771768f55028ab351c7bd5efb8791a6e197b7f3c62fbbead

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
b122afd03eb882e9e9775419dc1a5693

SHA1
2739b7037481995d9085c670f0224fef6e545d73

SHA256
4ce951e9275d2a938aec53d122bc8e1a985ab7a82bbe8404c5c50679b2821277

SHA512
7c98852859f1d62cb25a40650aae2d43d1bee0b092299fa5be13f0e29ea2c2dc9655da68eb7aeba1b041e707e702592af068e220a7b786832f0162dadc486f99

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads