5d0569a973a3484e07593949106a2c8afbb175551764fc79cc2473a151514752

Analysis

max time kernel
9s
max time network
133s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
01-08-2024 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81c8d7dcbdf7b85f49d5587992ec5259_JaffaCakes118.apk
Size

10.0MB
MD5

81c8d7dcbdf7b85f49d5587992ec5259
SHA1

ebb90557b03889944955b918e7d2eaad500893d2
SHA256

5d0569a973a3484e07593949106a2c8afbb175551764fc79cc2473a151514752
SHA512

8f822ea6771cd1e9120964c8f809aa102ebb937b06077cc2951583aa9d70aa2dfeba38f38816b9e2ebd1e62d5bcb6351f16de4958b12bde4a95ab2e00f3351c6
SSDEEP

196608:Idj0sDa1SHYSAcPVTks5xtgaLMABH8wo1dkB8FmRDnsHjgtX:Idj0kcJSf/5jIC8wo1yiER0oX

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.example.zhongnan.travelapp/[email protected]	4965	com.example.zhongnan.travelapp
/data/user/0/com.example.zhongnan.travelapp/[email protected]!classes2.dex	4965	com.example.zhongnan.travelapp

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.example.zhongnan.travelapp

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.example.zhongnan.travelapp

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.example.zhongnan.travelapp

com.example.zhongnan.travelapp
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4965

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.example.zhongnan.travelapp/.jiagu/classes.dex

Filesize
4.5MB

MD5
a0f53ead6a24759425875edb31c00bbc

SHA1
4b11b08b5bb0b63e4e4ae9350d7ff98fef8c6fa1

SHA256
ce347b12ac8156d04778f28d1cc5990f1d93e4e61bb6de95045dceb1b0db18a4

SHA512
93a8f7a34f3dbeabe30f7f7d45d23ec14cb1ac22f5ae0fd48709b25621ec72d47e547d933566ae70af81e5672f6223a3813e0c7018b91379e2e60e412a5a0b4a

Download Submit
/data/data/com.example.zhongnan.travelapp/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.example.zhongnan.travelapp/files/.jglogs/.jg.di

Filesize
340B

MD5
c8425633f34db6386cd4a80ab2cd7477

SHA1
9d31adeb2957d3cca91aff1bbc493e2a6352f042

SHA256
51bfeada520b1729f4e1f872d81c800f96f7a910236e9bef7a2a3b0da8ede2a0

SHA512
848a63b1ae73db00d6922d405b5d5ff5792eb49075079ad77c5104a81c90d6c74ec6fd914e26b8945fc6a9bb422ee8670a68cefbd3076f597370779856b47a53

Download Submit
/data/data/com.example.zhongnan.travelapp/files/.jglogs/.jg.ri

Filesize
314B

MD5
e343a654a8db9422559a504bc04ccfa6

SHA1
c1bbe2c4c77d689036a15108cadb0ee4ca27a0ef

SHA256
d384a2efbcda6f3e1a53c305bcfb96cdc2ec1d8fa9d28235c2b4bd722e79097c

SHA512
c6eb82a3a98d710ab937bdd7f1202fae8ef5c8e65b9fdbeeb328129891ca7b76bfa7f07db4eb92187048a4d75494b5d030a0132d477d714c5051e476569176d1

Download Submit
/data/data/com.example.zhongnan.travelapp/files/.jiagu.lock

Filesize
27B

MD5
8c48c687c318748dfb5883b5b1c0762e

SHA1
0e1775af1bb8df75d5e90f7607a39e5469c1caed

SHA256
7c78d5c5c3077f47dd6d1c7fbb76905418af7d2c24649fceea29d39f237698dd

SHA512
ece8cb445f29f357b085449e0ed6cd6d7626f6f77c0d98dbc8945f21f5661d6f5194d3908ad7782599ca7dcef97db084fff7db0a7adeb16ce4fee9d373854090

Download Submit
/data/user/0/com.example.zhongnan.travelapp/[email protected]

Filesize
6.0MB

MD5
448479e0d9fd74b901ec1ed87891fcde

SHA1
295567c0f7a19fb6bcdac66248be7e651d17d8b5

SHA256
cbec7e908ec864c2652a447054e76f60e5a34cd1893dda1b31f13c16056a4f0a

SHA512
70e649015a6e1a732e64b344b41c1805b912c6d085f2376579e185395678d87d265cb405b78e72005a95b749280456530063cb31e9522bbc6e9acdfee8d72cd8

Download Submit
/data/user/0/com.example.zhongnan.travelapp/[email protected]!classes2.dex

Filesize
4.2MB

MD5
6008fd26dbe96659fc47dc8bb2ae4b81

SHA1
40a37438428d21c8350e829d3d0aa59d030ea266

SHA256
d95900c29c34735f81840902dba54b13f05b31b720629660d3e64a6e5ab7b071

SHA512
4cab7d4043c9faef827ce49ae261f347d3aa5ba7033919bc9319360a30c2e6b6eaea6a1197b03055dd2005b131e811b7f56c28929cf09ce86e1e93da0406a103

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
4277c6212a2d820c28c125708e0a684b

SHA1
f9bbc2c4332379480836f06c50e1af336470ff32

SHA256
b1d007b853341103814306a28f05cd9e708b134becd37c278adbb04c3d4504cf

SHA512
8a6aa494894ed1f16fb6690f22ff6f95d811fa06e3a27a0e9dec7137c1d20a64209626868fe70ec55b027c815990b44fd8e63ef8f64592582b1447a1770f2931

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads