05bc5dc7066d96282ed923e4e547bfa2c6c94193d6fecac3113da206a02a183c

Analysis

max time kernel
179s
max time network
186s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
16/08/2024, 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a003a4b24a25a53ea3048505dea9c007_JaffaCakes118.apk
Size

26.5MB
MD5

a003a4b24a25a53ea3048505dea9c007
SHA1

33acf6b578275bcddb843af5e98a7aa9bdf7627b
SHA256

05bc5dc7066d96282ed923e4e547bfa2c6c94193d6fecac3113da206a02a183c
SHA512

8fbbb9be4914a2b036e6a6e449f47b300322ba60c677456a1f6388d48d2b834a298beed0efd3ea086a8c85e3705ce2a7caf162b624bfa40d0daae366751b61d6
SSDEEP

786432:WnqtWc7N14gQAIa0621E8wV206hi1XbFzZV+1bFI73:gIWe14RdEQThi1pZ8ET

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 6 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.swkj.share_earn
/data/local/su	com.swkj.share_earn
/data/local/bin/su	com.swkj.share_earn
/data/local/xbin/su	com.swkj.share_earn
/sbin/su	com.swkj.share_earn
/system/bin/su	com.swkj.share_earn

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.swkj.share_earn/[email protected]	4352	com.swkj.share_earn
/data/user/0/com.swkj.share_earn/[email protected]!classes2.dex	4352	com.swkj.share_earn

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.swkj.share_earn

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.swkj.share_earn

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs

flow	ioc
49	s.appjiagu.com
80	b.appjiagu.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.swkj.share_earn

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.swkj.share_earn

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.swkj.share_earn

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.swkj.share_earn

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.swkj.share_earn

com.swkj.share_earn
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4352

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.swkj.share_earn/.jiagu/libjiagu.so

Filesize
496KB

MD5
f07656a2f51ecb23edc102003c32b764

SHA1
3ef18f74b609313887b9e825c56a54b5a9eef20e

SHA256
f6847402ab69102f8495aac58b9beddde9a71dc52470c5de17e382eec2a6b913

SHA512
34b337d2cf98ec3009f80ff299e43984a1c911e5f9eb5942a915915cb7b5b591ffc9f1b79a7989534c2583a703a3f0857e74be68cdd71388f68d5bef354f7238

Download Submit
/data/user/0/com.swkj.share_earn/.jiagu/libjiagu_64.so

Filesize
568KB

MD5
a60889ae7555618eab77220d0f2a3381

SHA1
c77d8204296cf62a0b486dec7b868d650f0afd8f

SHA256
9bed1e50588cff42f243aeb53e7e302ff1d2dafcad19904a45ba2b659b3684f9

SHA512
8162510299c93e1a271d3287007d91ee3974d6490b225ce292b92f8d9f92fb1bff61290e5d1b1a531beb6b2776d20941fca23563835fe423c65cce581dce9b53

Download Submit
/data/user/0/com.swkj.share_earn/[email protected]

Filesize
6.0MB

MD5
b3c03492b0d052a8929a1dbc0bf23831

SHA1
517573c16ec6d646945b07f6dd885df4a7c28593

SHA256
d19c3c3a9038dc48ef20cb0e9f9bfae7467f976aa0ab28f2659b1a5ab8afa29e

SHA512
c42b715b6658863b80a46ad80158556d300078e5e38bb9d03d06463367a1144c45311fa0afef79c70be886e7d542d06e4c551f3f70b5178e48aa58041686fb29

Download Submit
/data/user/0/com.swkj.share_earn/[email protected]!classes2.dex

Filesize
1.5MB

MD5
36c5bdfbfcb715dc0928df75327ced5a

SHA1
048d580b5fce3be09c0306733ac6fcf307363904

SHA256
7ebc7420960454c66c7da228bf9af96dbf8505f5a1548b60596c0e5c4039eba6

SHA512
9e43834390e3de5ed31c00a2b1793279b486dd71b68bed698d1a4da9c79b353b85ea24c3cce057758a893bfd56cb6fb913fe3594aba5ce620206682dcaf7cee8

Download Submit
/data/user/0/com.swkj.share_earn/files/.jglogs/.jg.ac

Filesize
40B

MD5
a44d7947b2dcdfbd1a9c8d44ffb90e4e

SHA1
6236d3a86ef8e1aad0c3f991ce0dc9941fdde65f

SHA256
7d49487bdc2dd967aa96bdbd4d8d0b469e82803ea8fa1e9e020a4ae5fe74c4ec

SHA512
bb3fc49f419625c941bc484f41db98ab0dd3a1748814866a2cecf98a55b169875ebdde57f7be1dff1e3bef9a74ba85a4acbb9fa1c76585d99940b00676496c47

Download Submit
/data/user/0/com.swkj.share_earn/files/.jglogs/.jg.ac

Filesize
40B

MD5
238a7e5a0039d63a3bf99e69291ad6fa

SHA1
ce68b35607c4cfe4b32fb239e5e06318ee51500a

SHA256
af8e0b6c444c40c3ec32d3cda9ac686adf7ff7c93b12843a9e582daecb3ff698

SHA512
91490a95024acb69af43a4665156ef6d8670d081cea6f96d6cbbb87ac29222c11655be102b472977f23f3959f520d80ef391f7b13baf6585cb2aa9a41f4c6927

Download Submit
/data/user/0/com.swkj.share_earn/files/.jglogs/.jg.di

Filesize
348B

MD5
3e77a48526c335be227c454537a06c1b

SHA1
1a80228dcc73f048c8c0473c89daa7c1a75b47d9

SHA256
0bde2d42b942649575d441b3f7135372e5d8f22ea1df13472218148de3b9ad57

SHA512
84219211793ca6f275449348fd00441392151617e95072a2ec438db5cd72e3e09254fd109b5fa6bf0c9f7651c8c0ea82fc53f410f73d9fe189f1111557aeaec2

Download Submit
/data/user/0/com.swkj.share_earn/files/.jglogs/.jg.di

Filesize
348B

MD5
3a13015bbb5d6f0b458419adc3a175e3

SHA1
5b90f4180cc09d62b1d12e37309bc7cb7ecd9670

SHA256
878fbd04f7319ca14d099803194cbb41ae4e1dd36a211a7dcf8ea3656f747036

SHA512
881c95de93b2e1951d02a6ae1ece9f04b6b9d42eabca2cb688a9a4a7cd06c85a115f0b024de174c1b66b4bf1b5049d0538c85d944cd872d16e11cb530b6009b5

Download Submit
/data/user/0/com.swkj.share_earn/files/.jglogs/.jg.ic

Filesize
40B

MD5
0da7397d49b72ed18ab251e2b1abef57

SHA1
a13db390a016cf2920259ce2a9d798292bed12fc

SHA256
af89f6ae849750254ead1dcbcd7a676070d2525817d7ad6c8fd400d3f6e865e1

SHA512
8a97a36c54a4996d451188a29965edac50444e56355838d22246c7b0faa8e9d431b5ac8bad49eb21b2676d467ec3c50f7e096a0ef834262747071923b25e355e

Download Submit
/data/user/0/com.swkj.share_earn/files/.jglogs/.jg.rd

Filesize
32B

MD5
8adb0377f2bf0f20e228be92444757a7

SHA1
3572d31193e351815c2dcfc72ffd9a9693d3892e

SHA256
ea7c00d368c9033f501b86dfd3ceda03b0816d25531a026123dd3e6471bf6c74

SHA512
bd52f979a5c4f7b3df9e0071520b0dc9e800a09aa2bbfd1f3e14a0782c698c4db60096101ffb5a765bb0dca9212b6e5e19ecace06f9d0024509b39d9c4d75880

Download Submit
/data/user/0/com.swkj.share_earn/files/.jglogs/.jg.ri

Filesize
314B

MD5
a52e8244d70fe904f920a45181007483

SHA1
1499ec5d2bc4b25cbc2393c06552f49c568326f6

SHA256
d004a5dd4c44b1e9358193890f6b40b870a554bd6cb04225c3b3586359c0a401

SHA512
c660170683867e38d153df049f16bc1134c2bec8e4873fe130fa7325f04374f60fd37a2e13ffd2beca86d2c2ebcc99935bcb63c661187f90091441359f16afe9

Download Submit
/data/user/0/com.swkj.share_earn/files/.jiagu.lock

Filesize
27B

MD5
efe72d83fd35ef8e9dd2bafaa12a8b56

SHA1
82ba7b575d1b04bd397120f5d83935ab6ca395a5

SHA256
fffad6a5e87ac4e9cd3ea34cd58cef80e1c3ad6e08ca02725136669b17ee1f1c

SHA512
5b6ba19b734c238143c7d4d5caa76be001ab66c9df1780416f76eb5d637e88fd155a309a9b02736949901d989d1d51f22b31d9b85fa174b6171cbec27d271b9d

Download Submit
/data/user/0/com.swkj.share_earn/files/Log/crash_2024_08_16.log

Filesize
541B

MD5
a49c04766aa411a4f55b6bcbf862fcda

SHA1
a83ef07840ada557a670496edca1635fe96e1ef7

SHA256
6b1cce39e6ac0a6e5a545f348b940d6f370264075b444fd94afdc756fc8faff8

SHA512
0ce9cf407c9c9507adc77b44424c4fa749ef76a94fb156c39cc31ba3446545f97c96690035075147e6fbaf36e329fb9a276c1e4ff8f8b760adda990a76adf3be

Download Submit
/data/user/0/com.swkj.share_earn/files/jpush_stat_cache.json

Filesize
119B

MD5
2ca811c9702bd1a88068549e4f3f297d

SHA1
98b45f3a3056f2348195d95b2abe020130463f5f

SHA256
a760f72a1411c011c50da713b04b14e9666ddc6be454b68d831573c87ace2631

SHA512
53fca199263352e75a87ee8879cc602436cf2f94663a95102b2ad90bdc34e3fc6f44cb9d187bddde611a636ead9e3a731b4fa8cb23cc6abf33e8d00f155374de

Download Submit
/data/user/0/com.swkj.share_earn/files/jpush_stat_cache.json

Filesize
119B

MD5
f9e8ffe87d0ac882644718588f3feafd

SHA1
e61ab5642ca524fec81334be61058ea67ce6842a

SHA256
f9128e95178375283bbbcc33b78cf894cbd3655e62c5d48492de56dfed03b682

SHA512
198b3d2f10f8d02bc6b92654155a72cc3a04585d6ab70bc9909f22ff4bda82df5e33ffbeccfc660a1da165b31f910990204bb572aaebc5932f501ea100a04170

Download Submit
/data/user/0/com.swkj.share_earn/files/jpush_stat_history/active_user/nowrap/a175bf08-6033-412e-8dab-f55c32b2bcf6

Filesize
159B

MD5
1b9692bad30455de2faac0f60c6e45d5

SHA1
2750f813454fd87866dc4a01e57ff72efcdf6442

SHA256
9cf8b8cd620225e7132d3fd0ad26531dac38c3896f55f2a059a6688392a9ed9d

SHA512
a5f476b5e7524242026fbc03a017a95c8aacf1a920d7cf4cd4559bd71a7e0876bdfe739acbf39b81bb37f389bbcdde0bf24054adcbfb084770eae45e3b5b5596

Download Submit
/data/user/0/com.swkj.share_earn/files/jpush_stat_history/normal/nowrap/25499983-293d-4474-bc43-43dec9d64069

Filesize
187B

MD5
0df8872150e36e98647810685b5718cd

SHA1
025bc358cd74dd63fad2c2629e24f3b4baa64109

SHA256
1ceee5057d9a9b9e5933f5e4389d769f78341da31a7e74ffb201d05a287fdc09

SHA512
737c0625676f64409b57a942dbfc3a7cc21370731ef358bee5db1a84539cdaa9d71b28512024044f2def8704eeee8c9c35d20b0c3f9fd5917bf5ffbb219a12c4

Download Submit
/data/user/0/com.swkj.share_earn/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzIzODQzOTE4ODA4

Filesize
1KB

MD5
a0b56e35d25003c61f1003bee99ab5e6

SHA1
c50397b236ea618d99bf03b663faae43d6b7e788

SHA256
b3cc13e1ead520ccff7a1b7daf79959a5b189202c5ccfb41ad4310a26d0b4d8b

SHA512
67696d6ba559d1a949262559274257ef6d13e0d22ff27d1d10e8d10eb3258b835861ca115fbff07fbcf79cdd238e551ca57f1e6f7589101437bd1476873df243

Download Submit
/data/user/0/com.swkj.share_earn/files/umeng_it.cache

Filesize
350B

MD5
2151b6df8f930d6a901b354847606049

SHA1
aa26f85b29fa3c7e1f39c89108953c462d402aa1

SHA256
d9348c3071171506fa4e6a9bd7cecd98b9a893e117c53f1c7fe544e55d621e68

SHA512
f4cb55b402bc16e0105402bfebed08221b248dde6b403bf44e0076b7b4f1c7ef21ef75ff69799dcd95e86e7b957645115c3db5732f10bb6ebdf2f87e77e256c6

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
2aa4d73d3fd6c16c25559a05d98da471

SHA1
2e8d73cbc7cb5bc6645e4898ea620a2fb40462b2

SHA256
94f1092899f4b39768a92537b52d300877bf5396ed4d53bc8a91008d533f47a8

SHA512
53d39dceb20570c94b240233589c436e757afdd1d29f34f2e68f10c63a00d1e7733a7961cc4fabf3922f8b8abfcde5340f9b92e8375fa6e5d458e8bcea7c2b0b

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
3678568a9015281e9f650d68ae4a4d0b

SHA1
0c2fe5dd7093565dc6c64021cf0260b1e1a40663

SHA256
dee60a38a0ac3652e5db628738477448508c95a983b58f144f084a6d2cf81fa6

SHA512
a77547d2fd7fb3d77cf203173a955096f995d4d8053ae37529ff2bf5872cf71a303028b8744cefc3e94018c7d77c04c6681c1031c3b6a10eefc260545d90cea0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads