b07ba1c3c75dcbc3b940fdb5600acd75b6ff4c093af3e907734727170540025a

Analysis

max time kernel
8s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
20/08/2024, 01:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ad5a70706be4aeab629291ba58aea57d_JaffaCakes118.apk
Size

6.1MB
MD5

ad5a70706be4aeab629291ba58aea57d
SHA1

22287ad276db1897247999c1323433c85d90d1af
SHA256

b07ba1c3c75dcbc3b940fdb5600acd75b6ff4c093af3e907734727170540025a
SHA512

58e76d9cdb369ae3425590334799a63a2e9b921aa34ac7b19d8f5ae5539a92c90a45e3f6518d9f40ef82927f3b65f18f9959d4bd37361231e81db89dd8eb3449
SSDEEP

196608:elWVGbqBk+aw+yrONA2wq+6m/u0ESHVT7:elWgQk+aUON9h+TzE0T7

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.gosing.earn.wwz/.jiagu/classes.dex	4251	com.gosing.earn.wwz
/data/data/com.gosing.earn.wwz/.jiagu/classes.dex!classes2.dex	4251	com.gosing.earn.wwz
/data/data/com.gosing.earn.wwz/.jiagu/tmp.dex	4251	com.gosing.earn.wwz
/data/data/com.gosing.earn.wwz/.jiagu/tmp.dex	4280	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.gosing.earn.wwz/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.gosing.earn.wwz/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.gosing.earn.wwz/.jiagu/tmp.dex	4251	com.gosing.earn.wwz

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.gosing.earn.wwz

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gosing.earn.wwz

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.gosing.earn.wwz

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.gosing.earn.wwz

com.gosing.earn.wwz
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4251
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.gosing.earn.wwz/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.gosing.earn.wwz/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4280

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gosing.earn.wwz/.jiagu/classes.dex

Filesize
6.1MB

MD5
7ece55ff6a1af734546577e56e690319

SHA1
c797dfad914bf01dc7b20222728f8f24ebe2d968

SHA256
06950e0edef2ff8028074e212bb0f4c9c311cab2f7afdfe9072a4c8a17b4deba

SHA512
5ea35bfe4106022dcc4a0e62b50fe7861d89da3a1ad40b3d9130e2bf13bbc65d67441463e168df4b961ee0d3fdb479772b459708483e611c82e010cd33f63d78

Download Submit
/data/data/com.gosing.earn.wwz/.jiagu/classes.dex!classes2.dex

Filesize
2.5MB

MD5
5883910facbbafa7c98f8349f9b952b0

SHA1
3872ff64822d23464deded08e57adf607a32d899

SHA256
b93549c4999a0ee33b3e083feb3c7f02b856468b7a91fbe118907d0188252291

SHA512
c8ab64e05c8b9061be7fec598432e4baeb091f949b166e149d3ddbcff3fbdbe40e818e00f1d0c67e14dcb3a131bb09da5ac52422fe04630806e952c78f00c50b

Download Submit
/data/data/com.gosing.earn.wwz/.jiagu/libjiagu.so

Filesize
480KB

MD5
6e8ea47d2d8500b7fb8855394fdf0526

SHA1
d3c719bda605cd787c4acf30507edb76b7fb6070

SHA256
cc3b55086867ed7136d474a21b1359f49e6afed3b74fbb4ba5f11b36ce1f4d46

SHA512
385241f905c46ead517e4e0bcaf2fe00160ba0f7f40c6926ba288bf41d46e77a8bd63ec0a97d57a5b65cf6fb1f93b5f86f51d9cb24809ae934ebdb2fd49c0b70

Download Submit
/data/data/com.gosing.earn.wwz/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.gosing.earn.wwz/app_crashrecord/1002

Filesize
231B

MD5
1231c030b34be1d48e789fe8225ac207

SHA1
a33d438ca6d89857b7fd015c3da487f30f4f3bd5

SHA256
534535955a7beb0efa001eb3cd644412651c457ce140539153ac4be52e30f8ab

SHA512
df950b8547e40408d3f36799402196aae887b34af0e701319554d6564e129402bcfa915ab03192810c2162a9a23916784711a100b5fd44ac36a57c4bd23d9afc

Download Submit
/data/data/com.gosing.earn.wwz/app_crashrecord/1004

Filesize
231B

MD5
2445fa995fd38625ad96f4da686317db

SHA1
e05a8e0e5b7350aa44e22e6bdd6db62b0bd6ec78

SHA256
7ef3d6cefc94d780d80e676fa105fbd5c5627895b9928c2ea59e1ef134c91866

SHA512
a4215a6a1a6d866e457f363ba936aac22423121c8c4e1b8d7e9e40549aa488fd5cddaf8b5f09d6a17f51bbdbfaae293afe8cad89face65d007aaf2765b722be3

Download Submit
/data/data/com.gosing.earn.wwz/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.gosing.earn.wwz/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.gosing.earn.wwz/databases/bugly_db_-journal

Filesize
512B

MD5
36358aab1131cb19aea4d580f94167b9

SHA1
9c1a77ed585d37d863644a3c7eac9e27127938ee

SHA256
92a029ed7dc9a9ec2a5972bdce2a79d9bdb6edc1f3d6324c47cb2af585d26f41

SHA512
d9d8962b2b0b42533717945886a0254c25a8a2d6d8d9eb2062ea4a882db06a734435124720713840f83d31828d395d2bde4e775f7a55cd6ed4c87df36702ee30

Download Submit
/data/data/com.gosing.earn.wwz/databases/bugly_db_-wal

Filesize
68KB

MD5
840209dce11daa0e770b4a4c1b047f0a

SHA1
66f75db39c9fde1805284a7070618ea60f6334d7

SHA256
7625ee44a83f70b35e9dc5d1458433cd1506a9401c7a3c5b55e0fc2b772a5570

SHA512
5651c357567244a758bb246f7788153c21b2125e6c8708b012dcbf271bafb53a67d57946f8b0e21642b3cf751d3d5ef6ff96bdf3920641697e7899f386c5da64

Download Submit
/data/data/com.gosing.earn.wwz/files/.jglogs/.jg.di

Filesize
340B

MD5
b467926472eb4b240f472c6e8635a844

SHA1
223079dea2524db7b33b06dca87f6c1a70f1ddce

SHA256
b175c87f23f48bd74e9dbb4f4317313312ef9246cb8df71b80c96a14dd906bd3

SHA512
6cfd11931e2f596575f663073e4347aea7cb8e569582f6a78fb9fb19ed89904f0b02f0efa2ff7f57590a228bcaba55ca2c9ca3c55bd5b5cf7cd9465b6affc102

Download Submit
/data/data/com.gosing.earn.wwz/files/.jglogs/.jg.rd

Filesize
73B

MD5
cf6ab18e05f8e95319402652972bfe0d

SHA1
fc053962dbb364442a1bf67653e7e58d529ff4a7

SHA256
12ac94ac136e2f2e18e07b1b78eac2e8c6399615e1ee86726ddffb6c473a3e7b

SHA512
b0ad87a6fff6fb9b4a19c822c206801ddd72752f26d0e90613a4aa761ed22a48f3f2dff62ea04fb1e40d0d341d5d150fb7dbe86b93f2a3d5f8430fbdf1012309

Download Submit
/data/data/com.gosing.earn.wwz/files/.jglogs/.jg.ri

Filesize
314B

MD5
ba62d1173c26faea2425b18edb9f9210

SHA1
39c3f8eeb4a85d17f5ec378b7d8f84c9d5d08306

SHA256
7b940d23fd5e9a493bf8c29ee83284efac3ba0a87a6cc4466654990d538a1c38

SHA512
2c2096e5d3f50be07b8f4a5d41e9e5ff78a656968127f69cb857bd0a48222a638973d8242c1380bad3a7a83778cc0635a954439bb2080f688bbdd5dd538605ae

Download Submit
/data/data/com.gosing.earn.wwz/files/.jglogs/.jg.store

Filesize
32B

MD5
448e391c59eef34ee1defbe4dee4c41f

SHA1
df1f890987371d7d8e6963c68b787856e42bc146

SHA256
55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

SHA512
ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

Download Submit
/data/data/com.gosing.earn.wwz/files/.jiagu.lock

Filesize
27B

MD5
047645c663510b53e186c2940542c77e

SHA1
4888f1fc28ccddb9382828faf9a67bdb0d487e59

SHA256
09f41b9939ac43cf854e34f1552109bd1a2028113cbb3092a58be54fa1fcf0d3

SHA512
1692caff76be64dad1f1511148fe1167e21b4bf4731db90565827ce61414af0ac7a6516a2ad6eb1645f8c0cc3c1a60276c89b9945be9fe3bdebc8fc1ccb65d60

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
caca4d0c82ba126ee155a2391ad52aee

SHA1
4429fe4905a8fa9ababadeaef9510e4fc307bde0

SHA256
a3c71c9569c753dd60dfd6487193bfccbf490bd10a8d178b4b6be3d90d022c8c

SHA512
243dba2be7424358462d406e8aeab67e2c69542285a2eabd766c36047ec378dd9516f47cc2372a984a159f86c534e65702271df9ef648ed55c30f6349e2355fe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads