759810960fb8b880422ea470a83b89c5f9e7ca4b7d340d3e0653f3dd5609f779

Analysis

max time kernel
8s
max time network
149s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
25-08-2024 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0c24ea91977be8235890be987bf89d5_JaffaCakes118.apk
Size

31.2MB
MD5

c0c24ea91977be8235890be987bf89d5
SHA1

f1bbfcc740791066219ad35349980b9ab593a9ac
SHA256

759810960fb8b880422ea470a83b89c5f9e7ca4b7d340d3e0653f3dd5609f779
SHA512

5d5037cabd8dd9532121af290427eac17b1639fcbcd77bd67b6854f0835fd7f857159c51865cf20b32254fac17b3df49bc0b671fc49791795c361c03e0fec577
SSDEEP

786432:pOayc/fVtl4S2hNYT1CrUFAsxKzya4z+wSpW7EOCD:Qayof3lIoT1ymKzhW7A

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.izaodao.gm/[email protected]	4978	com.izaodao.gm
/data/user/0/com.izaodao.gm/[email protected]!classes2.dex	4978	com.izaodao.gm
/data/user/0/com.izaodao.gm/[email protected]!classes3.dex	4978	com.izaodao.gm

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.izaodao.gm

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.izaodao.gm

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.izaodao.gm

com.izaodao.gm
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4978

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.izaodao.gm/.jiagu/classes.dex

Filesize
6.8MB

MD5
6ab0a767ca56de17f2f6f3e887fdd9d6

SHA1
fccf8679ac2c9713bb531d3e1e30c5a6790d354f

SHA256
c483a60de03d0d89e0a0588549f80bcdbedf218afe17966b048ed4bc32ae22ce

SHA512
151209db6376214bb44b0b2eeb31251788e37b773c51274860c49d3c729fa3972e255440d1a3fa3abdd52a60f8aabdd60184980d0e16a7376bbd567fe1524c72

Download Submit
/data/data/com.izaodao.gm/.jiagu/libjiagu.so

Filesize
446KB

MD5
8f55d5deb281d8aa1a0b9f72f7185e58

SHA1
5ce262af6a74a11931bf4b1e92a59b9acab27f37

SHA256
b57aa883bd4a8241fe2ebbeec0988614da1ad453f5784f3439335a6f800c7944

SHA512
4d74f007dc4a19ac3a8ae3434f06d2509397301c0a9b0288475280801c8907ce48248459436416fb14fc5a3a6ce790d680b6b9c95d35afc49c2f0639199b56f6

Download Submit
/data/data/com.izaodao.gm/files/.jglogs/.jg.ac

Filesize
32B

MD5
da18ab67cb8e2a13b63e5907c0d6fc52

SHA1
b634d34b04261d6b089c0cf549d42e83f5d919c5

SHA256
8ca38d466248e5e79a3dc274c3f94b62094fb02bb5a28ab5f3907f93d6efa123

SHA512
0032d2ca2cbb2f8575aefc01e0ba16b11bc4506a82abf575af1a21ef6b1e60fa4fd6837aa6ff2a003fad2406d4ca506f6c940c995d593d154aa071e997d8b692

Download Submit
/data/data/com.izaodao.gm/files/.jglogs/.jg.di

Filesize
340B

MD5
5f0c99f015ef94bfec7b188cbfa4e820

SHA1
21dc964e49ddb1aac994803f949481aafc6d9e07

SHA256
f0d85cd5b0bcb8007563fd50077065c0a75aaade1c70f6fcd2157fc3543253e1

SHA512
45cdd3445bc3ee9ce6228139110434367eaa04bab07ed6ce399d81ddaccb892bd0bd630ad015e10189344620d85ee96cd82f1fd9cf0c5512a33abfbc764f165a

Download Submit
/data/data/com.izaodao.gm/files/.jglogs/.jg.ic

Filesize
32B

MD5
e6ee7e3cae24934c1d6133097b9aa33a

SHA1
660d1b527e3438fa043b351dcc0ddd6e8aab6fee

SHA256
539d8b2246eb6a22cc9849ec53bff614d1fe801e644ce872e14028e22893b13a

SHA512
85e75557c9aa6f12e4dc3926f4b3d970b08eb812bbbcd8d17c706ae08e3b9cebe91540a9f09bd71e4af898297a3afaa7538906d37910af4a036f7fc1cd633c1b

Download Submit
/data/data/com.izaodao.gm/files/.jglogs/.jg.ri

Filesize
314B

MD5
32c43a56945ed94c55a9a9fc730eed60

SHA1
8fd15ef79c5c0b784740fa6b0389cc21195c1a92

SHA256
421b0e2b49f954eebb351dccda78b98898571ca813320a9244b15df7bcd92e24

SHA512
62e625cb7e2b2c2b8f5cdac09327758c026392a5dd7ec8e53c81f80c055f186fd82dd08576f5647c4965ad2ad6525191e810d3dc8975aef32f81b14934518163

Download Submit
/data/data/com.izaodao.gm/files/.jiagu.lock

Filesize
27B

MD5
bf5a1f597ef781c1c1378ccefd2e6216

SHA1
566e633e1ed35bccf3d32ab82244f26f8452080e

SHA256
5280ab27e87837f51ca88d21dc2646b01dd4ce3b118fd8d079a2e8f69ca5a36c

SHA512
70afa5f55eee8de8f68003c7fe5a45260bbb10c3b6208d99916d2960cf09a27753aee51361307c18849a06aec30d2ef69cb2d4e6141940e3f3c124524bb97758

Download Submit
/data/user/0/com.izaodao.gm/[email protected]

Filesize
6.0MB

MD5
b140343526eb96b381b9169cecb8bbce

SHA1
5cde908ca782cfe702992e3fa4bb9cb224a79ffe

SHA256
65d46eb0bee6bf71ace802d1172f4f9fdfefafd13dbca650067d73cd3b37155c

SHA512
feeb2b1fb15013829f28afa23bdc99986fdeaee526d3fb80016ed1f97b21db760f10d2ace5dfe043e8998aa18be11b9de542ea3926be33cc412eb7f33732cb8a

Download Submit
/data/user/0/com.izaodao.gm/[email protected]!classes2.dex

Filesize
5.7MB

MD5
f5f269bbe07dfe432aa29f3994d64499

SHA1
2fa5b936ea3962bd96bcdad7acca2f238fcf49ad

SHA256
4d19a9f8eb3759a6fb3043f1a668dbc24362828af708ca92f0d552196fc381cc

SHA512
940e96139c2db6f566ea9576592b63656c2c9812a4cdc580132c7be79d70f6726bd851a8376f9d21d3d203b406f8c7b076246b7b298a21f6eee5925fd9c5c432

Download Submit
/data/user/0/com.izaodao.gm/[email protected]!classes3.dex

Filesize
2.9MB

MD5
c1f25a39ef1f8916f525d3eefc8088ee

SHA1
c8067fb90e7edfccffd414ae790458cfb31f3595

SHA256
fdd5779c1b920dc7ba4941e0d6be8a838a3b1cefe0f114a4c5ed63494a9644f4

SHA512
d35054db759407acee86fbfd6011b52b9c2848ee9fa81123078792a669dfb64144ebe4ab52b42346eee73fbdf13496e5b2b35837d24a323a06d45bec9b925358

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
96abbe509b31744d126e2ba88b449085

SHA1
f490a5c140a77585bc3027df25b24ecff0689d5a

SHA256
b4cc749bfd08d4acd13c566e4a8f8503d85d1a9f776e9865acd221374f724fbc

SHA512
d1d5cd294269928373b5c4158fa758b9855280276cdb706a4d6d03d3b0f25a1fc7b5c92cf459a60f9dcec1619d59659d2a727dda925347286b0e51ca5451a0dd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads