7e4d8e190af1c6ae27652c6c5e100dc47440c83932c4eb54bee1275a59acfd35

Analysis

max time kernel
60s
max time network
136s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
07-09-2024 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2e6e918cd652ec76f68081f48c23cde_JaffaCakes118.apk
Size

31.5MB
MD5

d2e6e918cd652ec76f68081f48c23cde
SHA1

fa9a154c389869c1d1710a27d0f301376aebcc94
SHA256

7e4d8e190af1c6ae27652c6c5e100dc47440c83932c4eb54bee1275a59acfd35
SHA512

17d08684fe304a32c3e587a967f7c604bf94389b301bb068eb1fba66e1b08c5e1aace835cc71ec94187ce244efe98d7b9ffa253cfa33aaab93025bd4c9e23b71
SSDEEP

786432:yb5MHgl62qHhXMnunshKyBRQWAfWddWCz5fFF:ynXOheW2bAfgd9FF

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.auntec.zhuoshixiong
/system/bin/su	com.auntec.zhuoshixiong

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.auntec.zhuoshixiong/.jiagu/classes.dex	4976	com.auntec.zhuoshixiong
/data/data/com.auntec.zhuoshixiong/.jiagu/classes.dex!classes2.dex	4976	com.auntec.zhuoshixiong
/data/data/com.auntec.zhuoshixiong/.jiagu/classes.dex!classes3.dex	4976	com.auntec.zhuoshixiong
/data/data/com.auntec.zhuoshixiong/.jiagu/classes.dex	5128	com.auntec.zhuoshixiong:core
/data/data/com.auntec.zhuoshixiong/.jiagu/classes.dex!classes2.dex	5128	com.auntec.zhuoshixiong:core
/data/data/com.auntec.zhuoshixiong/.jiagu/classes.dex!classes3.dex	5128	com.auntec.zhuoshixiong:core

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.auntec.zhuoshixiong
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.auntec.zhuoshixiong:core

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.auntec.zhuoshixiong
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.auntec.zhuoshixiong:core

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.auntec.zhuoshixiong

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.auntec.zhuoshixiong

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.auntec.zhuoshixiong

com.auntec.zhuoshixiong
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4976

com.auntec.zhuoshixiong:core
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
PID:5128

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.auntec.zhuoshixiong/.jiagu/classes.dex

Filesize
6.6MB

MD5
c0233a8cfedb59cf89082b282257e774

SHA1
2c71db1829b78322d596203f2f4b88b88fd48de5

SHA256
87f113eb6190618ad0973231337f5954f367b5347d40e8beb53f461deb8b71ac

SHA512
ee83705a0e20c4974da42da8f995139abf89c5a11ab2f0951789a6e59a967cfb942a6b29bb2c53b57f98b72237faea059b107ab98fea9163681b781d449b1593

Download Submit
/data/data/com.auntec.zhuoshixiong/.jiagu/classes.dex!classes2.dex

Filesize
6.6MB

MD5
d3d736de6560c31f7baa9537def34ad5

SHA1
23de5344920c8d6e3d67e8b0561bf50810462a46

SHA256
6eb8afbec9e4fa6b95e93558d77ab7d32994a719ff5faba8643aec600ae46b45

SHA512
c590d189c2d3664678bee2880cc23d651e5c331429264d634aae87075b24ae3d58a1ac13d24ae9d44c06dd90a5f4fa95d1dd25915e3edbbf34aa2cd98d3e1284

Download Submit
/data/data/com.auntec.zhuoshixiong/.jiagu/classes.dex!classes3.dex

Filesize
467KB

MD5
90f0aa5795df327c45b430b972e3e21c

SHA1
9f9136728988e3722daca146cf9344b8851df564

SHA256
361510ebc931781b63c1df0df5cbfcda73025889f3349c9407e5190c03ab95e2

SHA512
78a93d7460ff2f321d3559e6f04bd6543253d231442027e717dafe1fa08188e290d961550732edcc8329bd40b865db1d66874466bc960598bbc6cbd9d271b504

Download Submit
/data/data/com.auntec.zhuoshixiong/.jiagu/libjiagu.so

Filesize
475KB

MD5
99826bdfcbe6a383cf5435a0a3286711

SHA1
f80c4ea86aa7ad20741156e23d4816e611fc9b09

SHA256
8c94f2409b87ec487e6e6ceac7f104a9599128e490fcf7a4c73d08685b6cbd1c

SHA512
6c6c40ebadddf17f05e7fda009b7bcd4de6c9e07a6a01c27bd7948d937d0614f8d1f00a7380f35fc8263aaf18959a13d600f2d0c714e7b2dd6ed4b529c9bd84c

Download Submit
/data/data/com.auntec.zhuoshixiong/databases/com.auntec.zhuoshixiong

Filesize
44KB

MD5
bf90cf24e333c8f0f26fbf36b6671d9e

SHA1
5af20af7b73225029d6b5a799d70eab001a51dfb

SHA256
fa1fd6090d60113392b22752804a47afaf2bd626448de1af41b6e2b988442dfb

SHA512
c918b507a282f692f1a41097a6c8d6e9a0383454a26c6c98c96121d719d5edade158feec338023a10d447d2d4f2423a13b61c659542e0e97e13822627c5876d6

Download Submit
/data/data/com.auntec.zhuoshixiong/databases/com.auntec.zhuoshixiong-journal

Filesize
512B

MD5
52f24c4c35e4d0bcd663a395171d8208

SHA1
6149bfb3dc212038a9e07a3caaab5e82792d106b

SHA256
df170add6efbdadce303061468c364ec0452f16a6200dd2ca9edc3d11b75e13d

SHA512
599f018d0a66ed2c893f990a55d687fcd856e4592422ee9c716a10e8c3cbfbf99a53a32c63e0685ded3b1b0735e4ab9c421cd2c98148c0407277c3291b5ee6b2

Download Submit
/data/data/com.auntec.zhuoshixiong/databases/com.auntec.zhuoshixiong-journal

Filesize
8KB

MD5
120315ec75294f62c2dcf249ccde751d

SHA1
ff879db37f05bc76a011f7871301d0c707942e6c

SHA256
6789f28d1d8823491448558d73fca32765788e561cdbe4daf7f7fa55e2305d44

SHA512
6f33172248a5e7854b2f3c1b761b07a961a7e67f31907c7453260de27e5c8ffdc237f05b17d9815ab19e7dbee89385e6e01b1ef093d506fdeb456950ac5e033f

Download Submit
/data/data/com.auntec.zhuoshixiong/databases/com.auntec.zhuoshixiong-journal

Filesize
8KB

MD5
2b98de180dd0fb01020badacb556864d

SHA1
efd9fa6a62d25d23ef6c235f81f970ae2ec1a43a

SHA256
a76753cbc9441fe9202c555342a1ea1e1d77b66845fcef44f9dca94eab84756f

SHA512
0821178248f62019cd9b7a660f933f1e1cc3dff9abdca2e08392b9cc1b553982ba9792706dea08c604cf9064398ec0257b2d1b76d8f6870b31ecf7d61c00923e

Download Submit
/data/data/com.auntec.zhuoshixiong/databases/com.auntec.zhuoshixiong-journal

Filesize
16KB

MD5
e44f988526023f72b5c7de4213c45533

SHA1
ba29a27a3be5bcc6a80fa4e6a85a49672133b3cf

SHA256
d775aad194531cafe28e613b35f1fa978b39b07005c40f3e8f0dba51fe844de1

SHA512
4187a865f49dbd7b8e2686ada59c6ecfe622d445a1538858e9cef30806f48f63da63552ba721a6c39729012f571b623740157a8bb51eaf33f9cdfdaa96817fbc

Download Submit
/data/data/com.auntec.zhuoshixiong/databases/com.auntec.zhuoshixiong-journal

Filesize
16KB

MD5
9b1bad21d9b48496b2ec2c1daad606ed

SHA1
239f739311327a9182d5c84ecfa53f79a7326b3b

SHA256
436962f2bf523d911a15ded1d537d00fbf4a9160207a35b8b788ec028f7a1269

SHA512
ae174a2c1ad4dccb206b7bf0bfb79e655067ec1d26c0229058be012bf8718533d0caaa2ca6c41822130ef2590713a55bf570deabae86fa37048ef22720a5d6f3

Download Submit
/data/data/com.auntec.zhuoshixiong/databases/com.auntec.zhuoshixiong-journal

Filesize
20KB

MD5
07b30f675b4f9907d9194be5444cf855

SHA1
77825d1110b4513ccd698e29a649b8317f8988f4

SHA256
e90fa45877f5f1d92cc70b098f425cc2de1eb96f7eb0307f29a2858f92f561e1

SHA512
57b1afcbdfb6e82d126ef082fe54f5de0817801b781c6ec3f0ef19dcbeb8ec0d10283261d3456d8db2de5c85a79f8768cace48073bf19cb21db9bad5891a7c8e

Download Submit
/data/data/com.auntec.zhuoshixiong/files/.jglogs/.jg.ac

Filesize
32B

MD5
cbb0eba2d93cbe69f24efb213909384b

SHA1
dd1d3c919d9a93b0f00b5241167a7c8404165af9

SHA256
1e77b3812490a12908c0945799a0a888782bdb6622d05efdf5fc34c3114d8981

SHA512
8c022ad79d37e3f5c4771c09ec8d037f50820070474dd3196ab9005d4d137c41b95359d9170971ef5a76b8eca0b24f1fb7b2e3d982a94ea0f74560d4ffe49960

Download Submit
/data/data/com.auntec.zhuoshixiong/files/.jglogs/.jg.ic

Filesize
32B

MD5
861973367d07f48e2ce5880a6fa2024b

SHA1
eb142e1ca0b40786c25b595f090a960057af467b

SHA256
c8aef2c2d791bb2bee62cb03df7a076600eddb5f31070055e6e59cda0df4360e

SHA512
62241c0c66f10e341ecbb4f1edf3f2ce1d76ab197f9115a1a1f0a19e21124de62a2665a33816a02517a9098d9985dd611613022d4ca02225888895f2f95c39c0

Download Submit
/data/data/com.auntec.zhuoshixiong/files/.jglogs/.jg.rd

Filesize
32B

MD5
14baa948d8e0d87af30760b6a82d0166

SHA1
b0011146793790ac1d8f006361cd5cdd530296d0

SHA256
60c542c2ca792abd23658450d4b8250be861ae4bf97785cfa66e1bcd30509cca

SHA512
257911722ae7f55f2e3e8372de7ffdcc16fd33c7a8c39ba55a133aff8f5f245558e86af3ebfcc22aeda8d886b906a00fb0a876264427d86f8139d6fe74ee677c

Download Submit
/data/data/com.auntec.zhuoshixiong/files/.jglogs/.jg.ri

Filesize
307B

MD5
700c0447a4917868db031d0c7ea645ea

SHA1
319c6c4e36cbe760cd943166b15683b31dfba234

SHA256
bb36abc24f96c21be6fbc8ee1a13905cfe29d9e3ab1fc8b0d6d7e3dab9cf5f82

SHA512
2015888496541afdf98b8eb03ed9a88705299a0117e21d95b93b714c55ac9d4e7d93f6e0d3262301c22f95b7766416ef74028553ddab5f194c534b5b70e36f1f

Download Submit
/data/data/com.auntec.zhuoshixiong/files/.jglogs/.jg.ri

Filesize
314B

MD5
5da912fb95fdd9977cc277e323f9bd1b

SHA1
918b619818bc9cbae91c3a16d6fef01864de2f34

SHA256
161c9973ce401d430b19e286a84490d5c13ffdc3a179e16c6c6568388c147a33

SHA512
a249a6be9d2f1dab2f3eb963927a30a6a0131a53683bec8e8a50f191dbb76efa273c4ebf8b3643bdf1e2b40e69a74d96ea82696e75318e1cff940681ce1ba165

Download Submit
/data/data/com.auntec.zhuoshixiong/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
b3af7ad7cba07d7595012612aa236388

SHA1
aac811547e3eac9a6aa0433723806da19dfd5f35

SHA256
cd6b3f592763b659bdb859b7657cbee0e8d366e0a9c28989db3423603a7f4545

SHA512
d15dd8e60f486b3e0ba41196ff3c8afe356db686e625297ac1c0102e0045fe21b42dee0c379d71de77a87e54920853b9acbcca61b1af4e8649c5937527d447c2

Download Submit
/data/data/com.auntec.zhuoshixiong/files/.jiagu.lock

Filesize
27B

MD5
32450c471d3dfc3e8ba26a258e9fc7ad

SHA1
cc9d3a6764b9b3e65af7220a8cad110da63d72f4

SHA256
4bfd3c33d422270919b009baf2ecdbccad5ca903746b9ab0784e2c047ede3363

SHA512
012815a43bc497d69b4ebd45243cab351d35c384861b2f0fa8b0a5e5ed5bcd85df7d33ae9125a6fda466abc85f481428b1bdade7a39333e53194b61ccc51b7bc

Download Submit
/data/data/com.auntec.zhuoshixiong/unicorn#cheese#

Filesize
3KB

MD5
a71951bd1f967730c27af14087c664c4

SHA1
99ee93fa36a322074385e2391bd25c98e3dbceeb

SHA256
82dd3e1e4b95cb08170a570523aeb7e4b68900402c2ba8bfa0c6a20bd4f04d5e

SHA512
a80224164d017e0dd97fb3f4846d21d60db604eb2e48ee1f60ff917293fb505c763a1a6cdcf3b130888ff2025141228811dd6cffe0a7b332259a1ad7dce9c9ba

Download Submit
/storage/emulated/0/Android/data/com.auntec.zhuoshixiong/files/com.qiyukf.unicorn/log/tmp_u_20240910

Filesize
64KB

MD5
fcd6bcb56c1689fcef28b57c22475bad

SHA1
1adc95bebe9eea8c112d40cd04ab7a8d75c4f961

SHA256
de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31

SHA512
73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads