59b90753bc8d58d827d1fe65a5a4f19217508e7c47a39e32689a02876eccab32

Analysis

max time kernel
5s
max time network
151s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
07/09/2024, 12:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d1e5fc2752c5cf3c74f02c0eb3e151b4_JaffaCakes118.apk
Size

22.5MB
MD5

d1e5fc2752c5cf3c74f02c0eb3e151b4
SHA1

95f9fdc578a55d9a70eb75d2d0322aa53bac1f91
SHA256

59b90753bc8d58d827d1fe65a5a4f19217508e7c47a39e32689a02876eccab32
SHA512

1ec2e5528333aa52c3b5da9cf48a426957e67eed917664174af1abdac186764868c00ebd05ea4dc80c5daa3e294f1733ff4309efd4e13d251c1359b4f80661bf
SSDEEP

393216:+1DjzCuLqZlY91PP/W0z9zifO3VKymQD+CnJLKy5AMmHTMIIsDAuOhUZsumTXjkj:UDj2QWlYP7zifOFKjmN/5psxIsQTXO

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/net.duohuo.magapp.gzrw/[email protected]	5132	net.duohuo.magapp.gzrw
/data/user/0/net.duohuo.magapp.gzrw/[email protected]!classes2.dex	5132	net.duohuo.magapp.gzrw
/data/user/0/net.duohuo.magapp.gzrw/[email protected]!classes3.dex	5132	net.duohuo.magapp.gzrw

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.duohuo.magapp.gzrw

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	net.duohuo.magapp.gzrw

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.duohuo.magapp.gzrw

net.duohuo.magapp.gzrw
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5132

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.duohuo.magapp.gzrw/.jiagu/classes.dex

Filesize
7.9MB

MD5
8c9aaba481c4d794721647d05742feab

SHA1
3d87a7d998ff604254ec42250a0450718d0aa61f

SHA256
d92b491442733047cd4d01a1d598191ab12683853278788a1fdac80bd81294f6

SHA512
66fe46719616a1c7f8e40d58944edbadaea11db2e2ff5d60a48cbdc1b5a4dadde1ac2a88734bf04a04abeefdd27c77f3d52622846807cf0f1de308fad482edfc

Download Submit
/data/data/net.duohuo.magapp.gzrw/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/net.duohuo.magapp.gzrw/databases/MessageStore.db

Filesize
36KB

MD5
15669eb47bb19111cb64fa7508b227d7

SHA1
c7585424afeb0fc7051697b771eb3d81e0e3aae3

SHA256
ecb0e8c93a782292a1dfe20a90e204d1c1c804e2773f1831c9ca34826aa62071

SHA512
13c2cb45912090ba0b670b36050eab5954e22d57b79e141d2236035dc1ea2000960d93ebc544fc4dee48765335a3d52baeb5d31c8a40407224c624fffebbc11b

Download Submit
/data/data/net.duohuo.magapp.gzrw/databases/MessageStore.db-journal

Filesize
512B

MD5
873308d4c9da52358b0b7670675ea520

SHA1
b39e2304211778ab7641610d6266f57de562adb5

SHA256
8e26ec60075f50f0321fa4be26e5051c64daf9414fcfa334c98d29e9dc8bb35a

SHA512
4232f0bb4c8fa2f6b8e0f99be09eecd8192ce9ba95820d1654698705aa1e8f6b93ec60e12bc7c1556c17f62df4d32f11b4b6d97fce7e0b2a8cb7bfe94ee67ae1

Download Submit
/data/data/net.duohuo.magapp.gzrw/databases/MessageStore.db-journal

Filesize
8KB

MD5
176a1a8c9f0765e747e022f53c6ac587

SHA1
a1976a30018684981e37894fb6a8b40869f92771

SHA256
4e592d2b81013ba7cedd5ad6bb6c1a6d53efa47d408e4643fe6f0bcaf31a4157

SHA512
5bc0067b7d864f8eaa8153a293ef8dccd3c9a6475e321fa8e26372edb5f96146e04c95797da48182022272e465e107c19dbac8c5e6b35670d9d0d882c7b36449

Download Submit
/data/data/net.duohuo.magapp.gzrw/databases/MessageStore.db-journal

Filesize
8KB

MD5
29e91ee7f6f0e06becd1a8a1b034314d

SHA1
bd527b640d1b59f34926675c521277fde1783ef0

SHA256
e79a78b8e22fb953f12a60b855b89404bb761858bbdfce844fd1ecfdd2f34bc0

SHA512
c1f85d22a75996fad9d10f6a9d373067dec2e73dc1d1b25be365b6ba9a8f57492164317ad70f2e9af3cc02c2f8ffb38469f190bdd61a38897429a2f2929319df

Download Submit
/data/data/net.duohuo.magapp.gzrw/databases/MsgLogStore.db

Filesize
56KB

MD5
9cec591e3ef91ae568f4cb6e7c2a8745

SHA1
ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7

SHA256
05be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c

SHA512
f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51

Download Submit
/data/data/net.duohuo.magapp.gzrw/databases/MsgLogStore.db-journal

Filesize
512B

MD5
fe5c085dc8d567b582c74d50c681250e

SHA1
bf17de65716a1bd9d15ef65c1b1021bf532e8b38

SHA256
087e0a640d30bf91aa98259b647af1c618a8933c4ce9d7086e386e644d6f5584

SHA512
76f2b358246ecd1ddb0b628a52c1fce7c39f7ac58a3956034a2e8d89132d8b08f6a390ebb4916c58cce5d1203528501ca95c5623f0dc36ed256de5e6fc8d4b15

Download Submit
/data/data/net.duohuo.magapp.gzrw/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
688171d035a5a65615d05a414a9c885e

SHA1
b3c69ef0c8b6096a809d503a88887b18c89430ac

SHA256
217ebb4989023ad2f827570466af82260deca015b906b19b46181dde30af1095

SHA512
99ed77c915dca20ad836bf9ec95fb9400185bb2f7600d0bd411502cde8986689a8c52f8d3f44cd0258fde764ef501547ac5684ff60a574992c614cf720c2ec84

Download Submit
/data/data/net.duohuo.magapp.gzrw/databases/MsgLogStore.db-journal

Filesize
8KB

MD5
c1528104fc0e9c5b168e7d6e96a33853

SHA1
6e727342f189ff7998a794aa06063fbfa3b189f6

SHA256
2d89a4d109c9786b10c31e343b59b2ca60de9296c027c0b82e560ce3b597f4c8

SHA512
2974d91431275435d24f14a3fdf0608a19e1f483c9a4b4c6ce446461d724af02ca2d99e8912b3baa07fb89c38fbf386b54d1e8ef99ca6aefa07142ad13c17827

Download Submit
/data/data/net.duohuo.magapp.gzrw/files/.jglogs/.jg.di

Filesize
340B

MD5
33c904b00c71b49b14aa3cc5e7f34699

SHA1
5e8bff1e1cf91d74e180698e336e99c1b779b179

SHA256
495ed929e7836aaddefaaaa69711c5f615a7ac54a264fd82b5cd4a0cad09cfaf

SHA512
90f2ba95f00fd47bf5cf9fec13e35e6188c7a9b7e1976d0e49591e55da6c4d616ebdffb9e17e0ef242209d2bcf8d477a5031d44286736b83a33035fade2e1405

Download Submit
/data/data/net.duohuo.magapp.gzrw/files/.jglogs/.jg.ri

Filesize
314B

MD5
051ff291f99099364fd833ecf5284607

SHA1
77f1a727744ab26e6f5e39d7431593101bc689db

SHA256
17ab6c032501cde1d0ff59026892827369fb2b9ba70446f59d30c448dc23cc79

SHA512
695580a75da15abe14b10bce6176949275a0d1af7847d1b3830fe41102189f0c6c211a0cb7b4f1416c4cad2eb266e9b9d1e2ff698f95cfeea75ea87366338b94

Download Submit
/data/data/net.duohuo.magapp.gzrw/files/.jiagu.lock

Filesize
27B

MD5
e152f6b8f8d7e76a1e377f7ccc322433

SHA1
c5c4fb4f23b1d50f5239753c804b6b045b26d503

SHA256
028106711ba40d0bbb30ad3cb60311eb3f1dea75d26aa50aa87594ba2fe29f97

SHA512
35a8a95c996e901720a12c4dedba509ab72605ca78357fa4f0236b30e725e11d276c34fd6eeafb26d81ba0221fda764504488bad9718ab85371e3374106e4e10

Download Submit
/data/user/0/net.duohuo.magapp.gzrw/[email protected]

Filesize
6.4MB

MD5
5f0712ff77d5102a4c8e790c2d52cdb2

SHA1
6854fc94b21b3668c514c1c1c7a3863787ae77b2

SHA256
7da280045f4d247c82d7d41f946604cbfba83dc2dc54469c0df140af8a84c967

SHA512
8c7aebeab92a3bb8fc8416894ee425560f60a0fdf1c8d22bddda264147254691d178f5f2fbcdab0ac5bbb06beba7cb7b9fc4cd9702cc7f1fd3f7ddf824b5e248

Download Submit
/data/user/0/net.duohuo.magapp.gzrw/[email protected]!classes2.dex

Filesize
6.8MB

MD5
837f41c97c14eb6fd82458bb834f4c4f

SHA1
d64bfe661bff73e951dab71150b9fb1b75621d65

SHA256
96f9b63afe9d64be0d29ec161faf4345ec82ae6dc9d1a41358739c2755b3a18e

SHA512
cabc91993614d6e61dc753d858c79b56c835f817c2f48a9556da2addc9c7225c91ff693807a136a4ad2c8bc0c452fe29f1dc9a88259db04758a09bcc0bd9d262

Download Submit
/data/user/0/net.duohuo.magapp.gzrw/[email protected]!classes3.dex

Filesize
1.4MB

MD5
4024d1be89aaf761eead2e7de9db2c43

SHA1
6c29404a964e6618632e4513ce3d4e51332163ba

SHA256
93c6b314b7469223c1b37a7f020b48a221ea06141e51508e7382eb737cebb993

SHA512
d6d980be1ec2d42eb3402e8bb77a1ecae2759da8791d742cdc0a3f570de813dd74377456c552bb8c3ca9aefc6b9e13ce8856c8295898cfe284ba810203988155

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
50348cc70fe4b089b4118359fd7c1099

SHA1
1fefd4b01c8bb4bdfb75bee0097b2b249d9da20b

SHA256
b3a33eec8bb8772229752a08f2f781db2ff06f81108f6d870b854afe41e9db25

SHA512
3c40e4c3ad5405c13e65e86e20c7c630d21d60fbfafffdc373085d7ed916e3382dfba4cfe87c812c090ce3202939422626059e961a0d853253d3b1c7861d7eed

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads