Overview

overview

8

Static

static

6

eabf8e7146...18.apk

android-9-x86

7

eabf8e7146...18.apk

android-10-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    19-09-2024 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eabf8e7146360040dbfddd2757b7b7fe_JaffaCakes118.apk

  • Size

    17.9MB

  • MD5

    eabf8e7146360040dbfddd2757b7b7fe

  • SHA1

    250377b7c9d85c8d9878a9acd5c40f2c447e37b5

  • SHA256

    56551e6c7165676ca50e715824ec06a8b6677ca0ae5c5698acc7238e03740c68

  • SHA512

    905f6ac1dac1513a0688d324652315c02b6830da3d2beb533d546b6a3ad1d7ae58b518fd388b09dcb1314fc41c13acccb58c810210eed37e81e93bd864d1c491

  • SSDEEP

    393216:ZONPXBL3FFxnm1ucDS+N6cP+r2tF9Y83E7gf/dgmRYtj6:ZO5xpm1dbNLF9RUc2mWtO

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 11 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.xgbuy.xg
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4240
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.xgbuy.xg/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.xgbuy.xg/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4285
  • com.xgbuy.xg:pushcore
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4331
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4463

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.xgbuy.xg/.jiagu/classes.dex
      Filesize

      6.5MB

      MD5

      bc7b7cec4c2313b65f6d767a77164dd0

      SHA1

      f0a2fb5db284bc60f424c2084984c830cf4d2ca1

      SHA256

      84906c5a9b057b44e0df1fb8030d13110748ba30ef7a8017abdd3157ef349ffb

      SHA512

      379bec4a7a82a83c32e93cb3d5d0e0622d78ec79a5e17861f9600069283ffeac13340003fd2323c884a114bd45102034b3e5e609b3390ce099db6ef71a144432

      Download Submit

    • /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes2.dex
      Filesize

      6.5MB

      MD5

      f1e1513c1caa393fe8e9a3f9fff03e7c

      SHA1

      db053d40d0ead70c10b229d129359601a8b5debd

      SHA256

      4e81f36348e9d21ea9121450a9c68817efadedf40bf365af9d54a6033b363934

      SHA512

      e9c0cb206d14c55f3bf375fddd0d1edcf2e4540c24ac5df6e1c4884e87be9861a87b4fa5a49162fd054bafac7ed223e6f79686ffd71224f64f7336173298c03b

      Download Submit

    • /data/data/com.xgbuy.xg/.jiagu/classes.dex!classes3.dex
      Filesize

      2.0MB

      MD5

      e0cdaf1a37a325beb335128a913ce71e

      SHA1

      1b4f9eda9ff72406032655f7a7f97e361d90bb2f

      SHA256

      444121cbd8f09a2461d84bcdecea5c61c0a5bc7b0fd3671d6a1ba5a91281cbba

      SHA512

      2f24d69d48c4cf889db9b6d2d5c867b8ea758663e0e83ce1e7ecf650a6b5850669d35d46df3355a643bb2732b590d4609eabbe4aa74d4a4b076c3bb8e8a17d8b

      Download Submit

    • /data/data/com.xgbuy.xg/.jiagu/libjiagu.so
      Filesize

      485KB

      MD5

      015df5724b50b4fbc6dd0caf7ccb817c

      SHA1

      980780e98c9958aec97ab7a0de8d28a4c5fd9429

      SHA256

      183990718a96d742bc6f1bb04c313e04db6dc62d445ecb294a7f15babd3281c6

      SHA512

      fda8f5343cac8102aade5f1aeac7c5b028ea5d8c92e3d12de92e1ffce30bab47a446f215c9cff7dd1e1bb88980ee0d27b5241e856719fcc1f6a5c25e062e9d40

      Download Submit

    • /data/data/com.xgbuy.xg/.jiagu/tmp.dex
      Filesize

      284B

      MD5

      f1771b68f5f9b168b79ff59ae2daabe4

      SHA1

      0df6a835559f5c99670214a12700e7d8c28e5a42

      SHA256

      9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

      SHA512

      dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

      Download Submit

    • /data/data/com.xgbuy.xg/databases/ThrowalbeLog.db
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

      Download Submit

    • /data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-journal
      Filesize

      512B

      MD5

      317aa1a4b4537da8266ae1cfd7062579

      SHA1

      5104eaa07c2b11371b3c8a177f24fd5d120d351f

      SHA256

      98bfc9634a8ac5885cc9fe2bc2f91d7fa5616d0a78b6d30df2005d4a10a3681a

      SHA512

      9cb58ca1e443737655f287b791b612532f6dff953b265b8802cff5f2bb70eb8b4795adf2a715695ec78699d2379df59b83aa8c71f644649af6ab981c363c92c3

      Download Submit

    • /data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      Download Submit

    • /data/data/com.xgbuy.xg/databases/ThrowalbeLog.db-wal
      Filesize

      92KB

      MD5

      b4357a9785becaaad093021d688afe01

      SHA1

      93b0a0e01442c4f14cbb61560fc8ee4745921cca

      SHA256

      54133619c3cb33f9c89c862ac16f4fd5a6bb70f8a14f46fa961f537755444d30

      SHA512

      17027c057ffe30f8be7180f488fe5f190714e10e1f16697d5784d45c787c08363b158b1414d4b953987779aa4522c9737f5f039627ee6acd20ddfef39a52fe9d

      Download Submit

    • /data/data/com.xgbuy.xg/files/.jglogs/.jg.di
      Filesize

      340B

      MD5

      00c5cb94c3c7f8262dc1a8dbb71487ae

      SHA1

      2673443fd703f982cfbe83bf9f23d6dcb6c12660

      SHA256

      932777d0b65ea229b1cfea50dc224703ef3031abfab83cce347c9bbf6dc00ba0

      SHA512

      4a9d1e299e1021bc188f25e3e894e29751f97b0c242812540b62dd23f8ff72dd96d314c6957e28a5bb389e80a8db68e594bb57998d1ac1e8e790de84d4606a3c

      Download Submit

    • /data/data/com.xgbuy.xg/files/.jglogs/.jg.ic
      Filesize

      66B

      MD5

      19402718bfb1c685a726b4e1d846ad98

      SHA1

      02a7e30044a67085f2f1da24e16e4ecfede65b72

      SHA256

      079f790e6a1934a94542559f53a89a824aafd3173d956b6019291955aeeb33d0

      SHA512

      25254318c22cfd301c8bcd479f45797d502b6ab5f14265dadfa3d87b4dd1942a629d3cbc2f0b600cf73b4fe910e3773432f56a0a7b4343e280e20c5a6af0320b

      Download Submit

    • /data/data/com.xgbuy.xg/files/.jglogs/.jg.rd
      Filesize

      73B

      MD5

      7cef4bf7b995564773e94229541dfd48

      SHA1

      4270195392562f55dabae96238b59d535f5d35f5

      SHA256

      b599c40c0ae5855d3ebfb7b876a0390274d0432e41e5d58b4f347e941f2bbb1f

      SHA512

      74c9fdcf8183f798bfc0eaff0bf1b0950a72bce6689e2c00ecba8e98d975a4e0e872f8ea406f400de8f6941fcd56bf75820e044585ddb52df1d9b851cdedceb3

      Download Submit

    • /data/data/com.xgbuy.xg/files/.jglogs/.jg.ri
      Filesize

      314B

      MD5

      587bbdd1d6e452e0047f4fc9af15d2fa

      SHA1

      6b7935f4a188c1e4e43788a8d84ac8670d22f5eb

      SHA256

      f08c2bb596ff087f0149aecbfad3c1f95a327dfc2c6d3d540f1490b76136dfe2

      SHA512

      1f07277f9b1c52250295c23e2800942a887241aefa35732ad02cf66d72435c4cc58e343d770ad8b632c097cfeb707ba5a44f49c5317587ad15323343cf424f46

      Download Submit

    • /data/data/com.xgbuy.xg/files/.jiagu.lock
      Filesize

      27B

      MD5

      acab299d71b450faefa03ca0c3ef3b0d

      SHA1

      dbaeb41fdd6cc13348b4f4f382ab29537231bebc

      SHA256

      c009fb24500254d87682a9cb2fb1247008b4aad48906a8217f2fa1bcf069c177

      SHA512

      b9e3c646847fee85d66feaef1948097fba8a94600dfb90b8ec3fd2317db64369d4f6a2c6641d0ba9030bbae479bb8c20dbdf1fc73f037284f076e8ae6bc844e6

      Download Submit

    • /data/data/com.xgbuy.xg/files/Mob/mob_commons_1
      Filesize

      2B

      MD5

      99914b932bd37a50b983c5e7c90ae93b

      SHA1

      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

      SHA256

      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

      SHA512

      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

      Download Submit

    • /data/data/com.xgbuy.xg/files/Mob/share_sdk_1
      Filesize

      23B

      MD5

      8e24e79baab91c4d0604eaa9006a0cb3

      SHA1

      e427afc94a4b957a7096f73e395a10ea404c076b

      SHA256

      65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

      SHA512

      45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

      Download Submit

    • /storage/emulated/0/360/.deviceId
      Filesize

      48B

      MD5

      1d8d16c4e3b19ebf18988530d9b9a757

      SHA1

      bc94c1cce05cd848a53271ecb9c5311e27ffebf5

      SHA256

      abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

      SHA512

      4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

      Download Submit

    • /storage/emulated/0/360/.iddata
      Filesize

      32B

      MD5

      9c6a3c108fb8947aa3fd339a6af99575

      SHA1

      c0581a602bfb821a7d132c5676a0b7e504fd1818

      SHA256

      723e7a99caead9a77cce69827c8a6e146f081fcb69b928c0af1768d8ae3fea12

      SHA512

      15686951f146625f7e5e97a250a1984d3ea7629bd953eef099cf235e420102c29836d3c203ff52bc090e3e9175fb6aae7532a2ea6d4e644c64f34c7a246da3f1

      Download Submit

    • /storage/emulated/0/Mob/comm/.di
      Filesize

      57B

      MD5

      70a42cba408700f9a6c01c7941a8829e

      SHA1

      eab01cc2c0671538795fb0b1146017dc099d0984

      SHA256

      499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

      SHA512

      8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

      Download Submit