f9412c8d7e238f2856f0a7654a967b671ec08467bb7eeaf1039de038a016a601

Analysis

max time kernel
7s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19-09-2024 06:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eabc46e347a709f4f4932b4de612cde1_JaffaCakes118.apk
Size

22.0MB
MD5

eabc46e347a709f4f4932b4de612cde1
SHA1

3334db25bb9c389edf043843d5c052ba1cbff063
SHA256

f9412c8d7e238f2856f0a7654a967b671ec08467bb7eeaf1039de038a016a601
SHA512

c94a86bf8812bf966bad553cdf833f4abc8cd7083ec6fd67a3f0c66e6bc1a7af30b28c17b74b2073d0d101c689053b5cd2c6f44362ac5678caf3ca49eaf1885d
SSDEEP

393216:Hm88F6smHKcSCgqPd2ILAry5cYEhhrGp/MZFPA0DzVizw1wUIgP+12:GV6IcLPeydEhMpk/Px1izw1wUIgP+12

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.jianjiaonet/.jiagu/classes.dex	4254	com.jianjiaonet
/data/user/0/com.jianjiaonet/.jiagu/classes.dex!classes2.dex	4254	com.jianjiaonet
/data/data/com.jianjiaonet/.jiagu/tmp.dex	4254	com.jianjiaonet
/data/data/com.jianjiaonet/.jiagu/tmp.dex	4305	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jianjiaonet/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=46 --oat-location=/data/data/com.jianjiaonet/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.jianjiaonet/.jiagu/tmp.dex	4254	com.jianjiaonet

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jianjiaonet

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jianjiaonet

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jianjiaonet

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.jianjiaonet

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jianjiaonet

com.jianjiaonet
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4254
- chmod 755 /data/user/0/com.jianjiaonet/.jiagu/libjiagu.so
  2⤵
  PID:4281
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jianjiaonet/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=46 --oat-location=/data/data/com.jianjiaonet/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4305
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4353

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jianjiaonet/.jiagu/classes.dex

Filesize
4.7MB

MD5
8840b2c1dcb09deeca421b4e7f53555d

SHA1
f3d8d5e092345864502b7b93f682b8a5ecdb6efe

SHA256
09f64d3907aa551ed8d7fc5014c4924402bb100e679c9dd3dd1fb1e2c1eb1414

SHA512
49f2b788be18f08d885d1eb2e7fc732a2552297a948382c6deccb1fe63cfef50ebc3706c842036778e875ca32a3979c3c3d47bdf9cc1f13f26f895ab2e972928

Download Submit
/data/data/com.jianjiaonet/.jiagu/libjiagu.so

Filesize
382KB

MD5
aa01dd97609092ce310e17bf791069ce

SHA1
f000840a8f68ea7beb2e29ea466088daf55609db

SHA256
e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

SHA512
766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

Download Submit
/data/data/com.jianjiaonet/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.jianjiaonet/files/.jglogs/.jg.ac

Filesize
32B

MD5
eda88361160b7b637c9d8dddec374e5a

SHA1
b58075915aff101743bd0464820ccae2399ce41e

SHA256
963c1091f0f9517322f39e26ee921c292a65de0a54684afd6ea273de3442c7b3

SHA512
95fe547d3bf628100577c99fd1bfcb6d5ea9dcc40719cf04e0dd5014ad9b0c67a502f74cfc0fc698689a5ec0e32bc281f70aa101827fee2212bceab0d30504bd

Download Submit
/data/data/com.jianjiaonet/files/.jglogs/.jg.di

Filesize
340B

MD5
8f0f3d1d825f223a3a320680f20661b7

SHA1
02261a50df6d0ba825df4c57d0a5a174b546c72d

SHA256
49b9759e7ef20ccdf1f2f324b00f0d6ba37cf2e4d2b403186e93bdcf414c36e4

SHA512
aa8e9012eeee977ccd90a8b2c8749e9075fe24a75be5bc252c9ed6d22ccde68e268bbc03cc3cbaff8e2fbf7a48ab0c10956c5722ab7651c356224e4a758a1c56

Download Submit
/data/data/com.jianjiaonet/files/.jglogs/.jg.ic

Filesize
32B

MD5
4deef310e374c5ccd5cd99076c6d6427

SHA1
e37cdbc6109d553baf2acdb34059b1afd9541096

SHA256
99042012aaf89d49b1961fe9965f82597e7516e3eb9eec1df10e403f20e4c407

SHA512
da84f9adc9848b8bf24d0d9a091db5761ba96beca0ac5043e1a5a4367a2b026b9dd9560dec40a56f0fead98d13eea0ba5ee79a2c112bb638c6e8128864aa94f3

Download Submit
/data/data/com.jianjiaonet/files/.jglogs/.jg.ri

Filesize
314B

MD5
73b0349d0427e878e7f2bd78e8c0a09e

SHA1
75396e7225664d4e0e960fe355923bab590ff063

SHA256
e63e191509a5e3c13eb3f116653df77000870dcd3b36b1260986943e1f306214

SHA512
46244d64f77ac441c4318af10012b495266844a5ee99a85e639f0f123e69490bb46570b9266cc26d99101c50e8683e65c40040e9c2c2853180bd67b24191c832

Download Submit
/data/data/com.jianjiaonet/files/.jiagu.lock

Filesize
27B

MD5
f74edd5c125af19e2b56869184b895e3

SHA1
17428582dc2c6bf5600b448a157685c77cf8f119

SHA256
116349ac31a4004eb6e13bb2005002e23a05743b9eb79c35da2ebf404cc111d8

SHA512
2da19073a555c86acb2b51d91568ab20c9b05095c40443eb33e34ab82c93c0f87acf15b06011e1d1e074b06060d39734e12a71522c1db532cacdc24168c4ea8b

Download Submit
/data/data/com.jianjiaonet/files/libcuid.so

Filesize
129B

MD5
f056c70036122f8e5e42b0c45ca457fc

SHA1
b3279237198afa69438e4dc84f75968e0dabd106

SHA256
8c4348ac57637c6e18095276192bc65629de1b0a472ac28ea65b397f872dcf0a

SHA512
b436d592aa179391c38636f4b288aacab37d0f97b9f2d151f2464027748ae77e21b783a9a9c64026bebb249f6f7a7d2d5f5061837c0d88ffe8c25db18e41f940

Download Submit
/data/user/0/com.jianjiaonet/.jiagu/classes.dex

Filesize
6.3MB

MD5
f574c423a2dd2c7b1c9b0d9b38702b1c

SHA1
7e665f0b03f8fa5721bd3a9b8099373cca802ffc

SHA256
d7c966ae9ca215d3ba2ce32fa066f2a79740246fea34cb60e3d08577aa6c99e6

SHA512
fd8057a688d59b56e584c8df6ea2c3fefe0962931d1b38165ba55a10c73bfe6695ae9da58af552762a9abcb31240bc2d6d4eba5b591424ca93b493f9a90b68f9

Download Submit
/data/user/0/com.jianjiaonet/.jiagu/classes.dex!classes2.dex

Filesize
3.8MB

MD5
fd08c29a0a3a8332034d33e69daba295

SHA1
1c13304cfdbece81fddadf4a6a5c5996494efcd6

SHA256
0ca58516a1a19c805c4ac1ec6bd8da1a6a4ffeb492e030bd907e7f4b7cd91a26

SHA512
dbabb3213981e07f03e4ab1e75bb6350b21b315781fb7c7b26f3e7bf467e2b48de6a7fe15b2ea9a18de5b1c827e6dfb23d91779fc17c7d40ced616a51007be2c

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
a72872bb345b9c506c9453bda468a017

SHA1
b91996def14f5e75d78fe758da2bbc55fb68ef25

SHA256
552c02b3b74b3c6c5acf9d85289d581b9353e16d17c2f825e215c6ef4ff08166

SHA512
d41ec2f5dac8ddba76df8da224c6e2648221ca596c19904e1f27492ecada7ba1689fa4ed79a355c9192e8fa0a505fd066db2c74a8ebed30add29ed74280834eb

Download Submit
/storage/emulated/0/Mob/com.jianjiaonet/cache/comm/.mps

Filesize
26B

MD5
840eaa01e5d03fffee257ed5ce4fba9e

SHA1
886bd732b29f6dbdd94b890a2b203c5a276ae773

SHA256
7648e772307acf936c331c4ea9d92872b1af6367cbf83f33f569ac204df65595

SHA512
b0a4f9238c4b60bec0cca9c72e551a702a95210a735bd8176c1d5ba741e264d2f1e885d65ed07a88086afd74f69c5e02a92db8068b222a62c6f56762a26b7d4d

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads