bbfddc241bbfe0bef8d0e849c9ff085a16aa89089605474ce5c2802e026e4f18

General

Target

f9f562c2619428fbf279d96c11ba4a7b_JaffaCakes118.apk
Size

15.8MB
MD5

f9f562c2619428fbf279d96c11ba4a7b
SHA1

66c0d4d00320e9a793200ed0f2dc1e37900a97e7
SHA256

bbfddc241bbfe0bef8d0e849c9ff085a16aa89089605474ce5c2802e026e4f18
SHA512

4f2612ddab5f0cf1bba9e221ae2d73af30f20063496d5a441e18a40e819cf0cc61dda14675b7a9d5ec4589cde99e0dfa2ae657ad1dee5519675ec9bf82a3072f
SSDEEP

393216:KuFHXepW8fO78V3RVqXsC2eNQ+iG/0S15VXxmSo+:KulOpWyOwPVDCpNT5qSo+

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.jiangxinxiaozhen/.jiagu/classes.dex	4304	com.jiangxinxiaozhen
/data/user/0/com.jiangxinxiaozhen/.jiagu/classes.dex!classes2.dex	4304	com.jiangxinxiaozhen
/data/user/0/com.jiangxinxiaozhen/.jiagu/classes.dex!classes3.dex	4304	com.jiangxinxiaozhen
/data/data/com.jiangxinxiaozhen/.jiagu/tmp.dex	4304	com.jiangxinxiaozhen
/data/data/com.jiangxinxiaozhen/.jiagu/tmp.dex	4358	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jiangxinxiaozhen/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=47 --oat-location=/data/data/com.jiangxinxiaozhen/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.jiangxinxiaozhen/.jiagu/tmp.dex	4304	com.jiangxinxiaozhen

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jiangxinxiaozhen

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jiangxinxiaozhen

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.jiangxinxiaozhen

com.jiangxinxiaozhen
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4304
- chmod 755 /data/user/0/com.jiangxinxiaozhen/.jiagu/libjiagu.so
  2⤵
  PID:4333
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jiangxinxiaozhen/.jiagu/tmp.dex --output-vdex-fd=44 --oat-fd=47 --oat-location=/data/data/com.jiangxinxiaozhen/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4358

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1

T1407

Credential Access

Discovery

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jiangxinxiaozhen/.jiagu/classes.dex

Filesize
6.3MB

MD5
8e046f736589d857cc63796f558e55d4

SHA1
7357dff314b25e34b260e4631af025d501621812

SHA256
5884a7d468aa1c2648736f139a701d0047531bbdbd7a511be0e8e32773e6dfde

SHA512
9183b90993ac1ae0528e83f9da6685cc89e3cca610ea67a902fe917014c48c2d23458d1e2cb2767f6bf9978718a85ec3cf43ae4a0f59826963e125288fa99eea

Download Submit
/data/data/com.jiangxinxiaozhen/.jiagu/libjiagu.so

Filesize
382KB

MD5
aa01dd97609092ce310e17bf791069ce

SHA1
f000840a8f68ea7beb2e29ea466088daf55609db

SHA256
e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

SHA512
766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

Download Submit
/data/data/com.jiangxinxiaozhen/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.jiangxinxiaozhen/files/.jglogs/.jg.ri

Filesize
314B

MD5
edb6e16c32d279ed4c477165589cd66b

SHA1
0590953112bd2e29f94304d23eea96a103de08c7

SHA256
d4beb1c35d10aad9fbff022b0cc4e485b6068154814ee440a9ca34026359597e

SHA512
279a2a53197faa734975ed44e9690adfee4d869c1c91ecdccee14b7221dc2aa80b3c229e262cc5645d018efc69b3209449dfecb351eece34c401cfb094f07b56

Download Submit
/data/data/com.jiangxinxiaozhen/files/.jiagu.lock

Filesize
27B

MD5
8354f4c304adb37451727c4ae5ea242e

SHA1
bcf72951001d2236b12ed31ffec20b5ce08cede9

SHA256
16e59162c09f95998a05a36be2b3655603a3042c711c0b458e3d8e2fa5d5a042

SHA512
ed8047208860072cf99c90441f605db2ab621031038c9af58ec74e7ec6972f9e88b84464440feb7681a3a4a9948608e97f8a9f9d5eb54bc264014d12849fef6d

Download Submit
/data/user/0/com.jiangxinxiaozhen/.jiagu/classes.dex

Filesize
6.3MB

MD5
b8298c2ef28bb2840698f50e30af35ea

SHA1
f8862b88bfce13e28c176fa54a7a43ec044d6ecc

SHA256
008ec2d4b276b282093cd63f2b8029af2233f147dcbac47536bf152394c00815

SHA512
f7ce21dbb6f6a425b40a00d3f557065dd48508d55a651bb8df89f5b08e530ec5e9834966bafec054450399127cfb4d0247f54ec5965390e8047a44368fdfdfc2

Download Submit
/data/user/0/com.jiangxinxiaozhen/.jiagu/classes.dex!classes2.dex

Filesize
5.5MB

MD5
b5f6ff0b2002a451e4a4b05e08df5b02

SHA1
7dd28543d29c7e03cd9dd6c09feb6a08f88f831e

SHA256
8b634a5f8fb2ede89bb66dbbe5cea760bc7abcf6fa6d49d546dc8e076e5d69ec

SHA512
800a420b1d05444f1b1cfb6d74220fdfa92955dc202e0b81e85723b0083cd4bd67cb2366993561447cd44d27a83b3664a6d10af6adcc9e5890423bbf833398ff

Download Submit
/data/user/0/com.jiangxinxiaozhen/.jiagu/classes.dex!classes3.dex

Filesize
663KB

MD5
8b1f3425903e312732a37981ee169ebc

SHA1
ff797f857370775c5f7bcdf7cf13a97e2b6c117d

SHA256
a47941873c76365ffa12e38b27504af591b432857c2202b27a9ac06d0eb664c8

SHA512
d79405cbf4d24e1de29377c48297b8ffec92c848257473eef361810a2867a52fe7c59f40b9fb86df4742c844d904d469f8ef0833069f7131576dca142a2969d2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads