bbfddc241bbfe0bef8d0e849c9ff085a16aa89089605474ce5c2802e026e4f18

Analysis

max time kernel
9s
max time network
147s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
27/09/2024, 07:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f9f562c2619428fbf279d96c11ba4a7b_JaffaCakes118.apk
Size

15.8MB
MD5

f9f562c2619428fbf279d96c11ba4a7b
SHA1

66c0d4d00320e9a793200ed0f2dc1e37900a97e7
SHA256

bbfddc241bbfe0bef8d0e849c9ff085a16aa89089605474ce5c2802e026e4f18
SHA512

4f2612ddab5f0cf1bba9e221ae2d73af30f20063496d5a441e18a40e819cf0cc61dda14675b7a9d5ec4589cde99e0dfa2ae657ad1dee5519675ec9bf82a3072f
SSDEEP

393216:KuFHXepW8fO78V3RVqXsC2eNQ+iG/0S15VXxmSo+:KulOpWyOwPVDCpNT5qSo+

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.jiangxinxiaozhen/[email protected]	4921	com.jiangxinxiaozhen
/data/user/0/com.jiangxinxiaozhen/[email protected]!classes2.dex	4921	com.jiangxinxiaozhen
/data/user/0/com.jiangxinxiaozhen/[email protected]!classes3.dex	4921	com.jiangxinxiaozhen

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jiangxinxiaozhen

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jiangxinxiaozhen

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.jiangxinxiaozhen

com.jiangxinxiaozhen
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4921

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jiangxinxiaozhen/.jiagu/classes.dex

Filesize
6.3MB

MD5
8e046f736589d857cc63796f558e55d4

SHA1
7357dff314b25e34b260e4631af025d501621812

SHA256
5884a7d468aa1c2648736f139a701d0047531bbdbd7a511be0e8e32773e6dfde

SHA512
9183b90993ac1ae0528e83f9da6685cc89e3cca610ea67a902fe917014c48c2d23458d1e2cb2767f6bf9978718a85ec3cf43ae4a0f59826963e125288fa99eea

Download Submit
/data/data/com.jiangxinxiaozhen/.jiagu/libjiagu.so

Filesize
382KB

MD5
aa01dd97609092ce310e17bf791069ce

SHA1
f000840a8f68ea7beb2e29ea466088daf55609db

SHA256
e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

SHA512
766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

Download Submit
/data/data/com.jiangxinxiaozhen/files/.jglogs/.jg.di

Filesize
340B

MD5
bde66b09a8204fa6723cb0106c000765

SHA1
76d9c8ceffeba2bc3565aa07601e73147528cba3

SHA256
d9ef2bd572ef8f6caf1de7a72d70f24dcceb406a96ba339c989900ffb595cce3

SHA512
f6e92c676c05c7269d3bf175a749fe7a5a917f1f5bad2c1846aa798b12e471981ddf783d5d0427e6adf760511ab52905ab82062c01f04a733da07ba4ba7ec4a3

Download Submit
/data/data/com.jiangxinxiaozhen/files/.jglogs/.jg.ri

Filesize
314B

MD5
893c808a209909ed5fbab93b6a69160c

SHA1
0b0a81ecd12dc6a19df39f1d101040c84569f689

SHA256
cfed59e4e2fe344000eb19486d31722311ebe31d9f7440df6244a477ce02ffc8

SHA512
575434dccbaf9052f77d02d76df266abcd82dfee6bf4354ab507821ab9b404c6673984d9ef739b879d5b9513f1820aa3dcb04d95c3d4ca2583f1d40f6533fc2e

Download Submit
/data/data/com.jiangxinxiaozhen/files/.jiagu.lock

Filesize
27B

MD5
0edd928792ba378a67c0fee5603535e4

SHA1
b30fdb3ab0e900b39123257283ae5ce4c967ebec

SHA256
8af34dbe16dba1d1b4139f980fc40aa6fc1f22a6b5c0045735850b89c5578581

SHA512
a969f06da850ae5e50b904734e7643b3cf1c371dca125ad5e8e63c82bbb0ccc9eaf196ec0541ded012715481ca5460a7e54556e8d41edf122725c90eaabff269

Download Submit
/data/user/0/com.jiangxinxiaozhen/[email protected]

Filesize
6.3MB

MD5
b8298c2ef28bb2840698f50e30af35ea

SHA1
f8862b88bfce13e28c176fa54a7a43ec044d6ecc

SHA256
008ec2d4b276b282093cd63f2b8029af2233f147dcbac47536bf152394c00815

SHA512
f7ce21dbb6f6a425b40a00d3f557065dd48508d55a651bb8df89f5b08e530ec5e9834966bafec054450399127cfb4d0247f54ec5965390e8047a44368fdfdfc2

Download Submit
/data/user/0/com.jiangxinxiaozhen/[email protected]!classes2.dex

Filesize
5.5MB

MD5
b5f6ff0b2002a451e4a4b05e08df5b02

SHA1
7dd28543d29c7e03cd9dd6c09feb6a08f88f831e

SHA256
8b634a5f8fb2ede89bb66dbbe5cea760bc7abcf6fa6d49d546dc8e076e5d69ec

SHA512
800a420b1d05444f1b1cfb6d74220fdfa92955dc202e0b81e85723b0083cd4bd67cb2366993561447cd44d27a83b3664a6d10af6adcc9e5890423bbf833398ff

Download Submit
/data/user/0/com.jiangxinxiaozhen/[email protected]!classes3.dex

Filesize
663KB

MD5
8b1f3425903e312732a37981ee169ebc

SHA1
ff797f857370775c5f7bcdf7cf13a97e2b6c117d

SHA256
a47941873c76365ffa12e38b27504af591b432857c2202b27a9ac06d0eb664c8

SHA512
d79405cbf4d24e1de29377c48297b8ffec92c848257473eef361810a2867a52fe7c59f40b9fb86df4742c844d904d469f8ef0833069f7131576dca142a2969d2

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
4ef79491d939319fff2fbd25ad4f2b71

SHA1
0f18192e3e87c1df5eb83a71d7cf115d671417ab

SHA256
b30d0097fd70324ab4a56aaf7ca3c77f90fd74e7b295321e3c174a55c0b87371

SHA512
e53382f59b2eb08670a4af584d0666b12c3c24d8309dee60e835db03037317aa3594801fcb73f7dbc906fe77688313f545aa3296d1efb4d43a428ef7c912a28f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads