436abf7c2172ab01914502092a198898498ba87003d441b8758300d2b2a75fe9

Analysis

max time kernel
56s
max time network
157s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
28/09/2024, 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd341958489c25c9ca057de2576d5c5e_JaffaCakes118.apk
Size

31.1MB
MD5

fd341958489c25c9ca057de2576d5c5e
SHA1

90bdaded39353e5d4b5768ea89b4bdb5b028d826
SHA256

436abf7c2172ab01914502092a198898498ba87003d441b8758300d2b2a75fe9
SHA512

be6909a8846c8a8d3c58a987d9337046e980ddc995c595c33c1f6ace8279127f6de963808b65e3791b20e91f888b6ad21bd579ad56f5bce132db62c4a47cdf6f
SSDEEP

786432:gPW6K3yT+MaoqbmNDNZ+ozw20lRVhmhTs4yS2:rTyKMaFbmG25hIJ

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.twodfunclub.swimming.pool.repair.gtx/[email protected]	4438	com.twodfunclub.swimming.pool.repair.gtx
/data/user/0/com.twodfunclub.swimming.pool.repair.gtx/files/ebody/res/37673/vva.jar	4438	com.twodfunclub.swimming.pool.repair.gtx

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.twodfunclub.swimming.pool.repair.gtx

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 3 IoCs

flow	ioc
28	s.appjiagu.com
35	d.appjiagu.com
37	b.appjiagu.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.twodfunclub.swimming.pool.repair.gtx

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.twodfunclub.swimming.pool.repair.gtx

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.twodfunclub.swimming.pool.repair.gtx

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.twodfunclub.swimming.pool.repair.gtx

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.twodfunclub.swimming.pool.repair.gtx

com.twodfunclub.swimming.pool.repair.gtx
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4438

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.twodfunclub.swimming.pool.repair.gtx/files/.jglogs/.jg.ac

Filesize
40B

MD5
d742fb014fea1b3cdc9610ea35f1bb58

SHA1
63a2bbcf24542113255b41c5042d79b673577faf

SHA256
2bb7f204843c153407cbd4037f27d1aad7f5e962b38406ced452746ebb7dd69d

SHA512
bbafa601794754a8f56d1867be86c8bb1d902bfa09cc49730de8228741db9c7e5e75c29faf7032420c7d1a15aad88c37ec16bec12bc134620bbc414d87f2767b

Download Submit
/data/data/com.twodfunclub.swimming.pool.repair.gtx/files/.jglogs/.jg.ac

Filesize
40B

MD5
1ba9d96c4d86af554cab5bc1440a03b5

SHA1
2c235e800fa36a4253a522cf533259d4c2c37459

SHA256
caa5020df4c703a2f45957a39e3565e0ac4ed401a889e41ada4b5ea9143cd510

SHA512
044d3473e7f119987cfb49d1e64269c19f967357e8549ef42bab7bc7499f8c1ff7ac9b972a0f285a000f7ea601f159e27ebf13e2210a25698e0005b8a631676e

Download Submit
/data/data/com.twodfunclub.swimming.pool.repair.gtx/files/.jglogs/.jg.di

Filesize
340B

MD5
2ccf63e642e500d434adf95a81d09e8f

SHA1
58d7e962ec68096ea85adcc1389217c5d0fb4845

SHA256
3cf81daebd52c5030c9f1573ca726ef2d052b8c23e379f82f24fb6d0fe114655

SHA512
331643b4856a2933b15f0dc8ba700ef97d36ef2304b561f82ec1453bf5f8b4a0e53ec7eb66ecd39692fdb091105ca752d8aca8464a3d1d34b85fe4fbae2dbd4b

Download Submit
/data/data/com.twodfunclub.swimming.pool.repair.gtx/files/.jglogs/.jg.di

Filesize
340B

MD5
555267affde1f2cbee012d4be5fb6a7b

SHA1
ffc457556860e678890d782bcdb954f48ae2098f

SHA256
e129831f978f35a10c7dbee06859deee014c9990f06d8ca086bc396c2f6e5f1b

SHA512
16bb0af8360346aae216f572c2d3b5bf31cb9363387e197b0c9f30a01d6796907e03e0c320c1e83504a94feab358b42b97c413455abf8517036eb6f0989bf9ec

Download Submit
/data/data/com.twodfunclub.swimming.pool.repair.gtx/files/.jglogs/.jg.ic

Filesize
40B

MD5
e712c76f38b37745b5a09509d8386c2f

SHA1
ee225347d3a9c87231d73962e8d7a490e4a98e77

SHA256
4ed4f1435bf8c1b88071370a01831570f72d1f43a4cb16677cc3dcb16d8ab063

SHA512
ab1454354b3c2c4e6dac361f73be1a932a93108a85ac49fef1be8df93aac67b38a7ff5bba2ccb9ccc8c3ae572115f436559e02cc820ae4252d7d5c821a718381

Download Submit
/data/data/com.twodfunclub.swimming.pool.repair.gtx/files/.jglogs/.jg.rd

Filesize
32B

MD5
1d7a44739cb1dce3dc8a1f7f30e7c4f1

SHA1
7b90dab970e3afef7ad0117b0a17187457cd654a

SHA256
47a44fdfade25a644bbc2bf68b238ddba0863a43ec2b4f9fd892afb018538daa

SHA512
7a7499034cb16e1f84befb0dca33d906820fe052702073ad183cacbf97dcc191efcff1f7a2d689424998d158ad13ef203f53d062f87318d2770f3c15d1af8014

Download Submit
/data/data/com.twodfunclub.swimming.pool.repair.gtx/files/.jglogs/.jg.ri

Filesize
314B

MD5
4211a95bcc658248beef0c2a4fcc2121

SHA1
db52545784fd4578f034758087182013f68da373

SHA256
4569a04a2ce6e7d45a0e195fa1838d16a54fdcb622794ffb207aa4026b43cbb9

SHA512
89a65b120229f033750d581b4c70a12f4883755efad021a2531f68feec33547ff73cc0867fcb87a7c6182b487058a2ead709e3a7409bd1a5e36d65ad29e1fedf

Download Submit
/data/data/com.twodfunclub.swimming.pool.repair.gtx/files/.jglogs/.jg.store

Filesize
127B

MD5
9b8e949c45370672b2f1f15b6b4a9efb

SHA1
35eb9e81993d340a289852955aa9027dc271b85c

SHA256
438c79097773967bf0cad37ee1c38ca95ecb6f8a2b1ab29ef56bf9799efd6c28

SHA512
7bb6e47610a8835c0c8520f4fd4fc1726d59648ea6628b9ec49794f6276ffed571c633ad37a470adc3958964e9f2701624d16908fb902415aa71066e2b1c6145

Download Submit
/data/data/com.twodfunclub.swimming.pool.repair.gtx/files/.jglogs/.jg.store

Filesize
32B

MD5
448e391c59eef34ee1defbe4dee4c41f

SHA1
df1f890987371d7d8e6963c68b787856e42bc146

SHA256
55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

SHA512
ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

Download Submit
/data/data/com.twodfunclub.swimming.pool.repair.gtx/files/.jiagu.lock

Filesize
27B

MD5
3022591ba1df6450c3f32a155f05c2d4

SHA1
50c76264b3b28cc88c91ca4c6896242b5817dc3d

SHA256
cfbd727bcf3117e840d485a0521dd22872bdc9a840dbf512e5fb6b9adad97ed0

SHA512
00012151fb21853e8f36cbff8a98a6eb9246915c0946dc426d54f1c8164a7c4fa744a8794fb4506370184f6f03d3300cfdd5308026dd3d6a4294d7b3f1af2ecc

Download Submit
/data/user/0/com.twodfunclub.swimming.pool.repair.gtx/.jiagu/libjiagu.so

Filesize
482KB

MD5
f380717bd1e3916c7b697fab8d46c5d8

SHA1
04f51f0d16097214e38be517d93be44cb0603a88

SHA256
8455632be7bacb221468c4daab2f9b5ee33739f08b22244ff81a36a02bec36cc

SHA512
b78fe11f77d2c0ec5b36850e8cc3b955661b31641405233c8842b91205e44dc16a30d7fc1ef18dde1b066c1b98959ae9c18be5472413d2b398b7ab6a6b52c07e

Download Submit
/data/user/0/com.twodfunclub.swimming.pool.repair.gtx/[email protected]

Filesize
5.6MB

MD5
6dae67fc292545b590bdbf4b7be497be

SHA1
5597597358e8025a5282c86c5590c40dde8ab67f

SHA256
5d8b2f2ccc785e8de60742692cc8d2303b551d3fd4a88e19bb88aab3ec3a3eb1

SHA512
5d54a3a899fe7248334f87f81dcb137c67fda7c4ffe7b1a7b9caa77d8c57f95af30f737acfa228a53ef5be39212cc3433f911c2c8684c464a0061b670ab3065b

Download Submit
/data/user/0/com.twodfunclub.swimming.pool.repair.gtx/app_ebody/res/xmtok/37673/uuloi

Filesize
2.6MB

MD5
a4be05e15ad132090b309f396e91ff58

SHA1
8c8b8354188d80d9abf60f4f63883d2b92a553f2

SHA256
e2c35ba3e0b82ced9693b57da9c9c57a1e9914d272a8f94f9f39b40ec3451016

SHA512
1db29d80bdec4939d19566a9714cb400fcf7baf17b306b6b65ec92f573aa1910262cd4b51d9791af38b5951ef39bbb499a9003b9e0c528c31a2a21e45f09f341

Download Submit
/data/user/0/com.twodfunclub.swimming.pool.repair.gtx/files/ebody/as/cheuu

Filesize
8B

MD5
d8b00f551e5679d5a92e7037f8d310f3

SHA1
2227f3cb279252cae3af94fe22ffec58d1ae2b9f

SHA256
ba681106ea6e11b0dc8651379b560408eecc5e5a52562e6e6a530c1c98c767fb

SHA512
2344c897d87af4502eff06c62f8b8da12c2ffe44c1cfbb08bacb215548931e4c5b669b4d3a1fc579adb5db090c65534190ecd2de7282881893aa5bbce737fd90

Download Submit
/data/user/0/com.twodfunclub.swimming.pool.repair.gtx/files/ebody/res/37673/vva

Filesize
2.6MB

MD5
c7464d7ac75c59a56ff2f6a0f9374094

SHA1
e18fb726a5a36039aa18c383b265e79a343479e4

SHA256
c22c33159bbba233c5747086b13a5ee067c44bc7726267e4d02b8993fde1f344

SHA512
93fd8ca48d0febfc386b9cfb4eb01e5aaf72ff0f9e1abd4720884fa0c93d422728f61da7edebabc1267a8aa2c4f6aa831c8d5a596d08f6b64ef696e19188a9f9

Download Submit
/data/user/0/com.twodfunclub.swimming.pool.repair.gtx/files/ebody/res/37673/vva.jar

Filesize
342KB

MD5
c575a286b11bbafcf8e4905d27f30977

SHA1
92f75a7425564f8e5ced10e4ef098c378a0748bd

SHA256
185c4ce6748aecf146255ae05828bb01d88b523d7c930e058c851ea5d329beba

SHA512
f71571ee69dbb5fea7ac72572b1e50bfac1c7b0a577a5163631410d9f002ce38ebc1e3da4b43000a3575b68b30c70609269c48d165e1cd326474d3e46e19087e

Download Submit
/data/user/0/com.twodfunclub.swimming.pool.repair.gtx/files/ebody/res/37673/vva.jar

Filesize
1.0MB

MD5
7eb039aa7728169a015707a82e1b41a4

SHA1
adeae37340af1ce383c908cdc4d375b270b30a60

SHA256
9e4e34e3db9a85d0e2f937c85255f2c924df7465284c9f8d91f9ab4ed8f2c49c

SHA512
c60f5c867ff34eed8186741ed2947e21ea7f3264114347ff64c90d9e04381238f0a3fbae18ef4ddc3c4b390935a21ebcfa311815384615574e9c9f90a825f7ca

Download Submit
/data/user/0/com.twodfunclub.swimming.pool.repair.gtx/files/ebody/seey/tmd

Filesize
32B

MD5
f22d1c9d8805a03089a14cb8f0a077f0

SHA1
fbf44eea9680293a31ffaefdf4a51fe76b661b96

SHA256
c799bb41ae4a0e972aa7f51fa42bddcb39740813d1549c792a1bfd1cb159be49

SHA512
9c14964bf702554b46136efa6238920b25cdba7f228d72eb66de2efeed0e7f6a785770fc97bbd53819538c23add5ec41ed99933809c30ff8a95311728b044ae3

Download Submit
/data/user/0/com.twodfunclub.swimming.pool.repair.gtx/files/ebody/seey/tv

Filesize
5B

MD5
1c4ec9002d8f6c1ddae5c151e48cf718

SHA1
2425cc273831d722bee4906c14c03fe497b99c08

SHA256
f6c857ed9fb74036aad1662f0450a84601f9eaf5f9eb0e6943136fa6ffab21b0

SHA512
6371c3db3d1dd610f1d22a8a5c5ba3efb8e4d0fd8df158f0dcc001238072717bb1d385152e4b8f67d7283eaf41d0582f6381e859f83f673e8b4ec48ce59d76ac

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
2ef7caec14661a0621a2c3eb27b12339

SHA1
2594e8f05364268256124d2165bd6da956761731

SHA256
ad99c6e2c2326d935b7c79a7a21b721443428efee6baf83cd316b4a93881c3b6

SHA512
fb8e3ccebc38c859537884290aeb426be7a84dbba4052f88e339cb4283831c35de96e03ef2ea12a1ff36592c5570f201c80e72712daded8b792061b6687100f2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads