ff039728f489e9644bd53825bb22cd9bfb574740d88540a2aa1b7c635526bbf5

Analysis

max time kernel
11s
max time network
140s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
26-11-2024 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ee9752135d276b5e91282695f9dc95a_JaffaCakes118.apk
Size

2.5MB
MD5

9ee9752135d276b5e91282695f9dc95a
SHA1

f5856d5d93ebf00c2924790fe2954b937e598d43
SHA256

ff039728f489e9644bd53825bb22cd9bfb574740d88540a2aa1b7c635526bbf5
SHA512

a937bc7a440cd0d6ba02bb8971ec61378b72b01f4403d572851b76b687f09c0ca50d3a53e7116d18a67120ecd4fe6d06ac9a51946be64f8336a4c4f53c0dfed4
SSDEEP

49152:RhAyegIXJpFLcykewnkghafPGjONr5f4/vON3q2F5LukFF/:RhaBJpFLTcnNfSzyvOsYt/

Score

7^/10

collection discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.gttg.gjx

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.gttg.gjx

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the content of SMS inbox messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

Processes:

com.gttg.gjx

description	ioc	Process
URI accessed for read	content://sms/inbox	com.gttg.gjx

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

Processes:

com.gttg.gjx

description	ioc	Process
URI accessed for read	content://sms/	com.gttg.gjx

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.gttg.gjx

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gttg.gjx

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

com.gttg.gjx

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.gttg.gjx

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.gttg.gjx

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.gttg.gjx

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.gttg.gjx

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.gttg.gjx

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.gttg.gjx

description	ioc	Process
File opened for read	/proc/cpuinfo	com.gttg.gjx

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.gttg.gjx

description	ioc	Process
File opened for read	/proc/meminfo	com.gttg.gjx

com.gttg.gjx
1⤵
- Queries information about running processes on the device
- Reads the content of SMS inbox messages.
- Reads the content of the SMS messages.
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4264

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gttg.gjx/databases/app_download_record

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.gttg.gjx/databases/app_download_record-journal

Filesize
512B

MD5
7e66a03a3f1a6f39f2924da283d67597

SHA1
6bc993a1ba0b0b5a1fc43f733a9bc845aec6d2e5

SHA256
96b5f50a27ed963ba06807db7d9751f2ade1a83bd2dbe36a8b192f9191079c63

SHA512
465c07779fe63582397991d7782439cffd40b1546f0f6e680336772bc9e2d8a600b9a5424befcec844491664ea57cee9bf81738446ab9c2399069993c2448684

Download Submit
/data/data/com.gttg.gjx/databases/app_download_record-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.gttg.gjx/databases/app_download_record-wal

Filesize
44KB

MD5
a4868219dfbc3d2f89f9534f7353b49a

SHA1
984a51d49e50a354df52c5fe1b54a72a7fda0e21

SHA256
6c4a604ef1ea5d40d2118914b491aa0b4691657eb75f8584d4649ac553098b54

SHA512
697116ca84584b1379fce66f5192021fe3acce7169015d4fe70753bfec96cd89e79a73d07250a31d5faf207d582bbfc218a5e80989d718a4bd08ac883b07a858

Download Submit
/data/data/com.gttg.gjx/databases/statistic_data_record-journal

Filesize
512B

MD5
30b1f52ae3e7f066b30737ad1791190f

SHA1
3404ae05c636b4d5810c99a43bec350559c1bfa8

SHA256
6a6042fbf21405ccf9961cf2538c281e90d4a9de50995b39aa92b491e05041bc

SHA512
58010776780049917eb7b1189135f29ea52a1bf24f1efb067fd2f7a32991af4bfe96e7e4cde03edee04929f7e21adc06ebeeb92c2a7c52c57cda3c8cfc17c40f

Download Submit
/data/data/com.gttg.gjx/databases/statistic_data_record-wal

Filesize
48KB

MD5
7554014b873f01e40d33124e211e2aee

SHA1
49efd32f42541165e9ff14ceb0660efd4055662b

SHA256
1c2765ee54090df85b8ca75ba1c2dc293d2b83c942264497e35a9272fd843513

SHA512
e91dae0c5af8a32315d6ca9980a97a8f40c5e4cac5387a93bd193abdf53b17935c08c667b41bba41349aa754d606cca939068b33807cfd1040d0a15a54a81874

Download Submit
/data/data/com.gttg.gjx/databases/sy_pay_record-journal

Filesize
512B

MD5
da85dd97fd6156a31f8905b52e809a9d

SHA1
4c378b93780f4c0497ce9c90a68b2edd12fde112

SHA256
ad7d23300f6b70ae72740d1fa31156f5036403d10e185b40a2c6428d0d9aadb7

SHA512
597aa6a1db3b3279c5aa2e6e35113b85e82f51eaff68623e9f190ce1dde65c4b14f2a4b254d92ea6749b3fb3d2b156a4be9350125e19fced0b6ddf7ffcd47ea1

Download Submit
/data/data/com.gttg.gjx/databases/sy_pay_record-wal

Filesize
44KB

MD5
4ddc7cf7d5eed0db31f5b5ffb1e314f0

SHA1
a02b5053b3750cff4c8d8688c133b8ff55be2efd

SHA256
c990ba9c7affd6b89160670a7b3690c89cbaf3d648a5aded5972f5337b866105

SHA512
7b42766044c2e4d618fc53153872d8ec1df780adaf8e6fcd8fc1fb79cdb29d8e43c86aa9387c942cd98f9a552e5e5ce184eddc8cdcc89b8ae549a32b007d9a8f

Download Submit
/data/data/com.gttg.gjx/databases/video_record

Filesize
88KB

MD5
eb6a07c02a4503a237a35d449de23e45

SHA1
c8dfa2dea667659ec567dd111cb1ee47903f6e49

SHA256
d76989d5c52ee0bdb508b1a6217fdabba45873e2d832538c9a407850c845da77

SHA512
ff3f8acebe881b8dac8c41f3a0d2ea5ffb6a936e9fa88e279aecef25470ed95693921ec1bc2ea618e06189893bdbd62f73a49e4bc847819dc4a216727db7be86

Download Submit
/data/data/com.gttg.gjx/databases/video_record-journal

Filesize
512B

MD5
47f1d7096be64e29dc0601a9b2838991

SHA1
dfeb89d1059933f1759a35253006580b62507408

SHA256
2393eb9166d350fc7a3e2283c4562275fbe26ecc06a27460179f6a546b28a2a1

SHA512
895b50c72859756a155e9aa5cc996e666acb02f9c2c77fea10a37650263d7fdb4c916ec48907a729199a019229b951c5c7fd029e3ba1c304d0aa23d3d8fa4940

Download Submit
/data/data/com.gttg.gjx/databases/video_record-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gttg.gjx/databases/video_record-wal

Filesize
100KB

MD5
977af89c683cb152b917250360a66168

SHA1
dbb16597eef4b8b063bc104099249ef9ae18a0fb

SHA256
dc81b45fd5441a290d85a61fc60f341efd44fd45435f508933d2f7a96759ee2a

SHA512
537b53adfa1fa8ad7e5e522668b3f711d215544a725dba4235142b0fdb5e7de19ef27474aa084b58be3141885d13b4b85e7f8ff88a20743200fce8d977e22263

Download Submit
/data/data/com.gttg.gjx/files/.tmp/busybox

Filesize
177KB

MD5
27690d086104b1ef9f0f951721cda427

SHA1
8a8ca17f0036ae155fc6d969cfb592fc9ea5d203

SHA256
599d001cf24d21b3caec5b823db2ebe750dd15163bbf2b090dc0610d85e48bac

SHA512
d1c07b6b837b78c63188d71a76bcac6663cd560537d2325e4ce28b5feb816c98e24e273be29b5d23742f4e43d3ded8e2e6fcbf29fba35acd528974fb59221c90

Download Submit
/data/data/com.gttg.gjx/files/.tmp/libinst.so

Filesize
49KB

MD5
ccfee4f9c2496792fa891a4f571edc78

SHA1
e8196d224b5d72930d6f485fea63267c029f54f8

SHA256
aaee9e63773f7f9d7c0f31a76f7463f59004f3ccd3faad995834011e5c1404e0

SHA512
2355279d25cdf0100abafde3f4cdab64c85a73099c6d1d75edc1d6cc79fd8829d493b2cd9fd05e4756b535eb046d395c829dbbbd3b0c530081b5cb1117f531c6

Download Submit
/data/data/com.gttg.gjx/files/.tmp/nail

Filesize
109KB

MD5
1e30299b6ba9b82bfa776a79422d2138

SHA1
9ada9b15579525cc87ebe53dbb0ec4400cd430a5

SHA256
d2d7865136c973ea250ce857df5c84052b0cb2cded852417b543bb97df0816e8

SHA512
7523ad5eff85cd874df23f65e3d3b578141152d20cb9ee79475a254071e764109b86bd044228ec4e0e01a2e60944710b3b2e399e3c31ba2e104a7ca062c65cb4

Download Submit
/data/data/com.gttg.gjx/files/syHello

Filesize
9KB

MD5
ab3aec529c0a0d751f43cf6de904809a

SHA1
a7ad041ad68cb887d74a4454475693d06dbc3d10

SHA256
3604015d5d2a3d8a7c3b06fa5c9d2302bbcd0e7ea5ccaf24dd98f99f89b0e8ba

SHA512
7950c3df10a8941a690e83a7e7829bf744f9a64ca7b0863af625c10a15975cfb9d8876dd9918a0cb9d852c631f811db742f0b69ef031dc7a2d093a98f4b4439c

Download Submit
/storage/emulated/0/Android/data/com.gttg.gjx/cache/crash-2024-11-26.txt

Filesize
454B

MD5
ef6a1b0ec5f1c8cd2b997df727618da5

SHA1
79ac24460dca90f7d47b765e7b24a0fa3da66c95

SHA256
1d364cd5298906b3854123a26bc385a798cf989335f389250853466634a43593

SHA512
dd725957453342d8fcd77f22d4cd54f5034509df120705423d8101d653d6cbdb035fc51eaa6a0aa3b7a0942faf472631575c26b05bf71ffc69039e5380f7c184

Download Submit
/storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.main.apk

Filesize
56KB

MD5
f7ac8045aed15eb38ffad345cf33389e

SHA1
c07acd8c9b82d029669e4befa08830df804f0d3e

SHA256
e6c51d15ade2eaff2ce08fc9b7826c97cf4b47db05054b22b3a8e775f21cb8a0

SHA512
267a0036597282cd1dbaaf8204aa5eadf82543fb0af449b9ae0a4d9eb878e29514f2332725c8ef35b74fe5e7fd23c20924b9bf53c4cdb29fa7bde53d02753c83

Download Submit