558dddb10160448e9bb1fba86f48689066e86908204afa3d9da08088157dd6a8

Analysis

max time kernel
20s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
03/12/2024, 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be423634ff049a0cb26038c647ea4637_JaffaCakes118.apk
Size

25.7MB
MD5

be423634ff049a0cb26038c647ea4637
SHA1

b52025f8b8bf758b8568364f762ba3f6b8e27229
SHA256

558dddb10160448e9bb1fba86f48689066e86908204afa3d9da08088157dd6a8
SHA512

233f66216f7b12bcbda0b7c1ff55519b8b74cc1540d7809f0016f2dc8a9d58c1fbf7055dea720eca1bf8dd3838f4be0e1193d892ad40fbeeb491865f210d45aa
SSDEEP

786432:WlkcxhlOZrHPBbv7dQW6BZG/I6SiLQ/8tnfu:+khrv1TdQ3BZG/+Tunfu

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.tomojy.k12en/.jiagu/classes.dex	4254	com.tomojy.k12en
/data/data/com.tomojy.k12en/.jiagu/classes.dex!classes2.dex	4254	com.tomojy.k12en
/data/data/com.tomojy.k12en/.jiagu/tmp.dex	4254	com.tomojy.k12en
/data/data/com.tomojy.k12en/.jiagu/tmp.dex	4254	com.tomojy.k12en
/data/data/com.tomojy.k12en/.jiagu/tmp.dex	4303	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.tomojy.k12en/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.tomojy.k12en/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tomojy.k12en

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tomojy.k12en

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tomojy.k12en

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tomojy.k12en

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.tomojy.k12en

com.tomojy.k12en
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4254
- chmod 755 /data/data/com.tomojy.k12en/.jiagu/libjiagu.so
  2⤵
  PID:4279
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.tomojy.k12en/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.tomojy.k12en/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4303

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tomojy.k12en/.jiagu/classes.dex

Filesize
3.5MB

MD5
19dc94d25849ffed8684807f48f19c53

SHA1
b49c49922c5711935d9269dafb3516b5aa343e4d

SHA256
8eb74d06560e79909b8f7d85aecd89816fccc53ad6affdb00886cffd6d55ffa7

SHA512
7a8390fec3ab9c226d95c91d8c2b85516b120cf643517d4caa26688d2f2ea236367fefc03de0e5bee64572dab1957ee554383a5501f25bb0c7c88fd3208f6ba7

Download Submit
/data/data/com.tomojy.k12en/.jiagu/classes.dex

Filesize
5.8MB

MD5
fc2dd23db2b83d427353e941107ee7aa

SHA1
30539dc7dfbca411f744654d6da3c35bc463f246

SHA256
0019f9c7b338ab10e7d78d4047144eb8cd8189b7a863e5f59427675574ded460

SHA512
ee3ac9f49c4bf97ea1aaf716222768a4b6e72bf5cfd2070c01ae1d7ab7b2c4eb40c134238a70ab9d543768be436c07b5bed352dcf9fba647f41f8946b332d653

Download Submit
/data/data/com.tomojy.k12en/.jiagu/classes.dex!classes2.dex

Filesize
2.2MB

MD5
31d59b9f6a3824709ab8b3139fd497aa

SHA1
d080151815a72c2a9435091b30ed59a61493756c

SHA256
5cd525fd112e65e25fbda5078191dfe33cf7a66fbb8f479c8abc3b1291ba0ccc

SHA512
4c5b613e1424b419065324e3ca7f51bb0683c34edfecb1aea00752c972a72ad0252c9c400250b9d11d19b8bdb9a7b1fa9c8974e29cf3efbd0d0782e1a359fb1f

Download Submit
/data/data/com.tomojy.k12en/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.tomojy.k12en/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.tomojy.k12en/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.tomojy.k12en/databases/cc/cc.db-journal

Filesize
512B

MD5
e78a684ed834545a7251b4d09a7e240f

SHA1
d664522d8ab14eb3d3c55b6c8e8e31d5db6644a2

SHA256
6d50e3f2ce0bf0324d88924634bb94d69bcec80d5a609749967513908a3b1fbf

SHA512
83d5a644946c276e1bba0e9105aedb66b16313aa78262e55bf6122e2f3684772f8b7185629000c12fff40cc9d8c40dd6d73fe762ca089f2fc0df9fc54a121080

Download Submit
/data/data/com.tomojy.k12en/databases/cc/cc.db-wal

Filesize
48KB

MD5
d67be0c42ba9dbe840d40e1517833a87

SHA1
5c30dece1cb610ac37ee1141bc3fde2708c57272

SHA256
3e4f2c8d267fc802e59e78cd565a2db0f81b1fed05ab25864bf869ba7e19806e

SHA512
350057cfb3407043909f32e1944e318ba8c277502a3c5925d3b13707e508ed897447738ef889c1ae27a8ee34537b9b0cfa4618555bd72fbe6674b5daf9717288

Download Submit
/data/data/com.tomojy.k12en/databases/k12dictation.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tomojy.k12en/databases/k12dictation.db-journal

Filesize
512B

MD5
2bf98fe97d07bbb2b4f9b37c18646d23

SHA1
1dbe92b603c0627d93d1cf9a2bc4fe8bc53950dd

SHA256
cd6615cff1b73fe86a16d0ba4fb239f535a2a460ebea397bdc27486a3dc5046a

SHA512
18f163611727b651c12354c4a7b47371a33962adca85d038cf74be7e8a6006bc17fe6e86a21343948376da43b0732f95d6684155a610971fe1b1b75725a25fd3

Download Submit
/data/data/com.tomojy.k12en/databases/k12dictation.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tomojy.k12en/databases/k12dictation.db-wal

Filesize
245KB

MD5
8d0443a576a894525a25276d87c89d66

SHA1
637a26bf860c0b9ec9eee968adb11b5d06ad7fa6

SHA256
97f6cfff70e53ed97ed0469b861f5497a992ec74246cf832a87039004977004e

SHA512
6e06d0906620e160830ab076f8eea1c06e8702e7ddb27d23f9c0a2efe8f2f2e74be5a0d9a1062c6ef4fabb9ef899dd54ede24d1dab5613453e40e0c3f289c790

Download Submit
/data/data/com.tomojy.k12en/databases/ua.db

Filesize
32KB

MD5
44343f3c62785275fac07eee5d08ea62

SHA1
f5a26cfe94879e95878647ad30f80bfcb346617a

SHA256
b8617777d22e316ee377861237d994ad5822c6646817ae5da2e5570b726df0c3

SHA512
7ca3895f77b7145b68cd78f6d11cc3cdb98e68fcc96a3a1ecd28700a09feb1a105034d756cfc296dc8c88e617143a8bcb593add10d8024e49138c7a38df270b7

Download Submit
/data/data/com.tomojy.k12en/databases/ua.db-journal

Filesize
512B

MD5
a67b90bc6e7abb4a8f3d7e209f1092d6

SHA1
9b74c2fbb6a1e2b3c4fc7005d33a19ff4697fc37

SHA256
8c455a1d8ff37c0ee6f6d02398553fd280303b859aa749da00147441f649eb5e

SHA512
8bf7be9c84b0d927c51eb5a378d0b7b6b4e13786c21789ab512ac296bcd426df3962e28b0fddc98d5cb96619623638628ecf379fc248618e24273997a9f941d0

Download Submit
/data/data/com.tomojy.k12en/databases/ua.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.tomojy.k12en/databases/ua.db-wal

Filesize
56KB

MD5
fadb22da2047abf05d6a8dd4e285d03a

SHA1
fc1801a6bd42a902f67d3a08977feb8d49fe56f0

SHA256
2d300dfb72325110ce3c3e6973dffaf5c33cb2ae60ccf009e916a1ce9142849e

SHA512
a8c651cb4c1d7aa95607a4068eadb072c39b3c0dce44ef2d82f6685139edcc57900018a086e5d03ae1382f8402c1afec251d12cacf9245ccc0166b3266d51620

Download Submit
/data/data/com.tomojy.k12en/files/.jglogs/.jg.ac

Filesize
32B

MD5
b2f66d28bd8140c44d5164556f821ad7

SHA1
87d8b858d9cc8f00609558772bb85bf2aa331d61

SHA256
384a7fbb55966f4dbe2585115a8542accf19675f8eae144769b94c6153fca4b3

SHA512
94e3122b95638726fc34b70c4c0d0d9b7ed18825bf77bee6cb68b50b6a34f4fae8b1dfa1165015f45375cad788291b7cff39a2ea649891d814f8bc125d333bc9

Download Submit
/data/data/com.tomojy.k12en/files/.jglogs/.jg.di

Filesize
340B

MD5
e5db97cc66edeac0b26093108a39780a

SHA1
79996290dacd213611bc2f8f69145ea86ad027cc

SHA256
11a767ccf9d1d7a71aa656fef82a2d2e9c63c0569589d8243d47ec007c9ba268

SHA512
30afcf3bf46ca334dd724d67a974ac587e930109a15d2040dd1a2764d6011cd48b42b1b8d5b405defde8790c3cf5334d2cc2698f110fd5befd5494a4b1aee19d

Download Submit
/data/data/com.tomojy.k12en/files/.jglogs/.jg.ic

Filesize
32B

MD5
466eb32d9fac2b91294c55009f3f32cc

SHA1
4011ab879ef5a1b1086e2e0de865468c47283e51

SHA256
25f7015bdf344bdd404678a791bfe6c5216923039095e77afe3e183f46983b11

SHA512
ec9da8d35811eea1b9d2e05e73c732c7dae66ba08f31517d57a186c963f5c4618612b37be7f026ee9ea8a1b11191fdb3f90e5dbe2f98d02e422845b10c746970

Download Submit
/data/data/com.tomojy.k12en/files/.jglogs/.jg.ri

Filesize
314B

MD5
e77f2fe47f7403d9470896039e82fb69

SHA1
37a2c227d2a6ff32120196adbd185fa0ce65c9ac

SHA256
d2e908b0ee2183ede68e015ffd0bae30af1a9a28c0e4414efc597a257b1dade9

SHA512
c0c57f945c676bbc87685f0dddb334282936170542c2883fea907a5ebf9c0fb46beee993bac51aaa5aa9d39ce24ae9be425f2b3aa254f1b4e29e13b2e249e4eb

Download Submit
/data/data/com.tomojy.k12en/files/.jiagu.lock

Filesize
27B

MD5
f4acfe5e69042444b26a424d8c8d416c

SHA1
f9954f08793fa1c4de64b31c0e241cea8714ae6b

SHA256
b13ec4d33fb474e564f873734daf8b496bad5018cda66d2bfdb2114d579a50eb

SHA512
714689c650c3b7bb86f7e22e749dc49500d5c8386ce285e5a87d2321ae2f75f34e260cca48dd5e5bbd6af0b22476a40badb4a387d9df62d898e9e0cff287eb56

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
e4e62f8829559430988c6517af17dba5

SHA1
9da4a0af3ae7d68bf750f5c80d01b84f558fab90

SHA256
f717a8cfad96dd77467b45d931f9e7acddb74ae247a81f7f6fd184b26b73d8e6

SHA512
8b90e82a7a954ddb0aeb7707f546849ad46354c60901f1a7ec2c31353b8de4a1044a03bb4b0c6774c9a67cbcba1afb255e4283a7e62b18f92453dbac4f30c927

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads