b55e868e735d9c0fa14a8de269d5da523c5859162f66c6063de0bc86a2a2b5c1

Analysis

max time kernel
13s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
01-07-2024 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c8db7b318eb029ceae3b16b3c892713_JaffaCakes118.apk
Size

16.9MB
MD5

1c8db7b318eb029ceae3b16b3c892713
SHA1

4e6328f2d69e59d876a9eb1a5abd2a99a2e3ae3a
SHA256

b55e868e735d9c0fa14a8de269d5da523c5859162f66c6063de0bc86a2a2b5c1
SHA512

efefebd4a1b6d08ed9f53db0a32c78483720d99c487ae45bef630556da1181ad2a2ec6ce95fac39d1340d41bbf54d373b70a43eabfe098405f3133f58434630e
SSDEEP

393216:PbQieqGclK8ofDCGHL2pLCcHyuHG3ZwCGGZ0CucY/5HevQa:PM7q7OL8WcHjGpwcZ0CuclJ

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.baguanv.jinba

ioc process

/system/app/Superuser.apk com.baguanv.jinba

ioc	process
/system/app/Superuser.apk	com.baguanv.jinba

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.baguanv.jinba

ioc	pid	process
/data/data/com.baguanv.jinba/.jiagu/classes.dex	4250	com.baguanv.jinba
/data/data/com.baguanv.jinba/.jiagu/classes.dex!classes2.dex	4250	com.baguanv.jinba
/data/data/com.baguanv.jinba/.jiagu/classes.dex!classes3.dex	4250	com.baguanv.jinba

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.baguanv.jinba

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.baguanv.jinba
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.baguanv.jinba

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.baguanv.jinba
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.baguanv.jinba

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.baguanv.jinba
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.baguanv.jinba

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.baguanv.jinba
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.baguanv.jinba

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.baguanv.jinba
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.baguanv.jinba

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.baguanv.jinba
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.baguanv.jinba

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.baguanv.jinba
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.baguanv.jinba

description ioc process

File opened for read /proc/cpuinfo com.baguanv.jinba

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.baguanv.jinba

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.baguanv.jinba

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baguanv.jinba

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.baguanv.jinba

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.baguanv.jinba

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.baguanv.jinba

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.baguanv.jinba

description	ioc	process
File opened for read	/proc/cpuinfo	com.baguanv.jinba

com.baguanv.jinba
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4250

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.baguanv.jinba/.jiagu/classes.dex
Filesize
6.1MB

MD5
d3e37d5c61ea90c2d5f78dde19865121

SHA1
ffed3b3a6a99d50b8a0c97b2061b87720b8a7a0f

SHA256
dc304ef477d0e5dac898bdc8f63daede99a1d50a705bc59c6104c3fc47d96fd3

SHA512
6aeaef487322235b4f81ba2c8dc327162680caaedacc33901ccb8496ebf052de0dfc614745d2714617d1dc32c6a8e0c4a71eb836e58645124eb2c70a365c6fe1

Download Submit
/data/data/com.baguanv.jinba/.jiagu/classes.dex!classes2.dex
Filesize
6.7MB

MD5
9cfa9e0ef059a8b00cba770e6bc18144

SHA1
52ae077f46aa888d2f8f639867203f2c513be1d9

SHA256
025742e81ee51a1a4cd362675e75ba6704d2fcd3e4804ec3f5fb4a380e5a3bce

SHA512
53e6ce3134408a9aecf1082425dc23b28bf36d62d33aeaf62df44c847a6dbb97e2ff497bbd319aaddcd271bfe1444f32de0487091bf13325dfd9d0521dec034c

Download Submit
/data/data/com.baguanv.jinba/.jiagu/classes.dex!classes3.dex
Filesize
2.3MB

MD5
676ec63daa7acf002d6d2b71b978d8f5

SHA1
864ca955265e4d742bbb0369ee07f4fabc057e03

SHA256
7fda77dd8523d5952974ef79813a185a3819148f1262f9b58cecd681e7adaeff

SHA512
7e367c2c4da6b10e125e550647dffa8841f00e3aa197c4c4f79fb29185b1d1b0448166c5554e6db346770c4ba256ade87cb9f36e688839b869f0cab4319de683

Download Submit
/data/data/com.baguanv.jinba/.jiagu/libjiagu.so
Filesize
485KB

MD5
2c1a490890ff15348d2fc3815b2cfb3d

SHA1
922e1e5539c40ad5bed578a9cea9f076df02eaee

SHA256
4a272d3707e61d656a95d20b944a402a4ae39b79013e3a47a93c0faa3eefc6da

SHA512
3a910269e855c3c9a31e40d2d18d166d3c3dc08bb9b063e363be8e737181389e9cc67be8d9ef8d1a63ca0500d0d028aa2562e6fb979beb1a1cccf0fe4d1d1853

Download Submit
/data/data/com.baguanv.jinba/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.baguanv.jinba/databases/MessageStore.db-journal
Filesize
512B

MD5
63835ff469203146577537fe15ec676f

SHA1
91f6c39b8670a0732ed1d49bc65d82a28fe3ef82

SHA256
12be0557ac88676642dc94c2d7c019cc0eb6f9ebd2debd0939cb32fb248fa1e0

SHA512
74c270a0f4ca28bc51b46dbb32f6224842233732b098a2b1704c2df9facc263460b1c681672fe2671234e7fe4405304b0a783207a92aca72db128c41af58bea7

Download Submit
/data/data/com.baguanv.jinba/databases/MessageStore.db-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.baguanv.jinba/databases/MessageStore.db-wal
Filesize
48KB

MD5
bfa30cc3c486a0162ef225030f51274c

SHA1
aff617619249ba75c9ac605b74f38cf797b620af

SHA256
2ffe245c0c0cab701c36ef1b4d8170a260f8700ee6a975e58c06b8648edd7b68

SHA512
9876f72dc45abf39e5c660530b866bfff789161902e90372c2a1308ddc1059db5546e14fb5b25ddeef3786437d13f358486a60fcb9df115404cf3cf517f836ee

Download Submit
/data/data/com.baguanv.jinba/databases/MsgLogStore.db-journal
Filesize
512B

MD5
b1afa5c9b8f6211024650f18488a6902

SHA1
9eb6a4579fff56fbb1fcbf9c70a4b0228ee9b8fa

SHA256
4286161fb0efb170f379b2116bb38423bfdb181574d66bc06581242c701e73a2

SHA512
f8aced15a92e84a228dadfa8a566a00dcba7c95cf6f627f4c31d2102d8384df78017985205db0f8110874d320ac792224b8f83306aa9cf84e3a10820f0cd0666

Download Submit
/data/data/com.baguanv.jinba/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
d375a43018594b6e1914137f832293ef

SHA1
c1722f6d882fc1e73444251b1720b87b032b7b91

SHA256
48e3978a40bcd7c54ea2a3044835322b282dd31df980f089941a0ccc5f1baa82

SHA512
6660c095b4fdb09e18a0be79946573db8c1ce5eb110bb1f1e5fedd34373eba0f36e12f7c65b0831879aafa34ef5d23718c8d4608ad805eff8be0f88095bc8207

Download Submit
/data/data/com.baguanv.jinba/databases/accs.db-journal
Filesize
512B

MD5
c6569c869ce3a79c00c3437e5258ced3

SHA1
77f24aba6cc36c9ddac6ddd4703e7af34f68f8e6

SHA256
8f74c228bb23e7babb305e5f65057cb476a38df394f012bf03a03f813dbbd670

SHA512
5ecd49a92373ff0c5de9822b3ce8a8b15e3967ca4e952f8a894a8c3656005a81b56dfd4f429cb821353cf808ba44c7a4730eee3bafbdff5e4acff377b7c1e61f

Download Submit
/data/data/com.baguanv.jinba/databases/accs.db-wal
Filesize
32KB

MD5
63f93aa6f947425fb76ecffa2bc3a150

SHA1
51387016f698801b63c4eb20179a492976934ec4

SHA256
c96fc5e259129fa6e06551eb01ded84cc0c1641669e8a4afdafc7538ac8f6a83

SHA512
3cea71673288ac9f4b178319b6b9972ca8340945455617e3eb9dd256ac0a53dc076c0a8b6eda1ccb261f69475a47758028a486d44415eab2ef9d353a82a84a1e

Download Submit
/data/data/com.baguanv.jinba/databases/growing.db-journal
Filesize
512B

MD5
9e25b71bb5f8c5327449f6ff445a8188

SHA1
02dc9ded2fb03c54c600b4ec4b32749456fe4039

SHA256
97282a8c3696f0b7bd462570aa85fc3bfb456516b83ff9670ee52393a267f24b

SHA512
fa8cbde6e02cf4e76ffb39da5c4280330cacb7a141f53b9ee00f9edb580432cb369f84f35b3c3d2668119554665c10fa19cedb0c9a41138311de2b008e5f6b57

Download Submit
/data/data/com.baguanv.jinba/databases/growing.db-wal
Filesize
32KB

MD5
c97780c0b42f9b786339853697ac837e

SHA1
174e7b12a0b3382950f2dee8dbe2e28fb5ad5823

SHA256
2c6fe4513bd3ee3b32ec6f73d5ddc5bf16be438830814a8566ff718f09de0861

SHA512
c1695ad4b348d19ed144aeb14485bfb74e23d1cc314f16db145ec65a59a28636ed617eeb424ce3e35db12a73582ee2c8ee2d8ba8cfc197c1baaab0ead3c2eab5

Download Submit
/data/data/com.baguanv.jinba/files/.jglogs/.jg.ac
Filesize
32B

MD5
420cd2c0d19bd4916a47387e8994f419

SHA1
bfff11946c5545ed573e3d21b4900048b7fe669b

SHA256
87026769328d589510555c8c4070067592663eba748f178ab1b3af8f29e6cecb

SHA512
9ed7a8587bf8bc7cc909dc642ba9429049ba4b3e2915ae7b91ecc336ac09af8be65635dedda6f4afdefe8654ad788dbafbc253254c88622521dd184c41dd73fa

Download Submit
/data/data/com.baguanv.jinba/files/.jglogs/.jg.di
Filesize
340B

MD5
03acc91ab8daa9f244ca5f76180733b9

SHA1
a5cc9a0217850efa3f56cce5af741e387d600c2f

SHA256
df3c66971d225d8e75b41f7cc0cd086f8b77a7eff172547060c7a2e23a5c7c3a

SHA512
84d5a0eef2837d831174e3ee2039b59f213a1b98c755fcf12e2fbe644cdaf118cf9c9b993c61bd0764c23a038aa36a3071ea5207f1eabeb5972090dfc44420d3

Download Submit
/data/data/com.baguanv.jinba/files/.jglogs/.jg.ic
Filesize
32B

MD5
f84011603c2e78c4eed15a26dd954f3e

SHA1
593aee997debc529f51025aabd6b06dbd536deb3

SHA256
7b64729af577baf8ec9b01c96606f2f972ee336627d7829c8905341c6ad94175

SHA512
9f78800bdf025e24f9947daf9641dc9b1d83d66d233b2743ea9222a7b1a173edbf59e1b9ed7e216a4368a150b0b8571429c142dfea2119d0c6629195c30b091c

Download Submit
/data/data/com.baguanv.jinba/files/.jglogs/.jg.rd
Filesize
73B

MD5
048f8eadac0850eb54bcb877e5851098

SHA1
230429a3d4ceee48c6b70dae14de28532183e67b

SHA256
42aa3864786a903b3d1902729136461cba7bb990ff0256cf53b73ade46d80eb6

SHA512
c5cc257192bd186cae2cd9acdbf4d98e58927e9b416ae481aed2d9df419228ade15ad756c5f48e49cb48d8cbf6d1da22bceb9bb94b0546fce3221aaa648678a8

Download Submit
/data/data/com.baguanv.jinba/files/.jglogs/.jg.ri
Filesize
314B

MD5
c9bb84068fed992df6041f2f15869f52

SHA1
9d298deff3f9d4bc41cbcfcb2aeedf5a24b08a2a

SHA256
c1b1e6a96a9741c6028d4c7e0a55f8ded94e2d160b7f0bb851c033ee5523035b

SHA512
54df73ed9b1a1b0337d64ea3f8253497e4b9f7464dd283edcba328b9656e60f186a84c998345acd1ae460a0a36017ad30a03fa5c1fdd7e3da363a382076f5cb2

Download Submit
/data/data/com.baguanv.jinba/files/.jglogs/.jg.store
Filesize
32B

MD5
448e391c59eef34ee1defbe4dee4c41f

SHA1
df1f890987371d7d8e6963c68b787856e42bc146

SHA256
55612e17689f4bb05f27e18b4f6d06ffef92a6a8893a5cfdd3d5b99a6028b549

SHA512
ce336ce895ba861dda7da27e8869dea065eb3c3403cac55cdf1935409e5ebc95b495370f87ed7416af20af533b15615472e333ae9f2fd2713040f526835399b7

Download Submit
/data/data/com.baguanv.jinba/files/.jiagu.lock
Filesize
27B

MD5
c34c94fb53ae16a6807bbd9afa9ad4a9

SHA1
a6d460e226cb614741c6f09aead95db5e0ae4643

SHA256
726c47e647b3cc01f73c33e360171fe5ba333e7784b9a089c0b395600635d066

SHA512
26b3a1f3c52f7463f681c1f98b1162abc0618e4244f05eb71d96821db8d4862a7fc02cdd6c2740d72c0e880e1a28fd3fe0266608f2b48576e9202cdc708d6ce8

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
983743eca0e24c314b143737a0c43ce1

SHA1
a8dce93ed03138344bd8d4aa9da511b826e8a055

SHA256
928f1335457eebfe87ffe044bc2834797a90cd32c37f6705a9e77698f15af9f0

SHA512
931376a9302d05a74ad2b9f5a8e6cc8001a294c6ab172923dfcb8b1a21938f658b48810e4318ce6934f668b752deb2facdb106709cb69d197f96c285ea9c9270

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
9ede73c303bec61a7ab8d80f09fa7a61

SHA1
0c59de0c0314d1a8c33f19af2d875d0444d90449

SHA256
f7300e6c2d2c72e6bdf6afa4a18bde1af437c958672633aba738d2d2b053caf6

SHA512
2a0604da2db822eebc7b6082764cc5ce8b6addd13d18dde2749d9d7bb8dd3b2cfaa50db37b93ff253e1d00a27a3f8d747e53c2a9f60abb8f3418f588e5a340f6

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
ad544f8ca1adb34eac052a772add6219

SHA1
361dc84b29da13c54f582b38f158dbda059f0f9f

SHA256
d0880c1780f873120a7e2682c51888f0399779fbb9e0b6649371c8c79d89ee52

SHA512
4399a44598089240c5767c0e7f92f4131a0915c90c761eb26d53ed63d72619b0fe7f1b79fcc6e532258c94324552090d6f1fae535ec615f34de903d07a3af3de

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
d61d45c2d54b46cec398e025deb99741

SHA1
2cba416a2a4abad6fd5b3975ac6cd740fc2c34cb

SHA256
b233d2a63c7f541650640ec5ef098036ab129b104e1d5c51f9cc19c358fe63fa

SHA512
b45f54e0a8a5e5cffd268087b49e1669a33f612f68afa97ceb6bd0aa24cea2f57fef17cb0a0f6aefcdab7a451895fbc25dacee2b2aee4cd018429725cd88d562

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
1d8d16c4e3b19ebf18988530d9b9a757

SHA1
bc94c1cce05cd848a53271ecb9c5311e27ffebf5

SHA256
abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

SHA512
4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
d62dc530484b4bf5257ddaeef582c2fc

SHA1
09392626be1e54c05fb6a25c9d4f4b32d97e6d8c

SHA256
fe42002fb2d58bfcb742491e46ca12988b4dd04929236c2b06652fa8eefd85bf

SHA512
0e711640f1e66e026d42fabf4bd467b9a2345aafacf6eb9acb25500ba83f64a26faba3bf8be11a6746c35e92f3dd6e0697b2bdd88ee978fb3c0c6cfad52a5acb

Download Submit