78cca08f56cc640160ab730ed101444019d365f8ef641d56521f1efbf00a8046

Analysis

max time kernel
150s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
29-03-2024 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

151444de871d0d2322caf4d8a2b10aa2_JaffaCakes118.apk
Size

30.6MB
MD5

151444de871d0d2322caf4d8a2b10aa2
SHA1

b0c5f9359a75b55487dbb5f678fb3f71efa81442
SHA256

78cca08f56cc640160ab730ed101444019d365f8ef641d56521f1efbf00a8046
SHA512

149ac63cb5d6c29aee54713bb2f06ca8e74c4ef76842cc18c78756dd0c050447e06aec865a5554b90cb378d741371ff7814c32be97f9e0ac11ca90f7711e9ab3
SSDEEP

786432:EJA/G7Wqr69D6rm0mQ5m5ytLwj3Uk6ULEyQo4qL:A7WjtMm0mQ5m5yVwjfY24qL

Score

6^/10

discovery

Malware Config

Signatures

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bsoft.mhealthp.jiangyan
Framework API call	javax.crypto.Cipher.doFinal	com.bsoft.mhealthp.jiangyan:pushcore

com.bsoft.mhealthp.jiangyan
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4190
- chmod 700 /data/user/0/com.bsoft.mhealthp.jiangyan/app_bin/daemon
  2⤵
  PID:4250

com.bsoft.mhealthp.jiangyan:pushcore
1⤵
- Uses Crypto APIs (Might try to encrypt user data)
PID:4280

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bsoft.mhealthp.jiangyan/app_bin/daemon

Filesize
9KB

MD5
c3b858cff9b63f0204de0e18cfe7ea4b

SHA1
563b414acd43cd8833fee63cf0fe1ceab304d2ee

SHA256
b7924380cf9d067b72128a077f30458dd7904235d7c9a68ad02ab29da14a9304

SHA512
7f07acadf0c6213c8d8c5c80366a8b6745c39605dc712e41a332d365bb188bf9db405e34d3dfb7bab220c3695b2ad40265f4cf225a5526c57adc1f299e6e6f56

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/cache/temp/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/cc/cc.db-journal

Filesize
512B

MD5
3998457401c492f95322383906d59b05

SHA1
4c82f35bbffe139505c224b534dd4996e858db10

SHA256
de8fb2a1c7b49d359acd231658224e7b746b3cff6ef71de13de9e8bf0afea0ff

SHA512
b5fc8b8f5bced06b28965a2326def95464258450f461a6257256fea8168b2e5bba175a318211ccebeed5358a21973c9c37d8c47103b22be21132b960b709ed91

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/cc/cc.db-wal

Filesize
48KB

MD5
868abcda742ca5addd45279226a2a5ea

SHA1
73618585b13d8f6368d75b476503cd1c44cc8375

SHA256
1bd9a6495520f569a229a38b0f20b6e03fb65555e5be9cd94023372d8a7aa81f

SHA512
70b2ecdf2ed699634c59ddd391a12e56b3d1f85b448cf69c4789eae18e833b49c2c7c4c455fcc8756da47501a89f911cda8ca2d5cebbc888afbf116ee82a4763

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/cc/cc.db-wal

Filesize
16KB

MD5
5ae2cc3a21b77413e64429dbbc4d1be7

SHA1
c358fa5a9d1d7d5268a5645edc839366f5b95722

SHA256
6d6eca9f623a4aa7f5067937f3ea0ce1624376bebfe329f566f829e17ac1dbbb

SHA512
45b041048ea2631b53b9af38e2d7d5a391de109efee3feb2fb731c7f29949b76c3b709fcf235efe40a847c3650fe5e83cf71e6434fb140f120fdb3a1af4deff8

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/ua.db

Filesize
16KB

MD5
5cd21cfafff4905ca951d89f6664119a

SHA1
630a1eb79de21fd9051377d8cd1a45693e475afe

SHA256
05ec7fa74d5a6a32f3fe7faccebf398517c1763aad1113cda87b8bf88c3c45c9

SHA512
219caf9a50fe71de37b06f805fa806c6dfd01e83af04b1ab407c10d26cf86517e5d1b4df394ba1e4c720c7613f34d6483cab554fb97c2d4ef25df7b134810c9d

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/ua.db

Filesize
32KB

MD5
50bb811fd9b8b336ec83137aad28bf19

SHA1
c3aceeec181a999d13be1dc9e28e3d5092e5e3b8

SHA256
951cb4c18ed0557d84a15243a023ed5193f3d535f8a20529060c9f09b5d6ef59

SHA512
83ddf00ed45711d91ad56bf2abe510f5e5a475e88da85cb08cf26785cf433939b26e2ffa1f107a30d1a3e9ed845f426d24993ce1f1549e35acd921721fc1a5d2

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/ua.db-journal

Filesize
512B

MD5
7b5154c26b5fbd24d6bc033d8823e1b9

SHA1
9be288597fde425322d1fdce71731c124213e162

SHA256
2105fb5508746eee27fdc597ecd28c214de5252c6dd8bbe532fcff0ce3453219

SHA512
d6feb5d4d99e0b5805a0d7bdd497a713bfaca98bb1ff18e5cc4f782a6acd49026b007d4b1e996686949f5c9ba588b2c71449a9e9b4b4428f18864b913bf7d82f

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/ua.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/ua.db-wal

Filesize
56KB

MD5
dc809231a3af582525457f462dd5f027

SHA1
2e648815b6c2a6e8348ddb28b4abc95aaeae8d83

SHA256
84b72f474e519ee1407ed01d81c563a2fe1f43bd004d157c22ae7931636c14ab

SHA512
06cd7fcd91960021e2dd6f199dc21f2c437cbcbe381f6c699820f56efade62c499267ab7908ccb0c4914f717672696aa8bee3c569904496237d12df75531e5d1

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/ua.db-wal

Filesize
4KB

MD5
e8033eb689440ce5a81743ff36002023

SHA1
a126e0e77931c1e5719ac22b8669fc62f3a3b316

SHA256
8466a48238bfffd680da1ca704a2391b61f97698f1d54ba24fdd358c8f46e0bb

SHA512
738dfacd614e4e22972b3c57700ccc44433c49c13f56568f93f60266a65635941a396d3c2eccf6a4dc52ded4145ba7d8a4f4afe9580a5eb42fef3e2b6a61ecc9

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/databases/ua.db-wal

Filesize
8KB

MD5
d6fd20b7e1ff166c1ddc6a72b83b8930

SHA1
008260baac230a44558e05c85a0240d9c40310c1

SHA256
b64b1cca7769930267aa511cb63b861d185f2b2ada935bc525c002b36117077f

SHA512
6123973ec89a9a979a35e22f05f25b6fb98121825b560cee630730916b28235b11df8eaac64f211c7913cfe2dadeaf9fee53921a97c90db52514a4c2ef637604

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/files/.imprint

Filesize
1KB

MD5
2d1e0b66493c6d8d63b8b8f2ff82f20e

SHA1
0e199474c5e790787c6ba70a15c48668cd434a0c

SHA256
978ffe558a804b6f398613f1bffcce0952c7a87c4159381eed77be529d8a36c9

SHA512
248a0a926fcf6f816d3b5fbc31ff09186772776bd528024be8d1810526df57d6f532a886a4c2c10ab3a0125972793f1ea19b9a2fcec51ec7860bcda16a29bf6f

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
4814a0e1e6331066bf587c602d9cc725

SHA1
4647caaf5f75ba26c34818776c8acb14d6e0b8ee

SHA256
88d84afa99026be5af7655a5832c0fb0bcc39085bcabbabba547fc457168e132

SHA512
4207e99b4745ef9010ae36fc8745724cb73341763b9349b8929a8e71eddb8b1080a82602b0371f87f7310a52016cc3fc3f912c9e24d32ca3b7242da1d15b1cff

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/files/exid.dat

Filesize
67B

MD5
d55874ae6d9dcfa3c962af1e9b6c7dc2

SHA1
f4c2d8f1b40234c67054db1dbb2597c9b090bea8

SHA256
ffa7d804f4e1f56870f64f86f84e828e88f27b319e1ba05fe2441d403ebf1332

SHA512
96a9b4b9e07cb8491fc4020ee19fefaa6c3214ecfe2addf56e8e056758185236363cbe8b5d1ff8c334c75a107f5ae0d9f44134efd3a46dce7bd50703e8f62b56

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/files/jpush_stat_cache.json

Filesize
119B

MD5
3df68a84b8920afec2e129545479de5e

SHA1
99ecae7b36139972a934459bfbe031abd5185503

SHA256
f11132d7a9dec8a1e6cfacc4dd98abb5727566f1d289c33949d20048b02a12c8

SHA512
021b57c1c70c2beaebe64ab089535aecba70ebbcf1a8d4d0bd4fb42655af1daa0e7dfee14e1c02d62abcddd29ceb991a244ab997f94cb4869423ad20b522c67b

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/files/jpush_stat_history/active_user/nowrap/442d6bdd-45af-4d06-a55e-e9a30a2184b1

Filesize
159B

MD5
0790bc5e8c9dbf8970d7383e126fbbf9

SHA1
f74a1601ac5fd88957e1c7582a58c9d41f0bdcaf

SHA256
f35b3d19721104b25ef2f5cc4ea334528941ed3164d897b8129df80acb6e7034

SHA512
fb3c18f0f969615eb9cef33c625219e46c07c686737103fe885fbd6e8ac353a3aae5552767d5a717caec4a6c02ca6a19c7590d593071123c38ef764028f6f223

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/files/jpush_stat_history/normal/nowrap/a8eb478a-c4dd-4517-a0a1-63e35e0d4f35

Filesize
202B

MD5
24336d7b5a7e7ebbebbc491f764e21b6

SHA1
56a6165a699f0815ea99d6aa348cb4dcb151e051

SHA256
d325137f6cbb9ec52d74fb69077699fc4dea7f885866df41375bc1f1faa4ee51

SHA512
b269be083b7c7093cdcc900aa263e7926411c1e6c4d9b3507a570c7fec3f5f0fc4609f02b65736fa4ce7142fba83e36cd934505d489804b032efbee8a3ba7f92

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/files/umeng_it.cache

Filesize
413B

MD5
7c56d819818d3f7967318635aa877e11

SHA1
2c38d954024fb20d73c501ef93890d7d3a42436f

SHA256
7844652401b927c1dba0d507bfeaac4fc01be0c4e4d1ccb2c7b3883afa85212e

SHA512
1996f260529f260caedc94dad3f3eb13e54a12b9ee1c7b67b7b2d38f1300fcee5a373476bd0f9fc04a85ce0390e206401d6618d1ea42c4c935316a64daf3b556

Download Submit
/data/data/com.bsoft.mhealthp.jiangyan/files/umeng_it.cache

Filesize
210B

MD5
fdcab57c314b3eddd3f3015696cfb868

SHA1
805e5fa887899a5e84f579ddb896b097963d692e

SHA256
9e1d228d5955c193c1729de7777a4385a8f58e7071cb351870e01cee0c55d513

SHA512
0997ecfbc177cef800261cfdfc20b70e03b3d2e2b5d290a234f18efd700b36572131b1b835bd09794deba65e33de68c6c3e0ddec96ea953f30d1a3372aab2ff3

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2

Filesize
129B

MD5
ebd1275f3136cb005536e4812fd6ed3e

SHA1
4b86d09ab2feb0cdb89709b7b55c1e938d0687b6

SHA256
58ad7740bdcda31aecb9f053062503666ed591c6b4c3a71819da19f8ec7b3bf2

SHA512
7239d5edf430f0986bc4bac310489e3f26666e0e4196f2976e6aaf51ac78e69c8632d0397f34c41790db7e2eca4c023188fcdbb7d11f5098f87acf3c6828211c

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
517366f0ec21ad4bd5519512b019d0f1

SHA1
a8468d25367068b11df5ac4a3dfae7dee0972c33

SHA256
1ed15e366cbfe8eecf0a5c492c80974cfb3e7f67813f41721c7a64ecf68fcac9

SHA512
e63f3968bb81835690918346be3ff559359c373a0faeb4e2117b8d7927f1fb793998ffae1be828888eb95007a9e154dddc231f5dfac750c6893fef9d67963e74

Download Submit