4cb22035ec53b15fd0e3a95e2abee1dacafb91df780f2df0dc1886d92570afd1

Analysis

max time kernel
149s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
09/04/2024, 12:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e9fa1ad4126eb36a5a11a5e3ba39ed0c_JaffaCakes118.apk
Size

7.2MB
MD5

e9fa1ad4126eb36a5a11a5e3ba39ed0c
SHA1

eedfa81487ce5e1ba158d56b7b575ea3e4846cf0
SHA256

4cb22035ec53b15fd0e3a95e2abee1dacafb91df780f2df0dc1886d92570afd1
SHA512

00139a9c8eaae49a8fd53559f7f7c33f8f15b93b1ed874e2b3bc012535648260d433930892fee75957b9e6fc63619afd6e067ddeeaf5a905be374272a4629701
SSDEEP

196608:YdzAJUtdMYR8GIJ8i9MrI8w4GwcFM+qw7vEbna:YdzFzMQar9MTD+qgEW

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.jiji.sjjz

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.jiji.sjjz

Queries information about running processes on the device. 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jiji.sjjz:GuardService
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jiji.sjjz
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jiji.sjjz:multiprocess

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 3 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jiji.sjjz
Framework API call	javax.crypto.Cipher.doFinal	com.jiji.sjjz:GuardService
Framework API call	javax.crypto.Cipher.doFinal	com.jiji.sjjz:multiprocess

com.jiji.sjjz
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4465

com.jiji.sjjz:GuardService
1⤵
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4493
- getprop ro.product.cpu.abi
  2⤵
  PID:4587

com.jiji.sjjz:multiprocess
1⤵
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4532

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jiji.sjjz/app_tbs/core_private/debug.conf

Filesize
101B

MD5
faa9a1795513a1551f8889f9e5b2d64b

SHA1
2bd06736c80049d14e9dd3ea155617107cf7e1b5

SHA256
0ff567314485877c89d1b6ff24db9acc0de47c835bc36f268f03a294b36b3772

SHA512
466c31cb896675df5733ceeffe1d75e3c7cc575e0ec47b20adbf62409cb8202f52fb22a2cfb19713f7c5ee7d4b4e08c865d0bb79241471b42d1ab86ea84705f8

Download Submit
/data/data/com.jiji.sjjz/files/jpush_stat_cache.json

Filesize
178B

MD5
da428714c1db838cee08bf094fd50d91

SHA1
bcfa80ef9da831c54e4534d525ffdff62acd1e78

SHA256
65b26444b65b4f77a87c49a1875d08c165c2b6b5bd00e1efb665b6931d6d9e78

SHA512
40c1d1e31513fd4704abc3bff7c1ce61454b4f1eeb90deaa47ca15d82a529d4f8cec136671be8faa0750c6148670e4c29141fbc76cb14e874280f94322426636

Download Submit
/data/data/com.jiji.sjjz/files/jpush_stat_cache_history.json

Filesize
343B

MD5
b15d0bd8b1ced96d04c09c241cad52ca

SHA1
c670dc650f8170159dc9d586c640e00a611c1b09

SHA256
50cc18fdb04de05d06f86bec33094d5437cfe1595ff5bce15baa3c9caa7dd612

SHA512
a02e57bff32c61407d6964df38e1257af374a0a82a1bb1ade006c3cabea63c4d08cb29d29d5badf69d8270be7eb65ea57772582a544c812d657bf06dea80b074

Download Submit
/data/data/com.jiji.sjjz/files/jpush_stat_cache_history.json

Filesize
174B

MD5
c8347810e26226a747e11c0b496b903c

SHA1
e350a8a4d5afa97c963476e59f54ab4068514f99

SHA256
d25f7172848c237f4a8be35e2748f14faafc483eaff9f84e27dec8d7439972c0

SHA512
9456a5d090699dbb0065e54c35a4c7facf533f2deb81f839072fd7b0602e55a61a5be51aa04e8ac18975ba249af6e22519785a4fdcf3cc26fe15af6c4b2ccb7a

Download Submit
/storage/emulated/0/Android/data/com.jiji.sjjz/files/tbslog/tbslog.txt

Filesize
16KB

MD5
0775b8be767b4392f3d73e89e7e59586

SHA1
ed8a6f249c28f93b8325ea16574b1f37614f882a

SHA256
c9ebbf9dcbf4c4b685b2bc662f9e54ac32d6d36dee1974d0fb353fe647624a38

SHA512
3d5e744aea730e3473bd6356c0c386861fff24e364796d8cdc7c7958ecadda8b80df3c9cd7be2c77f2b0be3cf8e8a3792f9cf41659abee45b0bd8d4f3ae00185

Download Submit
/storage/emulated/0/Android/data/com.jiji.sjjz/files/tbslog/tbslog.txt

Filesize
13KB

MD5
7ad0a532bd27e69461ee054375bb7f19

SHA1
56d76f5898eae49c2a357165c1b64ac919ab00c1

SHA256
604634a69a0fb4d20b8b865a10fba889b5a26b59ecc1ee3b73400e6ce43d2d1a

SHA512
00d7abae297548c9a51fac8f18fe329f631d18789ee14c49bacc1b8bcb4399c1adf5fda404da567276090d8cebe4c7cc5c83103e970a42e9cc6406e5a6958aa3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads