4cb22035ec53b15fd0e3a95e2abee1dacafb91df780f2df0dc1886d92570afd1

Analysis

max time kernel
147s
max time network
157s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
09/04/2024, 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9fa1ad4126eb36a5a11a5e3ba39ed0c_JaffaCakes118.apk
Size

7.2MB
MD5

e9fa1ad4126eb36a5a11a5e3ba39ed0c
SHA1

eedfa81487ce5e1ba158d56b7b575ea3e4846cf0
SHA256

4cb22035ec53b15fd0e3a95e2abee1dacafb91df780f2df0dc1886d92570afd1
SHA512

00139a9c8eaae49a8fd53559f7f7c33f8f15b93b1ed874e2b3bc012535648260d433930892fee75957b9e6fc63619afd6e067ddeeaf5a905be374272a4629701
SSDEEP

196608:YdzAJUtdMYR8GIJ8i9MrI8w4GwcFM+qw7vEbna:YdzFzMQar9MTD+qgEW

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.jiji.sjjz

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.jiji.sjjz

Queries information about running processes on the device. 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jiji.sjjz:GuardService
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jiji.sjjz
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jiji.sjjz:multiprocess

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 3 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jiji.sjjz:GuardService
Framework API call	javax.crypto.Cipher.doFinal	com.jiji.sjjz
Framework API call	javax.crypto.Cipher.doFinal	com.jiji.sjjz:multiprocess

com.jiji.sjjz
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4587

com.jiji.sjjz:GuardService
1⤵
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4623

com.jiji.sjjz:multiprocess
1⤵
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4667

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.jiji.sjjz/app_tbs/core_private/debug.conf

Filesize
101B

MD5
faa9a1795513a1551f8889f9e5b2d64b

SHA1
2bd06736c80049d14e9dd3ea155617107cf7e1b5

SHA256
0ff567314485877c89d1b6ff24db9acc0de47c835bc36f268f03a294b36b3772

SHA512
466c31cb896675df5733ceeffe1d75e3c7cc575e0ec47b20adbf62409cb8202f52fb22a2cfb19713f7c5ee7d4b4e08c865d0bb79241471b42d1ab86ea84705f8

Download Submit
/data/user/0/com.jiji.sjjz/files/jpush_stat_cache.json

Filesize
178B

MD5
81d1729bea77fee8a09d05c6776cae0a

SHA1
e092c1827f1dbeddcb44866ebc69f780171bd9ff

SHA256
0e0179e36cd33f9e123b71c6e7902c2638eaa48feead93ec119b1a19cd6a70dc

SHA512
539ee5c7bfd6fae630c6cd200a514afbe6cc312a85c46af03ec24ac5144b9012767144174c1a34124b5e6db46f375ed1a7b68cd8d9a0e88cd5efa9c33e51e77f

Download Submit
/data/user/0/com.jiji.sjjz/files/jpush_stat_cache_history.json

Filesize
174B

MD5
44c7d69a88731b2e0422c559c7043466

SHA1
8803060b700f4c0fa21b923de2c278c90c3b5f79

SHA256
f23bfdf916599d2d19676987ce85ce6ce965f64ffed5cb59f7ebf70cf41527ce

SHA512
861eebd58a9a8766dba8ec87873344324b87fdd15ab8d22295848274f6841e5f3721add01562f6e8635760df2ecf29cdc98e8c269acff23ea87971d2ab411d73

Download Submit
/storage/emulated/0/Android/data/com.jiji.sjjz/files/tbslog/tbslog.txt

Filesize
13KB

MD5
4d5197512f1d4c1fa97c8710b2625b8d

SHA1
d81c665bbaeeb106acd6d9814cd31bfa33cc7d06

SHA256
cf18a9f8c3b6023bd9653b7aaa7fbd90f8a76b290fa6db0180faf0318c881ae4

SHA512
7e52edf99de4c3323a4ec025d09c88bb5acaf86ce60100215cce8346129b0c6a0ba3e3341e2d419036c16b271fdcc44663c67be271f91d17a5904a8066bb0090

Download Submit
/storage/emulated/0/Android/data/com.jiji.sjjz/files/tbslog/tbslog.txt (deleted)

Filesize
15KB

MD5
1e09f40a12bfa5a2a4a86a9af30918e6

SHA1
493d88e1f8f23af7927a2d05f7e98a1b9167e7b7

SHA256
fdd21c8f120ee822e653e1e60a2e58313538d24f9630215c61092cae2457a977

SHA512
f5c72fabde5ccf74dd2a372f4ad328271de6ad6d6f1fe9b05c7215240463c44be71d45b5cf99ddca5f529ff8b623ed07c90205b650f3bcfd9a5bf803a820c9b6

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
818a580f4873fd6f830e9d76e93e6281

SHA1
3f40686950fe809c45c8e0aa8bb4cf1e2c4755a4

SHA256
f96872dcd71f410635968b4d50b9033157e659556d73edfa8a63f72f170de774

SHA512
1a0aa1fff40b689248e4bd2426c2335b5d42ec81fe41046166ddd53d55de7fe171bba2126edbee5159337a98fffa9eb4455c8db408b2c43cacd2d844b196eae7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads