710d666c932ca4429a7079f13d6d3c4ce98a5bced29ecb47689f9447c09d6f15

General

Target

f1f5106b636fa0e06fff076ec6db0f58_JaffaCakes118.apk
Size

14.5MB
MD5

f1f5106b636fa0e06fff076ec6db0f58
SHA1

7dad83b9e5706ed248143064d0857ec27032c59a
SHA256

710d666c932ca4429a7079f13d6d3c4ce98a5bced29ecb47689f9447c09d6f15
SHA512

35957601bfd7c2c338d38e14b970f11c1b8ce514a07e1603cf2fbd9a526e990283345fcc0ec3805159145f58cb4d2fdcd0c1c878dfbeffadcbd9fdfa69282952
SSDEEP

393216:veUYWUD+CRLms0lDFimGRZL3l3DjfFX3I4FpzW+gsTVBZyUN:Ro+CZms0lDmfzl3nfRnr9gaZ5N

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cn.partygame.digdigdig

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/cn.partygame.digdigdig/files/egame_temp.jar	4366	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/cn.partygame.digdigdig/files/egame_temp.jar --output-vdex-fd=48 --oat-fd=60 --oat-location=/data/user/0/cn.partygame.digdigdig/files/oat/x86/egame_temp.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/cn.partygame.digdigdig/files/egame_temp.jar	4237	cn.partygame.digdigdig

Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.partygame.digdigdig

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.partygame.digdigdig

cn.partygame.digdigdig
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4237
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/cn.partygame.digdigdig/files/egame_temp.jar --output-vdex-fd=48 --oat-fd=60 --oat-location=/data/user/0/cn.partygame.digdigdig/files/oat/x86/egame_temp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4366

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1

T1407

Virtualization/Sandbox Evasion

1

T1633

System Checks

1

T1633.001

Credential Access

Discovery

System Information Discovery

1

T1426

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.partygame.digdigdig/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/cn.partygame.digdigdig/files/egame_temp.jar

Filesize
93KB

MD5
6bb1a12917e2778f7e6a627924fc64ef

SHA1
acd393b4a825e2f02170c546fa95e235bca13622

SHA256
f58d285141ac16cf410f1a34fd8abdb2db9bf6d69830557a3fd633a35b3420eb

SHA512
8020bce2a35b3182890e407b3a2719915446d1b5601ff7106a0775a76e2a63fe2703eb477551d902debad1105a97032acac8288976025126f4f7599bdd97f892

Download Submit
/data/data/cn.partygame.digdigdig/files/egame_temp_.jar

Filesize
93KB

MD5
dac8e67611e23df9ae8d9f167ff9de22

SHA1
25f1684722211c80d978f6ca99b4482098ae96d4

SHA256
b654dbc9f152de856b11c6d619c8b6b8128235b010977d74e79d973a8b0295d4

SHA512
e267488e3f169eda196cd090481d22130fab5f876cc361c217742659b9e139e48b8aeb291554e3f03177dc0f4462af43ae9c0bb6716d504bcd363910c2185a5b

Download Submit
/data/data/cn.partygame.digdigdig/files/gaClientId

Filesize
36B

MD5
ca26ae08889eb69f45c9d0928f7180fa

SHA1
10d5a1de4021f8de22fefa23a82ebf78744d91d0

SHA256
7532f7975e435dfd650bd1b792071e38724fc6b8cefd65803e92a4beb0931853

SHA512
4c8bf8b493e2f4ab732ff7e26a42f23a87278bffb2c8beffe444a40ec9eb917b2bfc004fe2b82f1b567d7ec77faecf126fb5d8de6e850245b4710544e20a14da

Download Submit
/data/user/0/cn.partygame.digdigdig/files/egame_temp.jar

Filesize
228KB

MD5
01dcc8c7c3adaae6570e2d3bc3d8c91a

SHA1
ec519298776de5e99dffd2b510c8dca81f398840

SHA256
afe34ba2eed879dfa332b6172935f1ee43ba440e40f9876d3ebd5914eac6bb61

SHA512
955f633610942e65521a9096185172ff5c44c3469fc07a480a83f1067bbb5f8fe700afda5c2c66ad90dd5c3afb4c4fc0bfd5570d5689e3bd3ec11b50efdec2d1

Download Submit
/data/user/0/cn.partygame.digdigdig/files/egame_temp.jar

Filesize
228KB

MD5
ae26f783c39221f377c8a66e9876727a

SHA1
7517e64c3b6818278a5d9c85ac670e600d935fec

SHA256
1efce63abaea299b8192d84ea5ecdbdf6005ae3b627554dab2005e0a2bba354d

SHA512
b60b36e3f81ccf6c7de4156aae952144ec44cd0286bdfe7579a6e440c0622b46c0c04d6407ef10856f3f5fa7931326574a38464ae82c527adc5c00b6c901d8ae

Download Submit

Analysis

Sharing