5cbb9a57c0826d50697c08a296c750eecee4ce879ea514be5edb826dde6b8170

Analysis

max time kernel
148s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
16/04/2024, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f40cf27df7f963050c972661fda92eee_JaffaCakes118.apk
Size

11.7MB
MD5

f40cf27df7f963050c972661fda92eee
SHA1

0e026766f8eeb0a7bf9553c5dd0e3a0a4689410c
SHA256

5cbb9a57c0826d50697c08a296c750eecee4ce879ea514be5edb826dde6b8170
SHA512

1c9cacab708eb10109a9e2ce717dae265eeef61946f13d712af09a5338cd1a8ff18e4a99ed0f3704796cf39b0031040d613a945f60ae2a8b5f1dfed24ef9992b
SSDEEP

196608:v4+eJNOtGe+uc/PUM1Z4sz1mciR1vFwvc+OCEgCl04JxYY4G:v4+gCGvL/cMIu1mciR1mlOCEFl04Jx4G

Score

8^/10

banker discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks known Qemu files. 1 TTPs 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.meirikmanhua:multiprocess
/sys/qemu_trace	com.meirikmanhua:multiprocess
/system/bin/qemu-props	com.meirikmanhua:multiprocess

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.meirikmanhua:multiprocess
/dev/qemu_pipe	com.meirikmanhua:multiprocess

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.meirikmanhua:multiprocess

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.meirikmanhua/.jiagu/classes.dex	4182	com.meirikmanhua
/data/data/com.meirikmanhua/.jiagu/classes.dex!classes2.dex	4182	com.meirikmanhua
/data/data/com.meirikmanhua/.jiagu/classes.dex	4255	com.meirikmanhua:multiprocess
/data/data/com.meirikmanhua/.jiagu/classes.dex!classes2.dex	4255	com.meirikmanhua:multiprocess

Queries information about running processes on the device. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.meirikmanhua
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.meirikmanhua:multiprocess

Queries information about the current Wi-Fi connection. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.meirikmanhua
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.meirikmanhua:multiprocess

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.meirikmanhua:multiprocess

com.meirikmanhua
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
PID:4182

com.meirikmanhua:multiprocess
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4255
- /system/bin/sh -c getprop
  2⤵
  PID:4395
- getprop
  2⤵
  PID:4395

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.meirikmanhua/.jiagu/classes.dex

Filesize
6.5MB

MD5
3c253439b1765a3479700427a13a937f

SHA1
d5d3e25180e179a2db2351478a69b87a8236930f

SHA256
a9765d10e739cace9ddbb7b0a74aa64a9e70750ad1925417bf40893e40f20bd5

SHA512
60400a6b44fded330fa80b79f449fd7872f278c4d112ff26c3a432768c69783c104f71ee9564202d346de6e8574b5dc9a41b281f31b7d82f1f62e04333f72ba9

Download Submit
/data/data/com.meirikmanhua/.jiagu/classes.dex!classes2.dex

Filesize
4.9MB

MD5
a964271669e4d411697a2a250afefa5c

SHA1
fc972a245aca541050eae5c34f9f4cde7f1c9c98

SHA256
6b0a6bb7fcdaf424923e5da32e747eb9e78401576d75336d4b422b55707a619e

SHA512
990866c45e604cfa1d9a8598a3db77ab7c03fa163398bb0653263db0198c70975896522c91af2ab81fabb4e3a25ed8609868b3f1100377b75779056d9932c764

Download Submit
/data/data/com.meirikmanhua/.jiagu/libjiagu.so

Filesize
482KB

MD5
f380717bd1e3916c7b697fab8d46c5d8

SHA1
04f51f0d16097214e38be517d93be44cb0603a88

SHA256
8455632be7bacb221468c4daab2f9b5ee33739f08b22244ff81a36a02bec36cc

SHA512
b78fe11f77d2c0ec5b36850e8cc3b955661b31641405233c8842b91205e44dc16a30d7fc1ef18dde1b066c1b98959ae9c18be5472413d2b398b7ab6a6b52c07e

Download Submit
/data/data/com.meirikmanhua/app_crashrecord/1002

Filesize
238B

MD5
f4dbe8e7a5983a3272b256804ffccf68

SHA1
9ea3a70232595578556c9889efa024e4209edcc4

SHA256
0297648cf785eb03290b9db94a1cbbd7d9b9afc277ab18c879e790af1dcec8d7

SHA512
305302ebf8dfcb4dd57918887b8d2326008319201a0c7096a037c658c7e9fa0796d063bc2b69786297bb4ad76ac4e3af42462ce8b6314c9e7d112a3fa4fb6cc5

Download Submit
/data/data/com.meirikmanhua/app_crashrecord/1002

Filesize
225B

MD5
02bf777a83accbe3f73455d03568f707

SHA1
3089f2d4cb425099a0b1a2aa4f507a8c3c3cf047

SHA256
0543c999aa1392c4400dcbdb0b92ea7f76f80b8b0d9c56559fb092c935236ae9

SHA512
cd43421249bf0a0d657ff5cd13c3d4b1c18d95795f3317415a24ee99eea4ef84b3c6da317d6459106f88f05e40cca5765a68c994320913592427336bc147b1cb

Download Submit
/data/data/com.meirikmanhua/app_crashrecord/1004

Filesize
225B

MD5
5b30f473c07167f77bb6d492be872d4d

SHA1
9968b60b8d3c4642609a89536080c1d87e35f808

SHA256
4ef529f60586732f1d6f58826ca46e9a2996a4116f6a9c5afeb716b186097598

SHA512
c787be389253ffea4aec9da3f9a75d643deaaaebc74a46cc071f3dbea6bc582fccd24e4b6e8c0c242025525645e6c6febecf37f77d6de13de69e6fa37dabdb06

Download Submit
/data/data/com.meirikmanhua/databases/Q_Comic.db-journal

Filesize
512B

MD5
4871e5ae74ec24f6330102a9fc0976e0

SHA1
b8988a880bbf1fd633541d41e8ce23ad33a64ba2

SHA256
4bb520f7cf9b5433e9335e85163c3118e646028f235573fb82acc475c2b8a579

SHA512
9e343feae180808e12d5eb9f50adcaf3827549194f9e4a3d7b06f4abe86aff6824f78cde0d4cd480e99c783f4c6f0c7fa7dbc2ed0b2bfaa84df78a2c1d8ecfdc

Download Submit
/data/data/com.meirikmanhua/databases/Q_Comic.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.meirikmanhua/databases/Q_Comic.db-wal

Filesize
80KB

MD5
57e2b913e27a6dbdcf62239febabb1f8

SHA1
2e37dcdfadf4324f55959980f91adeff81411a7c

SHA256
8cba5f627d479f63ff86ea93300e6d5ee957fc21410e0cd68a97efc644e4394b

SHA512
42465e3201fb3fb9730978e17de4cdb913e44f40b7dfece470aecadcdb1b8eefa119c547d6631d00ce3081a8091fc2e079a16e4dc519ae848dfaed0d80b9b94d

Download Submit
/data/data/com.meirikmanhua/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.meirikmanhua/databases/bugly_db_-journal

Filesize
512B

MD5
083b8e86f873bb8809570329e36c42ae

SHA1
d9cfda3ea263fdcdac7f62d7090a4ba5fbec16aa

SHA256
c92ad46d057145df1fdeaff4da6212ef20e80921dfcfc756f2846e66d46c0c2b

SHA512
730e4d6aa55c6432520f1b5cab9acd5cb88b19116388bae685090b4fb25981858255c01b302a21be12ad7eff6ebfccdb7f5047d23ec83b978712122fea0ed86f

Download Submit
/data/data/com.meirikmanhua/databases/bugly_db_-shm

Filesize
32KB

MD5
0e6b096aee03b1d0d237c07a63bef4b7

SHA1
57c48911f1054bbeb5e23044e57e7fa52805d34e

SHA256
2bccd8f32cec8711ddd9c1f2dc56c5d2ee9050251b546be5ca23b222412734c9

SHA512
bb3f9a8ae61076a90e58ef9a437a2cdfac50518e53deeec973b5dc844109cdc416235afd0b463ff5f89480ab78c3a7aa1338a6b45c1bf91e312e78e7b37fcf56

Download Submit
/data/data/com.meirikmanhua/databases/bugly_db_-wal

Filesize
72KB

MD5
c18f3b373682488579a0d90e72efe4ed

SHA1
3c345f5688ecf0caef23def61b8062972f81cdaf

SHA256
cb8b688cf0f7ed140951f5ab7c141f9680d33bab58e3412a37b7aea8375f100d

SHA512
5fe8033394444080dec62f0ef9918f358941319a5c130c5bc81b3d0f6d8179c96b0afbdf57cec7606e4ccb5f2779cd464eb199287f75a7f96efd822ea58850da

Download Submit
/data/data/com.meirikmanhua/files/.jglogs/.jg.ac

Filesize
92KB

MD5
dfb18e852b6189a2e708188621147354

SHA1
5fe704e35ccd998d90701f20c9b6b67ce3551b02

SHA256
3d6c915f70cfdcb6c8ccf278ff8b7cceee2029b0e147d49c99e0515ecc8753e2

SHA512
50883d91dba4469597ee544a49f1eb8bd9dab7c90f98a01438d51059bd5483a260031d1e72da68e8a6dfda1920b58423be03d1871ff38245a942304799631d43

Download Submit
/data/data/com.meirikmanhua/files/.jglogs/.jg.di

Filesize
340B

MD5
adee2113b2f7c277a7caf71a57601437

SHA1
94403f6d8afe26076a16fd69bed827d5e330729a

SHA256
c29b2ad0b6996b5ebcbe9fafe84dffd214cea28aa8b3dcd7234a536ab0114f5f

SHA512
730fa38417152d23cf07057b13aeb8bcbdc10b53e5bc602022168726e78a42619b449fcdf5d1016de6f8add4a30b3bdb9e4603239ef365b69aa5dc76de6463ef

Download Submit
/data/data/com.meirikmanhua/files/.jglogs/.jg.ic

Filesize
32B

MD5
eb374d867463ec0bfd391eddcb452800

SHA1
d7af73cdaf71eae0107db4f182219be37fe8dbf6

SHA256
0c5c7ef7ec02529fd63d44775dcdd127b8a2a76df396acaf9c3dc9b9477adb22

SHA512
a4ea7f221ab3af122eb40f77efdb63c80acc87175476e532196881b0881eaaf96492408e69ee5d6c19738ba6316b05180975ad4a6ff7e5a02042bc1ee815569c

Download Submit
/data/data/com.meirikmanhua/files/.jglogs/.jg.rd

Filesize
73B

MD5
aba1c0dd6fb197da1f220b44b45cc0a8

SHA1
7f2b3c433f304345b3306b2b4515701b4fbc7d60

SHA256
65dc75de7d9043c8700f2577e5aae6873cc3331f8bed48730c048a0bca1d29b5

SHA512
8badfe7656c809575a4d1a7bef16e11386105409b75308540d49bf7e43a2e26ae0bdd2556aea3f01c0c24dc68bc6c2ef714ea7181f13d732cbf5851d355efa7d

Download Submit
/data/data/com.meirikmanhua/files/.jglogs/.jg.ri

Filesize
314B

MD5
10329d2e98ae5c595252c882be8f75c7

SHA1
ecbdde2d286bd53ddecb2e5e3948ed10342b0a5e

SHA256
0332009374b269e321f0e559d3b6540d6060a5ccb1464a530daf8bab910d2666

SHA512
8b20a34ce77d6b4a532ccc2fcf5b1b8a98c5451d49dc0e12c81ef2bf22a1c561d94fcc10db983509b7f557be8c87d45f7f333adc219c616cce33d2badd6a15ea

Download Submit
/data/data/com.meirikmanhua/files/.jglogs/.jg.store

Filesize
238B

MD5
0dde749f45f4e5b8db64b7e84ab34642

SHA1
e19f40192ef934ce43ef65e2109d6717602cd589

SHA256
1c8d9e3912297e9d0b3b3cb42784a144552bc6e0d0e985532e702f6bbb1869b6

SHA512
ad260a7ef356d57faf5972d3db1156f6164d0a955e14e116a0fc7c7a91ca0aae272efabe2c9d1396645e19713f037b83d98cfa4df0807063721195db2750804e

Download Submit
/data/data/com.meirikmanhua/files/.jiagu.lock

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.meirikmanhua/files/jpush_stat_cache_history.json

Filesize
346B

MD5
9bdb20ed51bdf5b84af321911c33aaf5

SHA1
ac10cccfcd6bec634145b3ae96e4507242fa677d

SHA256
a62dfa3e320edde68cddc434c2282b0d7de5ec3336960e8283c6e14526869ba0

SHA512
7d3544865e9a8f87df85dbfa67f5bbdb416f07ac457dce3a6da56ed7236a440b23c5bac9f5b2c92bbe600702a31dadebcd6aceb6da0feaac528de5d6305ecdaa

Download Submit
/data/data/com.meirikmanhua/files/jpush_stat_cache_history.json

Filesize
174B

MD5
7970e615bbdf3f0b53ed8093fc3423c4

SHA1
fe2855a9f09d2637b1ee6b9d0bd9ee7a49500f16

SHA256
17586ba2b9f3013e5c95897f7a9e1475ad8556d1ee354035ebb3469218f8c529

SHA512
d41564cbfbafda5bc04793ce5e8003a21fd5f454fb5f88248a81b4cead123a2c0735bb6f56e3a5ef1ee7ad4b8402a8b6cb41782f599b5c1c1111c67dacf96cfb

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
18dda50f4563fd0e96c8bff6bd917e73

SHA1
c37357cabba739ad2830ddd8cf9f25a9419b9d3d

SHA256
b5eed98a8aad4bb8c1e80d788701dd02adc452ed960c215a203ed3ce60007d36

SHA512
12f5b14270ae8978b583487546f96574b4c017ae69fe86387304b86e481a50b34277f7a15bff1d9b9cafd7526ed66b88ed8e1ad7d3882a642bd465ac9d8d8bdc

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
b1d50a85770c47075ac8d55c96b93b49

SHA1
ad351006a554a7a9802a5ace61a82190b3e7d5a0

SHA256
63d601155528da82237eae4998379a115cc9da951633fa95508d345216a8be46

SHA512
e85c4c88f9ccff5f5759a77eedf4a2c6148fa4cfdff978c4849cec19a67eb30644dc2638e0aef3bafa2e060def42194a0c1657ed8932d89b3c96844b65253227

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads