2ec6ed3358ba4f9cd3b2e61222872a863141aa7e42a61898b4b73aa9d73f53b9

Analysis

max time kernel
153s
max time network
164s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
18-04-2024 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7dd866d285354c66c1e2226a551da03_JaffaCakes118.apk
Size

17.3MB
MD5

f7dd866d285354c66c1e2226a551da03
SHA1

f4469e6d9264f11cf7fad6f1ccb28733cb0994c5
SHA256

2ec6ed3358ba4f9cd3b2e61222872a863141aa7e42a61898b4b73aa9d73f53b9
SHA512

6f41a6457cf05584e55e18e6299ab0ae16ecb5d2d206055618e98d40771c10de2a42ba35fab4f11cd98bcf90cf437b09a72464eca31f719852ef5480d19c94dd
SSDEEP

393216:e1dT65LlgOxKVFL3uArenzoWlM420L7xaupQ2cY+ZvsttyI0Mgj3T:0tahgCKVNkUW6cLN9kZ0t+hj3T

Score

8^/10

collection discovery

Malware Config

Signatures

Requests cell location 1 TTPs 5 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

Processes:

com.yijiuyijiu.eshop:ipcio.rong.pushcom.yijiuyijiu.eshop:ipccom.yijiuyijiu.eshopcom.yijiuyijiu.eshop:pushservice

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yijiuyijiu.eshop:ipc
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	io.rong.push
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yijiuyijiu.eshop:ipc
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yijiuyijiu.eshop
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yijiuyijiu.eshop:pushservice

Queries information about running processes on the device. 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

io.rong.pushcom.yijiuyijiu.eshop:ipccom.yijiuyijiu.eshopcom.yijiuyijiu.eshop:pushservicecom.yijiuyijiu.eshop:ipc

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yijiuyijiu.eshop:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yijiuyijiu.eshop
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yijiuyijiu.eshop:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yijiuyijiu.eshop:ipc

Queries information about the current Wi-Fi connection. 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.yijiuyijiu.eshopcom.yijiuyijiu.eshop:pushservicecom.yijiuyijiu.eshop:ipcio.rong.pushcom.yijiuyijiu.eshop:ipc

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yijiuyijiu.eshop
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yijiuyijiu.eshop:pushservice
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yijiuyijiu.eshop:ipc
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.rong.push
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yijiuyijiu.eshop:ipc

Acquires the wake lock 1 IoCs

Processes:

com.yijiuyijiu.eshop

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.yijiuyijiu.eshop
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.yijiuyijiu.eshop

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yijiuyijiu.eshop

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.yijiuyijiu.eshop

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yijiuyijiu.eshop

com.yijiuyijiu.eshop
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:5026

com.yijiuyijiu.eshop:pushservice
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
PID:5080

com.yijiuyijiu.eshop:ipc
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
PID:5113

io.rong.push
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
PID:5146

com.yijiuyijiu.eshop:ipc
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
PID:5346

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yijiuyijiu.eshop/cache/image/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.yijiuyijiu.eshop/databases/eshopv5.db

Filesize
60KB

MD5
54b821ece718c7f55a413c2e74333d19

SHA1
448f0d8974f711c78ef1df6aa8b5ec155b858ddc

SHA256
66a470be7bdc7c0550880bf77163f2e7a89da7392422b95ad18e86b34e287b5e

SHA512
84a8f20b897acfdf121aef3b0f3b67c5ca54825ccd389f292318d9d19ed865054e19797fcacc727ec13f83b28cd6ffbab9ce69f5ac09964adf8b96c9269408cc

Download Submit
/data/data/com.yijiuyijiu.eshop/databases/eshopv5.db-journal

Filesize
20KB

MD5
27ee2ed982e4fdb6d96c9a8db19216e5

SHA1
8a52114ad6d83e733ad59dc3961d019e71149010

SHA256
2b12fe8844b37aaea94b170d04e714d2952fba98d2da68808c42f460c4a87ed5

SHA512
a9b309c74ac7e4a73bb63d812c22058de9540ec903a07e045aa7f87f2233bb0f121eaac1702b59d55539d0db08e4ff4452c89c704b9abb8663ae71a6dcde7fcb

Download Submit
/data/data/com.yijiuyijiu.eshop/databases/eshopv5.db-journal

Filesize
512B

MD5
3ae9bda53fed085da5a35b3466d0f8ad

SHA1
e7d6f51c393d26132b38cff15e64e55009b32616

SHA256
d26ec948186540928b6f1e33582e5e462787a1710d7a11a288e6604c55046c5b

SHA512
504bbb9187067b93666ae2da5a0441ff3e4468413f48667ce4185236edf0c96870b274df7d79dd573a82b924b7feda7a6809a855276c3a240893048773cd33cf

Download Submit
/data/data/com.yijiuyijiu.eshop/databases/eshopv5.db-journal

Filesize
8KB

MD5
c9c11228916a3dc6aac6b14b04e1d74e

SHA1
0e5500ecc030e9b467fa3cf717187484ed56fb11

SHA256
cf29cffe80d8c896a5c852c557a6b2c077e01bbd3d9a56b7db50db3a88610b6b

SHA512
12b80ea1111d9e8620cc134cec0a43b157e8b566529813a1d8d67f48644c05a5db64be5ecbed502f0a47b2809752970c6cda4f989ff427cddccc043bfa63bb40

Download Submit
/data/data/com.yijiuyijiu.eshop/databases/eshopv5.db-journal

Filesize
8KB

MD5
905a10a62c27e116299ce5c141a0f0b9

SHA1
3dd70de17068d91d13628cf93a92005e4b0c520e

SHA256
8a7b3ddbba88e6e2da775e4a0774c9e815748719e691e3779d2bf2cb99e892d0

SHA512
c985de81584b87a7ee0db2e6637666dc4bc41e5d1596c066a66d07b91b77a306609ddcec4839c7ffc523441947987ef32ce307b1dde39a4b1479dd0f35cbcc30

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
ecb1da1d83f4c3d4135481e2ccb350fe

SHA1
11d490b8db1a3296840fcd31bd4c03c060d3c1d9

SHA256
15b24b0509712ffe1d74cd3bca8ca5048cfb33bb3ad35df634a44f6b658f2730

SHA512
d6300f71aceb0f9b9207d19e90f98b8992423851ab55c2344f7671fa5910a1eac2db6b4189203a370eb7db9bdd645bc7a9e57b9b654559814c7d7a7f9aed1acf

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
408B

MD5
5de8a4069ce86095efc9ca47aa55dbbb

SHA1
d23c0700ca6c8e2633921b9d3349c1e7dbe6930d

SHA256
de001897a29e664e2b404c78906aa670246e933530e96cb230eb7994c15a5c3e

SHA512
ba059d298011abe6a8df59683c3b519a6a19e410f9bd5064f0d6e7b9db43adfbcf39fbd5be23527e6025eecb6e673e800e287236fa25e2ebb74b3781d9b9bd44

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
d15d9ab295fa711d2ce5083e4da1bf1c

SHA1
16e6d25319d1b35359a840e67bbaf4236b88e653

SHA256
df5048065144d0d304ac64b80d5afc325e6fabb4c0c3f889273afc7ecd6177d0

SHA512
9c89dd3058e0e576ceb5c5866709ec29bdf23956f36e31c12e6846dd6604a6b0a333ef41328753426725c15198a523be982ccf23695eb900c4423711cc306346

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2

Filesize
109B

MD5
aea6c471e50252b9485a8ecc28574ce5

SHA1
41367bfde4a550f5825ffa04468f5f21898b4d40

SHA256
6e0b448565d8fcb9bf2151f9eeba15cf6abe94dce4eff2fb8003de58140eae67

SHA512
35d64000866948327ba78fbc7f8470c24798985b0102347b787e3752c870da74dd45acc4c09ba68574d55b5d0b10058592d4f9764ccd6e23cfb7390aecb8fbfa

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
041acc1fb654907470dde92e45dd37ab

SHA1
ed26c59fbc10712a9f73e780a8a1ebaedb00072b

SHA256
bec203249d9bbddac30ee1eba371223f43f0f2e755418e5efb509130e1844585

SHA512
25e3f548c88c28b5439810ef7b26a5111e006d3a7abd0f92cb0c51d33b6ba5c22b5736c5197f9e551c638c8ec13cdb36adc97bf3ee5ac445caa7c2086998dfa7

Download Submit