2ec6ed3358ba4f9cd3b2e61222872a863141aa7e42a61898b4b73aa9d73f53b9

Analysis

max time kernel
153s
max time network
164s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
18-04-2024 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7dd866d285354c66c1e2226a551da03_JaffaCakes118.apk
Size

17.3MB
MD5

f7dd866d285354c66c1e2226a551da03
SHA1

f4469e6d9264f11cf7fad6f1ccb28733cb0994c5
SHA256

2ec6ed3358ba4f9cd3b2e61222872a863141aa7e42a61898b4b73aa9d73f53b9
SHA512

6f41a6457cf05584e55e18e6299ab0ae16ecb5d2d206055618e98d40771c10de2a42ba35fab4f11cd98bcf90cf437b09a72464eca31f719852ef5480d19c94dd
SSDEEP

393216:e1dT65LlgOxKVFL3uArenzoWlM420L7xaupQ2cY+ZvsttyI0Mgj3T:0tahgCKVNkUW6cLN9kZ0t+hj3T

Score

8^/10

collection discovery

Malware Config

Signatures

Requests cell location 1 TTPs 5 IoCs

Uses Android APIs to to get current cell location.

collection discovery

T1430

Processes:

com.yijiuyijiu.eshop:ipcio.rong.pushcom.yijiuyijiu.eshop:ipccom.yijiuyijiu.eshopcom.yijiuyijiu.eshop:pushservice

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yijiuyijiu.eshop:ipc
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	io.rong.push
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yijiuyijiu.eshop:ipc
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yijiuyijiu.eshop
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yijiuyijiu.eshop:pushservice

Queries information about running processes on the device. 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

io.rong.pushcom.yijiuyijiu.eshop:ipccom.yijiuyijiu.eshopcom.yijiuyijiu.eshop:pushservicecom.yijiuyijiu.eshop:ipc

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yijiuyijiu.eshop:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yijiuyijiu.eshop
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yijiuyijiu.eshop:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yijiuyijiu.eshop:ipc

Queries information about the current Wi-Fi connection. 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.yijiuyijiu.eshopcom.yijiuyijiu.eshop:pushservicecom.yijiuyijiu.eshop:ipcio.rong.pushcom.yijiuyijiu.eshop:ipc

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yijiuyijiu.eshop
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yijiuyijiu.eshop:pushservice
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yijiuyijiu.eshop:ipc
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.rong.push
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yijiuyijiu.eshop:ipc

Acquires the wake lock 1 IoCs

Processes:

com.yijiuyijiu.eshop

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.yijiuyijiu.eshop
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.yijiuyijiu.eshop

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yijiuyijiu.eshop

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.yijiuyijiu.eshop

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yijiuyijiu.eshop

com.yijiuyijiu.eshop
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:5026

com.yijiuyijiu.eshop:pushservice
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
PID:5080

com.yijiuyijiu.eshop:ipc
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
PID:5113

io.rong.push
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
PID:5146

com.yijiuyijiu.eshop:ipc
1⤵
- Requests cell location
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
PID:5346

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yijiuyijiu.eshop/cache/image/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.yijiuyijiu.eshop/databases/eshopv5.db
Filesize
60KB

MD5
54b821ece718c7f55a413c2e74333d19

SHA1
448f0d8974f711c78ef1df6aa8b5ec155b858ddc

SHA256
66a470be7bdc7c0550880bf77163f2e7a89da7392422b95ad18e86b34e287b5e

SHA512
84a8f20b897acfdf121aef3b0f3b67c5ca54825ccd389f292318d9d19ed865054e19797fcacc727ec13f83b28cd6ffbab9ce69f5ac09964adf8b96c9269408cc

Download Submit
/data/data/com.yijiuyijiu.eshop/databases/eshopv5.db-journal
Filesize
20KB

MD5
27ee2ed982e4fdb6d96c9a8db19216e5

SHA1
8a52114ad6d83e733ad59dc3961d019e71149010

SHA256
2b12fe8844b37aaea94b170d04e714d2952fba98d2da68808c42f460c4a87ed5

SHA512
a9b309c74ac7e4a73bb63d812c22058de9540ec903a07e045aa7f87f2233bb0f121eaac1702b59d55539d0db08e4ff4452c89c704b9abb8663ae71a6dcde7fcb

Download Submit
/data/data/com.yijiuyijiu.eshop/databases/eshopv5.db-journal
Filesize
512B

MD5
3ae9bda53fed085da5a35b3466d0f8ad

SHA1
e7d6f51c393d26132b38cff15e64e55009b32616

SHA256
d26ec948186540928b6f1e33582e5e462787a1710d7a11a288e6604c55046c5b

SHA512
504bbb9187067b93666ae2da5a0441ff3e4468413f48667ce4185236edf0c96870b274df7d79dd573a82b924b7feda7a6809a855276c3a240893048773cd33cf

Download Submit
/data/data/com.yijiuyijiu.eshop/databases/eshopv5.db-journal
Filesize
8KB

MD5
c9c11228916a3dc6aac6b14b04e1d74e

SHA1
0e5500ecc030e9b467fa3cf717187484ed56fb11

SHA256
cf29cffe80d8c896a5c852c557a6b2c077e01bbd3d9a56b7db50db3a88610b6b

SHA512
12b80ea1111d9e8620cc134cec0a43b157e8b566529813a1d8d67f48644c05a5db64be5ecbed502f0a47b2809752970c6cda4f989ff427cddccc043bfa63bb40

Download Submit
/data/data/com.yijiuyijiu.eshop/databases/eshopv5.db-journal
Filesize
8KB

MD5
905a10a62c27e116299ce5c141a0f0b9

SHA1
3dd70de17068d91d13628cf93a92005e4b0c520e

SHA256
8a7b3ddbba88e6e2da775e4a0774c9e815748719e691e3779d2bf2cb99e892d0

SHA512
c985de81584b87a7ee0db2e6637666dc4bc41e5d1596c066a66d07b91b77a306609ddcec4839c7ffc523441947987ef32ce307b1dde39a4b1479dd0f35cbcc30

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
ecb1da1d83f4c3d4135481e2ccb350fe

SHA1
11d490b8db1a3296840fcd31bd4c03c060d3c1d9

SHA256
15b24b0509712ffe1d74cd3bca8ca5048cfb33bb3ad35df634a44f6b658f2730

SHA512
d6300f71aceb0f9b9207d19e90f98b8992423851ab55c2344f7671fa5910a1eac2db6b4189203a370eb7db9bdd645bc7a9e57b9b654559814c7d7a7f9aed1acf

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
408B

MD5
5de8a4069ce86095efc9ca47aa55dbbb

SHA1
d23c0700ca6c8e2633921b9d3349c1e7dbe6930d

SHA256
de001897a29e664e2b404c78906aa670246e933530e96cb230eb7994c15a5c3e

SHA512
ba059d298011abe6a8df59683c3b519a6a19e410f9bd5064f0d6e7b9db43adfbcf39fbd5be23527e6025eecb6e673e800e287236fa25e2ebb74b3781d9b9bd44

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
d15d9ab295fa711d2ce5083e4da1bf1c

SHA1
16e6d25319d1b35359a840e67bbaf4236b88e653

SHA256
df5048065144d0d304ac64b80d5afc325e6fabb4c0c3f889273afc7ecd6177d0

SHA512
9c89dd3058e0e576ceb5c5866709ec29bdf23956f36e31c12e6846dd6604a6b0a333ef41328753426725c15198a523be982ccf23695eb900c4423711cc306346

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2
Filesize
109B

MD5
aea6c471e50252b9485a8ecc28574ce5

SHA1
41367bfde4a550f5825ffa04468f5f21898b4d40

SHA256
6e0b448565d8fcb9bf2151f9eeba15cf6abe94dce4eff2fb8003de58140eae67

SHA512
35d64000866948327ba78fbc7f8470c24798985b0102347b787e3752c870da74dd45acc4c09ba68574d55b5d0b10058592d4f9764ccd6e23cfb7390aecb8fbfa

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
041acc1fb654907470dde92e45dd37ab

SHA1
ed26c59fbc10712a9f73e780a8a1ebaedb00072b

SHA256
bec203249d9bbddac30ee1eba371223f43f0f2e755418e5efb509130e1844585

SHA512
25e3f548c88c28b5439810ef7b26a5111e006d3a7abd0f92cb0c51d33b6ba5c22b5736c5197f9e551c638c8ec13cdb36adc97bf3ee5ac445caa7c2086998dfa7

Download Submit