Overview

overview

7

Static

static

6

f99958f277...18.apk

android-9-x86

7

f99958f277...18.apk

android-13-x64

Analysis

  • max time kernel
    67s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    19-04-2024 05:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f99958f277e1eb858a809ac107cb7c61_JaffaCakes118.apk

  • Size

    6.4MB

  • MD5

    f99958f277e1eb858a809ac107cb7c61

  • SHA1

    b6ae13023ac1117ae78b974858e12b2e77d2b82d

  • SHA256

    bd49f8744e72498ba891de83a67e8c9cf0a74b9fea45ad7212ba20d17698897c

  • SHA512

    bf1f71d75e7cf942d5a3b94f5926ff383842d82ff26535baccbeee2ff83c76b43dbf0eb189fa2182be877599bcae5dd20ce8d25c1a110b3a1c7a91afdfc980c3

  • SSDEEP

    196608:RMiBXr7woKqZRpl3Wd7jYKXUpTgqw9EHJyAc4z:R977HKqZbl3Wd7jAjw9XAc4z

Score
7/10
collectiondiscovery

Malware Config

Signatures

  • Queries account information for other applications stored on the device. 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device. 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.wandoujia.phoenix2
    1⤵
    • Queries information about running processes on the device.
    PID:4461
    • chmod 777 /data/local/tmp
      2⤵
        PID:4492
    • com.wandoujia.phoenix2:update_service
      1⤵
      • Queries information about running processes on the device.
      PID:4588
      • chmod 777 /data/local/tmp
        2⤵
          PID:4656
      • com.wandoujia.phoenix2:accessibility
        1⤵
        • Queries account information for other applications stored on the device.
        • Queries information about running processes on the device.
        • Uses Crypto APIs (Might try to encrypt user data)
        PID:4635
        • chmod 777 /data/local/tmp
          2⤵
            PID:4717
          • chmod 777 /data/local/tmp/.wdj_config/
            2⤵
              PID:4786

          Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.wandoujia.phoenix2/databases/142b8011d30dff4cf4bf0dc97fa951f6_aysnc_downloader.db
            Filesize

            4KB

            MD5

            f2b4b0190b9f384ca885f0c8c9b14700

            SHA1

            934ff2646757b5b6e7f20f6a0aa76c7f995d9361

            SHA256

            0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

            SHA512

            ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

            Download Submit
          • /data/data/com.wandoujia.phoenix2/databases/142b8011d30dff4cf4bf0dc97fa951f6_aysnc_downloader.db-journal
            Filesize

            512B

            MD5

            1aeb08f2c9fcab9b244937c5f4c69b30

            SHA1

            73eb64629065e91afca5c9b697b9b10f17d01c34

            SHA256

            6d62f20408c467d569cde715f5b22049e5e690248b8cbafb187c4abbf03eebab

            SHA512

            7c4025b860a88beb05b17267ed1c5b15c388d0b2d68e54cefe1267a02fb5203cf16ed4c00a7692d3f67c966ad6a720c04df5cc34bb030de7c62ae4b648e35dd5

            Download Submit
          • /data/data/com.wandoujia.phoenix2/databases/142b8011d30dff4cf4bf0dc97fa951f6_aysnc_downloader.db-shm
            Filesize

            32KB

            MD5

            315c4b401ab6ead70d308ac86b10b14b

            SHA1

            ea87c398ce7e59d864e81afbc4b9871b43caabfc

            SHA256

            fc50d2d1d21f8d97fd39a78333ec5b9ca5b67a0cd28b9b43802173c8d45c89fd

            SHA512

            509e20e595ae24f3f8d110dddb9be150ee983293796091b28d702ef18614bebe8e0cd9c73ff9bc29a8155c0edc1df68d563014ed268f84374cd190cbd927f3d2

            Download Submit
          • /data/data/com.wandoujia.phoenix2/databases/142b8011d30dff4cf4bf0dc97fa951f6_aysnc_downloader.db-wal
            Filesize

            32KB

            MD5

            328131ead48aa9a631a93bc7124e2a53

            SHA1

            8c113c422ee7fcf2cbcea30f0a53f96f9083ab08

            SHA256

            55e4cf5b2f7ed6ce4eacd81ce3aada43968e105cde1bfff16f1c1ca189e3ac44

            SHA512

            22b31e6b8f110e3be924492bf596df1f8a975c4acd915a3cf45f7fa5ade0d8eaa8e9298f5ce3cacf012db8c6da9675de2a87fdd864ea1dd97cdf021e9d835686

            Download Submit
          • /data/data/com.wandoujia.phoenix2/databases/c4d3d1e0e4ee9b329ac0e10249826edf_jupiter-log.db-journal
            Filesize

            512B

            MD5

            b803249cf0d464108a688e15d50bb252

            SHA1

            66df522623717e174b9e5094e3bb37f832fd6b7e

            SHA256

            81da1747f02e743a7aae8412f7827babc0d043b90433146fd8eff51a0df13a47

            SHA512

            86072af933d9c26425bfe4e34a6e35b4fdc11df48a3909f005bedca6a31865cd5936bb4e461c8546438a7ceb6671fd5d4a56f88a0515a5950b22670f7b18faba

            Download Submit
          • /data/data/com.wandoujia.phoenix2/databases/c4d3d1e0e4ee9b329ac0e10249826edf_jupiter-log.db-shm
            Filesize

            32KB

            MD5

            bb7df04e1b0a2570657527a7e108ae23

            SHA1

            5188431849b4613152fd7bdba6a3ff0a4fd6424b

            SHA256

            c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

            SHA512

            768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

            Download Submit
          • /data/data/com.wandoujia.phoenix2/databases/c4d3d1e0e4ee9b329ac0e10249826edf_jupiter-log.db-wal
            Filesize

            40KB

            MD5

            5ab5f8a9a2d36ce48bb2b9fe1f21d7ee

            SHA1

            f4aff75e3a150daf01ebfc54fca00ff9f5f7baf4

            SHA256

            9c23d571896536c862d1ba6e44c71cea99d1a5ef78f1dd951d1ab9405dd2a014

            SHA512

            5959e8f15306f292c967013ea5d060105385bfee130cdeeff137e4c18fbbe7cb4b927f07824639fa0942ead3d7281a19b684bbeb4c7b87c81c39bc77f3ee3682

            Download Submit
          • /storage/emulated/0/wandoujia/.config/shared_settings
            Filesize

            73B

            MD5

            cc03a603dc14649512bb9d2ab94235fe

            SHA1

            7914194bab824749912e3ab638861608632cbc25

            SHA256

            cddd86ea036cf4318b0c823e70b9ac32ec4882936165e262cd48d75cc65a157f

            SHA512

            9ac45c1df62e9bd91644d55da8a5033dab219ab3d60f032d7ba43d7a1819a04f118cfbc6110166d0fca6f2a2668a74070e2d26d9acdd470555df659f82267277

            Download Submit