b4a14e47ff4a65969de05364cbf8c644c53468a7c4d88899d39982f929ac4ab0

Analysis

max time kernel
8s
max time network
141s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
19-04-2024 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa7eb2c8d1fb4d692602ec420a2cb24c_JaffaCakes118.apk
Size

8.3MB
MD5

fa7eb2c8d1fb4d692602ec420a2cb24c
SHA1

701972a96ad7ad03afd46f622f680ad7d815c16f
SHA256

b4a14e47ff4a65969de05364cbf8c644c53468a7c4d88899d39982f929ac4ab0
SHA512

82c8fd9ec9aac8d7a7a5cdd21b1856f577f91db9bb108ac495c4865ae875498be485504b49ddba91f0432b8b3cf7eccd8f2b68ad6cdc63601173c3a1b5459dee
SSDEEP

196608:ag4OVJo/uB0QLGZ1SLPA9ZqiauWjzhQQx55xLQMn6H9o4iAn7HaHvHtYvpMqaFN7:a9OJ9LGZ1SrA2qWjzGQx55d5n6H9o+nm

Score

8^/10

banker collection discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery

Location Tracking
T1430

Processes:

cn.czfy.zsdx

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation cn.czfy.zsdx
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

cn.czfy.zsdx

ioc pid process

/data/user/0/cn.czfy.zsdx/app_e_qq_com_plugin/gdt_plugin.jar 4301 cn.czfy.zsdx
Queries information about running processes on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

cn.czfy.zsdx

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses cn.czfy.zsdx
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

cn.czfy.zsdx

description ioc process

Framework API call javax.crypto.Cipher.doFinal cn.czfy.zsdx

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	cn.czfy.zsdx

ioc	pid	process
/data/user/0/cn.czfy.zsdx/app_e_qq_com_plugin/gdt_plugin.jar	4301	cn.czfy.zsdx

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.czfy.zsdx

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	cn.czfy.zsdx

cn.czfy.zsdx
1⤵
- Requests cell location
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4301

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/cn.czfy.zsdx/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
240KB

MD5
f73389c27d23a9090a7a6c81e231b774

SHA1
25924157d4122f40ef78e86aea40b589457900f9

SHA256
8e2be609b620003e353d8b554a486fca1256c8021b44ae8c1580545da828725a

SHA512
9699a5ec4a7b076146b263f28637a349ce03d18287bc9d03ce6c4c73c055f8f4d16d65de30ea4ab625bb0805a14e4ddc2ed302e47cc908c447f353cd15024c32

Download Submit
/data/user/0/cn.czfy.zsdx/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
560KB

MD5
27d4c91857022f0707124f64529a67fc

SHA1
d3174bc6a623defc53f12d706eb0ced5adae87f0

SHA256
fe337b5c8de6b2af6ca5a69a2c8d013c2cd8bba8668b28f69f7bbc66803b0778

SHA512
6867dc8938b868be1aa796e04752736fac192cd30cb3d8a0e73c992fe932b2baeb380974c53c73698fb93dfc65cbafaee670cf7f8b42e1445031dfe776897250

Download Submit
/data/user/0/cn.czfy.zsdx/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
0d0ed4ab99153b422b3353e1faa6e079

SHA1
c49406ac5ac40984aa7948e59bab83805f001f94

SHA256
30d89fe766daf65da83a3316af15bbb8f2e51b1d025ffe78c7b8c00e70b5fb91

SHA512
041aa1b445fe147632cd65a187f8bb03ad7fa11225c45a8ad9c2b9b6c57767f604d7ddc0efcbd24ec82a04b56d4b2437fb532e8be97cc2fa660b869eca140650

Download Submit
/data/user/0/cn.czfy.zsdx/app_e_qq_com_plugin/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/user/0/cn.czfy.zsdx/app_e_qq_com_plugin/update_lc

Filesize
1B

MD5
0bcef9c45bd8a48eda1b26eb0c61c869

SHA1
4345cb1fa27885a8fbfe7c0c830a592cc76a552b

SHA256
bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec

SHA512
91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

Download Submit
/data/user/0/cn.czfy.zsdx/databases/student.db

Filesize
36KB

MD5
9705b03eb4081bbd73e1cc87a39fc3ad

SHA1
ce83e6376f98cd35bfc6a59cb3e5ad9ab125b320

SHA256
f8875520aa3bcb3b9b93bc7f00b91f1c62abf1a38963963839b5e5d7e5002833

SHA512
165af8a21d9b888cc84aa6888111fc9bd83b5901c7fe7d238593cb7e229aede922cdee3e41f4bddafe8f18e8014090d959d27763f96505bbc27c8c3715cf8118

Download Submit
/data/user/0/cn.czfy.zsdx/databases/student.db-journal

Filesize
512B

MD5
c22c8e7830c80fb4a6bd320ed5a7bafb

SHA1
bec83bf87ed93e1624a98fcfcb7863b45966cf50

SHA256
4caba3b1e7cd400f682fc06d77ef0ffafdf9a7ec28a1c17a73779bff7b6a06e7

SHA512
4e16220e82128dd0e881f39923ddc3292d9fc2c369f62504771eaf6b7ba34175ff9d813bc116901f4868d01afe265a79d4fe0f599721f007704d89e1852908c9

Download Submit
/data/user/0/cn.czfy.zsdx/databases/student.db-journal

Filesize
8KB

MD5
f64976e37c3d30b536700cf5b092b9d7

SHA1
fe50bdb8d766337b76f388653028d278437a15d9

SHA256
a34e38f9ccf2e016dad4fe737a9b3068548feaf7393a576b4ceab662842b33a8

SHA512
e441a5e586ca93c37b46a598bccd1161d3892e1634ea780da0aecc258e3a5d31587b82e6de5e0363c9f4c7f7f83332bfaa718f154abef11089d36a9a6a670e04

Download Submit
/data/user/0/cn.czfy.zsdx/databases/student.db-journal

Filesize
8KB

MD5
bdafa1c13ec85899de4dae50447c5afe

SHA1
c150ee2ef9eadc4114cb681e41fc6d03cfb80a48

SHA256
6b97736128eb5755ca8ad8aa14bf5c2f4daa4aac40a36077c9d663522baef967

SHA512
7c18c204d1a50f31d3aaa8da969105b4364a24166d425ddd5e296292e0861a2d5ac580cf901d83cc6c274547f6fbe7b39e7a7925b326cffb4ddb96b075c7e554

Download Submit
/data/user/0/cn.czfy.zsdx/files/gdt_database/GDTSDK.db

Filesize
24KB

MD5
ef12534b6904b94189282896c56776ef

SHA1
9e979764e9b71601207f4ddda6746863567ec909

SHA256
48b1a8741d8608a2be9f7f7933b902e382fb34abe1ed17b7d39b8b335bcc86c4

SHA512
0751ec594fb75170f4f89a0127b803221de00b1df4d9ebdebcc3eb000c84ce31dec914ca50825d670ce4d2958886fe4bbf3e799f704efe3dbab9b9d53e32f70d

Download Submit
/data/user/0/cn.czfy.zsdx/files/gdt_database/GDTSDK.db-journal

Filesize
512B

MD5
224a24c2fc0e8363a33583d28fc9726e

SHA1
6c623fdadf16a4914e30abd57a91683c565bc210

SHA256
e06c2cde6dfe34812e0229e41e35746eab9e4b3712da65d8698d3c12a2520a06

SHA512
6355736119f8a4998be1ad12e5d0d597afcd97045a975afd42e456d5f5e0f9d73debd1f7ea9a0b5d52f58c205601834e02fc0b47fb35753077d139b2526d2688

Download Submit
/data/user/0/cn.czfy.zsdx/files/gdt_database/GDTSDK.db-journal

Filesize
8KB

MD5
3566515cf16bf9adf3fe53efb83357ed

SHA1
3f3478d7921bed8265362b73371808eedb93206f

SHA256
1fe36177723d8e6ce966aecb68b971e0cfe4c658a5738e71d9b3fe148eac1743

SHA512
97a3b1ab5286ed59d23e880f4fa167e4aa18794c0858ea311cb6326dff13169ff87eca596f1d5303f934431747aa22cbdc6838f63eb26e0862581bf5333b5172

Download Submit
/data/user/0/cn.czfy.zsdx/files/gdt_database/GDTSDK.db-journal

Filesize
8KB

MD5
f2183085adaa2274638f11b3dfd5e2a1

SHA1
a4dd7e0342a278bbf7361e053f8b219a4b5e7fa8

SHA256
df5cf4fb73311a15aa9255ca8d78bfe64f6db8693f1451ffe2844a3685f07196

SHA512
f68eec7d6db86e14641c43786b023ff969d80d83975ff9652e75f78a507e64be7531264e12f1dcc60ecb531ca92b9d54c07a391af9e1491db17b8106c6e71f4d

Download Submit
/storage/emulated/0/Android/data/cn.czfy.zsdx/files/tbslog/tbslog.txt (deleted)

Filesize
1KB

MD5
24ae812e366cde6a793a6d55de24214a

SHA1
ab07586a1a6244c1a4e7559bbfc8729aa7e94fa7

SHA256
ccd86879ccd81851791c1aa177825c0ade761b348cb8d6807ea0fd0ef02db50e

SHA512
027b073ea03598cc061aeb5160c124e19618028ccb6f52a5c1891d38438041d90a7f33ec21e5807092679fbb74e56e1d560f0b46983e731eb5e2fdadf96e2128

Download Submit