934145fa41c3cce105c994c9fe5129b9976c8d929107a53775b977df6c25d768

Analysis

max time kernel
151s
max time network
161s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
19-04-2024 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa84ca282f3b047f13106e006ae930ba_JaffaCakes118.apk
Size

25.7MB
MD5

fa84ca282f3b047f13106e006ae930ba
SHA1

9d84c549de34ac38c85b8a793f24faa88fa0aee1
SHA256

934145fa41c3cce105c994c9fe5129b9976c8d929107a53775b977df6c25d768
SHA512

ca490a8b278a939aa09e3f66f56412fcfb8672b86c0a8fde58d2133e797e7bb21dd99aebbb35ba395c07bbce29b63bbe6e91e58d09fdfbec52f357b649bd8bf4
SSDEEP

786432:eme8i7o6+8Qe+Xjwi9D9nyEHgFIQS1d78:6JouQe6wi9D9yEgIQsd78

Score

8^/10

banker collection discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.crgk.eduol

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.crgk.eduol

Loads dropped Dex/Jar 1 TTPs 6 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.crgk.eduol/[email protected]	4317	com.crgk.eduol
/data/user/0/com.crgk.eduol/[email protected]!classes2.dex	4317	com.crgk.eduol
/data/user/0/com.crgk.eduol/[email protected]!classes3.dex	4317	com.crgk.eduol
/data/user/0/com.crgk.eduol/[email protected]	4463	com.crgk.eduol:pushcore
/data/user/0/com.crgk.eduol/[email protected]!classes2.dex	4463	com.crgk.eduol:pushcore
/data/user/0/com.crgk.eduol/[email protected]!classes3.dex	4463	com.crgk.eduol:pushcore

Queries information about running processes on the device. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.crgk.eduol
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.crgk.eduol:pushcore

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.crgk.eduol

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.crgk.eduol:pushcore

com.crgk.eduol
1⤵
- Requests cell location
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4317

com.crgk.eduol:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4463

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.crgk.eduol/.jiagu/libjiagu.so

Filesize
480KB

MD5
6e8ea47d2d8500b7fb8855394fdf0526

SHA1
d3c719bda605cd787c4acf30507edb76b7fb6070

SHA256
cc3b55086867ed7136d474a21b1359f49e6afed3b74fbb4ba5f11b36ce1f4d46

SHA512
385241f905c46ead517e4e0bcaf2fe00160ba0f7f40c6926ba288bf41d46e77a8bd63ec0a97d57a5b65cf6fb1f93b5f86f51d9cb24809ae934ebdb2fd49c0b70

Download Submit
/data/user/0/com.crgk.eduol/.jiagu/libjiagu_64.so

Filesize
520KB

MD5
8e824507166c1f3840255c91d52bc884

SHA1
65a075bfb5d35b3156b071a5a663fdfd257c600c

SHA256
3fc50cc5c917047143a98fa02d22bfc85a14eda663579fc0f006fd5ea18acfa5

SHA512
dcd20f709770d771e3cc93c160fa9744f5d33d4a1c941ffffc23f8e70dd4308543a5e8d35f4f56d8416b104c362d9eb5fe3cb59ec99306a4495df5281bdae223

Download Submit
/data/user/0/com.crgk.eduol/[email protected]

Filesize
5.9MB

MD5
5aa89c7f5270b9b1d89c09f2b4e11cbd

SHA1
6cc4c0bad966958b1708b6e1ae940fb07d651918

SHA256
a020375ca91d98087a58448ad6ac60ec889fab36a4a343e184cca3a1ded535cc

SHA512
edacc6bf32e441c49487bb32fd89908171f08a4bf4d693bde3bbd391e871e81b8dec50cf312b503f1b4c78a04f40fbe9ffd084d1b65722cea33c8b1bdc2e6595

Download Submit
/data/user/0/com.crgk.eduol/[email protected]!classes2.dex

Filesize
6.0MB

MD5
fdaf8dda238c700ff707fca71884cc78

SHA1
1fb362a7f9f1a75756073866e366b2ef65b60275

SHA256
b94b873e76d1724a97242815ae0a6c29ad9aac6cda9879db1b83f528b79e1225

SHA512
763d72ad552bb39972e50325bc525c21251317eefd14a8e3825c2852474609f53e8fc141e7b2d4fc9017f05a4734a25da158ff280ff8e4d8bd95f28ec13058b4

Download Submit
/data/user/0/com.crgk.eduol/[email protected]!classes3.dex

Filesize
1.3MB

MD5
5c5884e375ecd0cd6cdbadfab91ebe5a

SHA1
e2ad95d4bcddb240853c3de906c7093fa8384cce

SHA256
a308eb4b1a4c7bb73ba8fb7f4694f33f89bccad53a383ecc8deae27169c2fb48

SHA512
880c1d602e3f08516a28e4f86aa09f6f97ad8aae491cd23332b24fe456da8b7a04b7f1baf491a049a00cc125adff1e06c66d8ae75187c68109841d582e7f8eff

Download Submit
/data/user/0/com.crgk.eduol/databases/tiku_db.db

Filesize
72KB

MD5
86664dff04517d0eae303c0a3b88242a

SHA1
1f38fdead80a596b5ddd7e908a2c21365a26f10e

SHA256
9268962b10e77ae5e2f7efa35df1ad4585e2dd180ca2abcebea25ffa86c7f3f6

SHA512
868d78ebd152e6b5f643af124bbd85cbf6069fd7bf3906151743df0ca4b38102931c01b4b8f02a1630abc7c325861206a8da5827ee016aa924a6768dbfd8e402

Download Submit
/data/user/0/com.crgk.eduol/databases/tiku_db.db-journal

Filesize
512B

MD5
ae504950919ecdacfc731d5a4c673d88

SHA1
ef65f143ff39d0f7820046cef4cb5098641108ec

SHA256
f719f78b3b632655b8142dc06249f6445c56bab4b6a34dcd4d189b5723e7729a

SHA512
49f4dbe9e25dfbe5a75189cf181eff5d1f5031ebf640f54e00138b3ac3953fb240a97d5d0896b9b52ed64e7cf52fedcc7b73ce0b87070b1ee5abd10b16d88b3d

Download Submit
/data/user/0/com.crgk.eduol/databases/tiku_db.db-journal

Filesize
8KB

MD5
558d315c99ec89b6bcc34fbcf16cb1e1

SHA1
00df75e7efa534cf56e537844c39af2672104df8

SHA256
ab0e842a5c838ee207a0b571c327d97fdc9e108faf61a6caab982a575d13a1ab

SHA512
27e319e0ab9f7c53d13c04e601ceab50897c74d7dc9a9698edecceedf87f297f6dc746f94db78bd5a5434c5c021286533af8dac5f06b635359ed926193cf9441

Download Submit
/data/user/0/com.crgk.eduol/databases/tiku_db.db-journal

Filesize
8KB

MD5
6362177f4ff7be154c83eb8c93086045

SHA1
0ad5c992a171ef39ce0d3f75712d1479d41ccaaa

SHA256
ef29f84b95d387da03bbcfdac2b2c8b6c77c62c2bb919966bf159757a06e5ad8

SHA512
94dfe40cc76bff021d30f7e08b48be66eee78bf00e846d85bcfc0332f4313704af1f1b80ed83434d2482ed67676b94633b38cf78feabbf1b7a68249d46f7e5a6

Download Submit
/data/user/0/com.crgk.eduol/files/.jglogs/.jg.ac

Filesize
32B

MD5
f262f9749c3768e22313d2666acf6eae

SHA1
be90c167b2d8ce1b2985dbbda8a4d5e848129479

SHA256
088699e484a18d10cba145c010c6a8fb6b5b57b222d1296ac533828f0238fbe2

SHA512
43b2a65b34fa1c18a005434a3bd5bfaaddc38dee598050a2b656538e7723a8108198b8cf0bb0f10af095f43c148e6d96ef608d3359347cfd01bbc070b61c937a

Download Submit
/data/user/0/com.crgk.eduol/files/.jglogs/.jg.di

Filesize
348B

MD5
58d7e5a51829da2e051c330dc19235e0

SHA1
4302e59a77c5e26fb4b45da34f716497102544b4

SHA256
e4c5eb15cde24114e9853774a46a8f65b2dd44068f67407cc28c69f027d446f3

SHA512
fa484f2b5363b4b13c484f3ecf78633448cef5aeb18d44db98d6ad7a042477723035f00d3414ea6bf2873bcd107c4db8088f856771533a7f959a7229fcd56098

Download Submit
/data/user/0/com.crgk.eduol/files/.jglogs/.jg.ic

Filesize
32B

MD5
e6563c962818d098573bb7ca8406c070

SHA1
4d08d9114528c9ad691cd47471785679dd52de1e

SHA256
75a42a04129703c07d6fcb1d2359f0d7b27ea9c2c3201a3ac60b4eb62c6b9937

SHA512
5d5962c808c1fee58eb77bb2358cd78aa5e4a4758ba7382295372f4dc1e7fad767f096e5362f04d6292772396f1edcb748c679b4c9ccd3bade8fbe63d1bbeb8e

Download Submit
/data/user/0/com.crgk.eduol/files/.jglogs/.jg.rd

Filesize
187B

MD5
54f379669cb114e27c041b3e3a83ce22

SHA1
847b3a629e46e9d79007d218da1169fb7303afb3

SHA256
98124d466cd9401c979949716eaad3e525e6bf4e2a3f2d152c31ec1a0d61f273

SHA512
eedb01c8a69f0380d1274467a683788cccbac0ea3b9ecbae71a9b8724bb37ab6e5d620d974c8c95b3d5dbc11d99f237674b27553300221a6fd49f08d2ec1d6d2

Download Submit
/data/user/0/com.crgk.eduol/files/.jglogs/.jg.ri

Filesize
314B

MD5
30b4d0146a7b9c90631d297d4f3da834

SHA1
9e44d87a134bcbee5e67d84dff248825b81a63a1

SHA256
e54e6e8494279ae2966bfae050ef8a27dafaabf3cc3147c66d17421bcfbec994

SHA512
b9aeefc68635b656c679be8e07f8046437f316150b39a3a16b84a668095143e27e6184e854c4235dcf13ab9a9efb36f837b8198f5a583cc1762be6ba23d8649f

Download Submit
/data/user/0/com.crgk.eduol/files/.jglogs/.jg.store

Filesize
535B

MD5
06229f4109e43bdfc74d24cec35ad670

SHA1
e676f04bb92b073c48db0e1d333164424fcd1744

SHA256
8e08f295b103a7d0e7a472fafbe5ce951074793b815c0c301c0b690aa6af6896

SHA512
ba5837c178dcd68ec7c315a723458fd53784ee22b8297fd1dfd1f7f7a2b9c077e4262887e192817f6bf4bff383f78237073122441380de8cc49200a42f978e16

Download Submit
/data/user/0/com.crgk.eduol/files/.jiagu.lock

Filesize
27B

MD5
49eadc18681a9dc364f3306b1f573bc5

SHA1
ee6b5404a45ea2673ee10735456429b66446083d

SHA256
0fbb1fb7bd9170d92b06bda2ba13cc8e202fcd65c78a816e63bc6dfff75214b3

SHA512
63cabfffdcaa86b907567d0191b2f5ad2f721cd8012acba4b9737e6f04b8bba3e250f4d7f6651b282a632961adccc57b04454ab1d9987a8c93e73168b7e25c35

Download Submit
/data/user/0/com.crgk.eduol/files/ACache/-1921894556

Filesize
5B

MD5
68934a3e9455fa72420237eb05902327

SHA1
7cb6efb98ba5972a9b5090dc2e517fe14d12cb04

SHA256
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

SHA512
719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d

Download Submit
/data/user/0/com.crgk.eduol/files/Log/crash_2024_04_19.log

Filesize
535B

MD5
f38e6002124788c7bd875f39405ed586

SHA1
e49d3eae27897821e7679dfd5dc2b8940373507b

SHA256
002e2f74279be040e67785394985454bfafa4bab5e67f4bf3934671f336136cb

SHA512
aac4528e9d0b01ae0ef22cbfab06c78a1413154d56d8d97faf4cae0d34d18bc1591581bf1445c6f7f51c1174826b378b54e819839f4b09f05451726dba2d3d1f

Download Submit
/data/user/0/com.crgk.eduol/files/jpush_stat_cache.json

Filesize
119B

MD5
23753f07e7e9ee6271498acf2ab0b39f

SHA1
6a1c3703c6b433878281224dd1aa7c81ec0b4429

SHA256
4635b7fada996a27ef635d334e766019572ceacabc8c1238b9638c1d844dc49f

SHA512
5c8da187ede6d3c6d605ffc35811a36acb5caa277bc2ae6c20b189951f587c6b6f7a0f5ff42f5e60caa44a2fa3509d03b6bb47b80fdd7cf8ea10f7ea4dca3534

Download Submit
/data/user/0/com.crgk.eduol/files/jpush_stat_history/active_user/nowrap/0b0edb4c-c0cf-4210-ac3d-f7ca6bb1041a

Filesize
159B

MD5
2b3dfd9c61387fe65251ad5ba906a350

SHA1
f594804f04e6c5a551d8cddc3322125aa184544e

SHA256
c51c18a8bf7d3dd6f9eb2b5c08f9bb26ece7c93cd71d29eb13ae53c756ee0d8c

SHA512
77d6db0d6e252d513960b21a7b379fbdf360a50b5201c6ad88643140f86d26389637b40242ab77368dd64e3e4f95aedb230d7d389d4b2182531021fc9a05e159

Download Submit
/data/user/0/com.crgk.eduol/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzEzNTM3NTg3NTk2

Filesize
1KB

MD5
4e832b23eb6ebbb6a78927aae9e067c4

SHA1
6b3538f123bae1087bcf37b6dce1994e73f8e28d

SHA256
bf91bbd10a177877fdcec55a1bccde9c6d75541660c56e9f431446f56c5730f0

SHA512
a6a6389e3d206161a1ac9cdef0340a76eb3e45e3baec82647f8c575ce141685ed20075c2dbf4d65499cdba2e8b20716d588a37b91e9e722cf2edf3f7dcda3530

Download Submit
/data/user/0/com.crgk.eduol/files/umeng_it.cache

Filesize
433B

MD5
24db3c3f3b7276e2da1fd6bfd8d4d137

SHA1
344d0ef815c318b93c0a5100f719207718fdde43

SHA256
106f3d7555fb5a8a0661df4a659283b74b980cbda67979066520e759403f7316

SHA512
17b85cc9d2fa39476ba185cadf97f13b7e3face15813c42e5ec68758bd5d72745b14b332f11a46d2a6c3bf5e8f52bfb41f98296ad57afba2e8314f6585b10be6

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
1fc3fa5bfdd9c046868c35a8f030ea49

SHA1
0975687651ad364863a0419fc8b54b5436498786

SHA256
65b60dfa25c58c810f77129abe3cf6538430049796938ace733b5b20849d3d35

SHA512
8159f480e914b57df2a40b45f93ea7f036e5bb24f61a187e1270b78547dc6a57a227d801ce7ea62831618312ecdc2f6b48da5aba83b770ff608a81fd74c34822

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
4089d778c4d599e4a9d5dcf494a8f5e7

SHA1
ef02b599045c7e5f5e54652ab02552d2d270af5d

SHA256
6ca0ac202223ff7afcd0019feca6038f48248e802388a855f72c8067ccce5f9b

SHA512
b1f5520fd1e1c31008d29fd7207e9ca88ee189c082223475c1e33f3176b374a32dd588229a1d73e7baf66edeb3c13d2f1f95e1fac7c2eebaf616af9232f4e331

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
7c37da7c0be5d254b73219127b15a750

SHA1
924de384a07e17380611e69110c0de7551e796a0

SHA256
87675e6b433161cf8714f81bc8abd0144fdc07e6a8ef2a15ae26fa0e0d7e3756

SHA512
5e46c128afc9d6fabe20a2c02edf7cb0fcdfcb87f3ef64e119cc6fadc526506cc89112a76c63428a6ad803788b43fb188a0888f9d82df83e4a0ce828e8f3cedc

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
a75154c7e67283a8701731dd9a6fcf8f

SHA1
2de9825ae99123460747d9ded33cd6fb812764f0

SHA256
0b65d914d228cbf04c885030029f3f2244a58eda32e747988e5087dba52241a4

SHA512
3381d377d1786939ae740e12ded99eaa06d34b5b72635948e4399d551749bab2d7730f1d29231da5ad055ac1597d53b7b6d67f498af4fa21220bb30bc8052618

Download Submit
/storage/emulated/0/Android/data/com.crgk.eduol/files/tbslog/tbslog.txt (deleted)

Filesize
1KB

MD5
b0bdc5d0d543a74a2460ea1f2a13e431

SHA1
1e4db75d9fb095b170f99b8715fe86f3a8b935ea

SHA256
49c3c6421e63b070e8b43f34b581681bb7a84c37f2e892de71360117ef9330f0

SHA512
28ead380cd617059a593db42a1ed7a47c9262e5fcb8843dcf6b9eff96d4c5518bee1e55627f53e8a77708d20b40c8002f9b8cf03a844df1c7bf333a1144473ca

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
2cb319ff643f314bdabe5280579d8e67

SHA1
7989ba04edde2424ec16395fc58bc698b5f0a3c0

SHA256
5ad0a83cfae1c76fd9d490b8b93681ee28a8e419115b0a62bbd2388399029904

SHA512
dcda29628f7db309d2298613469c32c775c5cc5be2bcf26f36e6ee5f739e82b11e2003e363be51d54d4dbe63c05dd5e15cb738126bd1407f7bc64ea40ef5a9a9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads