479e965bd87a9436f5f0fe72d42c39f9ae97984b9bd3bb1f6f814068ba4c05a1

Analysis

max time kernel
140s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
27-04-2024 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03ea051c729ff412cfa56fe95b16b492_JaffaCakes118.apk
Size

17.9MB
MD5

03ea051c729ff412cfa56fe95b16b492
SHA1

3056d89dbb740dec8439e8e07617099e24bcaa20
SHA256

479e965bd87a9436f5f0fe72d42c39f9ae97984b9bd3bb1f6f814068ba4c05a1
SHA512

51fe78c82d3a0272db370a9f721bb90c72212cfc68d4e05388602bc7a3f6fa1b8619a0f69204e8d96d4dd20d6b095c95b36b97b828e6174f3f1a339f0e9318f6
SSDEEP

393216:lbgSb13prSesBFNcVF03yw66Rkcm53V32nRJBA7PqHW/y9irf0qsBL:r132BFaXoywVbm5J2nzS7Pd/brf0Pt

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.juejinchain.android

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.juejinchain.android

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.juejinchain.android

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.juejinchain.android

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.juejinchain.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.juejinchain.android
Framework service call	android.app.IActivityManager.registerReceiver	com.juejinchain.android:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.juejinchain.android
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.juejinchain.android:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.juejinchain.android
Framework API call	javax.crypto.Cipher.doFinal	com.juejinchain.android:pushservice

com.juejinchain.android
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4267

com.juejinchain.android:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4403

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.juejinchain.android/databases/cc/cc.db

Filesize
36KB

MD5
e9a2cbd978d891276cfa1769d52ec0b7

SHA1
061dbcfc66c98d6e613c912f218ad7dec236b4c9

SHA256
30ff3a5965fd9156463bc4ba8987991fe07077eb30b5732b658de50578463bc6

SHA512
d6aa71d82bbf852ab7353698c8c72a76f7e8e4605a96ed3b4f7b8838dd0a8a34eb5cba82b30ff6d9f025db4eef8558ba0a349d50a858ee7c8717e42ff3c36502

Download Submit
/data/data/com.juejinchain.android/databases/cc/cc.db

Filesize
36KB

MD5
fd348517c53cc0123970ce8e62ef4e7c

SHA1
8bc6f0795a1760379c4798f7ba42dc205e5d7268

SHA256
228f6e9064a054413346021406992e4b7986c0ba194e0d8e05952073de5b811d

SHA512
424dbb895a064bec378dcbc99227166721c51cf416ac2d5edc522725d281895977af66b530fbf4e142f41ec30422748c5a239ebd859dba34143447b6fc67a94a

Download Submit
/data/data/com.juejinchain.android/databases/cc/cc.db-journal

Filesize
512B

MD5
4d02956ce5f717ecc738cf5b953aca20

SHA1
95f99599fb852dffecc251e0ed0c3fc40cd5f690

SHA256
f27fa93dbd629ad247a1ba48ca84eed93cb52be9556c02c96438ef1c143bc076

SHA512
5c232ef3de476192c875f7c8cf854605d42f3ce3cae8d5cea72a143f7a16cf7783f3fb985fee9dcd781dba7b1663a3030ea1ea60c46b4339d7b7fff919ce050e

Download Submit
/data/data/com.juejinchain.android/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.juejinchain.android/databases/cc/cc.db-wal

Filesize
16KB

MD5
8c02c3d86d8c30f53b443c508280b700

SHA1
863c28ef9f177a522900649387b172f59c847f22

SHA256
08ef7215c346598ae54628b18f7892e62801d7890de1e96d08403d007e89705a

SHA512
5faef07e4dd36c4685b88450db581a5c56a8358c8ad01da8c0ce6d451b98821a9261be2fe04a4cb65649aa092a32bbe0a14f6204cf097fd564f29a830f0ea7d0

Download Submit
/data/data/com.juejinchain.android/databases/cc/cc.db-wal

Filesize
52KB

MD5
5069a0895a26491f9ad1d0ba19624b26

SHA1
4a6cf707ee5ab5dd59d3c011a2f3d309721d3bf2

SHA256
f8f35fec75064d8dd3840c91d3f7c4ccb3c43eed240db0d2f6c39c7517586f0b

SHA512
8a12316e356f76ce47c76c0aeb23454efa1c05cc96344a5c169d2ee2071ec28a7a6c5cbc381cd0a4c3aaa02fc7695ae9f3e051e0175c041379c92826b4f1803b

Download Submit
/data/data/com.juejinchain.android/databases/pushsdk.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.juejinchain.android/databases/pushsdk.db-wal

Filesize
189KB

MD5
cf02ef4a693eb21ce9c5ad571be07520

SHA1
8a022c1480c43bdde05b74493b6deaa757a83ab5

SHA256
2c75a5e93a6832e940737b809ff5fa0c20883da5db2e1260f9a61e6a4243904e

SHA512
fa36adbec37aeb16037fd50e25e27e1f4d55bd2c243bea01c55e9cdbbc6c740e9c5c7a98bdeb505bf13338160da28ce970fccc328b8c789a30aec748aa1545cc

Download Submit
/data/data/com.juejinchain.android/files/.imei.txt

Filesize
512B

MD5
e4652331c08e391c7c0d885dbd2171d4

SHA1
5f3820336e372488420bf5a075eddc8bfe44ba1b

SHA256
f410ccddd0d497bd82f4523002f8c8169efe9ec1bb751d6e9a5de7222dc7b8ef

SHA512
861bd60944b5642bc0cb694dfa2a47385a4922570bf9b6b032d578a0d47740e17287f034837cf8ad3e1b4cb2626b93b3a7f16c7ed9040997ada2d26a034ad9e4

Download Submit
/data/data/com.juejinchain.android/files/.um/um_cache_1714262097570.env

Filesize
1KB

MD5
eb06f8dee4175e38d0fd2db5c2d43f71

SHA1
a1d93982133d397539b90d8e571a327957d269f6

SHA256
f848403b7186cd01121c6a21ea1581f5951f164e90412230fa0a371b61d377c9

SHA512
19b565bcb96ce1e34c327e0648cf596091a3481f106996b80571679b65d02642c8b3e80f4f2c394d28d75aa5f8f689941fa013c211bcb4f27de3108c0e780c30

Download Submit
/data/data/com.juejinchain.android/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
3a9fc3e79d441a16eb41f8ced314b1ce

SHA1
c68a525e0cc72cb96839caf3cad16765ece65989

SHA256
6aca94589f4fa5557695cd8989f95380d0f0588d8e92de79221b588c06e57936

SHA512
441d0ae6f7e14bc0e37c1420aa2d4ebdc1766c5ed3332b65855d6dd8a51a79b3136ebbaa891805eedbcfd05622eb79034207dd22857a500b71b753ed34364c62

Download Submit
/data/data/com.juejinchain.android/files/umeng_it.cache

Filesize
498B

MD5
6c0dd58d14a7c0272d17e1e5a80622eb

SHA1
3d49ca7491940bf236555dddca8ac02820fb17b4

SHA256
f0a752a340dfd8f2db6e1cfd414f73502c525725273652bdf00a1f70d13f3544

SHA512
3f7ff31f296d362d1b140fbcae0a02482404a00b955c826e1a7e74fb8fbe873bf430b91199cf2d52c49313eaa62400ca6cdc12b3f4006eeb2c6b9adcee7503ac

Download Submit
/data/data/com.juejinchain.android/shared_prefs_ext/test_app

Filesize
32KB

MD5
cd7c778fc04f0e1a4e4e0dcf4e1e79cd

SHA1
afcccdf3f90d88f7f5f1ee08219a73d4c047c2a4

SHA256
a6729814371000153f2bef2b0b2f6b4633fcb15e7436a718fb49f4d2660e141d

SHA512
baad33bf094664110c0156de171da8c6451db750949f45562e90838be9455958c689348318daaea540756b0636517426f2a1979188e7f3024ace518bde26e34b

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
512B

MD5
a15a45b6aed532fb8472a8b0eafce675

SHA1
35052a12930730efa1ad60550eb18b79ffdf88a0

SHA256
cdcc9d25ac7d7e8420ae0a2c89f4d125741a45d8684e635f86c8ea31ee5eada1

SHA512
f0988e1b5264da8f4e95ecf789ea2a297dc6af7ab118a7296d4308afead53e10c165494d20f30470ada5468dbb885c99dec822d2a284e93b6bb1a8ab80cff3c7

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
72KB

MD5
a626e489208d38cad7a969690b78cdc3

SHA1
ad75c345f0fd31515f9f6c28382f5e4c562a617d

SHA256
67cd53c087eadabe9a0656723656a080da0823fa18c07344c538cb2c7e9b5cb0

SHA512
28b3c12c5b135e291ee4656a3192c3e99be6ebd13e582877b8291e715c8ec867c0cf1d587579c3b5b6dc4b1ff222c2b13915a41ad31023ae4bb22eb6d9d18c30

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
32KB

MD5
cd4c7834f804e0393326f12b992aed4f

SHA1
949aeb3ad4cc22b6116bbe729e7cb35f8f940ad5

SHA256
e34e40d43f98bcab8a672c3d931a1698834719a38849a89ee6c8a2a41e93b37f

SHA512
30a671c7197cb1267052474aad9cf3a5273e610825231a223be8858988e456dba75a0175da6ce09f3209ff8e9a4a36cc724d6b6ab948b7767f48f37bb7cf91b2

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
4cc8f61ceac89ae02a85b9cc85900f46

SHA1
53303779348df99b77f496add029f4a920b48df2

SHA256
088a56ee24bd256f0a77d5ca103629aa7903df96beeb4e0513ffa357d2a013d3

SHA512
06df5452255203dea2f059a07f715863772b1e43ef739ef323f0bb06c997f43a459086f21497c5b787b87aa5d1ed59033c888fee800fd0f05afee3e612f4f31d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads