9fd5ed7806f3b54725644a59e24d2d17109f513312d85b8317f479065bf03e9f

Analysis

max time kernel
3s
max time network
135s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
02/05/2024, 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d9743ac20f19e0f7bc9758e098e84e7_JaffaCakes118.apk
Size

6.3MB
MD5

0d9743ac20f19e0f7bc9758e098e84e7
SHA1

a0dcc88867182a3e797ae79f2bc23ac8b404dda1
SHA256

9fd5ed7806f3b54725644a59e24d2d17109f513312d85b8317f479065bf03e9f
SHA512

24f21fa91b120e9d803d537c0670f0f2d9614526fe6944aedc9b88ef6e08438cdf99539f1df4af9119e6872e3713d41a35aacab4f0af12e32f17819eca653be3
SSDEEP

196608:VbJIeGGrCetOl3t09MepmBdD1aUhdaOtZSceGDv/cw2spbQb2bRfh3:Vbfw3wMepmBdD1aUhdaOLrj/sgsibRf1

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.wenhua.dingjintouzi

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.wenhua.dingjintouzi

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wenhua.dingjintouzi

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.wenhua.dingjintouzi

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.wenhua.dingjintouzi

com.wenhua.dingjintouzi
1⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4270
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4306
- getprop ro.board.platform
  2⤵
  PID:4306

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wenhua.dingjintouzi/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wenhua.dingjintouzi/databases/bugly_db_-journal

Filesize
512B

MD5
dfddfff00d1c159b34ee2aa595bf5fc1

SHA1
4293b7fa384632fe8bf8373c55d81c28d65114a0

SHA256
dbe65e7d85133b809091090ba4f59e62f58db9195d9d3ac86bdb8604c515f6c8

SHA512
041875b995bece8805d1611305f18b7457b18cbea6d1a55bdb50a269c49302043887ade758b3a31a661d0eeafb96a5420a5aa43512c773a57176b1be1ccc1fb8

Download Submit
/data/data/com.wenhua.dingjintouzi/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.wenhua.dingjintouzi/databases/bugly_db_-wal

Filesize
96KB

MD5
9858123f78e94afdd01f9395d7238d09

SHA1
72e5132eca934b56280fdcb5d7cace4c3a0c6891

SHA256
e18924b136043d12576523277f468132295bcf8812be2434512f14d3d1aa427a

SHA512
c5045b31a51197007975d94e0a82e28c393e52e3117b44ba56cd0d3006eb727fa7bd575f9ad357de9572c77604887e9ffda594133986edfd951b061392c3f2d3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads