5a6acb720790cab1bfab11fe6ecd05f1374d9135b6d124a0225d6b65e6ebd1e3

Analysis

max time kernel
4s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
03-05-2024 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f396cd02d10f2eaf69820cebe5b3950_JaffaCakes118.apk
Size

13.1MB
MD5

0f396cd02d10f2eaf69820cebe5b3950
SHA1

35cb9e20e85062a7dcec8776baf0233587c250ec
SHA256

5a6acb720790cab1bfab11fe6ecd05f1374d9135b6d124a0225d6b65e6ebd1e3
SHA512

58fcfece25accde877919226b5b2448a41c9b077c94e8da5c78c125f662e36072c09da0f917bcbb44aed420e4fc3351cda504cd667a3cb738e6d3bfaa9451aa8
SSDEEP

393216:s1cmE9dl2+FPV2TTVPEgkbU4qM1lmi7k1L7/p9t6b+ycFW:s1cnPpFPQV8gwnl1TA1f/x66ycA

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks known Qemu files. 1 TTPs 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.jiarui.hongmen
/sys/qemu_trace	com.jiarui.hongmen
/system/bin/qemu-props	com.jiarui.hongmen

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.jiarui.hongmen
/dev/qemu_pipe	com.jiarui.hongmen

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.jiarui.hongmen

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.jiarui.hongmen

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jiarui.hongmen

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jiarui.hongmen

com.jiarui.hongmen
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4475
- /system/bin/sh -c getprop
  2⤵
  PID:4527
- getprop
  2⤵
  PID:4527

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jiarui.hongmen/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.jiarui.hongmen/app_crashrecord/1004

Filesize
234B

MD5
f551d7b6ba6d6c14eec199e16884c3f0

SHA1
711687a49ac0c905e2a116e9f3d1f44ca1ca722a

SHA256
b014ba1772c78f70df495e308d45b67367fbd00494ef03b0e99b8758ff9a5e2e

SHA512
18826bb3d37396d44bc76efe839576f80165357c8085a27d98d47571db50da2ff336f30b8698014115c23ef913582c972aa55536ac81ef5b3d411dd8853b116d

Download Submit
/data/data/com.jiarui.hongmen/databases/bugly_db_yaq

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.jiarui.hongmen/databases/bugly_db_yaq-journal

Filesize
512B

MD5
11e2ebc8c9327a207970a60a382a7da2

SHA1
d4a518dd3133a15451e67895bc4b7ccbd44eadf3

SHA256
946a61e0e8d48c48e935670a863fafc026796510fb0354d61b6b00542a8ad7e4

SHA512
a6dc9024e5f331244e40314278cd47da986f3198a0b58786489907a180c8d7f9dcafe48a7fd0cbf2b3ce32639b893b0463cfcbd1edc0f1fe28c10f51c24bfac2

Download Submit
/data/data/com.jiarui.hongmen/databases/bugly_db_yaq-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.jiarui.hongmen/databases/bugly_db_yaq-wal

Filesize
72KB

MD5
f9476654a5c2dc46e25563699acc07f7

SHA1
be31609f735b66def9d6f53c76c8474edc53d531

SHA256
a3f9d7059e5835683312b8a2c3e831130fbb7be2e43f147f368bc4cca76a8882

SHA512
706796be113c8b0ad6c08742104c8687641fefa5e9b9d42ce557fa2c635d26c44f733e69f8733e662ed50e3de53f43661829eab73b72422663a348143db57a63

Download Submit
/data/data/com.jiarui.hongmen/files/native_record_lock

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.jiarui.hongmen/files/prodexdir/.updateIV.dat

Filesize
12B

MD5
37e5c51f9263b609e5c19d9044df0fc9

SHA1
592f7d43b33642e977a3b09cc411f134347cf688

SHA256
892cc6483a52c56433888ee0cf8b9643c3dd7c18b6b0857ff8ee39dab88f4530

SHA512
d83a6fe0cd18619c7ea640dc199f7c3b75f0e257c640cbbb582c8f6e26c0704c9c9e7e00409151c98b290eac6135babd14bc69b7cf9638ee8d730baa49576281

Download Submit
/data/data/com.jiarui.hongmen/files/prodexdir/00O000ll111l_0.dex

Filesize
8.1MB

MD5
f7954748bcc053f1fc5639d7c54dbac3

SHA1
a38c35752a0ad0a4119877a91d9688ac44efe1fa

SHA256
69fabed0e6cb6ceea64e0a3bce0526f6af56b5a6cea8f4b2b9e559a13e46fe4f

SHA512
4520e5cbbb8e80bc39a822fd406252acd76298e4bdb26e45dd423a63dd0e2feed4df97304960feaeb28fd0702368218216ea55e10e0d2b2b0416b867acc6b44c

Download Submit
/data/data/com.jiarui.hongmen/files/prodexdir/00O000ll111l_1.dex

Filesize
424KB

MD5
6f06fbacf8d3f303e8c4d27da83ec129

SHA1
562a9ac50edef3b627c565bd4e1bed55380a8376

SHA256
ef61e6d46bb4cf728dce0c691b9ae38818b703977b297436e2a5d80b6407fcb8

SHA512
7510015dc4c614d763e1218e480ec5423b423c75a04209718872ea2604864d4aa459961d3b31548a0aa0ef8e96408f6b667099318a7d3a1847f858a3a3a0ed56

Download Submit
/data/data/com.jiarui.hongmen/files/prodexdir/0OO00l111l1l

Filesize
4.0MB

MD5
cd2cea1c08be56213af81eac4726ee6a

SHA1
8eb735eaf166acc87c65e68700fd3058840f5f1c

SHA256
fb9ffb0a05b8126f48cb650170d37ba5243b30c3108381c7c39c27b1dfb5aed0

SHA512
036e1f6e091c81b1b9993bc8a278f2b0894e739c62dfbc4e9180cb0c61d6804439f12a4923f90a12ff5520f27bbc6a30392c58e2b9fd07b543163e9cc88cb16b

Download Submit
/data/data/com.jiarui.hongmen/files/prodexdir/o0oooOO0ooOo.dat

Filesize
144B

MD5
bfa49397e4243367e897de564d88306c

SHA1
c71fe1a462f24e626eacb7f8e195378b1ecef41b

SHA256
69a3e78648eb77eaf6a7de488ad52d5f2cd20ccc1d55c2c880d1759501c135d5

SHA512
42bd03bcc1eaa2cc2be2efe582f20e4d02005d65cf6ed38f571eed05bc11ab1d293a6116b054cc300e1a31e7fa44ba8d5251089236abf8a3e1c141499ba8ae78

Download Submit
/data/data/com.jiarui.hongmen/files/prodexdir/tosversion

Filesize
31B

MD5
3cd763632707d4590ce71f43f5d517d6

SHA1
1868d9f9d38d1dd8d1674a45f2b7ef9c5597533e

SHA256
704a57a8b1688d591dd6fd4282080adac959556a1687f127ac7fb4f1af2d4597

SHA512
8bf170041a1df58c9d39da47b71393da23a884fd8dd429ebd32c04d25c8304a0ad4c749685320ef26f44de66fff6b42f9bf82c33368a5e15710b20c9ac217348

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads