ad1a66db7f2ebc4ffe15e1ea48a55567ae49e56958bfb4766b53eec2542c9f7a

Analysis

max time kernel
3s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
07-05-2024 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20ada10aaebbfb156b6acdd2245381cd_JaffaCakes118.apk
Size

31.7MB
MD5

20ada10aaebbfb156b6acdd2245381cd
SHA1

a483be249115392a7f0f602489dda3ebc046b38a
SHA256

ad1a66db7f2ebc4ffe15e1ea48a55567ae49e56958bfb4766b53eec2542c9f7a
SHA512

aa1921f29e23b2283ec58d8fc630b9a02303be17edc9991a6888e9ce73443ad7614203997a0288cf104774427e9d3d7699e730ef7f838d07d5ee13ec5ac5125a
SSDEEP

786432:NO5cShNRmZxHGhQ0dtwhqJalmaX4mHRKzfdFoQe2mxSQ:NObLaxHGhQ0d5Jalmm4Smfmxl

Score

7^/10

evasion persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zp.dimr

Checks the presence of a debugger
evasion

com.zp.dimr
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4276

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zp.dimr/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.zp.dimr/databases/bugly_db_legu-journal

Filesize
512B

MD5
9b760d68e518d09dda5eca8c1dcd5705

SHA1
f17e12abf56b7d32b2d74dd89e8e47cdc342f2a4

SHA256
d870e4503ed59dca8fc36a7651890900e1c8bf608ebddd674f78854e0169f525

SHA512
34cedfb100220f760fe2d4e67be863e5ef932161e7f60fdc440304a51c7dea5c7c7f09a035bc47571e6e61a7402f59be1e9904d251f03c853ff1d2ba08e39894

Download Submit
/data/data/com.zp.dimr/databases/bugly_db_legu-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.zp.dimr/databases/bugly_db_legu-wal

Filesize
92KB

MD5
233f0398db855243fee55d1aa5d8678a

SHA1
e115670b0e72b11e0db17ec64bd7f8370275c708

SHA256
4ab57fc86beabcb363ce4754e05ffdb22d0197cef77eb098176e24fb3baee93d

SHA512
f2c2add4628072370759b04dd88a0eb28e9843e7054ed44fb510e73e86957b9883b317fc580854fa544ea88b051f0dd713a4e069fa75d66092009fcc85ff5aa4

Download Submit