ad1a66db7f2ebc4ffe15e1ea48a55567ae49e56958bfb4766b53eec2542c9f7a

Analysis

max time kernel
108s
max time network
164s
platform
android_x64
resource
android-x64-arm64-20240506-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240506-enlocale:en-usos:android-11-x64system
submitted
07-05-2024 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20ada10aaebbfb156b6acdd2245381cd_JaffaCakes118.apk
Size

31.7MB
MD5

20ada10aaebbfb156b6acdd2245381cd
SHA1

a483be249115392a7f0f602489dda3ebc046b38a
SHA256

ad1a66db7f2ebc4ffe15e1ea48a55567ae49e56958bfb4766b53eec2542c9f7a
SHA512

aa1921f29e23b2283ec58d8fc630b9a02303be17edc9991a6888e9ce73443ad7614203997a0288cf104774427e9d3d7699e730ef7f838d07d5ee13ec5ac5125a
SSDEEP

786432:NO5cShNRmZxHGhQ0dtwhqJalmaX4mHRKzfdFoQe2mxSQ:NObLaxHGhQ0d5Jalmm4Smfmxl

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.zp.dimr

description	ioc	Process
File opened for read	/proc/meminfo	com.zp.dimr

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.zp.dimr

ioc	pid	Process
/data/data/com.zp.dimr/mix.dex	4901	com.zp.dimr
/data/data/com.zp.dimr/mix.dex	4901	com.zp.dimr

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.zp.dimr

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zp.dimr

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.zp.dimr

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zp.dimr

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.zp.dimr

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zp.dimr

com.zp.dimr
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4901

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zp.dimr/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/user/0/com.zp.dimr/app_bugly/rqd_record.eup

Filesize
344B

MD5
781de1c87cf66e526d18f13d37d7242c

SHA1
d9c0b297b0fe754b22de1a659383c968d6460ea3

SHA256
3d66cd9139143b6efa7fc71465172aa82f06f6a529309b17a54c78031b60f93d

SHA512
2f0d4b45dac0bba32ad975a732ab75c6e44152fc6c2081dd726883ac271323750468f24a5c04884d55d804b3ce9f2aa34b64bfac2163655e5629a2e13ebe6019

Download Submit
/data/user/0/com.zp.dimr/app_bugly/rqd_record.eup

Filesize
1KB

MD5
97a58552038b599ee884d258884aa58a

SHA1
690411e5b373ad1030643d8af9e8fea1fafbdad8

SHA256
a7a26db24e3150af55568ff6f9ae80dc2416558bfb7b937ad734f81264a4de4d

SHA512
e464edc1e8393ed8133898feac9dd4e25f3631d3ec04ea65ace16b0936f22d3259c35e6a7fd513622e7c269f4488bd0bf2b457a8c28850f85c5d1d33936f1a3d

Download Submit
/data/user/0/com.zp.dimr/app_bugly/tomb_1715087979814.txt

Filesize
23KB

MD5
88bfb7f0289fc6cb1375a2995d5dd9a1

SHA1
752f60004574d5aa5c44e0e1d9711205b07f0112

SHA256
42d204218ff573be23d4f9042c04965b4c62dfff7196330b5c8f0d62ad110cb6

SHA512
fe98f1db6d41ce11455e2f0f03f0b049a2c00740b9583d0977581420a81667dd7e34df839093987a81fc4580de67c0ad4a20ac179917bf6211b13905a447c98f

Download Submit
/data/user/0/com.zp.dimr/databases/bugly_db_legu

Filesize
120KB

MD5
dc0c40d048c186494c779732d5877c24

SHA1
38d05fe0db18a4f7e907249e42bbe128a12d36b0

SHA256
2742c85a3373c564d61fefacd7212f6b6f1d0665c25a5502ebe1dbffc3b4f1c9

SHA512
f84a7b2d0d78f1dce00295dc0d8100af2746d9b3c9132f3bf2e589799e20877d1a3530eab6cfdbdedbc23e5e05cf635181170b63016c3e1a85f07ed3d0e4d84d

Download Submit
/data/user/0/com.zp.dimr/databases/bugly_db_legu-journal

Filesize
12KB

MD5
21b18e31098e5bebd4af9c372909f026

SHA1
09ae7423fec93cf6be35e0d15a5db13376f176a2

SHA256
0d29ff1e0cf3d2e6eb23ead48eb1c4f1be0c420660b1296405aab6a9cba73831

SHA512
269741f6039ac61cb74da43a934601c153d91ff2e4adc0f80feacc8dce6db5b5d64af70df319ef77e5fde093a2816119753357cfbf9a2a7309966b20a6a7dc8a

Download Submit
/data/user/0/com.zp.dimr/databases/bugly_db_legu-journal

Filesize
512B

MD5
8f433b1f2b60d19d707d531f9e81e003

SHA1
bb87c8b62896ca299d318330c21f27ed71c786ec

SHA256
430dfd2a1990cbfad828d73860618f576f69fd27b4f76fd503527123351cd9c0

SHA512
a6b72f5a0f827edc6ab0a3b169d1007317c8367db062d9f63ca7a3579a17e15e1f9dad55beea9904ec62e6fe040983b4fb3174fad98700a41625baf52fc0ed79

Download Submit
/data/user/0/com.zp.dimr/databases/bugly_db_legu-journal

Filesize
8KB

MD5
adcb2fbbe9171580c88223b07b1af20c

SHA1
217726a362a4e63937c306ceb1af6a80c0676703

SHA256
ec72018254971fed3c1ba266b8a4e6f2be179b5542d2f661ee47acefcc7d7e35

SHA512
e93641c12d105d5bc77bbd4f9fed09b0251fd0d6369495eee115fb128ac6c0b227111607abd415d53da308a607ab95d6ef28552d231e7af6cde0cf48fb395dd4

Download Submit
/data/user/0/com.zp.dimr/databases/bugly_db_legu-journal

Filesize
8KB

MD5
6a40cd18790230dd7ed07633463a6a35

SHA1
b29cd1f29c40fc57e19f00b9f2f708c235e59111

SHA256
ffef2953fd25d3295d0c80ec165758c425a44feec2a59df0c51e9b3a912d7cd3

SHA512
387548e10e38e31b5c2586f96f9981c26937386a4954397e8612ee66234fb924e8d3e9805cd38c806e443e9c0d871fe43ad744ca81a3db4061e9f49afeabcbd9

Download Submit
/data/user/0/com.zp.dimr/databases/bugly_db_legu-journal

Filesize
8KB

MD5
baacd9d07b006796814144c691853a73

SHA1
8e41ae2d25166faf424a1b5d8f1ad346bb52e16c

SHA256
ebd7dc2c837d1bf1949273ce67cd7fbfe17e8828d5888c6d3cc264fd85a81761

SHA512
10627050119a8e05947eca5e5bca83cd23f62cf1d093051f0951d92d7c5c16ce8fa4c3107bc766af899527bcd0b14a51ed0bbfd549aa2afd2494366c4e3a51a3

Download Submit
/data/user/0/com.zp.dimr/databases/bugly_db_legu-journal

Filesize
12KB

MD5
014dddbe647d11592ca5f5a3307e26b4

SHA1
d2c0e81ad5087041f520c4d9212a60f0d87e3dd9

SHA256
da5bc868a9f24a59a5b9cb4b60d192c9f1ab53f38d0a7d770e0440f468817dd3

SHA512
8421244a3a12f7b4a214c53a59e0c52d2e3425133926c360deef8008e109429358a5b5647220709adf6576b0d87a7fe714f99c5be67790ce07d3a5d23e40176d

Download Submit