13c25bfea251cc93b283ac75e72cbeac168b5a2a1ffdc3998292699bff8927df

Analysis

max time kernel
88s
max time network
150s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
09/05/2024, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a8fc1d7446845e52182218f9462c8e5_JaffaCakes118.apk
Size

5.0MB
MD5

2a8fc1d7446845e52182218f9462c8e5
SHA1

52b2b08c70d9f856253f3c457c0fc649da8051cf
SHA256

13c25bfea251cc93b283ac75e72cbeac168b5a2a1ffdc3998292699bff8927df
SHA512

d6b0acd2d99072801d597a4335a3f00b1c28bd26995db5424c42e562fc6b65ff68143284a7dcfa6c0f54a526ee16b047196db37871905eda89e19512b21956dd
SSDEEP

98304:owGGqFDWvnEuA1/CsGtE0y1a5FCT4VxN9iaQSmv1ZUtQjrZJy9LxRPgK:oR7FqvnEuA1/8/5FCT4V/AaQFZUtm/ab

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.zlwifi.mmckq

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.zlwifi.mmckq

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.zlwifi.mmckq/.jiagu/classes.dex	4159	com.zlwifi.mmckq
/data/data/com.zlwifi.mmckq/.jiagu/tmp.dex	4159	com.zlwifi.mmckq
/data/data/com.zlwifi.mmckq/.jiagu/tmp.dex	4159	com.zlwifi.mmckq

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zlwifi.mmckq

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zlwifi.mmckq

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zlwifi.mmckq

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.zlwifi.mmckq
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4159
- sh -c ps -ef
  2⤵
  PID:4285
- ps -ef
  2⤵
  PID:4285

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zlwifi.mmckq/.jiagu/classes.dex

Filesize
4.4MB

MD5
49e08f3df5f7fa0f4df0e4d95e069bb0

SHA1
dfee5867f33e2b024bf56dfdc1276e7ead4dbdfa

SHA256
e5472196d740a578f7311b52306a94231eaebfc6f5d7c5c381b8f7661e4c2a9c

SHA512
b961ed066eeba317176952e1b01759decbe1204c5cd3cfe6dd1c92c9bef3a364a581bc3bc2b0adca9e4183a10e6c20a7ac9933118604c9b4ff1ef537a7c78497

Download Submit
/data/data/com.zlwifi.mmckq/.jiagu/libjiagu.so

Filesize
491KB

MD5
b9bc395bbdf359c140d0787436c08d9b

SHA1
e926ef140c4a631a824ef73f59f2dbe0c1f9d290

SHA256
d8f0b19c36bdf0aa6aa2add107c126e48771a83c8f693abf290a1ff99078dbe9

SHA512
80fadc22da3ddfc43d24eefe309f602d6741065e9f94835a34be5943ce515b89262ef1db4594b085836ba2d2b762a7750de58025c212aeb9cb189f886d21cda3

Download Submit
/data/data/com.zlwifi.mmckq/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.zlwifi.mmckq/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.zlwifi.mmckq/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.zlwifi.mmckq/databases/cc/cc.db-journal

Filesize
512B

MD5
4fbf15148b104bb83a20dafa3dd6dc1a

SHA1
e3082e4ce9c3590b6a1ed790c12ce0cb940e1b5e

SHA256
6b15d4de4d1a9f932e79ef8cbafa38e67bde49efffefec30c5ebd4eb5458edf4

SHA512
989f5f09ef3f728479bd6661b57dd4e3e86285cf35b40b7e069fa56e1ddf8114b4e290d74072d9bf19c261f607b09546ad73d73010a91d65276e87fd438bf92b

Download Submit
/data/data/com.zlwifi.mmckq/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.zlwifi.mmckq/databases/cc/cc.db-wal

Filesize
48KB

MD5
08d88101c96133625f5c8d1d2d627bed

SHA1
bda66143137c425ee32898dbb6ed7732402d1938

SHA256
95531f575a9678d271423dd30432ec68f85d0339a44fcbccdbd5c97d6af0fef5

SHA512
5a193534c121e014e224d08edbb2c226ad4971fb64a98c2dd4351f7d565c821d32344159b5a55fa8131fdf0a4402a205274117a812c6928c4df47e5a85975374

Download Submit
/data/data/com.zlwifi.mmckq/databases/cc/cc.db-wal

Filesize
16KB

MD5
9401c0b18828949004b51e0016904600

SHA1
f26b78a8a6bdedfcabe4d8ad49aca8cf54424244

SHA256
3957cef8a68c53c56bc4aeed74a6cb0c6d8caf24a04f96104c9b8bdae4f09ec1

SHA512
7c5ed9efb67f3411dfed6edbf335871fb4fc30b4f309df0aa8c52ccc2ff3dfc3834e180dce9c6efae60f69aeffb624218a85c9c9824c6cb2e4b93c6652562a6d

Download Submit
/data/data/com.zlwifi.mmckq/files/.jglogs/.jg.ac

Filesize
40B

MD5
fec80c64579dc16c68fbb77b243fed3b

SHA1
8bf4c55baa022532edd651d2833bd1a57fb61f73

SHA256
965f2e6fbc3a5f1c52efd1a84d440039266f2c981ce105108435a19f37ac31f6

SHA512
a44ace3c419964f45053191d63eaba7d247613e5a591b257099941ff84fc18e56f79ff042d65b2e30d1cb6245cd04790e0ab0021e130c60951f997d60e82e2bc

Download Submit
/data/data/com.zlwifi.mmckq/files/.jglogs/.jg.ic

Filesize
32B

MD5
12274d6fe9cf51adfd9b6ebc2510ba54

SHA1
79f95b6e2c36692ff1d4bbbc224b4aa792b025cb

SHA256
10e3f8e64f6af9002fdda7aa00f4adaff80bad06f10991b91d3d30cf41f50e8d

SHA512
6e0c08895ce6fec4cbdc1a8cb6363beda41e9301c91512cfd15ddf9c5873d1871450b579ac86e9e04d55f726f7692f236851743b115483f2a92015a64136f39e

Download Submit
/data/data/com.zlwifi.mmckq/files/.jglogs/.jg.pk

Filesize
32B

MD5
6c68448dde2f711f3ce4c28b39414265

SHA1
8961cf57ca212fe0858a943140c16b3a5b8207a6

SHA256
ede880afd529b68a5d8e25f64f04cf2e4b321b93c22eb13cd42b4a33ac05a811

SHA512
e21489bfa17064017e34765bf7dea74ddc0dd0f0ba82cd2e1468bbe040239682a6e85775bde934ca73c132a15f9047bdb48d9cabc11b291b708755351f8a99e5

Download Submit
/data/data/com.zlwifi.mmckq/files/.jglogs/.jg.pk.h

Filesize
64B

MD5
33f591b57a55641208fb38b18cdece68

SHA1
65ddb2cef4eb7fb04456948e6b318df580954e83

SHA256
b2c272b5fe0395fa61ac23ac0260aa1854f33f1c001b65e839081c254a222bd4

SHA512
29c660f40330068306beb417ce1663c6acc092fd390cba34153b3c9da1cb7d1e251d4262a3f7861e8e05d9145ab0d998160f39024c0eb2be9da9772ffb2e4234

Download Submit
/data/data/com.zlwifi.mmckq/files/.jglogs/.jg.rd

Filesize
73B

MD5
247e8ef41bef4388bddd4f65ea6d5d0a

SHA1
571a7a65c8c45f3fb4de3dbdc8732cd3769be772

SHA256
79ca7fcbcfde8d477ada8803b7fb6cdcb955178e21bcfefadbd1b7703d39a006

SHA512
c889bd2acabfca4ffb065f109160cfd9aebbf6bff7784ec056ac8549303549b104712b27f4ea241a59abdeb3df086f35626895837c2dd4ae7e9ccfcd5d16336b

Download Submit
/data/data/com.zlwifi.mmckq/files/.jglogs/.jg.ri

Filesize
314B

MD5
b370382e254c2581af6741e9231812c0

SHA1
96ada6636cf3a40f7e9aed0f2b212f11f7a9b1c9

SHA256
a4654091374c0abdf2e0a2c25cace414d8f5cd7b2ca1dc9a9a832eb161079958

SHA512
6b0e1272dbf7d083f17bb51f3729d0988e92f38c3bbd9372530bc073df2dca8e4465f24862d508e9361a9820e88346688d6bf70553fdf3198f490f0a8452dd20

Download Submit
/data/data/com.zlwifi.mmckq/files/.jglogs/.jg.ri

Filesize
307B

MD5
1b90519461b0962bef4e654c7bf4675a

SHA1
a9615cd9726713eb0007f159ac281c147d606c3a

SHA256
8ab58136f05006b49fd9e73b05ff330691bac627e351a65328ec8e0ab89e67db

SHA512
44773bd67b686493d172505f141e234da55117ede7498611621551e7d0aee8b583880b5b7c4c58019bdc8db8b21a5ced75c071f62cdefc57e38363d6aa54ffbd

Download Submit
/data/data/com.zlwifi.mmckq/files/.jglogs/.jg.store.report_cf

Filesize
54B

MD5
0ca3f16842fbd75b485b10338158a95c

SHA1
353c5e3b93c21de0dcb4560f7e3a2cfc4ff93785

SHA256
49195bb5111cdffbc7bbc016155a16879ac27121b77c3c09e62245a515f6da08

SHA512
1d2c5fe0f7a21d388502ac556f4ee703415f1d1c4bc42e536fd75ea87e34c19d83481fcee19d397282633cbb662c66efff1e24b2230eb6b70790e1928642fe71

Download Submit
/data/data/com.zlwifi.mmckq/files/.jglogs/.jg.store.report_cf

Filesize
32B

MD5
49ebeed28fa8e59c03e168c5e7114feb

SHA1
e9b0ef8c5f3b6c913bf3f857f1188eb6f6a52c3d

SHA256
6989bcaea62fd60ef59d33c421f18ee070bf5e77408f6fd12b318f9d1f3329a5

SHA512
4133a4de2017a1a52ed40ce3c6b330e193339710df50bfcff1b607bee94fe3a76d510eac3989d4c4f52b31e6caab7b3ecde3ce68b671d6a506378e9c7776ff28

Download Submit
/data/data/com.zlwifi.mmckq/files/.jglogs/.jg.store.report_pid

Filesize
54B

MD5
f1010bb64600ac7148edb4688d8c4db2

SHA1
cfec90fab2dd94b81787e2e649a3e7478f7be175

SHA256
ef8bc61fd67335f23ddf9a87a4d34d77da5dc60b1e1b9431171b457fd333a298

SHA512
8ba754a0ecb9a5a89d7cbe77ee16ed3e472dc9d73cc9521ec2bfeab5f4075cc2ae66a4144dc17cefd8edb27e1675f35e9a823c1b0da5553eebb022f12ee7bb84

Download Submit
/data/data/com.zlwifi.mmckq/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
3aa3ef98127745af24d542c90461014a

SHA1
39e1014d7558ffadf7bf88c15215a8b0a1b28450

SHA256
7f5cb66db39a59ad31bd66c6af3516d976a0f56ee2ab14605e1ad88986ef6cda

SHA512
2bedea59a974f6be0986e11e4a8f1a27efd5f1eff3cdf1218e4e101b8e6a5cc70acc67c7bf9de019f68a4e648dc8192cba2824071ff6efb7d2024d9974b961e6

Download Submit
/data/data/com.zlwifi.mmckq/files/.jiagu.lock

Filesize
27B

MD5
b386be3af732d823aca01b005700c0b9

SHA1
2776ebedb9304d1f0d8fa6c011bd91a8d77932cf

SHA256
ad94b50b42479783be7e0d8a63e3fb2ee4da7220f9cbd6f02f79bdaa2c824fda

SHA512
38188dffe1383a96fed90a166e6cc9764513039902e790c2f3a8fcb09120e7123fcc9811844d173e07fa21b36d66e106497b1f668db02f05dd0dc89cfceaea43

Download Submit
/data/data/com.zlwifi.mmckq/files/.um/um_cache_1715267592612.env

Filesize
1KB

MD5
b6e0e4e36f9fd650b30166c12c713562

SHA1
2f4ffeaab926696fd80cb55f37a7e0a1a97dd3aa

SHA256
ef0863426e0849c31d42a70f3f80c81345cfa0d60225f0ffc703b1a788d1c1d1

SHA512
abe28cf1f92c9288975f907d333b3b5ef1831db3aaf3f474c6fc4a387a3a0d277911785b79779618fee92210350212909bee1b337aa44f223b946927fc06b075

Download Submit
/data/data/com.zlwifi.mmckq/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
ee8584456cfddf8df7eb78c096646449

SHA1
691a8c2a46459d5ba52744e2047573b5985ea625

SHA256
a336b90654abc460b49666dcd0f4074411c5a9a8de60e83449108a54d5051ed1

SHA512
f7a47c0a8a105a1155000997dfce48bd36a105cdc5e7efdab3baf4bdb539dc05c1778b0379c166121aa4d94d9c151569965e1e4d26580a5d408f0068212d2154

Download Submit
/data/data/com.zlwifi.mmckq/files/umeng_it.cache

Filesize
415B

MD5
015379b331b0f629b3c2382f8afeb71a

SHA1
dc126b109740f6b6860a63a1979a82bc12ff4214

SHA256
e7cf173f72a0447d83559c400f36f85a1ae555c9ee79350c5e256b4482df219e

SHA512
1a8c38ec47d1bc69210f1cdb4e8a1402e9e2e531d4585b86d839f05f87e865b7755cbb78ec5ef1fc969a6fd02e495251ad90ecd76638ab4b0d14196de23b0dc5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads