737b9285ff92e66d70da8e590510c2e4d79bb143bbdc5a350f529bdfb22d8a60

Analysis

max time kernel
20s
max time network
140s
platform
android_x64
resource
android-x64-arm64-20240506-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240506-enlocale:en-usos:android-11-x64system
submitted
09/05/2024, 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2af9921e65985b4fc5d48aed9627cdd5_JaffaCakes118.apk
Size

8.1MB
MD5

2af9921e65985b4fc5d48aed9627cdd5
SHA1

031f4827e8f7f3dcb581d10e01c56129db8d2c68
SHA256

737b9285ff92e66d70da8e590510c2e4d79bb143bbdc5a350f529bdfb22d8a60
SHA512

4cb0c6b08d5ad9a7e75bb8b10109463d967f729bac4892867676673e64518794be1f1ed43178bb0602febd624e2d0b8a008ad8513ed9fed7c3a75c7f150b2005
SSDEEP

196608:Z72xvI4hTUcgBGmMVUBd5fxff5MQoKt99UC3I8+wGs:ZaxvIERgBGJI5vMDKuSA7s

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.hyp.hwapp.youhui264531556

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.hyp.hwapp.youhui264531556/mix.dex	4795	com.hyp.hwapp.youhui264531556
/data/data/com.hyp.hwapp.youhui264531556/mix.dex	4795	com.hyp.hwapp.youhui264531556

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.hyp.hwapp.youhui264531556

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.hyp.hwapp.youhui264531556

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hyp.hwapp.youhui264531556

com.hyp.hwapp.youhui264531556
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4795

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.hyp.hwapp.youhui264531556/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/user/0/com.hyp.hwapp.youhui264531556/databases/bugly_db_legu

Filesize
184KB

MD5
70d8fdae61eac03bd6006f021eb52f0f

SHA1
597d9b89505e1e6d6dc5335913fc814788d57e22

SHA256
aaf58a4a201abf9c57ee4006b3d7a66ff92b9ab8c8f5fcbb450fcf4df7ab7327

SHA512
0a0fe179421f0a43376bac37d267839ce7c1aa4f3abe2c46986b8451441b8c381462d670091ae6f9b263c3107b906e2a010b5d0020bb8e0452bbf54ec226deaa

Download Submit
/data/user/0/com.hyp.hwapp.youhui264531556/databases/bugly_db_legu-journal

Filesize
12KB

MD5
a2ade11e79ed568ffce604f856074c8b

SHA1
8900819e2ca4783a35b0833312ac9594f68ae4a5

SHA256
cfd5f0dbcc84d1b6ef24191c7dddc4eafe9c68b53650ed98893ad24fe1980b98

SHA512
bd95c47a2e678a554544a7912067958711a3e3ce2973a89bfdde3868984d64e60cf7ab3f513c50a5764bd980b9bd438f6487ac7396eb05d60ea330e8a24fcae0

Download Submit
/data/user/0/com.hyp.hwapp.youhui264531556/databases/bugly_db_legu-journal

Filesize
512B

MD5
1137915749176a79789ec965bf87b24c

SHA1
15f8e386c72c5c77b8c5930e5c72cc77afd4dc8e

SHA256
596912936b301241f64ed7a6b59288553fbb2d205e5db2fcf412f33628e9d619

SHA512
97fe4ee0e03cfd2d743eafb538c64baa1d1bb195e31fe30d0e919c48f3f26da483e715dae02676a9de932cc6ae357a0affc9e460cce009a4e760c4e9ebf00a7b

Download Submit
/data/user/0/com.hyp.hwapp.youhui264531556/databases/bugly_db_legu-journal

Filesize
8KB

MD5
cc538cc75709327303b46a4c088bf3ad

SHA1
e091755404aa19eceee44c79febdf5ee538e195d

SHA256
0b7630beab65dadcd8049f1ba6754ffc12449f458bba1841bce32e996ae6c9ac

SHA512
2f8672e9709024efa8d96ff9058a7f940978c4b22a8b4afaaa4d7465da6b377c1a301a4cfbaadc53477ab544e07d59b324833f0221e88ff8962da0eee8ab8092

Download Submit
/data/user/0/com.hyp.hwapp.youhui264531556/databases/bugly_db_legu-journal

Filesize
8KB

MD5
455848e587d16f4f928761061a027b7a

SHA1
e4101c6418a1f36c56c9674d6e97fc69f372c144

SHA256
334afa2a51bfc3c563e0c374b9259038b1b1f0dd862268d6ec78574cf092b032

SHA512
5c2c83e2a4f0e527fd6d5fc0d25ae985da89747970a4a650ebff42f5c3d5ce800adaf50cee0de72ceaf9bf73f2082cd4792c7cf1ac18e975954ab6bfddaafe39

Download Submit
/data/user/0/com.hyp.hwapp.youhui264531556/databases/bugly_db_legu-journal

Filesize
8KB

MD5
03d4cae094c59ffce2de646f9828bb73

SHA1
01aa4168e5befebaa517aed7c724054c159eb4f7

SHA256
8ffd73f3f440fce0013f35055c136596d643571192533186fcd0e88d64a8f4a3

SHA512
584e130050a505b45c7bcf976dfe679b4a21e07f93eb12336e3fca0145eec342db46213ac67233c002058f9fa62da7efa4a16509a4ad3ff4c12b3f6c3889f591

Download Submit
/data/user/0/com.hyp.hwapp.youhui264531556/databases/bugly_db_legu-journal

Filesize
12KB

MD5
f83c93cc902b1515d73c3b269568034b

SHA1
c04b4d5cf35459ba293875a1d48747e65b343413

SHA256
8107977cab9edb552918e289f9853432a31fc614dfeef9d71440995ab18971e5

SHA512
7d832f1728cd0c72bc7ae135f62906df301623aa0dd12d30302b005f286916cbe2057991153cbb81c9f33b8fe7500954ae9c73c43b54ffc7cbc624f9ff14ce49

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads