c43165054c8874c9d661fa9c08116bd954db34666d61f684e1228952dd6c51da

Analysis

max time kernel
143s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11-05-2024 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

346c9329ce7029856886bb4c3d312720_JaffaCakes118.apk
Size

14.1MB
MD5

346c9329ce7029856886bb4c3d312720
SHA1

7f14b82135c8fc7b8b5c5c737474bbb5b5e2d7c1
SHA256

c43165054c8874c9d661fa9c08116bd954db34666d61f684e1228952dd6c51da
SHA512

14009dd097fd1564cf063a44c819e71493e7b9270f968da4fb078ee104a569e826d979445fe0797c30623f73ab31204303334633e63cea042c660f4846ca5ff4
SSDEEP

393216:Q2YvffI23qX1Acku6F0lDXYSUBiRKzNVY2w7fZ2j:Q2En9KickT0lDvUCeNVY9xe

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	cn.ecook

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.ecook

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cn.ecook

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.ecook
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.ecook:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.ecook
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.ecook:pushservice

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	cn.ecook

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	cn.ecook

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.ecook:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	cn.ecook

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.ecook
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.ecook:pushservice

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.ecook
Framework API call	javax.crypto.Cipher.doFinal	cn.ecook:pushservice

cn.ecook
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4272

cn.ecook:pushservice
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4312

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.ecook/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/cn.ecook/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/cn.ecook/databases/cc/cc.db-journal

Filesize
512B

MD5
aa12aac957741528c48d788702bd717a

SHA1
ebad7741ec199bfe41190e932bfc2a911e07d7c6

SHA256
84f41d0c3fb5cdd514f0a621a404666f57b6fe2767513a2764920373809011bf

SHA512
4dd849347f9c72f694f23f868829da5cca5d777fdd7276f69e9769f302bde552d0e0ce2dcf825ba5067cefebe48b6e2ab34863143c80b87e2d8eb469524d1c44

Download Submit
/data/data/cn.ecook/databases/cc/cc.db-wal

Filesize
48KB

MD5
e102f3d69f5201a8a461fccd182b32c8

SHA1
753ec2d45ff91f337be81abe3b4d6d8eb78e3ae5

SHA256
1c71f0a5f6f3550f327fe5bc0abafdcd5278fa632dfbef6d85d3e5c2c40b9868

SHA512
d93acdbaa4ce2c54ea682dd2f88cc5dbe5e66e57067b9b91bdcc17ab59bc4fae78e2ff8a677a6a8487197331fb351b045a57aa68c5f0645673584ff8377905d6

Download Submit
/data/data/cn.ecook/databases/cc/cc.db-wal

Filesize
16KB

MD5
710004f9f3f3d688c9247a48d18d48d7

SHA1
674f5d9840646014ae8feeeb053781d74a872859

SHA256
510dcd522dccbfb19cbe4df0c75e9a5b5e88f8c70777e253fe009d1005c1eabb

SHA512
a5ef1ade4a676e833426d130ad8501e25762b301234b7cef153fa2c504729be07508976cca191ab861c0f737cd14eb1456a796faffcf7e948485a3d8c6918e58

Download Submit
/data/data/cn.ecook/databases/collectiondatabase

Filesize
20KB

MD5
996697f79c9eb6dbf277dd423cb149af

SHA1
54772e00fd33e226750ed53070d8231874edc641

SHA256
dd3f5bd02a4f13ab68a910475500c34175a1c65f9fe898ea2f99eaebab1dd831

SHA512
2fee65df5d32c70be7ad0771c64498f117ce449b962261255b62edfe6c6b53f6772e975eefea2d09aeda2876dae3f8a8e8bdef7067d0e611cfaf4f0eae4b2e91

Download Submit
/data/data/cn.ecook/databases/collectiondatabase-journal

Filesize
512B

MD5
ad3b380158c9a5ce2fff02a288c28c0f

SHA1
d40f4f84d16828f27a925ed6171ff57f9743a31e

SHA256
609c7f591d949be215c2d26968a871ce7f594ad82481d25e87f4f37c1d586868

SHA512
9b2647aca51767e8ca01c250ff0f368211ae795ed3ca745cbe560d89f7a06a6d886f63fee59c4cae13cada87d8486e7dbe3efb67a177d3c715c82754bd162fc3

Download Submit
/data/data/cn.ecook/databases/collectiondatabase-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/cn.ecook/databases/collectiondatabase-wal

Filesize
177KB

MD5
bc7794eed6df1e6f0ac2c6a5ec4fd4db

SHA1
4c89fa87e947de232370b6bd00aee3fc071148ab

SHA256
943ee573a5f33553228895d2a88a11c8be3d60ad4e82d9f5e01a417ebbdf642f

SHA512
fd58c82300f0c60a6ade9aa13ba0c0d374856798a4797ad8b9a3f99261fa03080fa6355f8c5be7b6fd835ef45675be675583b7bea8aec94e49de727b03976273

Download Submit
/data/data/cn.ecook/databases/ecookdatabase

Filesize
20KB

MD5
c91bbb01a5641d7a25b9d3272f49adc1

SHA1
b282309d4525afc7a662a550111bcfe51f0f53b2

SHA256
d5c4c57ee5454cd6b946a707eba1cd05de6512e9ec002d642138b79384a04af4

SHA512
92e86638497221699bb57b1d729adc9510364d02f760bee339ed909f32127ba7c0771f648c9c84d55594550a4ffe03d5f6e0032f277817464b5229dfc35d471b

Download Submit
/data/data/cn.ecook/databases/ecookdatabase-journal

Filesize
512B

MD5
a695df72b2c6050e10f12adc4da9f376

SHA1
12fda82195bde1016a230bab2fd327ed3bd4c45d

SHA256
ac649608d80b8526b3626a68992e9ded9860228472cccf9dd3119e16e9bb597b

SHA512
bf81d95b213278acfd9541624744c995d3c4b334c8b9662a5b2ed8c8c9b2116c262e730a014c779eb5410880fa13f7576c3b103703b4230162d0c8219cdfd631

Download Submit
/data/data/cn.ecook/databases/ecookdatabase-wal

Filesize
32KB

MD5
4d058fe22dc62d08e9bcaf4b7aec768c

SHA1
286aa6f476b0d5477a8f6e04f7f40de0ffbe924e

SHA256
0236099f5a77efeda6e07c056ef12ad5975ae749cf3faa19e085028511eb9bcc

SHA512
bb6012c402a7f083a035828f54a6277729d9f94ef48c5f3c4ac0856950afcda167ed5bbda6f26aa534136b065ff4f73e20992a3d3295dd86ed97404e9eb85a8a

Download Submit
/data/data/cn.ecook/files/.um/um_cache_1715427956080.env

Filesize
1KB

MD5
c5951c651ea0b3c528cbfad50ba9f8dd

SHA1
a7ba024d5694ffd3696f25b4b8a05e8e06c12cf4

SHA256
cb9311098a5dbd8c93a86043810168c6d6c08f78c9f36b834705e6c2bf1dfcc4

SHA512
8cf7d5fc85d48ea1b55b5e97e2e2e059129471611c8ca2336e1f1528495cd51f670526ac89c49656d058c7676f825b683610574854f39077163060e9af38ece5

Download Submit
/data/data/cn.ecook/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
791a6840c4985b8676a631a98fb42b8a

SHA1
ddaf3c226d44f0cd5ba1b5133ccecc06f965677f

SHA256
fa1daf6744ff0f5a1c260f0ebc3d433d6596b1c280a7e2644de815abfec84c4f

SHA512
1531f8635cc54bd4f4234e4bbbdef6ad27d8af45d22ad29761ab23c50c211beb04e920eeb6e50daa53e159ccbd65b5ca7a77c7c1ef24457ced5235e2aa2178e6

Download Submit
/data/data/cn.ecook/files/exid.dat

Filesize
54B

MD5
2db6426cee6076e8c0762d2cc28f1c0b

SHA1
c0928c360e3099f7733d9af95e5a5106399c9795

SHA256
d79a1eed5df52ab01131b61460e562b2a5a1d15634e6489b4eabb8b75c6fd53d

SHA512
4a2df17de65a74489f3532545b7a59bae30b1e203e812f3aecb72cb1b339ac0f687b893c363710becc50569fd289be249191ea57a6a4f0a9d614fa7a2c7bd70e

Download Submit
/data/data/cn.ecook/files/init_c1.pid

Filesize
14B

MD5
ef98123594a9b29478a213f95d0291eb

SHA1
3221960b7dca4bfa5223a8f61bd5755bd8a403f6

SHA256
bc9991366d2e260c9e7f681c72db6816e81686c5e647b4ac7c3575b0a3154d98

SHA512
b4de73b413b9d07251588734f0a24d56cff5087c3022b9cde42e1984c286160cfa01b0e72cb5d1003861b54c691f488ba082c2279a1311389879b4ca777e99ab

Download Submit
/data/data/cn.ecook/files/umeng_it.cache

Filesize
415B

MD5
88d3d51ba975bf8efc8ba588e76a7c57

SHA1
9a77976e8518735dd67aa0c495732780d185af16

SHA256
210fdefa94835415dea048f7096def2a610b95d3ce1cd03018457e6b972a621b

SHA512
423d653b93f610f8dcae83a298cf9fbf5300d7fb3cea797606c3e96185b3b49fd98056ae0afdcab708dbdca7bc99b718bc409fdc67e7c8e657f6476521439727

Download Submit
/storage/emulated/0/Android/data/cn.ecook/cache/locationCache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/Android/data/cn.ecook/files/MiPushLog/log1.txt

Filesize
391B

MD5
ac70f8afc048c02f95241cc98248d473

SHA1
fb80f01a7407b79643a50f5510fb07a8a258805d

SHA256
15659415ff48192e634f1e519e00f8dfd70f68dcbf610505d1f56f37f281a2f5

SHA512
fdab1cc9cd18de09b72e9acf8b93867fe0ec34843281fd3461eecb39fe9a349d646bbee600e3b02aedd3329ae1eb19f39914560f5940bd77128d31059e6780fd

Download Submit
/storage/emulated/0/Android/data/cn.ecook/files/MiPushLog/log1.txt

Filesize
209B

MD5
818cd2c31b076920b6d1df010fd7fb01

SHA1
115e7a0a1e0dae93b5ee37b1b6d650f34ebb9e46

SHA256
4f65f6e9cea8647dbc8b4f77e6c5d926bb7a563774355ac6d25119bb7dce1a69

SHA512
405be4a9225cd0db6a3dd6a860be75825ca45825a25d54001d84c473f4628a8a761ced0ea2fb24b667738a95daed828b967179c4b5bc462f312fecefb259a325

Download Submit
/storage/emulated/0/Android/data/cn.ecook/files/MiPushLog/log1.txt

Filesize
1KB

MD5
b53b6a983e83019023a452e32abd2ab2

SHA1
8e611fe17c27004330701c5a54536d963d6e8e00

SHA256
b37bf918dca0eba949a9a93bc440c38c38493f3e8c949d791a1426a10bf6bc06

SHA512
9700819795f6e603dfcccd5dacd6979f958f84977a9033ce8ec59f494a940073e3a7da326d671662b806b7bac954a379562a4ce0a59cf336b3cc29b28ef50d06

Download Submit
/storage/emulated/0/Android/data/cn.ecook/files/MiPushLog/log1.txt

Filesize
727B

MD5
7fc605ee99359f9b238edd7d72a66304

SHA1
2f5e357c95ca69eb722d8370fb1740266332e44f

SHA256
6d4731a15c492dea36fe239303f60ad268f5dcd129dfdbaa89eab7da13358919

SHA512
781d547216a8f7bc08b5bd64cfd6f49420f89ec6594c90b33bb095090dddef632ddeb2d7060bb325739502eaae667d0fed409dd5bc7d480b2feb5dd339f68afb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads