c43165054c8874c9d661fa9c08116bd954db34666d61f684e1228952dd6c51da

Analysis

max time kernel
143s
max time network
165s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
11/05/2024, 11:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

346c9329ce7029856886bb4c3d312720_JaffaCakes118.apk
Size

14.1MB
MD5

346c9329ce7029856886bb4c3d312720
SHA1

7f14b82135c8fc7b8b5c5c737474bbb5b5e2d7c1
SHA256

c43165054c8874c9d661fa9c08116bd954db34666d61f684e1228952dd6c51da
SHA512

14009dd097fd1564cf063a44c819e71493e7b9270f968da4fb078ee104a569e826d979445fe0797c30623f73ab31204303334633e63cea042c660f4846ca5ff4
SSDEEP

393216:Q2YvffI23qX1Acku6F0lDXYSUBiRKzNVY2w7fZ2j:Q2En9KickT0lDvUCeNVY9xe

Score

8^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	cn.ecook

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.ecook

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cn.ecook

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	cn.ecook

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.ecook
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.ecook:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.ecook:pushservice
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.ecook

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	cn.ecook

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	cn.ecook

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.ecook
Framework service call	android.app.IActivityManager.registerReceiver	cn.ecook:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.ecook
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.ecook:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.ecook
Framework API call	javax.crypto.Cipher.doFinal	cn.ecook:pushservice

cn.ecook
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5091

cn.ecook:pushservice
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5144

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.ecook/databases/cc/cc.db

Filesize
36KB

MD5
0908e924aa236931dc7166fef6e00862

SHA1
7782648d6d8f6e835bd47058d4852932c096a467

SHA256
38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

SHA512
3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

Download Submit
/data/data/cn.ecook/databases/cc/cc.db

Filesize
36KB

MD5
67c12933d1e0e63d9801a6aa43092ce7

SHA1
b6936908554e4a1986b8eb08289e2d3545e8ff74

SHA256
abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

SHA512
db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

Download Submit
/data/data/cn.ecook/databases/cc/cc.db-journal

Filesize
512B

MD5
2ec2c16189a3a607a331d2c99ed70814

SHA1
9ac7b77e3f25e9a342a903e007fffab052d55568

SHA256
b58df098493c9bf05bce09e7f63435ad4844852da582a367a708a7cca7bad6ef

SHA512
388ec86a6d8f7c3db9863a9f6064333de03bb130372b6b0e7c44e81a3a57f6087c53ae1f9a11f7a81f28012c4b5d13234176a82f1f21346d3c76cd4bfef3c03e

Download Submit
/data/data/cn.ecook/databases/cc/cc.db-journal

Filesize
8KB

MD5
6b6a2987228faf97c30fd6db1d302250

SHA1
ef44f09b64b3b6d72a152def216e72c7cc497db0

SHA256
be50de23fb7577eb90c43603a9387084e0235c080549ab1d27d8f3b8281978ef

SHA512
4f422e78b5dab005c9f3fdd3cb0fe11eeb71b970a083ac9a94f83083a56d30f155fa803d4de3e6c526c9237f386b14cb7a7f30d39efa4da0ff109d7d6e3312b0

Download Submit
/data/data/cn.ecook/databases/cc/cc.db-journal

Filesize
8KB

MD5
6f7cdab838a7f0206d9480729c61db06

SHA1
67bc44ede13f0cc414c0d8715725d83380cf4e71

SHA256
93a5dbdb3a4d99b7b3bd48b89e7d26c2dc7f420d2dc2566b53c33df50ba3b4fd

SHA512
59a55cc378d9f58f1e62086c971e58ef7ea52b9669f3f665f73ae03cff7a4d375416faa2ae07c0ccaf6bf7a084fb831bb2761e1d623e43305864c6e60dcc0046

Download Submit
/data/data/cn.ecook/databases/cc/cc.db-journal

Filesize
8KB

MD5
4f0bb4acfd4becb2cf7dd04ec1a52e84

SHA1
f8421439b0e7faa61366021df3b20ebc2c14803f

SHA256
a40534442fd6d147035f943270f5ef400a4f659f44504df2354ba2048797020e

SHA512
b06d2769ecc9fe5fb8be7286000aff145930b7079c27551caa13893f4913dff9b873757a3a4a22aaa001f9553530fb88fa94ca14377d6e67a63a218d395d5e28

Download Submit
/data/data/cn.ecook/databases/cc/cc.db-journal

Filesize
8KB

MD5
659e634d4fc4874a8debb45b308ed08b

SHA1
b4195d20552416a1cb4252ab33cbda9f8fb41d8f

SHA256
49031727e52a190834f42fcea76698308f3355d9dec5a74a01faa3d8992f3a25

SHA512
3ce8c090ab42bba2027b9d7caddc47e504ebc294d506652f4f0dd4c72b5d7a774950a09d2119872d2abbfcadbcdf724e211f2514d17d451f1999ff6b8837d509

Download Submit
/data/data/cn.ecook/databases/cc/cc.db-journal

Filesize
12KB

MD5
e6f78b288862c46b4a3535ab7675bdc8

SHA1
90dccb47766f29281e168365c96dcb4cf61338ed

SHA256
e673b45a5f5238ba6fda660eefe6a3e75a13d35310c94c1b34ad0a2b123f4a21

SHA512
44117418b57e1a4efed6a46cad28c02c70f4bf4cdd119651bdcff06b12adc0300baea47ce4872af8e7755a82744157f2160bdb881c03d3dfc82cc29039b07747

Download Submit
/data/data/cn.ecook/databases/collectiondatabase

Filesize
20KB

MD5
447079dbbf5f85169a5bf7ef2bde062c

SHA1
6c9919097a556a3fd86e787246923db13c96aaab

SHA256
ac451ed467626afe6b590877e38ac4ce986474329f8b3cb09345bb6e31321679

SHA512
6c22e55fd029baa0bfd025632dc1b36550c276d0da30aa81769f364643a2ec60bd860a3cbe8dfc73286cac455f05ad0b1a4b2032769ae8a39a7c1e4f85b5b8c4

Download Submit
/data/data/cn.ecook/databases/collectiondatabase-journal

Filesize
512B

MD5
ce5264a428774137ac7779f7e5f88661

SHA1
9b808edd9c639477bc344fdab0ac0f1a020b35c2

SHA256
6b874fb3326e0dd9dfa6cf23ce12b30fe91a8cd2356d2a483f756068286e880f

SHA512
b10ec82dd0e6885bf2e037877ca59324cb78318deb685c65b556bb9a3f02e695f3d7843e27a3421d1a4a3c46696b67cf3e64f7da18d0d0beb4732aabb5d576e6

Download Submit
/data/data/cn.ecook/databases/collectiondatabase-journal

Filesize
8KB

MD5
00fbf93e8fdddc49c51ca5c4426439fa

SHA1
dd8264ffb94e54b714dc0b055d2f1e42f0a25a8b

SHA256
044bbd7ec5b9c5007a7e412098f671673834d63e5800ac8805f458d7da58dcc7

SHA512
c1af504613964324b8a7575a2035d29b1a467134f542aea656c11d96a2d3aa6dd26de0bfa7603b0d2577c3f2bc41f9ac952993344b21ba0d097c8c2d1e361106

Download Submit
/data/data/cn.ecook/databases/collectiondatabase-journal

Filesize
8KB

MD5
8abf21d463f806e8e8fdbf055d6e700f

SHA1
f545e0ec1bac1f4e47c2c7c04006e4c2845bf15a

SHA256
e3b0acab307314708dad1fd223aba2cde1d3ae98988d617696d67d5168ba24e1

SHA512
35abd90d2bbf38f98c3272d1adf26aad8a83ebcd771212eb03c1b62db15a9246524d98336d98451bd6039d4bd8b77291ea8165ce179b6a6006a717ea2e11728a

Download Submit
/data/data/cn.ecook/databases/ecookdatabase

Filesize
20KB

MD5
3da0c7183f37c160cd276213132b4862

SHA1
0581e71323509152d1f4cc17da7397017d48d60b

SHA256
b83e7333ba14f728481d6a7e51c0b0250f31fa6365c5d2b5145bc1c47ad2be5c

SHA512
20ee2319314d3ddb799b3b6500e05cd52a6cbe2bbc84e1229aee7cc1a607ffdb2047b5155232545315f3f45fdb95e808b992ce1f04d9cc411c448a0bf25cb1c2

Download Submit
/data/data/cn.ecook/databases/ecookdatabase-journal

Filesize
8KB

MD5
53dfac06e2d9e35d1aa180e384b9abf1

SHA1
44dff207860b8fe52a1155577308579a890398a9

SHA256
97f07bab7c10be108efb70b812705d0247a7e91be034ebd909a7568209fe567d

SHA512
3bce835f66d59adb2106ef472da3e5079b1fafac361738081303ee27e6800d3f941187c9e050dde55558f8ec8f3cd7e7fd8ab05b60323c9ecfa0209538d0daf7

Download Submit
/data/data/cn.ecook/databases/ecookdatabase-journal

Filesize
8KB

MD5
055abc2a4b54c722dcb1a4c2b29b966d

SHA1
6f2d5f8a380704f800110d5208e787d4582f8632

SHA256
620082db03901aff452de70337199b08b86652207432c764321418b4df215519

SHA512
327d32c88aee08d1a05631a58e59f751b95fec0ce92e5ba3f12bf643b5a14e0d7a8e9d56b80c3fede14958508a678ee6c607999662122cc2fb5b90515e97ea84

Download Submit
/data/data/cn.ecook/databases/ecookdatabase-journal

Filesize
8KB

MD5
72698554a800046704c6b569f38038af

SHA1
604697e094a4a0c0241a08a7b1976f076cb6bb6c

SHA256
e52667b4e46f526b015999da62c8045bbd04ad61bcfcdef958a2f79be80c5474

SHA512
a39f40265292722d8daa45440d8ade6b359e57b3bbff544ae59e216e932de6cf2aad76eaae6b31f4dfc00ac8d8cb9a6080b3397c5a339576c00663c087d0b4ac

Download Submit
/data/data/cn.ecook/databases/pushsdk.db-journal

Filesize
8KB

MD5
7b07dc6c2b2fde2acaa1a2f3f96a23ee

SHA1
a23f173ebc86f7990410fc8b4788f676e51120c3

SHA256
7e5402cc05653449c87061ec8a4b1a169af50b40e1c4d4eb293c5683a296707f

SHA512
e53b396c202e0bd898ad7c67be68c384642e6260b3b5a3088d3c0ad88c945b9999129ac98f25387760d7b2bd8495eaf186ef8a21f81000f6ac9fb8edabb2997d

Download Submit
/data/data/cn.ecook/files/.um/um_cache_1715427958107.env

Filesize
1KB

MD5
bf08bd8c8e9b2d6e17f8239d94112779

SHA1
eec4e1b300146e8148b6c797912b1ff93fe190d2

SHA256
176b80c0c375540bff9a6e11bd6cc4b287a91b294f8bf6a9b8424a70974c5242

SHA512
6e961db3bae586baeaf94ad675247e308773f5fd6dd3ddcd5b36167cd70555be3559cca55856f30b3bcf197cf84a2623160f2f793d9a940c55f219d7acacf957

Download Submit
/data/data/cn.ecook/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
58b6b4c72074ea5009eb48aadc405c59

SHA1
6e3a026922367874d838104c5a05443663217801

SHA256
e197b39b8a34bbc731dda5e078b099569896dc0fd541ce516c2c937919b19ab9

SHA512
d512a96315da5e440b9d95a3f2dc5467519fbb3448b421559764288992a0ecc40da86145649908f4a4046d3f25882e1fdf82794f36d8cfb6f77378ddfe3c459d

Download Submit
/data/data/cn.ecook/files/exid.dat

Filesize
54B

MD5
2db6426cee6076e8c0762d2cc28f1c0b

SHA1
c0928c360e3099f7733d9af95e5a5106399c9795

SHA256
d79a1eed5df52ab01131b61460e562b2a5a1d15634e6489b4eabb8b75c6fd53d

SHA512
4a2df17de65a74489f3532545b7a59bae30b1e203e812f3aecb72cb1b339ac0f687b893c363710becc50569fd289be249191ea57a6a4f0a9d614fa7a2c7bd70e

Download Submit
/data/data/cn.ecook/files/init_c1.pid

Filesize
14B

MD5
e1e2ba3059309628bf74ad7bfa44fb1f

SHA1
13605567782a91ea93d6fda404152060d8067004

SHA256
62f8c18ca8089bc6584faf9e6ddabf00881770ab7fe9ebda8ba44d64901dfa78

SHA512
7c0e4ef8d5b21272dcb5bdb4296f7ee39079f182c631457dc65d96050b029261e7551981097dc53c65576e85228b38cabe9d891eb304ee2a539d5e95d416bcef

Download Submit
/data/data/cn.ecook/files/umeng_it.cache

Filesize
348B

MD5
77b3de4b638042b11b91492fa878915a

SHA1
e881c35bb13133041b5563a6f28f9cb464f10780

SHA256
8376545d94adf1b561a2da2d3817de7f1db8bf9c7b7be9719e5cea85bb25b70c

SHA512
3fd94d858f029d81b8a2ecbbf96bdfe2f789696f6d61f2b1e199d3a58dabc56e98993ff0cc30b82591cb0961b355014ac5f5e1d9087250c9264ba97b3f2ac879

Download Submit
/storage/emulated/0/Android/data/cn.ecook/cache/locationCache/journal.tmp

Filesize
4KB

MD5
7d2f1c18c1c5e45b03ade1e8dfacb55e

SHA1
38c8b19fa13b309f488529b0f5afb3c1df394d30

SHA256
0a9e434e9f18479e279debd782cbda42c9208d223341bbf042fde083c620a44a

SHA512
a58155490988a3b2a932297a39cecfdb7d24917fa75b34081eb7343c2fbf30da7481e8cdecc61afcd2ff609229383e99261f33f0a88edc2a76db0a087338ed0b

Download Submit
/storage/emulated/0/Android/data/cn.ecook/files/MiPushLog/log1.txt

Filesize
209B

MD5
ac7380de93b7bc54c90fb369a85a98ee

SHA1
cf0a039e0d8126964411457dd84215a8bcd6765d

SHA256
359a76af566577b773dc7fa717a6c9b3196ea898364bd953348d3b6d3394d10e

SHA512
3cd2ae1b4019f4de7c28cce90de8f898d5cd87d7ae50f146e0de215939a6dc53571ae0ec731c0c4acb5d189366e33a5df779483515c9319f6b845507a2c07bdb

Download Submit
/storage/emulated/0/Android/data/cn.ecook/files/MiPushLog/log1.txt

Filesize
1KB

MD5
f9f60207bbd268f61108b988dc967b21

SHA1
bbec36047bb09f21351e1b3e7f3ebc4473f3d345

SHA256
3a37b494eac7f58c620093a972e12666e336a3078aba2cb5e0ff5f8b15071843

SHA512
7b93d0d99c83448ac1e50199c81f4cf474533b23c9e979d93630026b13b76122f9468d30baa2cf0ecbb7ed3ffbaa2eac3b31feb16d3d0652ea94472c260779ca

Download Submit
/storage/emulated/0/Android/data/cn.ecook/files/MiPushLog/log1.txt

Filesize
48KB

MD5
9a870b16d14089cd04c4531a5f943f85

SHA1
8255225587ec7b69a2f6514e028ccbc92e9537c7

SHA256
e8fa8d4ea892a7e646f5d3b8f184e4bbcbaf4dd885a35e09d792629583881f7f

SHA512
34027f216be9af586a0c2d3135f173dc499a8f18c6152c3f87b159172194739eb77746fb293982a84031a8b0aae0a27b82db068798b14cc3bd7ec7c3c3f5ac0d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads