38af6df612ca077f688b6e6a732c8278fc3b4b35eb1e5fec6f87045749fe4b7e

Analysis

max time kernel
24s
max time network
152s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
12-05-2024 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37d632577bd4582ddddc76c2db010483_JaffaCakes118.apk
Size

13.3MB
MD5

37d632577bd4582ddddc76c2db010483
SHA1

d4afaa65d29135a12e093e2c38d2a1fd4363015e
SHA256

38af6df612ca077f688b6e6a732c8278fc3b4b35eb1e5fec6f87045749fe4b7e
SHA512

3993b69251e028d3115635a8951bca098aa023574ed4fecb83e5fd0c033dda61658ffedd2e659da5f0e6103215b6e14de091a01bbfb85a12d90e4f834083cc82
SSDEEP

393216:yNqZBlvNNF7OsTnQNOmTcW2onQ08t8fhDLd7:yNqZBtNNF7yNFlw/2L

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.tjhr.www

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.tjhr.www/mix.dex	5120	com.tjhr.www
/data/data/com.tjhr.www/mix.dex	5120	com.tjhr.www

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tjhr.www

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tjhr.www

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tjhr.www

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tjhr.www

com.tjhr.www
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5120

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tjhr.www/app_bugly/rqd_record.eup

Filesize
346B

MD5
d892f038f8b05d8277cd2f193e1998ad

SHA1
41b5b62b4ff40e1533085773309d1a24ac83f39e

SHA256
422c70501552d28c2d6ef0acdb158835d1e6cae8177be484c44e47947166cc82

SHA512
8ec252cbf23fc47cd17ccbafe2d6e86dd6b885ee86f2e4c09c813d8c9ff54c0653e30cce23d36de2bdb41465654c3c1d768865355d2c470febcbc1a67cdf49ab

Download Submit
/data/data/com.tjhr.www/app_bugly/rqd_record.eup

Filesize
1KB

MD5
3e2aedde52658266e4a127821dcae874

SHA1
513864321005eb6cc79db60978329873285b3fcc

SHA256
74a7bdad5e7a5ac13718fbe684edf19b177984ea0e69c8179a78735e1ad8f929

SHA512
9d012132536bbc358160be59080346f33be99f6f0477837583ba5d2c7d549cd81f642e3cfbee50bca7efa10a2c400988e6477c3694b7ed446cc61df7206ab4a0

Download Submit
/data/data/com.tjhr.www/app_bugly/tomb_1715481906800.txt

Filesize
19KB

MD5
4ca3daf507cac9f7368395d04fde3eb7

SHA1
b4f525e94e68f16339e7de2e6c2436428b4e41f7

SHA256
e736ef4102a36cc4175f47c3afffa188dbd3b1b2dacdc3216174d18721463b5c

SHA512
5273ccc0ded691a00312aeb9a31acf6d08dfb2f5e527f63c5869645d86d2fa6650ebec08ab19a0d4d25825fc58c6a2eb064f1cd5011b9ef335d7b003bf3dc059

Download Submit
/data/data/com.tjhr.www/cache/tomb.zip

Filesize
4KB

MD5
7bb25ea16f34355cab38717ec3f9df1d

SHA1
d61794399697c79fec0ce6bbf617004302f90764

SHA256
eb2b9aa82871e27c00bed66d479f6a68bc447fd1788d8c5deec5d61debf98a42

SHA512
1c5eef88e74bf01ade5e03eefd7dc99bbefe2bc093a9b1df8abe5f7edc2f5b0e3d5dac0bd15b7488606daf480d7b4621890589244b47350348a9dfcf4d74bd4d

Download Submit
/data/data/com.tjhr.www/databases/bugly_db_legu

Filesize
160KB

MD5
59514ad10dcdb8be069d8bec2ba08286

SHA1
ffa06ce4d73c5819c45a3da2a8c827a4e346f949

SHA256
3009e6050adacb60b3bad38f169c9f90133e57f1d5131a28d976e5e2e13f9c1c

SHA512
b9287bdfab4d6416e8c0eaaaba0c791e756bd32c0bcb8333ffd41cfd186f2d1ef20264d49d67579953b21ded16663d1824c564d057bc327c8607ed9aa3d07f90

Download Submit
/data/data/com.tjhr.www/databases/bugly_db_legu-journal

Filesize
12KB

MD5
af62bad043a5763678957e1dad1351b4

SHA1
766effe102788fe8144b6277c7e8e6f1d78fdabb

SHA256
9015ded6ed505a72669bc832783b0e312941cb9ad7ae6b6371359afca5339fae

SHA512
cfb53860c45721604b9d16ae1a5a67218ffd83d2345fa3bfa8fc0effab18749248602d03c20b81094af98b628ed2b809b4ce4c404d3906ece866a54afbcf75b8

Download Submit
/data/data/com.tjhr.www/databases/bugly_db_legu-journal

Filesize
512B

MD5
4e4227d37beaad66ba76fcdf8e8cf4b0

SHA1
edd5c9f85719585df9b8bfebcfedf58eb5910086

SHA256
cbc1d45fc952b8698f0c560ea8706a83645bc5fe6226a2d338b6453e0ac6644f

SHA512
33b7eee190450d64fb1bf505f1e1fb6e3857063e7360ba9b95dff3014755face56a8faeed8fbb7015c931520f8db828e4b6c72d44e78497d1963d46fd3d2ea26

Download Submit
/data/data/com.tjhr.www/databases/bugly_db_legu-journal

Filesize
8KB

MD5
5bb7a94da22d4f931e3f5ce8225f6613

SHA1
edf72dadc78f705d7cd9e4f0056c86d951609335

SHA256
7015a019232e50afb88507ee9fa11a327e3c496f0daa11b14c93a9d4baabd3c2

SHA512
a251e17f4e3c5762c256a0095249313a4bbd7aeb8bce5545fdac8d81d8a0b207ed8bd6bbde2fd2e6b6660abdae694815d917c111271726893f6c7d8ebab2fecf

Download Submit
/data/data/com.tjhr.www/databases/bugly_db_legu-journal

Filesize
8KB

MD5
3d2c7d5ca520a5e2cec44c9e8af7ac2d

SHA1
e685ae83ab16a01ec0d9697887c0d2e99d39f4a2

SHA256
232523a61949f412e659362d0adc25a158258017c4f72eda4bfbd0d4d91f4f2e

SHA512
6c74f7e839608f2bbfee0cc0f10826a6444357b891ac082d6e5d139e6b6a8e5e4864955a4291993563a9d551b72d565e938631e50a2a8a71a6f2fae065960645

Download Submit
/data/data/com.tjhr.www/databases/bugly_db_legu-journal

Filesize
8KB

MD5
d6749a0e96687a927e395feee53c225b

SHA1
0f14ac0d71b48077831fc02e211fe2b1691492ff

SHA256
4820d9db421307c561860ce39d521ac0de6355f29063539b7ba976c38fd73e60

SHA512
e017c0a70e6d17da2a487e69b60542e50fe1745a9b3ee6efc1dfc6bedf4f56d77398dc4dbece1b6beeeae71bb02d04cda8daae8a4af66f1ca4393a32c8c5973f

Download Submit
/data/data/com.tjhr.www/databases/bugly_db_legu-journal

Filesize
12KB

MD5
2094a5f226544cd9d40eac2fb010401a

SHA1
11d7c096150c5801a6837f9c0feae90007aa16b6

SHA256
993e077f7c121a4a19e3c28b0f80fe6d2291928bb2d9ffde68a68350bb323da7

SHA512
e3f4288cf6f83a5c3ee5fa8ffb4595add2836eabc1243316cc4f71b2bd4fa0594acdd7a5f868fdce73e7d33602617d7d8772ba34a8d1cecdb00aa0b996d2097e

Download Submit
/data/data/com.tjhr.www/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads