Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    13/05/2024, 06:54

General

  • Target

    3e3e2c2c75d08cab987a5c831abf9d8c_JaffaCakes118.apk

  • Size

    11.6MB

  • MD5

    3e3e2c2c75d08cab987a5c831abf9d8c

  • SHA1

    88d61fc2cc27b3f16aeeee4a65657d8fa8e20d50

  • SHA256

    9e17c1c4d08118d82ad6e9b5b03ffb55cd81ad27d4b318fab8bae0b456bdbd21

  • SHA512

    c51c47fd3088dfeeea1b5733df5178776164b7f93263b9c4fafd0fe7f2598ada5c1be2021fcd0677d8e690688805df5a02641644951a1718617c73ad964be3f6

  • SSDEEP

    196608:0YVVL+gtICSe0joD635oka4E78r7BGhvsc6oOeHULPrWfcSJxcdrNf37AZic5nKh:0kJBIOookq78AhkwHULDKvJ2Nf0Kxl75

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.sy.zjjy
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4238
    • sh -c getprop ro.yunos.version
      2⤵
        PID:4314
      • getprop ro.yunos.version
        2⤵
          PID:4314
        • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.sy.zjjy/mix.dex --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/data/com.sy.zjjy/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
          2⤵
          • Loads dropped Dex/Jar
          PID:4339
        • logcat -d -v threadtime
          2⤵
            PID:4500
        • com.sy.zjjy:mult
          1⤵
          • Registers a broadcast receiver at runtime (usually for listening for system events)
          PID:4370

        Network

              MITRE ATT&CK Mobile v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /data/data/com.sy.zjjy/databases/bugly_db_legu

                Filesize

                4KB

                MD5

                f2b4b0190b9f384ca885f0c8c9b14700

                SHA1

                934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                SHA256

                0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                SHA512

                ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

              • /data/data/com.sy.zjjy/databases/bugly_db_legu-journal

                Filesize

                116KB

                MD5

                304ba9c5d3509b76aca54b5e31526d37

                SHA1

                64bc0e9d8b03fa9804fc99606297524856c93354

                SHA256

                a233dce7feb95e65da133f4fd44c43ee5964a09e1af16b9d9f1402279210cf90

                SHA512

                e387bec8128c5841e5098da104a649016e6cf6f688c1413f4d751a35ddc20062c95f8056d57c345d7392e23c3050124908970fe89d496a382a05e0d360899177

              • /data/data/com.sy.zjjy/databases/bugly_db_legu-shm

                Filesize

                32KB

                MD5

                bb7df04e1b0a2570657527a7e108ae23

                SHA1

                5188431849b4613152fd7bdba6a3ff0a4fd6424b

                SHA256

                c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                SHA512

                768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

              • /data/data/com.sy.zjjy/databases/bugly_db_legu-wal

                Filesize

                92KB

                MD5

                c8e4e8c4cf5094b78e6c64db3b877bb5

                SHA1

                3844069c2adce5b6493f8b7aa2e04489bd5298cc

                SHA256

                6b39f880e137dec13215cea5cd534ede84d5b3bfc13658983feccad762a7e0ad

                SHA512

                6dd35f6a7ea35cac6e4a15306d58f5c16d843fd15317f1494f02c277337603ccccc2730ce3ce2dfe56e0fe07dbea5b1a9f4984af421bfe6a048ab3d4c9f59856

              • /data/data/com.sy.zjjy/databases/cc/cc.db

                Filesize

                36KB

                MD5

                5d7ea1a23af19b4340cc8d90f28297d5

                SHA1

                4cfe95b23a9e98378d69c4290af81b51fbe76aea

                SHA256

                474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

                SHA512

                33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

              • /data/data/com.sy.zjjy/databases/cc/cc.db

                Filesize

                36KB

                MD5

                ce6135aa1b1fe4f2c2db2a546d2a5558

                SHA1

                79b59582154017aadab783dc266fcb158c252940

                SHA256

                7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

                SHA512

                2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

              • /data/data/com.sy.zjjy/databases/cc/cc.db-journal

                Filesize

                512B

                MD5

                313694f6a9ba742809613f1cd4a849b6

                SHA1

                d6dae706a96473f8457681eb86431ec13fa15080

                SHA256

                6492e8ad73f95dca5cd3e5058bf473479a0224570a5fa6e308d8919edef0e5f5

                SHA512

                64a61fe3872726040fb33b0dff8b25b28b2f873e597cc7c66234ca2be30f90000bfdb1dbfcd77f29767a70bd5ead1b2b002c522fd2329c76a88c04a92827acc5

              • /data/data/com.sy.zjjy/databases/cc/cc.db-wal

                Filesize

                48KB

                MD5

                f42a22353c780ac8920dfab711cf4298

                SHA1

                c91c04af22c57df5f62600c7d89c2c63a67f487e

                SHA256

                3ade5bc2f4b44617878cf9cab5fa1744c897f2b4b2a77048549e550c7a6a11e2

                SHA512

                1888cca6e21efe0f2a65ff6ee39b64c54d29e3d56978e1ff0667c06ff4fe9ffc41458b8a1d0b3d68abd970eccc6207b5a78a5e38d3f13febbd200a4529061a8f

              • /data/data/com.sy.zjjy/databases/cc/cc.db-wal

                Filesize

                16KB

                MD5

                f4400791f4783d3083e5d5b6fecadf8b

                SHA1

                75ecdf1d0e8d187cda4440df224d61680847ba1d

                SHA256

                ae45267025eb581b29b97e7822a154320b274abdc71919b1a3c093c5f570f19a

                SHA512

                1b036a4960da136978621cc25db4eb968bc35b8976546776f62cb09919a86df6f2b42af1f5dba867741022767f78914f09203e33a361c3b7d52090078bbcb7d5

              • /data/data/com.sy.zjjy/databases/ua.db

                Filesize

                32KB

                MD5

                0ec4a395d8bd975ebc9223680c654555

                SHA1

                9f9fc8da6b6fc84e86fea5be80b78642fbc4346e

                SHA256

                ebe78c7f1d07db970d7425fc245310afcdb5d2f6412e1dcde6567efe7c83d442

                SHA512

                6a13b31e9a8f958e06dce6e9b6e1e4b84b9d6f259bd9ab103d3320c90b8763f30baf2ef653bc0e187283976b02b3209c391b953739e2a1dcce244db8663d62d4

              • /data/data/com.sy.zjjy/databases/ua.db

                Filesize

                32KB

                MD5

                d604a3bf1f8d992cc320ea5b1f7609bd

                SHA1

                247f88df0b55c7d523ea5398637711a0e4a483a4

                SHA256

                329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

                SHA512

                67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

              • /data/data/com.sy.zjjy/databases/ua.db

                Filesize

                16KB

                MD5

                f7753d386a17335e9cd56625b8b4e264

                SHA1

                d271b99f1b097e1b5782c444e1c2b05458bbfb1a

                SHA256

                fdfd4cfc0aec86a800a8b75344f5da8ad2072bbdba3cb4cfdae318324046f7f4

                SHA512

                68a5958a119ed6c6aae6dfa63a37280d20bc341ee7dffcf51be81d06dc98558c93cd55bd5d31a00ac93db83f0ad9f2640b5456d36ff2c02fc30f985bd6d4eb2d

              • /data/data/com.sy.zjjy/databases/ua.db-journal

                Filesize

                512B

                MD5

                c49d686df18db8e253d4a0b37286bbf6

                SHA1

                c2aaeaf48a545f907c4f39f5837179c7d7e42e28

                SHA256

                cbe81c5ed09e2579462fe9bc356100a90f47c3bd21b9c0025bf3280bfedef61f

                SHA512

                14bf4ae7fb18df0ea7d884e47139aae73a55e19f3624898045c475de2080521834f1ce8695a7997f34faf3e850aa679e2f3db8e281c00512e73059b6e307d038

              • /data/data/com.sy.zjjy/databases/ua.db-wal

                Filesize

                56KB

                MD5

                6406329b0ddd206541c99bd06c76c760

                SHA1

                8d662472728d1355e80c5ae4875faf7152b7a85f

                SHA256

                f0c6217ba26d0102a3bfbc01310461fb457f940fedeced8d02db94eaed7941a9

                SHA512

                7583bdc1f1f0fb0866a48d5b8e39fb71bcbfd52e08ef710036846389a048d2b91a99f493514999ed8cc957ded6ca79aa8a2d0cc34749fee896b9c0d382cd13ba

              • /data/data/com.sy.zjjy/databases/ua.db-wal

                Filesize

                8KB

                MD5

                81d0448863ae9d339b19c2c29fcd51b7

                SHA1

                0fcdb85f5cf1008f82efd39e202ecf7ce80a8e3b

                SHA256

                0855cfeefa6daed031330946e949ccb5a8ce2dc548b2ca11026f4d5c65b21598

                SHA512

                125efab565a0c1afc62fb6bc0ef519b3adcea81932fdff086e2f0f0a1719212debdb3a54c0be754b686480b2c839995315c4907cbfbcc307a3492f7e6f039646

              • /data/data/com.sy.zjjy/databases/ua.db-wal

                Filesize

                4KB

                MD5

                466254a7e6c1c1594b36bcbd77bc1ab1

                SHA1

                5ea6d99677cf8e77c277834a64c426e63e3950af

                SHA256

                b3a8b6aa2a2489403a17b2f8d67959368a200e8cfecfea97bb068e2c62f6979e

                SHA512

                2529e23f312cb6d355964ec7424d902c4606acb2fecff7afc9d35616f6c580c7df19d7a18cde5f3196ee0b3b01a1457bd1e8575f645f95e42b8e171699a63c38

              • /data/data/com.sy.zjjy/files/.um/um_cache_1715583437642.env

                Filesize

                1KB

                MD5

                c69a02df3231a9e118a6079d89c76ab9

                SHA1

                70782f681bf2967975cc7ce3c6d71b82a34cd7a6

                SHA256

                97e876fed5283eb8e0f5bc80e5e0901bb91dec5e1e9d0d9595fe27442a156aba

                SHA512

                0251f342f579b855def9a34531fe26db07af478e371530741a2b71522e4ed6a53bbda5f92d6275286fd1d4ceeb4dfac4a7c3cfa3e6dc47accb747e7ae0c0a68e

              • /data/data/com.sy.zjjy/files/.umeng/exchangeIdentity.json

                Filesize

                162B

                MD5

                7c6713f16b1658b539dda3d357fcb72f

                SHA1

                a198698da3d834f8281e62cbe444978219010048

                SHA256

                ea51f9a4eb9455874eb4cbd6182342ce9a6c30f5e3bec9d05276604fa797247d

                SHA512

                5c23128be02454a4728fdddcc83296ea8aa48afa4c7a40df108b355b8ffb88f2c7a9234b342cc97efcaee2fc5d25c2a9ae008fe6ba7038443d6c0ac6191b668f

              • /data/data/com.sy.zjjy/files/exid.dat

                Filesize

                57B

                MD5

                1ab74d2a700c604ec05d5452fa0362fe

                SHA1

                d704a71a7f4864da762951723be02595bae7c125

                SHA256

                bb75f506664d22e241baffa5e61091e94e43994c9c85afe6e30a215f776d7e48

                SHA512

                c2c518310964a69077f6ec95aa562d79da9d7e95af971813b8f5be60d9dc3181fae7123ef2383a21d7f6be4256869a76c985ca4fe927d707af88130f8233fc52

              • /data/data/com.sy.zjjy/files/jpush_stat_cache.json

                Filesize

                182B

                MD5

                363d970c1e588da6515316144f1fea09

                SHA1

                ed8f8668cda7d1e57765303305b8ea3b62a6dad3

                SHA256

                97c333504f131f6849426a7b1cc4a167098e8c8e5cdb309d1674ba9f75b81743

                SHA512

                41767e18909c401d9d253811e2311805167fb7da1f7126410ce7cd94b90c2f1a318f4b1393b7eb580f79c63599aa96024b56c45a6cdf0a2b48ea8c4de0dc3584

              • /data/data/com.sy.zjjy/files/jpush_stat_cache_history.json

                Filesize

                174B

                MD5

                fc3acb207a663eb38bc84d547d7d7b31

                SHA1

                d94a21e1c6aeca6e7cfd5a72354b8c8a18b0128b

                SHA256

                9743879ad08baed4f9a5dcfe8d2f8437aa1602c1944a900f9daf48cb9080502e

                SHA512

                109f6b47cacabcc360a2f25861bb2716674ac23fa770ef229b9b63dd5f2e8b4a545a68bc1aeadbd480e92654ee4b2047e06e5ca4a4183f935dcdd91520a68837

              • /data/data/com.sy.zjjy/files/umeng_it.cache

                Filesize

                413B

                MD5

                e0cab9bebef8a72d03e2a167475aae7f

                SHA1

                4af2881b0f4e4bee0a322a4acf481d48f8fddc4f

                SHA256

                01690ca843b75ae7af4feadd41130e525f3ee1275f8dbf6e3447c25696a65380

                SHA512

                1b67d8fe4302fc0d177d226c0e40f1658f54423177979af3cbdf0d9a116333da3b1425d0c902e14c78eb03fc5acc51c3ecfdfa372865c5a388e68f0c4a4c292d

              • /data/data/com.sy.zjjy/mix.dex

                Filesize

                292B

                MD5

                63f77f99bd2c2b772a479923bde11974

                SHA1

                c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

                SHA256

                4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

                SHA512

                3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

              • /storage/emulated/0/data/.push_deviceid

                Filesize

                32B

                MD5

                0e01b8b3c0fff869fdbf2ee924dc36cc

                SHA1

                63b4ea057e3097ecbdc5428c3f6fef58588a9ddc

                SHA256

                ac8b191af0275d09eaa7a5a4e60b89d3049f976ec1dd93e60be53b71d1142d86

                SHA512

                438a9190095a356307a4be7ca6aeafb1aabad20b958c8b49543a1af711054bc40030c4154e58d4daeacd04e24aa951bc1e59f5a749eb1ad64c9f2cc03ab99998