9f8a56873c23262efef0eeaccb43dcb52d25c36b203d5329363a0367c47b7364

Analysis

max time kernel
167s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
14/05/2024, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4376ddeac5fa0722ea247150bdbee589_JaffaCakes118.apk
Size

30.4MB
MD5

4376ddeac5fa0722ea247150bdbee589
SHA1

302470f11594b31209599c010fbd9d44481f7332
SHA256

9f8a56873c23262efef0eeaccb43dcb52d25c36b203d5329363a0367c47b7364
SHA512

e99f0142d89f129b9f87e8783d08a24c8d91d1b4dd0fb1e32edf3d440291aabe1c731c94cdb342d4ab2a5b96cf52fa58a8afeeda4cdb3a5a2f60246367b3ce6a
SSDEEP

786432:aCrU5UM6ktq7+EYj9ww1j7+gos6vpg9v/GI:BrUKMRtoY5wAjPSy9XGI

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 1 TTPs 3 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.dajie.business:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.dajie.business
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.dajie.business:remote

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.dajie.business

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dajie.business
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dajie.business:remote

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.dajie.business:remote
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.dajie.business

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.dajie.business
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.dajie.business:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.dajie.business:remote

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dajie.business
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dajie.business:remote

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.dajie.business:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dajie.business
Framework API call	javax.crypto.Cipher.doFinal	com.dajie.business:remote

com.dajie.business
1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4279

com.dajie.business:remote
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4365

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dajie.business/databases/campus_offcial_app

Filesize
28KB

MD5
f4be03730c9e486eef87a64fad10dea3

SHA1
9bca4a6910595a7bd0fd1d50402b8b81cead4561

SHA256
899a844ef5b53ce9b80ea9556ed38d3eb99483109bb2a3332a64618d3c65a2df

SHA512
ffe2f04349867e7f4135fabfe8ea72cc7955a2cbbd0a20a50e20842525228dd70174ea08d1f88e153e039ba2818ca26f1bb75011a27e1a3fa0a75ee2b0cee3d0

Download Submit
/data/data/com.dajie.business/databases/campus_offcial_app-journal

Filesize
512B

MD5
6b96fc0fe211fbdf4fb322ababecc0bb

SHA1
34aac40cad38235ab0289cd852c6fe5e82cd1977

SHA256
be306e227c9b2c583e54dd3c105a5e9b40b66c330352d6dbdd964bf6232adf3e

SHA512
521a5ed52e4fb6307a1ed5b8a82675ce7caf7517676da95ae8d7a2b8371ddeae0024497e0e8dee958d47571c1d0fe38601aab618d59ef4ae5d81f05f00047cc4

Download Submit
/data/data/com.dajie.business/databases/campus_offcial_app-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.dajie.business/databases/campus_offcial_app-wal

Filesize
40KB

MD5
1a82b3a6f61f6f06a7a5d5c7d0fc7ccf

SHA1
197bf32cda4009ec5f544817eee079505906a4e7

SHA256
3071639ccd075e0d97babec8e588db1add24a1fade1704da5f30051414cd4534

SHA512
369fbe10db5892222e18516fe8a9c2a19132f3962c87e1b8d421006a0982bfb545dfc8cd46afacbbd2bc6da3f648dd204591a95d206be79c98b8bea58664cc9f

Download Submit
/data/data/com.dajie.business/databases/dajie_business

Filesize
4KB

MD5
e82a60a34e5466993b70560048000279

SHA1
bad799abe379f8c6ec19ed67427f839a53414588

SHA256
0e301b1f178e63dc4b1b1cf1fa4d32d2a8df541c96a69f2bdc252b52623fd902

SHA512
aa548f7f1076f786635cc26faf0679af0eb5e4c9f81a7c3d7b5322fca78a4cd9e87d2a2b23411446677ba4e3d2915d34d80e7bb75ef02d655e5dec4ffca4b8e4

Download Submit
/data/data/com.dajie.business/databases/dajie_business-journal

Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/data/data/com.dajie.business/databases/dajie_business-wal

Filesize
140KB

MD5
d7a563d6cb0f7068ca3ec8783efbee57

SHA1
2f46ecd3f282299fd8bd643b99e6151871a204b8

SHA256
395ecb7bccf5fa2a443d33bafab47d9a4319cbeca4883ff1069d51363819fe30

SHA512
af42b8e93eb659b1f1b26302cdf5fcb6cb9ad6baa04fc9db63828989de917c8de53ce4d1bdef5431f61ce7e0f6f45fd2daa991e202a19a3ab651f86255fcf843

Download Submit
/data/data/com.dajie.business/files/libcuid.so

Filesize
129B

MD5
b42a7ac232b6bf3014220399868060d9

SHA1
3185f30a6eb81182eea2ad25e5173d020a3aace4

SHA256
6e07ab3b34b2815f14fb3e56c5d763f25d35264b5e8af38672c8fb8d32f48741

SHA512
afed8bcf16585c8edd3f4f60cbf62d42ea6b230ac704ff92d3da3ccb12d5410784a1e52339c1ba6b4d0cbfb01f41ef6c45b4983630e26f6677a4121563f9750e

Download Submit
/data/data/com.dajie.business/files/lldt/firll.dat

Filesize
3KB

MD5
48aca3f79f76fb100cb631ede70c0b21

SHA1
166f06b98db16a1e840ffac0f83768fab7b3662a

SHA256
0130c96ee179e874b9c40d77132188ae499f6a46dea3db15dfac46e082bbb3ec

SHA512
380b14a16040415ef6b785f13d4afadb4863182ee6b2473a3906c3923c51abc6d4acbd2b1b06cc8ca8f2b115cc40dee2a6b848badd4b05ab05bebea14c2aa15f

Download Submit
/data/data/com.dajie.business/files/mobclick_agent_cached_com.dajie.business

Filesize
210B

MD5
397e0da6645e45047ddb9aafd5c8e4a3

SHA1
5439023c4d83d08cf978f261f7a65b948b612490

SHA256
04a6a6212cb3d06b791ce6c526e1d811ee4e370b91312f05d0c9419ab3f8174a

SHA512
f8c041a129e64c21abc60c0141132b6f754e35c6bc424edef1afee0ce4f3b36a1019519588bb03833f481746b13235eb5b9a591fff5344666891ddfc7edf7a6c

Download Submit
/data/data/com.dajie.business/files/mobclick_agent_cached_com.dajie.business

Filesize
198B

MD5
51c4137c0ee721e9430a474a0edb7a84

SHA1
27ee8d4eecf6931f8e783d958201861b667311a9

SHA256
6e52c863591aa7ad7b582de78316c0bdc69fd8956c5336ab44b0273386d0f527

SHA512
9171dc75aacb9390b8994d4a1461d311e627bd068c02a0837bb6f58eb3f49907e78fb6ab496e0202061d3a29e709f6fc0c377d1e31ff60ffb59adb762f0833b5

Download Submit
/data/data/com.dajie.business/files/ofld/ofl.config

Filesize
235B

MD5
caeaaffc0f17081aa6f2efea3dd26325

SHA1
7e355dbd86ce0ee132e08d800df735ba99ccbcd6

SHA256
e2422af3bf2d4c5fe7bb366909a4e89b4930d3d52c6fed74c970290687396b63

SHA512
c1cfcc2e9bc547991c2921ed99af14568f6c8bd8e59de3ef074131064a982bd7227c50bf2c25ea6bbc92223bd9d5bb5d14340b1c11fa3e071350016bd4121dcc

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_location.db

Filesize
4KB

MD5
7877163c8164b079a7b445445cf21d8f

SHA1
6576dca889af2f73d482214f0e9aab00787b2852

SHA256
e535554dcbdc5853d392efb46929d4c823a11b94e63060bd993e8cde2a935724

SHA512
43fcffdf00d26bef685ab978cb7b36d5e75dceb001ab2013bb6e11fd8e73d7c0f70ecfbc66c5c885aafc01dff5dc0d7db7c5a564fe6561893a4eeed6a80f140e

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_location.db-journal

Filesize
512B

MD5
f6aa169223575c58ffb2447c7b25f9cf

SHA1
89e1437860eb78fb28a46f5a6d63580ab25d2a4f

SHA256
e814e837a6f1785ccfff6b8c8d4e090b63788d0e552a730cacafc06659791c82

SHA512
360edcc01909476d5a47f0f8792fd360f39de986638841b0850b5104ab31d5aa47b34030afd5ebda77234e4f0f4d7c1c2beeeaf93c3a72793887d35300d2762b

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_location.db-shm

Filesize
32KB

MD5
67850284493eb8e96939b60589d0f518

SHA1
5549e9c939d352303b698dd8fed15b1b1fb1c544

SHA256
c12e6e41ddb2efaee91f0bce1f700c5998857f73f8fcda5629b4dd7014f38901

SHA512
148da9a3b6fefb4edf4135bda7178a2b01ad56e12aa1d2cdd658610d6feb29343e85d0d402c25fc4b1c8b7c001deda3c7ecd064e8e3ff72c512d685ae35eaa23

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_location.db-wal

Filesize
48KB

MD5
6a2e807943f50e72c89f0bb860cc9f23

SHA1
32a88fe5c1970bb2522444ba93c192fc667ab2df

SHA256
d4c9c51fc990cea7718298057624f18844c51ace3626771e81043805e4ba844a

SHA512
d25f679e07e99e8b6a130fa122481165fd4943c7d4d9c3b7f809450ebdad3d842016f763e6704eb530e19a3b4250212c80d20c3a7330ceede931a14f82a9acfd

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_statistics.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_statistics.db-journal

Filesize
3KB

MD5
6650b65683a4314aaaf87e469efc25b8

SHA1
c8587ea69f7adfc8cbf9a07c92757bda5de2fa37

SHA256
9b1ddbb68c7116978b51136c2aebe8aff6a90f3607e7e2d2c7104bf80eda065f

SHA512
d2cf5b32e099d0b63eb82987ec5a6c0d0246520456f2a33c4332d7abe7dffc5e8e0b6715a008347d6c22849d1c49fdcc74f343fac45acae615f4e508f6d0fac3

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_statistics.db-shm

Filesize
32KB

MD5
972e074dbf71ca4f73b381e2d742a7f4

SHA1
51712e7f917d96754d15299bfc24bf6bd304594c

SHA256
845be0cc01af0926c9823f45d7fd2ff50c3698dc2d9bb409756ffb57e862e324

SHA512
399c7231c7f048005f175c7904a7c8fcf1ea1436f11f14f2123cbb52898f54801cfc960b234c5e14bf1dd968521418d923f3276c041f9fd7d5262721df8cd31b

Download Submit
/data/data/com.dajie.business/files/ofld/ofl_statistics.db-wal

Filesize
156KB

MD5
c642b4083dc11ec3858c4a553edd97f1

SHA1
f4aca2b721e45ca0d2954413214d7010723ec1b7

SHA256
fd1762069018c1edfc93af6c023b304e0cb59fb11effe69876cdea23aa0cba8e

SHA512
abd155b7e16dae9a30c6c2a4ffb6fe1edc36a289233bf34a263bbfa71d07669b531ea57a100b24e3cf680d42b59a4f34a9090d571571aa68c867e99f30c482dc

Download Submit
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/conlts.dat

Filesize
155B

MD5
4a6119f3858692f4891d0dd1789c4c26

SHA1
c040e1fb8f2f6916f941181f83113c2bd27ae6d0

SHA256
ba68ae29d5cf9f8ac50db246a4c7d62a5ee83963c4423a5949024862f544ca25

SHA512
8e63a42adb8c10b58c8a540d7bd12dd26a958eb8e49b387f199499a12080a65d906b1cc0194dee44d530c156d98e6cd171b9f447304738a4e4babe2dfe00062c

Download Submit
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/llg.dat

Filesize
498B

MD5
a5f6af79c76faf8d8f659a82e591308e

SHA1
a2a253a6608c16d473f8b485873176f83c4a12d7

SHA256
e797d74138f19ba42fdad2eba8e785d7bafeefe01fa950af5163aa44add97574

SHA512
488a7efca6b1113015cdc16fa2c877404e09bed2fd822dbfda6d69f4756887904e8208dbb5a44048557779401fd85f2e6ba8352553e290a9156c9549ccd771e3

Download Submit
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/yoh.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/Android/data/com.dajie.business/files/baidu/tempdata/yoh.dat

Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
/storage/emulated/0/Dajie/crashlog/crash-1715728018010.txt

Filesize
3KB

MD5
2ff47114fec0aa1280a2e82c27454135

SHA1
f2f7632153df9adae9eecb36b985e0d8b975671d

SHA256
c62c20c00f7f4919db727d0f30e79c27e9780291808813913c6de049e2e8448c

SHA512
03c53973ab640e73cdf88c42b74b4ef1f591dd849fa94c1c4a56f25f524788ccbc952a416678c0b1c8ef8a57fa31ab9a0efbf9c59c0151ad7e2209f978a460f2

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
32KB

MD5
16ef1550e28ce260df72e0522a13d2ed

SHA1
e50cb937b331a4c02c1e09b011124174d7e3e589

SHA256
7c1f0a889819b5a4ccbb2a9ad8c702e72799af18e59f76e65edb9bc69a6fe422

SHA512
3125ab1dc385db878912f09c320c0c8c43deeb8963e4b88a425881c330886647477b0095af21db3856965efeb50d4238e975d497be00c6fd26a1cfe8ee82043f

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
ff1513296956693d1933f58e8f597022

SHA1
ce2a810c31388ef49a39f0c3cb7f69861a976bc6

SHA256
fdb546315dbc51f2d7407e4f8aa154187f38529af56b6fa851e89af2fc14c434

SHA512
a431175f020d4c20a0acede9c4ecac33b99828e59d3e5c9840fd941a0eab955d3a721058b0f55be1f4d612f81639e18e5184a75081d24cdf66e009b64a7eec21

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads