0764d827c03a76a82d8cd263c4cd78684247eb1f0d9d8d0599a4f1f18fb32b18

Analysis

max time kernel
2s
max time network
156s
platform
android_x64
resource
android-x64-arm64-20240506-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240506-enlocale:en-usos:android-11-x64system
submitted
14-05-2024 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

423275acf0ed96c26ed3d108fcf89644_JaffaCakes118.apk
Size

9.1MB
MD5

423275acf0ed96c26ed3d108fcf89644
SHA1

cc8a00f93f9fbe09da7ae1427379ea1e8ddbda1f
SHA256

0764d827c03a76a82d8cd263c4cd78684247eb1f0d9d8d0599a4f1f18fb32b18
SHA512

44c4694e4bc1d1655554deccd2dceff1bcb3baf1353398f6a711e76aea3b7061bd3d419e5c0808d691b3ddee805a6106d855689817c9aac14084537f71c2a1ce
SSDEEP

196608:3FhhHFAVUEF2WoQf37pI94BY3tkxilKyuVwi1rnodRccb+nQ+20v+dvKDsj29lzG:VzlAKkVdNAttGUuVn1rnoHccD+20YCD6

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.baidu.zuowen/app_push_lib/plugin-deploy.jar	4957	com.baidu.zuowen

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.baidu.zuowen

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.baidu.zuowen

com.baidu.zuowen
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4957

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Lateral Movement

Collection

Command and Control

Exfiltration

Impact