ee9869eee1c4711f339cae7e8004e941a846941ba84bcb0ae543a90e351064cd

General

Target

455014466682ab96dd4c0449c9860e3f_JaffaCakes118.apk
Size

8.1MB
MD5

455014466682ab96dd4c0449c9860e3f
SHA1

01b3180808dc1fbb1771835c4da19bc8ab43ccc6
SHA256

ee9869eee1c4711f339cae7e8004e941a846941ba84bcb0ae543a90e351064cd
SHA512

da6af8f08b6920ed6c25471dc4464b3ea82a73de16396127f61004fad1b842dec9932a078d5fa1d7baabf916aee8cc17da33d24d18449a4bcdaa8b85c5864400
SSDEEP

196608:NGHQoN+WdJLoQ666dVoMPoV5zR2U5Z6miH7oCmVm2EVXXRqsUvRw+:IlN+WdJLoQT2VZw5zR2CZ6/ba02iXRqf

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.zhongyizhilian.zyzlapp

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zhongyizhilian.zyzlapp

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zhongyizhilian.zyzlapp

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhongyizhilian.zyzlapp

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zhongyizhilian.zyzlapp

com.zhongyizhilian.zyzlapp
1⤵
- Checks memory information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5112

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1633

System Checks

1

T1633.001

Credential Access

Discovery

System Information Discovery

1

T1426

System Network Configuration Discovery

1

T1422

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zhongyizhilian.zyzlapp/databases/bugly_db_legu

Filesize
96KB

MD5
f2c7ec7d64acf265a148df257c8f8c02

SHA1
2e256ea2d9b57c150c959678a88ceb2ec583f1f5

SHA256
2e006e39371f4a444a28c291ea9d88a1af0b94437a0c47d8b4c79b682fb60037

SHA512
e6a6c892f3a80093b8d1f0aee5b63d0ea5d8e36ce2cd86136e97f7bc4e99cae5aaa01bbff967e0a0ed45faa41b778f6e8458d0ae84add990e92d0a642018d0a6

Download Submit
/data/data/com.zhongyizhilian.zyzlapp/databases/bugly_db_legu-journal

Filesize
512B

MD5
a493f0887a512db7c2e3736c49cb396e

SHA1
45e074f9ebe71fde0bb06c74b633de60f0ff8499

SHA256
1c1ceb08eab5b8609cffe3fc238cfa61b43d23d103a1199da9f48b3c954aa967

SHA512
0418064fec5fbb11e641762ee87e688f3186dc7b5801b5dfb56fda4ae4a4325b53dc88bf39c0cf2af47a803a91351fd6f9d96a8f79d8a4b29af7ef07855abe42

Download Submit
/data/data/com.zhongyizhilian.zyzlapp/databases/bugly_db_legu-journal

Filesize
8KB

MD5
77529562a5eca7d05c413454d7f983ef

SHA1
8cb51008311b2051e37d516593b68bb3cb09033b

SHA256
a366d967e5fc764b46de920a9febedd6becf8defe42533cf01298e2f18d827bc

SHA512
8e52b3632e3d056889a3a12b431f4b1b51b1f94827521ad8e479beb3f14a827369027f1abbf64573ff2c0d913eed91aaa4b97367dec9605e207a61f689186185

Download Submit
/data/data/com.zhongyizhilian.zyzlapp/databases/bugly_db_legu-journal

Filesize
8KB

MD5
405722f4b161ae1165b1ea4e7cc2fdb3

SHA1
c4ef830e30eecb94a7ffff78098ca0e4e6c9c08a

SHA256
e6f50662127d488135a36f40289a252a20357972bcea021e76563eaac57ae3dc

SHA512
43b98417a927346ab2a736b974418bb035672dfaae40135b641a8ba2748edac35f2e23e14d60f7d7a19ba51761bcb939a48fba7995f01d67c2e6d7768d48b0d2

Download Submit
/data/data/com.zhongyizhilian.zyzlapp/databases/bugly_db_legu-journal

Filesize
8KB

MD5
9dce5dc746e826b9bbe51966896cbcca

SHA1
fa3ec54080f72d20d478921d5b6ee51a2384a011

SHA256
d5281cd603129bc46d19ea7b08b4fb103fdc8e84404e78cb2a3afddcad79884e

SHA512
9fc8f4f7426b934b8017790228bf8ec006477b150538b4edd98e3e304e95610da148fbf5e199e79b7f54450a9e0f275ab2fb1cd0ca209d97166a29742accfc6c

Download Submit
/data/data/com.zhongyizhilian.zyzlapp/databases/bugly_db_legu-journal

Filesize
12KB

MD5
1c3281fb2fbcff08148014acefe811df

SHA1
10c8d828799898cfd7048f0ec489d1b7a461ec1a

SHA256
c6f40e98cc146e05aa29308a1d1878f5658cf6ddfd137e3ddcc31500f93e48d2

SHA512
0926f716393e16203b71056a1c9b5982cb373bc59186f6bfa0d6240ac5aa047187385e448fdc96e1950c3ca7ab9a6e956c8e5cc339ce897ef166075124a372df

Download Submit
/data/data/com.zhongyizhilian.zyzlapp/databases/bugly_db_legu-journal

Filesize
12KB

MD5
6782b214b55e5e03807cd9ba3904f519

SHA1
7baa78495daae7acbbc686286562255cfc73b707

SHA256
50cde304aaf445b25cd49da3fd76dc62be5ce96eb8f50984841fcb2596c88507

SHA512
92179f3d56e2ee39cb34122263530a05472755a574c39a30f47a6f3aa652ddab84b4953ca3de1ac75475866df83bfa001dde61bd2ef162bc12a9c0f6b961ea03

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads