e4dda37c4136db759dbc72c3bf212957e981ddaa2f7fe2ad8e0d8f57a7b75484

Analysis

max time kernel
176s
max time network
188s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
15-05-2024 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46a8237ecbe0e5917ef9ce670c7ce422_JaffaCakes118.apk
Size

24.1MB
MD5

46a8237ecbe0e5917ef9ce670c7ce422
SHA1

3842bc1cd7589b011e1e86289d18f6f3526b29f6
SHA256

e4dda37c4136db759dbc72c3bf212957e981ddaa2f7fe2ad8e0d8f57a7b75484
SHA512

8d25a58cffef4e5c78732e2cacd439acf67fa03cc584c340f3391623c876dd7c39bc5b6067b1e8eeed4f0cf7bf984254bce0b8ec4a1fe73849600b51388bc135
SSDEEP

393216:07KWMxmZpoM2W+wO9JtjQ19ggc5KbK7ylv4Os1rgnp7h+FJhlsxbjCTASe+oqNhi:ZWHZ1UrF2g95OieSUN8PGxRF+owad

Score

8^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.wendenggu.jiuchou

description ioc process

File opened for read /proc/cpuinfo com.wendenggu.jiuchou
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.wendenggu.jiuchoucom.wendenggu.jiuchou:pushservice

description ioc process

File opened for read /proc/meminfo com.wendenggu.jiuchou
File opened for read /proc/meminfo com.wendenggu.jiuchou:pushservice

description	ioc	process
File opened for read	/proc/cpuinfo	com.wendenggu.jiuchou

description	ioc	process
File opened for read	/proc/meminfo	com.wendenggu.jiuchou
File opened for read	/proc/meminfo	com.wendenggu.jiuchou:pushservice

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.wendenggu.jiuchoucom.wendenggu.jiuchou:pushservice

ioc	pid	process
/data/user/0/com.wendenggu.jiuchou/[email protected]	4611	com.wendenggu.jiuchou
/data/user/0/com.wendenggu.jiuchou/[email protected]	4812	com.wendenggu.jiuchou:pushservice

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.wendenggu.jiuchou

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.wendenggu.jiuchou

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.wendenggu.jiuchou

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.wendenggu.jiuchoucom.wendenggu.jiuchou:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wendenggu.jiuchou
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wendenggu.jiuchou:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.wendenggu.jiuchoucom.wendenggu.jiuchou:pushservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wendenggu.jiuchou
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wendenggu.jiuchou:pushservice

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.wendenggu.jiuchou:pushservice

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.wendenggu.jiuchou:pushservice
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.wendenggu.jiuchou:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.wendenggu.jiuchoucom.wendenggu.jiuchou:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wendenggu.jiuchou
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wendenggu.jiuchou:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.wendenggu.jiuchoucom.wendenggu.jiuchou:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.wendenggu.jiuchou
Framework API call	javax.crypto.Cipher.doFinal	com.wendenggu.jiuchou:pushservice

com.wendenggu.jiuchou
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4611

com.wendenggu.jiuchou:pushservice
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4812

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wendenggu.jiuchou/cache/weex/libs/weexjsb/x86/libweexjsb.so

Filesize
32KB

MD5
a81ce9a123031c63ca9ce7310510cc7e

SHA1
9e13e55b06ffdd23c9467303abfb493bdb8ffa2b

SHA256
5b21f43116bb81ddf53de61434923dd769e52832d4af29159f143121ad71111d

SHA512
fa25f6a8bd4e925b97a8ae8d557cbecaca96e6b1146319203bd00e64b9e7af3749d1f42745ec6f8630b447c7705a1acc336a6f8fc523b16d950742fd6314b940

Download Submit
/data/data/com.wendenggu.jiuchou/shared_prefs_ext/test_app

Filesize
29B

MD5
9cb3e3ef7f2131ce6440c7e092c4cd00

SHA1
8c41665636b1765edfd498d8dcfb6f3417f5bc1f

SHA256
e38e9989a6194ee6b9ec7baa54d99bd413144b49382fefd470226a1c25c0a808

SHA512
02347bcb0f0c7e75f27d26004a8627cd0b1bb52196ac748f657b53fd031637bdd2de1a11503fb8fdf6d88b9a7ae7666d9325dc0eea69124005ba7c4f4e63c21d

Download Submit
/data/user/0/com.wendenggu.jiuchou/.00000000000/A3AEECD8.dex

Filesize
63KB

MD5
655a09c1ef350de30a701c8d63158b2f

SHA1
4e61c63f75bf7f78e9bbc276bda9ddb9c43382bb

SHA256
2f9fbf611bfae0523e3b697c8e2272341eac35d83ac5a5c6f8b91800c9ba1757

SHA512
55a341f2b2082d19a40cce2840f2bdd9de515da7cbae2facce1d05c8e5c66a3841509670f56aba543dc3a5d26d36438463e2efa49fbfa2c93d5bbce327256c66

Download Submit
/data/user/0/com.wendenggu.jiuchou/.00000000000/A3AEECD8.dex

Filesize
63KB

MD5
611d9c086840cd2d664da7c02ebd020f

SHA1
1b34d34955e8c88b182a7c19e0c44991bd1560e1

SHA256
992e7d06f7a1c9e8e5393c1b9354dbe38031b4bf01bfbd71caf8d57407d13309

SHA512
678cf4095ab7b120946900c78a6d9aec4db1b1c0ffde64fbb625aad9b362c5142ec6e854a8d502643b1b25b8fed888a8b87b6b934c7086f74079f32e8994ac2f

Download Submit
/data/user/0/com.wendenggu.jiuchou/[email protected]

Filesize
63KB

MD5
5061e4948844f7d366972ac8005e9f13

SHA1
a2b79a1c79afb095ddebf0f16a1f9db64482bcaf

SHA256
3aa6caecfcd101531539147e01382bc530b4fdc61e98937d63cc4648793c6a45

SHA512
223d18ce248912df18cdea3c8e864ea5e6ec058ca42cc5fde738188c54abcd260d7f24ac53d4987d3e32f4ae3e1e40e01354054d035bb100eef51b2d695f5299

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/0541fae81656da68011350a561cf54552f7d9c7c22139f226fc6aafa2b5c82a2.0.tmp

Filesize
8KB

MD5
59cdefd4dbe8983676aa006f7883ef56

SHA1
fab2bfea2abec02da9d4422bc77aee1d26cc44f2

SHA256
78facf4293bed646ccfac802dfd19c4b5966855b3ab78a70bb38393ea4221fc9

SHA512
33cab0afb87bfa898f846b856c4fd4c8553d031b0f6250694edf4ae4a51fdd3d330b45c51c630d7dafb2b2c9229ba28bab05018d68e1019a7ca2a6c2f53c8d06

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/1ed61e973ce1600ff50d7633509cdf9f2119506cb17bae189b2ae88ca6a15587.0.tmp

Filesize
1KB

MD5
23ddc63879ba5f43b5c5b62431f9c0d4

SHA1
53ab64c34bc1ad081e3d41be2fea7c8ff2cceed4

SHA256
a70c9730c7c230ee4fa50c8aa45de0fdc7aee15b61c3b1cf02438ca813a63a0c

SHA512
721caf18d753058ac037aed3edc4e9e2548c15635d982275dd32cdb1666a9190dee4be2ed61ae5949f7416cfd89de052f524c2f125d1ad7f907371b8623e14c2

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/36ec08a1792bac8ecd73f05367cfd3145246c3e2b89064bedb155fba607b781a.0.tmp

Filesize
8KB

MD5
dc6444f661f95fa50b77d31161534f37

SHA1
23a801dad40f848f0226975f40065f5fcf7cf41a

SHA256
e0e89c84637ad1b847850110f3fae6c0b143979f21929f2657065f99a2a9032c

SHA512
3afb6baa6b91e3316484c216a859bdc83bb4f600b1106b441025e8c004e8bbb8054ca2db1f864e1bb0ff4a571ce53ca11362527e30014608a16d15d19a45c7fa

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/ac8200eeacbf4e2421fc08f41a4083c9f94653c4a824a2cf2dbd2c296a73dc40.0.tmp

Filesize
8KB

MD5
3561fe46de38773fd6cc83a4978af1a5

SHA1
c96edaada065f878b45d62596fa07dce13d8901c

SHA256
3609bd96254e2ddcdeb7f3b192596588311676e59a413f19534594f64c44ffc9

SHA512
20d7970cb2f888c1728bc9e222c3afdf9ae3180276ffc5b7ab3d2bdf9bbde934e85d5daf8fcc7ee44702564ee8f5b5654c0f4721b0500f72832ed6cbe42458fd

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/f7bf8ec55968737222e2db119c1b430cafc682e90bdb50966292531cf865c80b.0.tmp

Filesize
8KB

MD5
b53f75c8b7f66796ebe91dd072de231c

SHA1
edd6c182889af14ad2f27c67c4b057e0ad27fe2e

SHA256
d5a9a8b9e455ebb47ab8a0b72cd0d2d4bc22c75937affbb3ee86ec1a7fafa9c1

SHA512
5319f693e62b9ae4ae03b116d1aaaeaec5b42aaae65be8689ee23a20823e2edafcd712d73d49454917675bb9524a77811285805334f48b454616c2bbbf246207

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/journal

Filesize
8KB

MD5
e6e5f8fc85cd0764d2a95b2d6266cb5f

SHA1
f20c329f632772aa38203496c0cdb44c23c75428

SHA256
9b3ff5b1e1d88c6f1423876fe6e760fcae3f75abf05cccf7ea8cdd0e4933c85e

SHA512
21552d14261f6c5ceb0e2b82e64819ebe02a8e60c0847b159fa0c74022aef054b66d7cf5538c6a8095cef74b10967eb6bd64930c2c8eeca9254af50a509a88d3

Download Submit
/data/user/0/com.wendenggu.jiuchou/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/user/0/com.wendenggu.jiuchou/databases/pushext.db-journal

Filesize
512B

MD5
53871a8c49119332c6d1bcadf00cbc3d

SHA1
90d82beeb3647647c0b79d298e2ffddc4fb4a9b0

SHA256
273124ea8572a9f7d950a3cf5967ad75a618fe4111cd22862221a2163c1a4181

SHA512
d1330bedaeaccc6b3339230ff31488fefa665f889af6aa24adbe0e1002c516c16b05d99c78900e2782c0ff1ba7cbe0ebad5c86ac5020380a81fc099bcbd688ba

Download Submit
/data/user/0/com.wendenggu.jiuchou/databases/pushg.db-journal

Filesize
512B

MD5
344c1a186807d6f9e20ab950545175f8

SHA1
fe0b8d192f47085db1c27530655a0670b3924058

SHA256
1650b37f5fa56661566cef48b5ae41efef2167507388f1634e1cfbeacf26f8ec

SHA512
93dd480a623fbded6040527decb6d5f79cd45b948477907a2e46027bee428b254a6cfa6c2e0996bc88535a9e1c54457b0701e70b2062f7c21fcfbed57d56bb0b

Download Submit
/data/user/0/com.wendenggu.jiuchou/databases/pushsdk.db

Filesize
48KB

MD5
7b203d56a4dfc54d69b1007004e04065

SHA1
88f347702ecc00ef17cf18df703b1b5b18cae7ee

SHA256
649134f1cb5d3a57cf4f82c7419a5a5db38f3eacd7e88614f289ede7ec17de38

SHA512
edd930c01cf6d04ed8a70d0d44080a9b105ee617bb938aea7f3adffba8af67164615684b9b58e86d9dca69104ed97d472e2bf5203b53c4ee0dd97ec495a9b49c

Download Submit
/data/user/0/com.wendenggu.jiuchou/databases/pushsdk.db-journal

Filesize
512B

MD5
03373754366dddc6777b313c2cf9ca1e

SHA1
4e004335bd62ec018308c15655a02391fa689241

SHA256
d107bc6f63dfa5dc55d4f6cb12fea7d8c3e96ab751f3f5516b0eecc610bf12dc

SHA512
b9534743048f43d582153b81fd1ae1f3f70185a25cc24c22b2c6124a9c2e7f75c830b1de067268170ab43409c2d9ef097ebb764c3b204a347b77fe89492d8b4c

Download Submit
/data/user/0/com.wendenggu.jiuchou/databases/pushsdk.db-journal

Filesize
8KB

MD5
22d5cbe770c838c98bba0e87139851dc

SHA1
18975220cecd9625958b4ea9750e4fa6ce92be9d

SHA256
6971a4a6f5c02e0ac3200cbb04adfa86730d01b137b8e2b8e6917433bbc04ffa

SHA512
b7faa07d25503423194031e81513b651dc9f7bbef4c847b30cc376277413aa4f3edfe67346ff21be488baca5791de524bcd18d5c0c3d6075b51e84a9e55fde13

Download Submit
/data/user/0/com.wendenggu.jiuchou/files/.imei.txt

Filesize
8KB

MD5
8199870276eb34ad7002d7f1b7091567

SHA1
ff459a4b1b3b2ba6624c083d984bf8bb56627b11

SHA256
08281748d76bcbedbf31d3ea49bbd3dd770ed1316de79fd42bc9c83baeed1ed5

SHA512
41cfeb71a61b232c722e266ddbb103057ae0837de334f4dba042af7eeb2749feef1a031349db103b724ef3fd4ebe61ac088e6ee9506ca49b400cc26299c549f4

Download Submit
/data/user/0/com.wendenggu.jiuchou/files/cnc3ejE6/eje3cnc

Filesize
39B

MD5
7769d4507985f59116153463f09235a2

SHA1
b081e84d14300ac7a7947aade9c025fa83bc17fb

SHA256
5ba33c69421ad27727832442cb5939d5bc853acecd0d8162d7c10a6b96757dcf

SHA512
ce5bb431a31eaba24c0cf467bedb1abee2205b74c4533067058b09ce7e8f9480b8baa01866e3dc89d1800d07da6007f36c1b4fea811e3da164b187903480d29f

Download Submit
/data/user/0/com.wendenggu.jiuchou/files/init_c1.pid

Filesize
14B

MD5
7de2b611b1ad83774fbf5cdada23d931

SHA1
28387e12ef7f676ed9e857caa99624af3cd3e069

SHA256
f838b21fc84ddbdd80428155184c9d1f1351abceae049efdbdbe4a2b9bca7046

SHA512
66303bb44f725314b553b51e85c9208ed0f00e1b3da25adc0cb11fd6053e65b34537b4537f73e5b0116e47489868b8af3e71300cabbce5f15e42c786fbed1352

Download Submit
/data/user/0/com.wendenggu.jiuchou/lib-main/dso_deps

Filesize
4KB

MD5
ca07b35cdfa7853af7d474c8e1ea154d

SHA1
ad31acf981c4d4181c6aaedb0b0eaf2a117921df

SHA256
7682b1af87924d26b21b16f17b87c549ca24acceff1a40db05be17d4d7277253

SHA512
b542329e3523d2eb2afb7c9e0091f505feca6d9bf24ab432420e3447336c609168c980b2438365f4b60d9ccbbb33ee3ef151a6bebd4bea546e2ea5e7870df8c3

Download Submit
/data/user/0/com.wendenggu.jiuchou/lib-main/dso_manifest

Filesize
8KB

MD5
7ef7cf1aaa8d1e1986e6a831dfdb5896

SHA1
4be3921c362679ed379bb2de5f67e1bd9a814e4b

SHA256
4542f1ca822b6c5ad051640fe96cd0bd9b3121228075f90461916228e07b959f

SHA512
7e6ae3d20d7f47d71c204ad29943473eadf6b0088d9d4b0c4b4011d650ca893797022eb27fcc1e17020d7a1562bd73c525981f6fd22d6908019ff7a3a9a69d9b

Download Submit
/data/user/0/com.wendenggu.jiuchou/lib-main/dso_state

Filesize
8KB

MD5
1cb2aa8b669cdb8c97c0091557b98487

SHA1
31da8f38b2bc0dc94c8ec18c7412a8f0a5ec016d

SHA256
5c6c7040abe459fb18a934f68b5c58bbaf6ba0520031190cbf7f4b0800a1c0ae

SHA512
7ca0f01a36b4ee291c164365b5d6294b3591fd387d4819c06cc562037bb147da53f3c6a5d80d3efdc681b6ad10e914c2e75bc0ae6fd356d943891e3c8140b129

Download Submit
/data/user/0/com.wendenggu.jiuchou/lib-main/dso_state

Filesize
8KB

MD5
7cee8cbadeed118fb357a90078d16696

SHA1
3b3366060458dd877edc40945af527c25864a00f

SHA256
913b1a3f455f2b7110fad97a0dbefb8544be2058329a5b37eaf95d295447f167

SHA512
dab896f914cac61e7c5bccb78bacd524c7add5ed91d6ab408a1f62632867f99b483ed4b6cdda15e6a729df04eb96d61275e48874dfce25aa1f32731ac0c85b76

Download Submit
/storage/emulated/0/.imei.txt

Filesize
28KB

MD5
749a23ff1682dbeabe8875482637be6e

SHA1
4077e950c0d0531f5c0bec600371ba81ad04b05d

SHA256
8b8566b46e6e9b496151d64b14111a1e10963acda5cf9395c9a4d39d63551899

SHA512
de63a601bc5bd8a8715cf8367452fba8b1b065e4fdf7a5b3dffd7e76d97f664d8696ae0f1433a0fadd9e9d86d1b32702fdff1d823ad203343157dec932e01119

Download Submit
/storage/emulated/0/Android/data/com.wendenggu.jiuchou/apps/__UNI__59240F3/temp/1715784582589 (deleted)

Filesize
398KB

MD5
46757041bb944e119b34dd2ff6372404

SHA1
5f0968e7acbe21251325b6d611a35fa97b6c6e80

SHA256
1fc348fec9e11b369d444125d7d9e44687e3a81edf86a4626b102a7c616e3ed5

SHA512
98cad145dadc0d56d542ea849c0d3cd2e95c899d16f62b70149dda7765519645d7e1604d1488670167c0ee24ee8ec3944148e469c40c1b4aebc62bfc8ca13319

Download Submit