Overview

overview

10

Static

static

10

5f8eeecf8e...18.apk

android-9-x86

7

5f8eeecf8e...18.apk

android-13-x64

Analysis

  • max time kernel
    5s
  • max time network
    151s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    20-05-2024 14:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f8eeecf8e80fb89ad429c9bd73bbedf_JaffaCakes118.apk

  • Size

    21.8MB

  • MD5

    5f8eeecf8e80fb89ad429c9bd73bbedf

  • SHA1

    29f72bcd8a8c47f67eeaf9f91685c1807ef7eb48

  • SHA256

    c0e4a291d2a2802737231fdcc3ba495ce5a21d228a747d4f0639a258be63159f

  • SHA512

    b2a608585a3f81a965674b03ebbaa3b0460c7e80d8bcc87c1eb83e0c18089667344f625e84301fa22f641a21baaf3d317c90b9374630e77c57e67563b033a604

  • SSDEEP

    393216:pnDa1aFM0V9xaQPDNX2s+d5nGJ9khfjxuT/tW85a7H8YMiarD4eegk5RmZ9+:ZDa1aFF3xamR5+dRMwfjOVy8ua/455iE

Score
7/10
discoveryevasionpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks the presence of a debugger
    evasion

Processes

  • com.app.mind
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4279
    • sh -c getprop ro.yunos.version
      2⤵
        PID:4322
      • getprop ro.yunos.version
        2⤵
          PID:4322
        • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.app.mind/mix.dex --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/data/com.app.mind/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
          2⤵
          • Loads dropped Dex/Jar
          PID:4348

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.app.mind/cache/jsb.version
        Filesize

        1B

        MD5

        c4ca4238a0b923820dcc509a6f75849b

        SHA1

        356a192b7913b04c54574d18c28d46e6395428ab

        SHA256

        6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

        SHA512

        4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

        Download Submit

      • /data/data/com.app.mind/cache/libweexjsb.so
        Filesize

        6KB

        MD5

        6501e0bb0f8e73e3355872692c30de14

        SHA1

        f646d3dc40536c54905f5eb666d6ab36b0c05fa6

        SHA256

        f32fad72a4162705c43c0e39346a6467cd48430cd805f910c057a390dd4f78f1

        SHA512

        73c1ab52e1ec09b1d55c02252b222f54277e40267580e16fb19c338098ba43c9b5ce97740718d1ddc045e0d24370d588e8d3bef9b95c4eb47b083e467ba491f8

        Download Submit

      • /data/data/com.app.mind/databases/bugly_db_legu
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        Download Submit

      • /data/data/com.app.mind/databases/bugly_db_legu-journal
        Filesize

        512B

        MD5

        d6e38639e99583a43e488cc3319a94fe

        SHA1

        6d9b9ff6c900dc0bc0c1cb4e7b174cffa4c557a8

        SHA256

        e23d1916b96c7714cf528cee3c220b754235aad87efbb7a528a5215b78a6e4db

        SHA512

        8a0f7afddca9625939450c797af22c5f079a7d2255404a331849b1b2469fc24be3d941ca72996e8fc441224d7403accbe4d0e36909e224432668bfc500708de7

        Download Submit

      • /data/data/com.app.mind/databases/bugly_db_legu-shm
        Filesize

        28KB

        MD5

        cf845a781c107ec1346e849c9dd1b7e8

        SHA1

        b44ccc7f7d519352422e59ee8b0bdbac881768a7

        SHA256

        18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

        SHA512

        4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

        Download Submit

      • /data/data/com.app.mind/databases/bugly_db_legu-wal
        Filesize

        92KB

        MD5

        d017d6bdece70a2a60b77fbcbf0ed97f

        SHA1

        770d822e3d2eb2b8869b25659563a0e11cf9cd7d

        SHA256

        c7057d1221c69f4f42c005214beb7dfcebf6144e027605ce1d89d78518db387a

        SHA512

        3f4c18ffe395c480fe3b3fc6d1d7eedeae7d5bcd3d2b0a4f36b8a67773c0f98fd1ddb12f6997f42824a4e433d3740d778880b74646b25b4565e2afbbb88ba0d5

        Download Submit

      • /data/data/com.app.mind/mix.dex
        Filesize

        292B

        MD5

        63f77f99bd2c2b772a479923bde11974

        SHA1

        c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

        SHA256

        4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

        SHA512

        3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

        Download Submit