489a9cb3e9f9ceaca3bb3e27a84acf3c21abcc5be686e98214296ae98eee4284

Analysis

max time kernel
179s
max time network
187s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68ce2b64305f4458b3b1f259c181912c_JaffaCakes118.apk
Size

14.5MB
MD5

68ce2b64305f4458b3b1f259c181912c
SHA1

a547984caec6313f6ba7359cfda009268647067b
SHA256

489a9cb3e9f9ceaca3bb3e27a84acf3c21abcc5be686e98214296ae98eee4284
SHA512

9b598e476b9da11759a719dffdd0270d13788189f9db97b0ee42d0dd18dd16284613e8a9aa5f1e3575afe861c19cfa48095d7718d6d4881bc8043e41368c37ed
SSDEEP

393216:QmIse8nq4yNljPXAKf9UvvP42QZHjPB7u:QmIenqdzwKf9EPRQJs

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.feichang.yierduo

ioc process

/system/app/Superuser.apk com.feichang.yierduo
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.feichang.yierduo

description ioc process

File opened for read /proc/cpuinfo com.feichang.yierduo
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.feichang.yierduo

description ioc process

File opened for read /proc/meminfo com.feichang.yierduo

ioc	process
/system/app/Superuser.apk	com.feichang.yierduo

description	ioc	process
File opened for read	/proc/cpuinfo	com.feichang.yierduo

description	ioc	process
File opened for read	/proc/meminfo	com.feichang.yierduo

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.feichang.yierduocom.feichang.yierduo:pushcore

ioc	pid	process
/data/user/0/com.feichang.yierduo/.jiagu/classes.dex	4617	com.feichang.yierduo
/data/user/0/com.feichang.yierduo/.jiagu/classes.dex!classes2.dex	4617	com.feichang.yierduo
/data/user/0/com.feichang.yierduo/.jiagu/classes.dex	4686	com.feichang.yierduo:pushcore
/data/user/0/com.feichang.yierduo/.jiagu/classes.dex!classes2.dex	4686	com.feichang.yierduo:pushcore

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.feichang.yierduocom.feichang.yierduo:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.feichang.yierduo
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.feichang.yierduo:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.feichang.yierduo

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.feichang.yierduo
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.feichang.yierduo

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.feichang.yierduocom.feichang.yierduo:pushcore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.feichang.yierduo
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.feichang.yierduo:pushcore

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.feichang.yierduo:pushcorecom.feichang.yierduo

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.feichang.yierduo:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.feichang.yierduo

com.feichang.yierduo
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4617

com.feichang.yierduo:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4686

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.feichang.yierduo/.jiagu/classes.dex
Filesize
6.0MB

MD5
0cd3889249a5c8051fba7021cf5bf313

SHA1
46daf7930623fcb4e1a911959529310767b73299

SHA256
6494af47c3c4fb939be22da0f18913466b3624e07fba0d5244515845b52d6eb7

SHA512
f597f4ced0bede7438dff36aedc7fb1f589a7d2a3049064b7e030629e44d742483b25b0817f36f18619212b05cb3315ee5ea0e3df6e05155d744a7836d93b714

Download Submit
/data/user/0/com.feichang.yierduo/.jiagu/classes.dex!classes2.dex
Filesize
3.4MB

MD5
745756525e4210290812c34f807cb488

SHA1
cf5666abf4399847dfeeb5f6788dfab5e909f3cb

SHA256
a8fd669523ebc0af7142d54a1cc03850948bb6552eecfb34a21cf28cc3a70f00

SHA512
0122db1f70b57d1eb816558fe1c532fcf39ebe7f55ccacb2930c64354dd907804bf3de3e26d809b065ed1040e927166f6145a1a708f30936b51c2051e9704897

Download Submit
/data/user/0/com.feichang.yierduo/.jiagu/libjiagu.so
Filesize
475KB

MD5
5aea02f4e4c77fbf2e7a27f7ca9cc06b

SHA1
522db1748608e9173547b29b7aa82ddc3542c534

SHA256
5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

SHA512
5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

Download Submit
/data/user/0/com.feichang.yierduo/.jiagu/libjiagu_64.so
Filesize
509KB

MD5
289fb443987b114ee4237b4dd97672bc

SHA1
9b898410845dfaeae3af212b5df41177ba9b8f34

SHA256
a55e9ee18285b41a4ea1bf375930a5bdb603dbfc530a3dcb224bbded14e68210

SHA512
debbf2720c9b132b5923eaa9fcb372a72a97d574bce59789d06b645925fa2d6a27473aae4c9f1e4968614d44fd98a8b0fb1eec217a595fb5c80bcfc056705508

Download Submit
/data/user/0/com.feichang.yierduo/cache/image_manager_disk_cache/f6375f333751c9e17a04dc96796f4ba1fdb99170424034cca24de9c1f004225c.0.tmp
Filesize
21KB

MD5
6f0e4dc0b14d74f0620dbad7d8c21e59

SHA1
075d224b80cc6d49659e65a06515f1fe424ef84d

SHA256
ee752fc56a6df96b7c327f9a3529e23bcbce6a9f37ca4518df3096e4b0f9dffb

SHA512
350523313b84ce8556d7a3d72c82d7989c452c523ca9811b8cdb6b9d5a659a4e4c01e9be6db5a97a438adf71e4aaa660f78747487b6e8f49897022918727b94d

Download Submit
/data/user/0/com.feichang.yierduo/cache/image_manager_disk_cache/journal
Filesize
179B

MD5
f217d889264ee3a6e3000c99f7d36ac3

SHA1
d775a13fefcc315d81122305a89a1fc4197b5e18

SHA256
f0a01085a3240dc698584837ec5fb96e1565f3f69e54b626e64367cbc6dc79a3

SHA512
b8e62d8ce0e52f6a3564afcc4e6dde43b5cd457b318481e08cf2162e06f5a745c5a392a7fe31552f50ee6dd65166aca6168b55013123b5263041876077e22fb8

Download Submit
/data/user/0/com.feichang.yierduo/cache/image_manager_disk_cache/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/user/0/com.feichang.yierduo/cache/journal.tmp
Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/user/0/com.feichang.yierduo/databases/bugly_db_
Filesize
60KB

MD5
63738535b3c75040654a3ab49f02ee82

SHA1
f9ac3a4137687d34865ce9c33e805b45a841c409

SHA256
dab475e2ffd6d1315dd14b1440084fd7f3e39b1a327c2c4e16799f67387d50c8

SHA512
b2fc313c324d85f4122912e1cbc381f0e2a64ef52a004da1b65dd91fdb0f592f3aaa056d1eadf3e57cda133f42828374f20ec2d99a4672bde491254e1029de77

Download Submit
/data/user/0/com.feichang.yierduo/databases/bugly_db_-journal
Filesize
512B

MD5
7a76f3482e077642bba9fcfdb3dae9e9

SHA1
62ceb90f1a09348eb90852de0a41556ecbe14076

SHA256
0c212116dd3b15eec28e79de9ad2864a8f68baedc3e71c559dbfcd45eef46cf6

SHA512
0021a8a88e20c335c76341b69cee375c9ddedc44f24a4a2cfba365467f98fec6010888811f26c4f9ec309ad642695f2af183dd8531773afa57cf95fa4e1e3878

Download Submit
/data/user/0/com.feichang.yierduo/databases/bugly_db_-journal
Filesize
8KB

MD5
3d6a6b8c1f44333d39cee940bf400065

SHA1
579d24e7bfb1cebca561203c0e7b89c772af33b2

SHA256
f9a84f80c1caba43de585507a2664e45edb95db9a3d3fcab6b2bdf426f78d801

SHA512
68ec013b9e7869c562477f7783a3a50d63a718db5f05d1484587e5b4c4d102359fe1ae29dde7fca26c51cd4b7058a997a015250cc8e65a7e17eed5cabc124a63

Download Submit
/data/user/0/com.feichang.yierduo/databases/bugly_db_-journal
Filesize
8KB

MD5
8f86c1ee1480f5ab89c09ce5dadfd118

SHA1
976fb9a3db6f786042d0ed7fbdefa68e6aca5fff

SHA256
605ff396f700690ff592b7dc2b91c8a16ffb0b6559092bc8ef8283367a6b5c5e

SHA512
ad775c187d27d98b9725bc133890dbcd0e50629e0f2084773f1781eb020287dcd22ecfa6999d67f77f6a98a9095b37feabec27a3241ac24d73ac09cb975a48fc

Download Submit
/data/user/0/com.feichang.yierduo/databases/bugly_db_-journal
Filesize
8KB

MD5
aa79867e7fe869295db02d0e3f5b1050

SHA1
c428447d0ccf0548145d33a56d0605519d09755c

SHA256
96825113d06305379046a922377987fdef5d4a269ec9282f63fa7ebe5c94904b

SHA512
7593ce31ab803958066fd9e25a397aa070ffbbe9acdd658bff98baec1bb1f0bff0b5b6fddcf4958cbadde70313800e1296745ba31c336c3b3ae35a1a3915aabd

Download Submit
/data/user/0/com.feichang.yierduo/databases/bugly_db_-journal
Filesize
12KB

MD5
408c538b5922be84c4129c3a564ef30d

SHA1
a32d9c04bef7146ee28b3a95d4b9fa491c4a103f

SHA256
f7a484fa7ab935fdfaad1eb8167b321768eb0b97a9c877225eab09318917f3b9

SHA512
2d7622f25d8a005f544f7231e4a5798d8323655242d14444491a009fd3d009f2342609ec80c66a9469eb1fa6591f223d41d398cadb9a61e83cb65cab63cf0cfd

Download Submit
/data/user/0/com.feichang.yierduo/databases/bugly_db_-journal
Filesize
12KB

MD5
03cb34c7122bfe93e228b23748208134

SHA1
69435ed9e5dcfcd98b9e89c6b572502a86bc6c31

SHA256
64e1ddf4f12bc521f1551f8cc2b3b81a4bfa696a7fdcaa05d56d3024fee0c8ba

SHA512
51450914a140e4a1e25be6031dcf89e604046cc00b65bb06552e8ed8d1d05ebacf6a52d530d3302df9aba7f354d9cea367137c5320375b9b972e4abfd6a4c2d8

Download Submit
/data/user/0/com.feichang.yierduo/files/.jglogs/.jg.ac
Filesize
32B

MD5
0d930c9386ba9e004da5a7c805e066b3

SHA1
421c3febf5037b3924449899c5bc7f5401ba361c

SHA256
52e4d050b77560a032e252aa56e4e251af716f6f645e3646b5f5844b076512c1

SHA512
cc98814cbb319fb4201f2e2c852ee2d6a985f832db48875f85d6cb792b3f35d10a1ea63ea361c7cebd3ccde7f5a4d8df4e62a8f6d62652ffa05f9390135d729c

Download Submit
/data/user/0/com.feichang.yierduo/files/.jglogs/.jg.ac
Filesize
40B

MD5
1e27ddfd045e8284b02939b2b6040a86

SHA1
de4fee7f6c36daac9dd678b2846b320f31583df1

SHA256
1e93106e1ef6e3e507bdf8324102e7026bca1a2899a526e009b3d7e60fd433d8

SHA512
50af0b03907b50e6da96d6c35b963e8cd0de587ac723ce55d3624646e4039616d760d9fe2891663c80e4fe2221802f6cfafdc010809a1c2c1f1eec08b386c667

Download Submit
/data/user/0/com.feichang.yierduo/files/.jglogs/.jg.ic
Filesize
32B

MD5
f86290ac1b1d3b7b4688732767f1324a

SHA1
f5f58c47d12b4bec02ad594eff83bf0410a69c57

SHA256
ff2a2c16def0696c7cf1e7ab66b885d294b0023c3f8e3f414df65cdf8ef03c14

SHA512
cd271cf31f8e171597936d1beacd225a30ec6346efaf9bacd37755b83a1ca5058a58dc249c45367c7fcdb583bc2fcd909d320636f3cf9092a008261918f09154

Download Submit
/data/user/0/com.feichang.yierduo/files/.jglogs/.jg.rd
Filesize
32B

MD5
08516ad5f3f8aecab77d18e45f271eae

SHA1
7db6c9968f22d5ca3125940b6527f36a87093e55

SHA256
ebb9b9106ac3e4a0ea1400789142fd309bb7cd2b0963b23083885c441808a154

SHA512
b380d32b33134a5a60b29618f8e07013ecf0200b34e975a9b742267bba01ed981c5b5690bdec18ff738f3acb6b8859f49e91a70dfdb062d454df05da18110891

Download Submit
/data/user/0/com.feichang.yierduo/files/.jglogs/.jg.ri
Filesize
307B

MD5
aeca26214152b266857a72477b47364c

SHA1
ae4c1f1af78f6ec97fbced58f0d5da72b98febd5

SHA256
97abdd01c8f11133450ad39ca075f43c55f50a57faebb1b4bd543d7fbe744bdc

SHA512
3460c0cf642e11ac47ffabe68134669ed11637f091c7b444c69250a18450cb2afe0621c76de0f8cfcd3d12cd9e9bf741bc5d0d1a6d566e7980174c11caf858a8

Download Submit
/data/user/0/com.feichang.yierduo/files/.jglogs/.jg.ri
Filesize
314B

MD5
a2eedfbdb3d2923a74c4bdaf7f47b2f2

SHA1
0f3c3467eec435fa04fc6a94b0c29f8710159e2f

SHA256
d1d8816f59fe0ad4851af4666283f0835b9a2cd80381cb15278cbf972c36d4af

SHA512
3ccb67fd21260ce217c4bb11c62bb2114f7fef162e0e570f735bc3eac5c205f5ba4bef909a275b1ca9167dd3f2ca7c7a4be0c1a0dd480e26ebe8b31c9b848190

Download Submit
/data/user/0/com.feichang.yierduo/files/.jglogs/.jg.store.report_pid
Filesize
32B

MD5
d3c6075028bc785a3334cdeeb5d4b383

SHA1
46a4c8952820061c723b752949ea62b333361ef2

SHA256
9010407c9477f9f4733657e3129d6ad8f4979789e738c20a464bf52ca5c1201e

SHA512
c96977a4add7ee941574d39ee4c023eedaf0933a6c782251cab00dc7db89d3238e336c12c98bab3391b3cb1a9c9e27db1a24865892e95777df9f2ff8c0827ca0

Download Submit
/data/user/0/com.feichang.yierduo/files/.jiagu.lock
Filesize
336B

MD5
dcbb4c842cc957a1203e31acbe53f508

SHA1
0dd110ed72959cee300f7d92c40f14223cb3c055

SHA256
7639c277d21ef679ba7bfc43946d20717e4996ad0ecb285319161d067088a3a2

SHA512
282fbfcc4c9074a1252102027fe851764a5957ebd88085f143b3f2cc81be0548d341d432a42512bcf3f234cbf1b51c9f28c55e0d3fe8dce611f562f71a40698b

Download Submit
/data/user/0/com.feichang.yierduo/files/jpush_stat_cache.json
Filesize
195B

MD5
9fd35a56631854c1c5c54bbf9e8063dd

SHA1
4de4f0185bbf8289afcf84a94e3a1b9c6ce751eb

SHA256
eb34bc131fcbda20fc69198c6a1f62a1e7f43fff5ecc2f74fac5e7c587fdfb29

SHA512
f9a4a3ca54220b5e1ed81d98a133f4647c1d9f6815304e37c81da544eaaf602af841dda025a4903f29135259bb8a75608c6c44bbe797abe57ee5454429c6d27b

Download Submit
/data/user/0/com.feichang.yierduo/files/jpush_stat_cache_history.json
Filesize
174B

MD5
e4f1bf859f1bd8535907492633c5933b

SHA1
42360dfec380758e670bee15b4f5443df782a758

SHA256
e5425c4d719a020898712ea757a075ef8caa1e174cc597c289684e7c22b015e8

SHA512
a17110b24b08b03feb1d5b22c0333653336ff7c6b6b8db4e86442bbd0ca5c1f2145ec00b55b1daf1dd18882555661b2a9674b6521ce6add2aaa8b2955110e6ad

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
fb5a71185ec5d523a36e79f12336c8a0

SHA1
970e058db847b95460cae64a6f53d65251e9ed4a

SHA256
367d37beadde13d404db8b990645c63ae8f02ca992f7f4569e05241183c5f71e

SHA512
11b187cf5f30c10fd6efbd93a5c3eb33f952e08618665d174f37e136f8f92549770624691707874c5ac75b490fb7e219a9dff6265aab93e556fee76c76358bf6

Download Submit