a1428d5d070690d4839aa1c9084a391098dcf38132db6e40b034705423e4fb9b

Analysis

max time kernel
179s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65addc1cf216fe13d5c1c0038fdd8699_JaffaCakes118.apk
Size

30.4MB
MD5

65addc1cf216fe13d5c1c0038fdd8699
SHA1

85ff84219eba38c27358002468672207e60a17e5
SHA256

a1428d5d070690d4839aa1c9084a391098dcf38132db6e40b034705423e4fb9b
SHA512

aff7a9c1cbbfb16579a38e03eccbd688b4e53053dd57418fa36d1ec505f855b1bfbdc31307185765be2e3bf49cb1c2568e5771f59fa400155585e5aed37b76f7
SSDEEP

786432:cDmm6M+Ke3BT1O3s1PbwyYd2s7yeRjDWnNKFYL8HM:cDMrKeb1PbgP7NjDa8FY4HM

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.dexfun.yiku:pushservicecom.dexfun.yiku:pushcorecom.dexfun.yiku

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dexfun.yiku:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dexfun.yiku:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dexfun.yiku

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.dexfun.yiku:pushcorecom.dexfun.yiku:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.dexfun.yiku:pushcore
Framework service call	android.app.IActivityManager.registerReceiver	com.dexfun.yiku:pushservice

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.dexfun.yiku:pushcorecom.dexfun.yikucom.dexfun.yiku:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dexfun.yiku:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dexfun.yiku
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dexfun.yiku:pushservice

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.dexfun.yiku:pushservicecom.dexfun.yiku:pushcore

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.dexfun.yiku:pushservice
Framework API call	javax.crypto.Cipher.doFinal	com.dexfun.yiku:pushcore

com.dexfun.yiku
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4206

com.dexfun.yiku:pushservice
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4235

com.dexfun.yiku:pushcore
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4263

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dexfun.yiku/databases/okgo_cache.db

Filesize
24KB

MD5
406ffb2e41dcd7ca5ae2db5b94f256c8

SHA1
5290238aad120587651ac49854c085c1d5679870

SHA256
607fb39ea35aadb214c8cceb7076ff8801a684a164bb209980a1eec350a715ea

SHA512
1770afa485aa0ba6afba398011ea4483ba272898c3b80e978a598db83844f81a1f7078aacaf2395c84774a4c057d189c3194780eb5d7bfdb380fa484ac65fc48

Download Submit
/data/data/com.dexfun.yiku/databases/okgo_cache.db-journal

Filesize
512B

MD5
ed2da3f0daedf111182db802ee0e4335

SHA1
4beb793854c5d290be5231657667315798c81ebf

SHA256
60464e22cedc5d55251e00994f9ef870ea71c6c4efa9cd028244f545d466c370

SHA512
2ff949dd265dccb48d169904ef0aa4543e8d5a9b62cf51131cfcd10fbb4e71a657ca35df75e8994aa76786688d08fa1417d3c6a9be9a4f08aeb3c69ad8f86ae9

Download Submit
/data/data/com.dexfun.yiku/databases/okgo_cache.db-shm

Filesize
32KB

MD5
1c4274aa7a9a5cac8c6d1df71e4588c6

SHA1
abaecd685e01cc68801292e3dc7085654a22feba

SHA256
3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

SHA512
1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

Download Submit
/data/data/com.dexfun.yiku/databases/okgo_cache.db-wal

Filesize
36KB

MD5
b566a72db66ec7ab70b24f721b2dbbe0

SHA1
cb1e04fcd857a070659a594b3fe28554ba6cd496

SHA256
177a29fcc8cf21084ff610aeb8e4c16f32a8aea1cc6d1c2e10068e37e2fff3d2

SHA512
2826db9be31e9b610af07284125ec91a769de43ad2ed5d8de51c9f47f279208fe8ea8633ce24e4bdfc94e3ea83bca03dd6af246885155d2bc2d5c82d51981046

Download Submit
/data/data/com.dexfun.yiku/databases/pushsdk.db-journal

Filesize
512B

MD5
df13b2d83ac7b6c971b0a667b0a04b1b

SHA1
13cbf20940e3cea30653ab2d72e4ebd977a9164d

SHA256
8fcf44241f0120b989831dd2428a558076dac502dc42cb61c9fede882fdbc79a

SHA512
9befbf1498acdf5cb3c8029d99383562f74f501586f04aab9a8528a80d794d7f1de601a44e1c648a4969727c74f4432257d61f355a52f969fcff21cfddbd0b83

Download Submit
/data/data/com.dexfun.yiku/files/jpush_stat_cache.json

Filesize
173B

MD5
79601402f791233a9b1b851b011377d9

SHA1
a537e7b88d12f1ebbec59adb26c23308b5138802

SHA256
7954c999af85aa41e82fa70196e6efb984b81e726f555b564b526da264c65ff2

SHA512
48444778cd0a61729df6cac84ee902566309061bbfc64599a4bb6075790dfc36440c3f8a1dbe94339a03dff2bdf13821a37d03c66e6ec5b0cdb891cc3722806d

Download Submit
/data/data/com.dexfun.yiku/files/jpush_stat_cache_history.json

Filesize
32KB

MD5
69845ce8cca4acce353d5042f389b228

SHA1
84816693487723f00f1a19dde8568c1a436903a9

SHA256
1e952efd5fec2ac09f10a44612e5405aa5819a6cd8339637aeb8ceb02abf2464

SHA512
33b43c2a0273732d719359997ea8c1dfad0be224f953cfc31eb6030279ae283b12ae8947c7e4297e0698fc034c12e33b4acc357bcf50f62a476519203c6435a3

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
189KB

MD5
fa7623e99f2b7035ecc4e29e5182617c

SHA1
d26a93ce8af626dbdfe0710776757edd9e0956ac

SHA256
5636f8fbd80a35c0f2a97c311ad20bdb773baab3d256d626c76635f48513712b

SHA512
b9b89f54e7ccb43bccc5a2a2faa388b048844c51574897e2d25362ad43423476a24dab031b57f2bcd33df83a314f3f0b0717ed21ff2b088f2edcc7de4f71c110

Download Submit
/storage/emulated/0/libs/com.dexfun.yiku.bin

Filesize
67B

MD5
8d6a39d6d8904510220c9f46e2edff28

SHA1
3efc174eadc6f3deed3e8860c4487d5372896e63

SHA256
eefd00a27e8a6191a6e10d7f6390d5147ffd2ae87d828a0390b631774fa9c6ed

SHA512
64cc5f609673b7fc0c55c5d41d422a01d114a5cbdeb3283051235d61d1209546a91077c835f0c22e37a9672a4525b61886e20a83fdae5c1ebea8619aa975611a

Download Submit
/storage/emulated/0/libs/com.dexfun.yiku.bin

Filesize
67B

MD5
a2c7b8edb46d6edb641381b9d9261b1c

SHA1
175c37324b14da18a018d7aae7e95c5641ba7c8e

SHA256
ce8e8ae15321cca42edcc18b37f6de994d0eb9d1cf8fbe6f12b4de9d4ef71472

SHA512
5b45923ee7f2f80ae1b86082bd95ed4348aff427982e5f50a860a30c2401490bdaeb5f6bf3976ab09567838c333705d7df9f4a33702b3dcd26e2a87bf309b1a0

Download Submit
/storage/emulated/0/libs/com.dexfun.yiku.bin

Filesize
67B

MD5
f2cd7f174cb2d8b20300510f35e87524

SHA1
b9034569b8bad0a41432fd79e84d95cb206af7fa

SHA256
f8ff8730369c50d552924118911015f54e06720e2bc41839b957169fc81ed737

SHA512
44eb11437c42be13332e8c47044c0841ed6f668195804fe5fdd1855100c358dc46abcdde6ae4947cde2bd5d75b4a9e631c06401c6ed0edcd5ada4e4427b8fb53

Download Submit