a1428d5d070690d4839aa1c9084a391098dcf38132db6e40b034705423e4fb9b

Analysis

max time kernel
179s
max time network
190s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65addc1cf216fe13d5c1c0038fdd8699_JaffaCakes118.apk
Size

30.4MB
MD5

65addc1cf216fe13d5c1c0038fdd8699
SHA1

85ff84219eba38c27358002468672207e60a17e5
SHA256

a1428d5d070690d4839aa1c9084a391098dcf38132db6e40b034705423e4fb9b
SHA512

aff7a9c1cbbfb16579a38e03eccbd688b4e53053dd57418fa36d1ec505f855b1bfbdc31307185765be2e3bf49cb1c2568e5771f59fa400155585e5aed37b76f7
SSDEEP

786432:cDmm6M+Ke3BT1O3s1PbwyYd2s7yeRjDWnNKFYL8HM:cDMrKeb1PbgP7NjDa8FY4HM

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.dexfun.yikucom.dexfun.yiku:pushcorecom.dexfun.yiku:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dexfun.yiku
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dexfun.yiku:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dexfun.yiku:pushservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.dexfun.yiku:pushcorecom.dexfun.yiku:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.dexfun.yiku:pushcore
Framework service call	android.app.IActivityManager.registerReceiver	com.dexfun.yiku:pushservice

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.dexfun.yiku:pushservicecom.dexfun.yiku:pushcorecom.dexfun.yiku

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dexfun.yiku:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dexfun.yiku:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dexfun.yiku

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.dexfun.yiku:pushservicecom.dexfun.yiku:pushcore

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.dexfun.yiku:pushservice
Framework API call	javax.crypto.Cipher.doFinal	com.dexfun.yiku:pushcore

com.dexfun.yiku
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:5172

com.dexfun.yiku:pushservice
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5208

com.dexfun.yiku:pushcore
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5240

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dexfun.yiku/databases/okgo_cache.db

Filesize
24KB

MD5
acc170341f29afdb49b3ed626c109f4c

SHA1
d5df281833da40b1e67f7e6efeab7655a734dd2b

SHA256
5c2a51c0c348076781b9b14daa7d98a9b1cc33d55000415ea300f9975c084986

SHA512
63d62a2fe46e6386c923fd156ae2fd2e9e4b80a45ed9edb445e50dc1ad535dfccb2e194fa451079c10c14f56d3a8c41be84080c3d05c8281b19ee1fa27190b8b

Download Submit
/data/data/com.dexfun.yiku/databases/okgo_cache.db-journal

Filesize
512B

MD5
70b6e52e9718a9745ff18eec15c867c2

SHA1
d6e3cbcd0e6c2269096813da25ac5dca49ad9354

SHA256
4659acd96bb760bae6987ad9b78c9318a63a38db7fc433386ed7ce5f748e0507

SHA512
040a434c9dbf825e83b45bca89dcabba74f82765faf5563bb7da0976425611a38f063751b447dac36da4711569fead3c491df7c81bc2b0824e3edb981bfc42e9

Download Submit
/data/data/com.dexfun.yiku/databases/okgo_cache.db-journal

Filesize
8KB

MD5
4f35340970d9b7d9abf1c318da17cf7f

SHA1
1dcd59c25bab56757961be393bac20eafc9f62fb

SHA256
73bcfd6091cb8e8c5d9ce42f688f21cfe67246af07bcc8a4dcc7fa9ee0c3f856

SHA512
065143dfce7ff07fb35adc4b2dee17da5db7384864e7c8d43052b0404f34a875853e2dcbfb5e68155bac4dadd4ba173257d6a8616a0b62f0ae57907ccbbd01a3

Download Submit
/data/data/com.dexfun.yiku/databases/okgo_cache.db-journal

Filesize
48KB

MD5
bf2d6fd709fa4f191916fed7fe04d5e3

SHA1
3e2ec762bf9a39751f6c7c4f493592bc3acfed04

SHA256
c84a9d7240c1764a9198dbc30fcb3179d2949d2f9314bfaee6c433d2bca9f139

SHA512
3af690f0a1876f2de035fe3280cf42b526b9e6122331d893330265bb1493a4b70ac062e21fa62139d051b4e35c15fe52b6570cd30963362a2f006fbb6ffd898b

Download Submit
/data/data/com.dexfun.yiku/databases/pushsdk.db-journal

Filesize
4KB

MD5
abd625f2f4f8ec43dccfa11180399be3

SHA1
5da14257524dc91adab3aa800c543e571367669a

SHA256
52466ebf758b1de92e4b54df35e250b6ea35d4d81d46fdc8d6011e5a30d20c7c

SHA512
d84794bd5b0d6bce58918c38b977e97437e23ae14443b8afb8e59e237f9e3f7cc422f4976bf5aea67f5035c515d82592386ea4bd557cbac46177dff9ecd2c37d

Download Submit
/data/data/com.dexfun.yiku/databases/pushsdk.db-journal

Filesize
8KB

MD5
af7aefc223dad7c0e9dc21644bfecb66

SHA1
2ceb7f9d111fe1331d3e8ffdaf40a27388a9aea0

SHA256
e46a60c000652cda67289e02d584e3cf036d781dcac278709acbe704e65f3d16

SHA512
519d79321d901f82f5a01f9aeb606a743785006f029f589fc9a47308e633d3733b2615ad685a44b847ce189263cf170cc9555e133512960ab24c915855b2356a

Download Submit
/data/data/com.dexfun.yiku/databases/pushsdk.db-journal

Filesize
8KB

MD5
1510716dbff25ec03fa133e0bfd9c831

SHA1
82243aa57a5b08423690097649adb34a18f0d999

SHA256
6578276a8dd6066870fc5256b06c5bef0b3b4b2bdd9965814eb62d596faff38c

SHA512
34ecd94f77e4451467f1fe056d159d3789406d4fb644b7d3f513bcfb75c24773846a505467272ee438d21a0edc631d33cbc9c2361b8106a2ba174c75e40b301a

Download Submit
/data/data/com.dexfun.yiku/databases/pushsdk.db-journal

Filesize
512B

MD5
fbbad9438ad2c840bc885de9bc7677ac

SHA1
8276b7dc5db705e085e4bfe696602dc94a45e072

SHA256
4d98d8d6387e313cdef947edeed1f28f4288c8d05fc915e9d68993610b4a6eac

SHA512
01dd7b89dc0ea69288112d9c507d8be6cea63a6e2a9f88911de45354b1e44cc72983c2ff5231c6bf9831062a08ff7b3205bf523d0f00d8646ced7ef7f88af36b

Download Submit
/data/data/com.dexfun.yiku/files/jpush_stat_cache_history.json

Filesize
8KB

MD5
8cb7e9ff66c1b70d1a1e4fd993702bd9

SHA1
910329e6ae34f564db7ab75dffc1695ae8a5fa4c

SHA256
79a1d18350ba08e72bb0948afca0a3f8534341bdb17f266640ff6f4ede9d847c

SHA512
b9a55a70f69ef95ed0f7f81f931a9e065085888ebccbf23ec066a14f3ba6935bac9e824285b54bcc72c7a7e0544796ae58309c87b68e3a851364ecefabe7aea7

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
8KB

MD5
c9d0772ad02828f08563a5b856b67f02

SHA1
abb9860b74cf95544df3cb53dc5de6b02fdc7da4

SHA256
57c3ae16447336a7ec5f12909ec83ae9aeb9e9914452020c6c9728201d00a3ea

SHA512
e7142b4e028b7b3e71ca80a7ddbf052e2ad1942a7b602f31cc0ee2f231598b10b0a0c0fb48116dec427198ff59147d9d72ec99c972a4aa77ed5946340df70d4f

Download Submit
/storage/emulated/0/libs/com.dexfun.yiku.bin

Filesize
67B

MD5
c96ee86f220e3e6524668ca2f13d5f47

SHA1
1a0af3ecb12fa836d047658f0aa82010348a9116

SHA256
6ad4e172bac690fb33adfce0023b1551d3ef479e23f69854950478c21a86e647

SHA512
e5eefd450bf68ee48613c112accc6574e88830f8a9bf2720ac476fb31e939d30f00eb5e6b16dc8d5966b4a063a0fd04f24f0af748f51eb4414a4ad6239ff67da

Download Submit
/storage/emulated/0/libs/com.dexfun.yiku.bin

Filesize
67B

MD5
d413b6622bbaeee80deb253050257805

SHA1
0ed23c6b62a016334cc4f11ac7351d51a3d6249b

SHA256
908aeeec05a4fa2dcfe57964aa00566e653d0059f38e646dccd6695c41dca665

SHA512
9a14f9993bf949889cd891d8b020dd64eb3b4e2902d202e90c1423ff90e3bd1670e5d57edeaa9730bbf7e8c313541b914ca9590336f6559edb3743d4003c7fb4

Download Submit
/storage/emulated/0/libs/com.dexfun.yiku.bin

Filesize
67B

MD5
8887ae89cb0e99c46b6c0d6fdabedc7a

SHA1
90061518ee54b3dc1c8f865d92e03dd871fb397b

SHA256
f01fc0a19cb920fbf87b1cb5b1b9afcd34d700ebbd92b996f9a98ce8cc0909af

SHA512
535cfa083a3b9c2ec97c159f1c36e866688264fc36e8b28dd3ea2a52f3389b33c52ff0778acd42d792505a933eab53f98f154bc206dbd41876c39875e1b7d442

Download Submit