Analysis
-
max time kernel
179s -
max time network
180s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 06:07
Static task
static1
Behavioral task
behavioral1
Sample
6642157c63e9bfb1dc1b56eea4da1e8d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6642157c63e9bfb1dc1b56eea4da1e8d_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
6642157c63e9bfb1dc1b56eea4da1e8d_JaffaCakes118.apk
-
Size
11.7MB
-
MD5
6642157c63e9bfb1dc1b56eea4da1e8d
-
SHA1
1313da34018def64e8c742def745a848e732ba26
-
SHA256
812daab5eee4f0cdf18aad2ab02181b855c6cf401ed6f878f64f2a383e8beb24
-
SHA512
d48dd706f01cc101a69f47fbcfa6983d8d3b2c7b6469f518ed456cb3a73d2403f254e77afb7e5418699e1432d0a100776103419c8a13194cceda63e1e3f376c4
-
SSDEEP
196608:52hCjS2iC+8drZCG6dJeoMdABMNI6y/wXCOOFdL/dIoElFRkhUGCR4VVJQ9WHjSX:Ahc9+UKdExNN64XCOSd3ElFRkhUh4VVs
Malware Config
Signatures
-
Requests cell location 1 TTPs 4 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.hengxin.job91company:remotecom.hengxin.job91company:channelcom.hengxin.job91companydescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.hengxin.job91company:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.hengxin.job91company:channel Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.hengxin.job91company:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.hengxin.job91company -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.hengxin.job91companydescription ioc process File opened for read /proc/cpuinfo com.hengxin.job91company -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.hengxin.job91company:channeldescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.hengxin.job91company:channel -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.hengxin.job91companycom.hengxin.job91company:channelcom.hengxin.job91company:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.hengxin.job91company Framework service call android.app.IActivityManager.getRunningAppProcesses com.hengxin.job91company:channel Framework service call android.app.IActivityManager.getRunningAppProcesses com.hengxin.job91company:remote -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.hengxin.job91company:channelcom.hengxin.job91company:remotecom.hengxin.job91companydescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hengxin.job91company:channel Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hengxin.job91company:remote Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hengxin.job91company -
Queries information about the current nearby Wi-Fi networks 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.hengxin.job91company:channelcom.hengxin.job91company:remotecom.hengxin.job91companydescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.hengxin.job91company:channel Framework service call android.net.wifi.IWifiManager.getScanResults com.hengxin.job91company:remote Framework service call android.net.wifi.IWifiManager.getScanResults com.hengxin.job91company -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.hengxin.job91companycom.hengxin.job91company:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.hengxin.job91company Framework service call android.app.IActivityManager.registerReceiver com.hengxin.job91company:remote -
Checks if the internet connection is available 1 TTPs 3 IoCs
Processes:
com.hengxin.job91companycom.hengxin.job91company:channelcom.hengxin.job91company:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hengxin.job91company Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hengxin.job91company:channel Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hengxin.job91company:remote -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.hengxin.job91company:remotedescription ioc process Framework API call android.hardware.SensorManager.registerListener com.hengxin.job91company:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
Processes:
com.hengxin.job91company:remotecom.hengxin.job91companycom.hengxin.job91company:channeldescription ioc process Framework API call javax.crypto.Cipher.doFinal com.hengxin.job91company:remote Framework API call javax.crypto.Cipher.doFinal com.hengxin.job91company Framework API call javax.crypto.Cipher.doFinal com.hengxin.job91company:channel
Processes
-
com.hengxin.job91company1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4266 -
cat /sys/class/net/wlan0/address2⤵PID:4421
-
cat /sys/class/net/wlan0/address2⤵PID:4447
-
cat /sys/class/net/wlan0/address2⤵PID:4475
-
cat /sys/class/net/wlan0/address2⤵PID:4550
-
com.hengxin.job91company:channel1⤵
- Requests cell location
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4301
-
com.hengxin.job91company:remote1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4399
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.hengxin.job91company/databases/MessageStore.db-shmFilesize
52KB
MD52e957dfc83a5da67ffe30c817dc45fa3
SHA1aaff9b744c4b74c7d9f0064461be9fa7df3ff464
SHA2562ef52e182251907714f035be77d2b39d33ab35b84037542919c9d666213ede56
SHA512e30e39ca9ad8e9670f082a7af110a0c60e128ba1860e47b812683679efcb5b0fcc10fb44e1f88a69ca667fe7f88184af6276e1b5241c442c331aed5d60448c18
-
/data/data/com.hengxin.job91company/databases/accs.dbFilesize
4KB
MD51d83b917dffab6b582c374f2651c7503
SHA1b60c98af30c5b8b69c97325359709f2dac7eb1ae
SHA2560cf4c5aaa4a53c9288fa3d5e14fddbdc7d246d3f04567ab9cec1dd42750d47f3
SHA512276ac5fc8ee5ba0233277396d9ddc73f5c7847571794a3759e52fb4ed450571d3634739e538cf6cf3f35ddca703c252cc2d4ca15165a0c63bdaeb7919b72ef56
-
/data/data/com.hengxin.job91company/databases/accs.db-journalFilesize
512B
MD5f6b7a99ae8711df6daf6189d3028147c
SHA1f992974366366c01bbd8f3f9ae5e5a3c3c549020
SHA256115fc678762005388d5927706e8e192ac7fa8ffa81ae72ae9d5e31a59107b350
SHA51280f1bf608755d0752faa15e07bb7c569010246b7dbcaa0fb84f09a3ca5a814db993976e5eeba1813ab2fdc0478103671ab92e6befcefabe105e7e65ade12420f
-
/data/data/com.hengxin.job91company/databases/accs.db-shmFilesize
156KB
MD539a0f87369ec9186332b46082b599775
SHA189cd964cf272c367a9db11f1af006380251c9cbb
SHA256fe9503cb3cd6af3274cfff95f7f693499e35885b5f65333e782046e74d57856c
SHA512de08ea2170efa97e5d27fd2b7476501f9717e9c3864d863837561ed6678fe668c6d8edf51c9b2d98df3f7218a8bf28823f55aa27250af1ba4007cee1f42874ee
-
/data/data/com.hengxin.job91company/databases/accs.db-walFilesize
32KB
MD519fe0414655e6f065764e1d1565f3b59
SHA1e48745231ae9ae6ee5f746b185e90f19e33f29c9
SHA256943acb5d6d32a141fad8e4e9f2ea812bb61421a286d85a13f32a6f7c7820681f
SHA512860eab437858feb371bf344afe898f2a4be0a5ddf3a203950d106a45ac0af32fe1586fde2ab22e941980e2ac86a828fc694e488f0c4932735aaaeefb522d7ee2
-
/data/data/com.hengxin.job91company/databases/message_accs_db-journalFilesize
512B
MD5e9d71eb0bf750b28b2551a2f75679004
SHA1c478d7e2ba06da5a8277e68318997aec53fae3dc
SHA256acb2dae37b9dbc7a7219aa2edcc819b1f2133fe957bcc707fec213d2ad7feff8
SHA512ef56dae471ae26a88a67d87a3966600f1b0f38d6078cfad0c127f06a3c42ff9b2d5156125a5af336451d328fde95c895442133fc44e017645be5ba13acb9c551
-
/data/data/com.hengxin.job91company/databases/message_accs_db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.hengxin.job91company/files/libcuid.soFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.hengxin.job91company/files/lldt/firll.datFilesize
48KB
MD57222a037b2904a642012b2062bac18e3
SHA12e309e90569d5dbdea45d75f3bd0dde7d82e8d51
SHA25615d570007be46a0f0b030ea5d749f4fda1ecf486640b87d2509866bb797d1e81
SHA5122828c87b02269aea97e508371f26331bed53f0d45140c05cc37f7639f392e1cb9c8f652666a31c0f3018c80a182e66643753beb2c61aabaf7da43ea152fc2a57
-
/data/data/com.hengxin.job91company/files/ofld/ofl.configFilesize
235B
MD5bf732c6f9dcbd82c3a1533d689f5fade
SHA15befa6fd6277fb1c636fe0acbc8ad02d6465df4d
SHA256f0befccf0360e1854214371a390518536754aad837b44894148b2bb0644111be
SHA512e73b88978c98c272dabcb8a23cd5f9b33687ac7b6bff790e4f74e174b90b64b3f262de62fc2f07816891d356bf73fc7976be374cf4bf72b0d985f27333092042
-
/data/data/com.hengxin.job91company/files/ofld/ofl_statistics.db-shmFilesize
36KB
MD5486e2bac2b3e9e1cb411d2838a4854bd
SHA181dd0a7537f4af319b830ae834908986be85da8b
SHA2565644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
512B
MD56d277076f489ac2bac5cdbc9dafa0a72
SHA1602cfb8becdd57d867594a9924270d9702470345
SHA25620dccef4a8a645ce639717f039375edc0f05d474f0f89c6b01aaa2a565bea930
SHA5126a7422c73389787ab32d8210b9652ed23e5625ff099f243e7479048e664f0f38152430be94d9fce89112164d6d751ab39826c543ad00c03c04f1041dae4d118b
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
48KB
MD5515258f83c6d337a9adbb499ca68c450
SHA109f9e57fa61fd513c26ccea8ae239a96c0e73e86
SHA256fe258a4184fd24fd39540aa4526ca51000e47684e0e3de7a39cc5c28bbc90a92
SHA5129f39536ec4b68568f5cf3cdbdebc66b4b4a3a8c7759218adda6b361e5eacd847b3bfd2329016a5754a6794766b4f38e9604a0b23e9980c8ebac5b46b1480da19
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
32KB
MD5d0179471bbe7d098eb7eadf93ec33ded
SHA11f81c0a21d947764236b3466ca8cde37a04ef802
SHA25643c01afaa574968c2377ba6ab601997813926a39a95e34bac0c1b258a505ef66
SHA5128f7059381c85470715211586475dabc02b951210ee79acf0b3f92ccf61b0296b3a720fbd5e895ab736441916a1daace7acf3e3ac98ced31def74023686192d8c
-
/storage/emulated/0/Android/data/com.hengxin.job91company/cache/671e94963f5d48e393e799844821942bFilesize
1KB
MD5869e30ea13dc89b7b9875b2e72240981
SHA1535059acfb73aca31cfc0308241ccd2b9b3d8500
SHA25690f70cf06b13cce6fa424de1911e3eb7fa1b7ef51822c2a874a201e48575014f
SHA512e40215cd1f571bc85a0c720804d2f5e92fb66508057417b186250284c76e9fc317591c631315f9bb018a8ba0e55e88d1d5803154505511c1e646f5385c2f0cb2
-
/storage/emulated/0/Android/data/com.hengxin.job91company/files/baidu/tempdata/conlts.datFilesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
/storage/emulated/0/Android/data/com.hengxin.job91company/files/baidu/tempdata/conlts.datFilesize
161B
MD5d0754d021655ad8c9626188ea0c7c68e
SHA1be7c27f65ed3ba9e40c1c3098a3278c040d782f1
SHA256f8c389b50d6db484a67660e29159fc6748b56ac1a90172087efcb485519a5e3f
SHA5125a594ee5b0e89b7e505b93fe09fb8fa53da7c11097d940685015d38230002b7a27147d8266464ae1565b8312cd800e8b84a1fd653b1a0d6c90ddc23418ffa102
-
/storage/emulated/0/Android/data/com.hengxin.job91company/files/baidu/tempdata/llg.datFilesize
24B
MD5161557b06b4a4d3ce095528dea370eb7
SHA18bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA51296ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449
-
/storage/emulated/0/Android/data/com.hengxin.job91company/files/baidu/tempdata/llg.datFilesize
506B
MD5ce810c279a2b553cb145f4b032d8665d
SHA1c266134a9500f44a49d81421b95886ed0ee3772e
SHA256f613fd042c70e803a6d584b3ac67e3ebb22ff4c90b43058fa270074691ef4c1e
SHA512101df3d37eace5c24b9d4a07631a163e46419d6ba86113ba1ce0a736afc017ba75b4b24be40ff8e8381baa1883e850afd9f8955612a0753df40f7d00d3c09606
-
/storage/emulated/0/Android/data/com.hengxin.job91company/files/tnetlogs/inapp_20240522.logFilesize
37KB
MD585d3e9d83298f3b2d69cf32449c6520a
SHA1b4e7f0f539e84f1d363c608a2a338fdc9eb10eb3
SHA256e3ce4a9f1aa151e76b06b1b4e1b632c6a7e2ed045e31f5c3c6489e142a0d9e60
SHA51299badbdf688a2b517ff993ea7028fc431d9df1a501ce89b5702481e4b3fb304c82f4efaf2af0e6aeefae97850083f839bdcb6ab53499ec28fd6f914b63803a2e
-
/storage/emulated/0/backups/.SystemConfig/.cuidFilesize
56KB
MD5baa0c7b1c32cacfca7ef43478467dc7e
SHA1e171894c0b341cc0fd85a3b027ad40e8228e36cb
SHA2566797f14443c4543d79755dc3523f1a61bd8aad18c1691302717d3403e8f59214
SHA5125824084ac292bafa71b50e491cda4e4191a8dcb3843dd6d87bcaded7087abcc087cce140d34837c419c988c5038b25756c2a5760aefce08eed95db36c8073d08
-
/storage/emulated/0/backups/.SystemConfig/.cuid2Filesize
512B
MD5c4f6aca4647eb933d52c18df0abeee25
SHA103089271bbb4801e7ae1024bc866e8b1ff1ce1b8
SHA25698ca6fcd19f1fb5afe932532c05bfb7db2089246f2c320f4aff256930905fd9e
SHA5121be002904df7567c3e1537dc61693743f5d0cd3b7bd998215cf8a1e54c0005e803628459586aa871a78dea16664169886e7dfabce4ad0453c7321cbdee173b66
-
/storage/emulated/0/baidu/tempdata/lcvif.datFilesize
7KB
MD5f06931c3df156f7a19dc0739c030687d
SHA1ccb9e93e9765f9144e08865e6eca7a5e25ec0882
SHA25699bd70a344d53d515b09c53841b65dbaaa1212ee830641bb5b7a35b8cc4aa7a7
SHA512bb404d37a881e0b65cb4b831bb64768f037c4856a0e2e8aad53f6209a669cd76153d05d3418286523848c33d88083dbbbc79db6d6f5e4692fce36e64a941d2a4