Overview

overview

8

Static

static

6

6642157c63...18.apk

android-9-x86

8

6642157c63...18.apk

android-13-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    180s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    22-05-2024 06:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6642157c63e9bfb1dc1b56eea4da1e8d_JaffaCakes118.apk

  • Size

    11.7MB

  • MD5

    6642157c63e9bfb1dc1b56eea4da1e8d

  • SHA1

    1313da34018def64e8c742def745a848e732ba26

  • SHA256

    812daab5eee4f0cdf18aad2ab02181b855c6cf401ed6f878f64f2a383e8beb24

  • SHA512

    d48dd706f01cc101a69f47fbcfa6983d8d3b2c7b6469f518ed456cb3a73d2403f254e77afb7e5418699e1432d0a100776103419c8a13194cceda63e1e3f376c4

  • SSDEEP

    196608:52hCjS2iC+8drZCG6dJeoMdABMNI6y/wXCOOFdL/dIoElFRkhUGCR4VVJQ9WHjSX:Ahc9+UKdExNN64XCOSd3ElFRkhUh4VVs

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Requests cell location 1 TTPs 4 IoCs

    Uses Android APIs to to get current cell information.

    collectiondiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 3 IoCs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
    impact

Processes

  • com.hengxin.job91company
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4266
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4421
      • cat /sys/class/net/wlan0/address
        2⤵
          PID:4447
        • cat /sys/class/net/wlan0/address
          2⤵
            PID:4475
          • cat /sys/class/net/wlan0/address
            2⤵
              PID:4550
          • com.hengxin.job91company:channel
            1⤵
            • Requests cell location
            • Makes use of the framework's foreground persistence service
            • Queries information about running processes on the device
            • Queries information about the current Wi-Fi connection
            • Queries information about the current nearby Wi-Fi networks
            • Checks if the internet connection is available
            • Uses Crypto APIs (Might try to encrypt user data)
            PID:4301
          • com.hengxin.job91company:remote
            1⤵
            • Requests cell location
            • Queries information about running processes on the device
            • Queries information about the current Wi-Fi connection
            • Queries information about the current nearby Wi-Fi networks
            • Registers a broadcast receiver at runtime (usually for listening for system events)
            • Checks if the internet connection is available
            • Listens for changes in the sensor environment (might be used to detect emulation)
            • Uses Crypto APIs (Might try to encrypt user data)
            PID:4399

          Network

          MITRE ATT&CK Mobile v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/data/com.hengxin.job91company/databases/MessageStore.db-shm
            Filesize

            52KB

            MD5

            2e957dfc83a5da67ffe30c817dc45fa3

            SHA1

            aaff9b744c4b74c7d9f0064461be9fa7df3ff464

            SHA256

            2ef52e182251907714f035be77d2b39d33ab35b84037542919c9d666213ede56

            SHA512

            e30e39ca9ad8e9670f082a7af110a0c60e128ba1860e47b812683679efcb5b0fcc10fb44e1f88a69ca667fe7f88184af6276e1b5241c442c331aed5d60448c18

            Download Submit
          • /data/data/com.hengxin.job91company/databases/accs.db
            Filesize

            4KB

            MD5

            1d83b917dffab6b582c374f2651c7503

            SHA1

            b60c98af30c5b8b69c97325359709f2dac7eb1ae

            SHA256

            0cf4c5aaa4a53c9288fa3d5e14fddbdc7d246d3f04567ab9cec1dd42750d47f3

            SHA512

            276ac5fc8ee5ba0233277396d9ddc73f5c7847571794a3759e52fb4ed450571d3634739e538cf6cf3f35ddca703c252cc2d4ca15165a0c63bdaeb7919b72ef56

            Download Submit
          • /data/data/com.hengxin.job91company/databases/accs.db-journal
            Filesize

            512B

            MD5

            f6b7a99ae8711df6daf6189d3028147c

            SHA1

            f992974366366c01bbd8f3f9ae5e5a3c3c549020

            SHA256

            115fc678762005388d5927706e8e192ac7fa8ffa81ae72ae9d5e31a59107b350

            SHA512

            80f1bf608755d0752faa15e07bb7c569010246b7dbcaa0fb84f09a3ca5a814db993976e5eeba1813ab2fdc0478103671ab92e6befcefabe105e7e65ade12420f

            Download Submit
          • /data/data/com.hengxin.job91company/databases/accs.db-shm
            Filesize

            156KB

            MD5

            39a0f87369ec9186332b46082b599775

            SHA1

            89cd964cf272c367a9db11f1af006380251c9cbb

            SHA256

            fe9503cb3cd6af3274cfff95f7f693499e35885b5f65333e782046e74d57856c

            SHA512

            de08ea2170efa97e5d27fd2b7476501f9717e9c3864d863837561ed6678fe668c6d8edf51c9b2d98df3f7218a8bf28823f55aa27250af1ba4007cee1f42874ee

            Download Submit
          • /data/data/com.hengxin.job91company/databases/accs.db-wal
            Filesize

            32KB

            MD5

            19fe0414655e6f065764e1d1565f3b59

            SHA1

            e48745231ae9ae6ee5f746b185e90f19e33f29c9

            SHA256

            943acb5d6d32a141fad8e4e9f2ea812bb61421a286d85a13f32a6f7c7820681f

            SHA512

            860eab437858feb371bf344afe898f2a4be0a5ddf3a203950d106a45ac0af32fe1586fde2ab22e941980e2ac86a828fc694e488f0c4932735aaaeefb522d7ee2

            Download Submit
          • /data/data/com.hengxin.job91company/databases/message_accs_db-journal
            Filesize

            512B

            MD5

            e9d71eb0bf750b28b2551a2f75679004

            SHA1

            c478d7e2ba06da5a8277e68318997aec53fae3dc

            SHA256

            acb2dae37b9dbc7a7219aa2edcc819b1f2133fe957bcc707fec213d2ad7feff8

            SHA512

            ef56dae471ae26a88a67d87a3966600f1b0f38d6078cfad0c127f06a3c42ff9b2d5156125a5af336451d328fde95c895442133fc44e017645be5ba13acb9c551

            Download Submit
          • /data/data/com.hengxin.job91company/databases/message_accs_db-shm
            Filesize

            32KB

            MD5

            bb7df04e1b0a2570657527a7e108ae23

            SHA1

            5188431849b4613152fd7bdba6a3ff0a4fd6424b

            SHA256

            c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

            SHA512

            768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

            Download Submit
          • /data/data/com.hengxin.job91company/files/libcuid.so
            Filesize

            4KB

            MD5

            f2b4b0190b9f384ca885f0c8c9b14700

            SHA1

            934ff2646757b5b6e7f20f6a0aa76c7f995d9361

            SHA256

            0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

            SHA512

            ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

            Download Submit
          • /data/data/com.hengxin.job91company/files/lldt/firll.dat
            Filesize

            48KB

            MD5

            7222a037b2904a642012b2062bac18e3

            SHA1

            2e309e90569d5dbdea45d75f3bd0dde7d82e8d51

            SHA256

            15d570007be46a0f0b030ea5d749f4fda1ecf486640b87d2509866bb797d1e81

            SHA512

            2828c87b02269aea97e508371f26331bed53f0d45140c05cc37f7639f392e1cb9c8f652666a31c0f3018c80a182e66643753beb2c61aabaf7da43ea152fc2a57

            Download Submit
          • /data/data/com.hengxin.job91company/files/ofld/ofl.config
            Filesize

            235B

            MD5

            bf732c6f9dcbd82c3a1533d689f5fade

            SHA1

            5befa6fd6277fb1c636fe0acbc8ad02d6465df4d

            SHA256

            f0befccf0360e1854214371a390518536754aad837b44894148b2bb0644111be

            SHA512

            e73b88978c98c272dabcb8a23cd5f9b33687ac7b6bff790e4f74e174b90b64b3f262de62fc2f07816891d356bf73fc7976be374cf4bf72b0d985f27333092042

            Download Submit
          • /data/data/com.hengxin.job91company/files/ofld/ofl_statistics.db-shm
            Filesize

            36KB

            MD5

            486e2bac2b3e9e1cb411d2838a4854bd

            SHA1

            81dd0a7537f4af319b830ae834908986be85da8b

            SHA256

            5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

            SHA512

            c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

            Download Submit
          • /storage/emulated/0/.DataStorage/ContextData.xml
            Filesize

            65B

            MD5

            9781ca003f10f8d0c9c1945b63fdca7f

            SHA1

            4156cf5dc8d71dbab734d25e5e1598b37a5456f4

            SHA256

            3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

            SHA512

            25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

            Download Submit
          • /storage/emulated/0/.DataStorage/ContextData.xml
            Filesize

            512B

            MD5

            6d277076f489ac2bac5cdbc9dafa0a72

            SHA1

            602cfb8becdd57d867594a9924270d9702470345

            SHA256

            20dccef4a8a645ce639717f039375edc0f05d474f0f89c6b01aaa2a565bea930

            SHA512

            6a7422c73389787ab32d8210b9652ed23e5625ff099f243e7479048e664f0f38152430be94d9fce89112164d6d751ab39826c543ad00c03c04f1041dae4d118b

            Download Submit
          • /storage/emulated/0/.DataStorage/ContextData.xml
            Filesize

            48KB

            MD5

            515258f83c6d337a9adbb499ca68c450

            SHA1

            09f9e57fa61fd513c26ccea8ae239a96c0e73e86

            SHA256

            fe258a4184fd24fd39540aa4526ca51000e47684e0e3de7a39cc5c28bbc90a92

            SHA512

            9f39536ec4b68568f5cf3cdbdebc66b4b4a3a8c7759218adda6b361e5eacd847b3bfd2329016a5754a6794766b4f38e9604a0b23e9980c8ebac5b46b1480da19

            Download Submit
          • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
            Filesize

            32KB

            MD5

            d0179471bbe7d098eb7eadf93ec33ded

            SHA1

            1f81c0a21d947764236b3466ca8cde37a04ef802

            SHA256

            43c01afaa574968c2377ba6ab601997813926a39a95e34bac0c1b258a505ef66

            SHA512

            8f7059381c85470715211586475dabc02b951210ee79acf0b3f92ccf61b0296b3a720fbd5e895ab736441916a1daace7acf3e3ac98ced31def74023686192d8c

            Download Submit
          • /storage/emulated/0/Android/data/com.hengxin.job91company/cache/671e94963f5d48e393e799844821942b
            Filesize

            1KB

            MD5

            869e30ea13dc89b7b9875b2e72240981

            SHA1

            535059acfb73aca31cfc0308241ccd2b9b3d8500

            SHA256

            90f70cf06b13cce6fa424de1911e3eb7fa1b7ef51822c2a874a201e48575014f

            SHA512

            e40215cd1f571bc85a0c720804d2f5e92fb66508057417b186250284c76e9fc317591c631315f9bb018a8ba0e55e88d1d5803154505511c1e646f5385c2f0cb2

            Download Submit
          • /storage/emulated/0/Android/data/com.hengxin.job91company/files/baidu/tempdata/conlts.dat
            Filesize

            12B

            MD5

            8d80bc8ea90e9cac010d3ddf97bda5f5

            SHA1

            f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

            SHA256

            f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

            SHA512

            9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

            Download Submit
          • /storage/emulated/0/Android/data/com.hengxin.job91company/files/baidu/tempdata/conlts.dat
            Filesize

            161B

            MD5

            d0754d021655ad8c9626188ea0c7c68e

            SHA1

            be7c27f65ed3ba9e40c1c3098a3278c040d782f1

            SHA256

            f8c389b50d6db484a67660e29159fc6748b56ac1a90172087efcb485519a5e3f

            SHA512

            5a594ee5b0e89b7e505b93fe09fb8fa53da7c11097d940685015d38230002b7a27147d8266464ae1565b8312cd800e8b84a1fd653b1a0d6c90ddc23418ffa102

            Download Submit
          • /storage/emulated/0/Android/data/com.hengxin.job91company/files/baidu/tempdata/llg.dat
            Filesize

            24B

            MD5

            161557b06b4a4d3ce095528dea370eb7

            SHA1

            8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

            SHA256

            f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

            SHA512

            96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

            Download Submit
          • /storage/emulated/0/Android/data/com.hengxin.job91company/files/baidu/tempdata/llg.dat
            Filesize

            506B

            MD5

            ce810c279a2b553cb145f4b032d8665d

            SHA1

            c266134a9500f44a49d81421b95886ed0ee3772e

            SHA256

            f613fd042c70e803a6d584b3ac67e3ebb22ff4c90b43058fa270074691ef4c1e

            SHA512

            101df3d37eace5c24b9d4a07631a163e46419d6ba86113ba1ce0a736afc017ba75b4b24be40ff8e8381baa1883e850afd9f8955612a0753df40f7d00d3c09606

            Download Submit
          • /storage/emulated/0/Android/data/com.hengxin.job91company/files/tnetlogs/inapp_20240522.log
            Filesize

            37KB

            MD5

            85d3e9d83298f3b2d69cf32449c6520a

            SHA1

            b4e7f0f539e84f1d363c608a2a338fdc9eb10eb3

            SHA256

            e3ce4a9f1aa151e76b06b1b4e1b632c6a7e2ed045e31f5c3c6489e142a0d9e60

            SHA512

            99badbdf688a2b517ff993ea7028fc431d9df1a501ce89b5702481e4b3fb304c82f4efaf2af0e6aeefae97850083f839bdcb6ab53499ec28fd6f914b63803a2e

            Download Submit
          • /storage/emulated/0/backups/.SystemConfig/.cuid
            Filesize

            56KB

            MD5

            baa0c7b1c32cacfca7ef43478467dc7e

            SHA1

            e171894c0b341cc0fd85a3b027ad40e8228e36cb

            SHA256

            6797f14443c4543d79755dc3523f1a61bd8aad18c1691302717d3403e8f59214

            SHA512

            5824084ac292bafa71b50e491cda4e4191a8dcb3843dd6d87bcaded7087abcc087cce140d34837c419c988c5038b25756c2a5760aefce08eed95db36c8073d08

            Download Submit
          • /storage/emulated/0/backups/.SystemConfig/.cuid2
            Filesize

            512B

            MD5

            c4f6aca4647eb933d52c18df0abeee25

            SHA1

            03089271bbb4801e7ae1024bc866e8b1ff1ce1b8

            SHA256

            98ca6fcd19f1fb5afe932532c05bfb7db2089246f2c320f4aff256930905fd9e

            SHA512

            1be002904df7567c3e1537dc61693743f5d0cd3b7bd998215cf8a1e54c0005e803628459586aa871a78dea16664169886e7dfabce4ad0453c7321cbdee173b66

            Download Submit
          • /storage/emulated/0/baidu/tempdata/lcvif.dat
            Filesize

            7KB

            MD5

            f06931c3df156f7a19dc0739c030687d

            SHA1

            ccb9e93e9765f9144e08865e6eca7a5e25ec0882

            SHA256

            99bd70a344d53d515b09c53841b65dbaaa1212ee830641bb5b7a35b8cc4aa7a7

            SHA512

            bb404d37a881e0b65cb4b831bb64768f037c4856a0e2e8aad53f6209a669cd76153d05d3418286523848c33d88083dbbbc79db6d6f5e4692fce36e64a941d2a4

            Download Submit