c3b38aa9cfa03ca08c7a094e6d59686b57da674437536ab2ae05e7322792f374

Analysis

max time kernel
4s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66c297922e1a5179b99bf81b1bd9d492_JaffaCakes118.apk
Size

28.6MB
MD5

66c297922e1a5179b99bf81b1bd9d492
SHA1

651d39d9e12b009dbdc000889325c979d0c4b9e7
SHA256

c3b38aa9cfa03ca08c7a094e6d59686b57da674437536ab2ae05e7322792f374
SHA512

7cbd3fb1df12e72f237997b5e339c5e01d1264cce5ae3b5a6984c2c9c43e3f249e12fb5f176495ab82e9348d13b1e8994d23ad0ea6a0fbf2475cfe3a60c07e46
SSDEEP

786432:cerK5FNwrhcZIMu28D6q4AQfWPFWrG0/zVu4erRFIFx:7rKwl/Mu28D61AQfWArG0/zzx

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.zhishang.fightgeek

ioc process

/system/app/Superuser.apk com.zhishang.fightgeek
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.zhishang.fightgeek

description ioc process

File opened for read /proc/meminfo com.zhishang.fightgeek

ioc	process
/system/app/Superuser.apk	com.zhishang.fightgeek

description	ioc	process
File opened for read	/proc/meminfo	com.zhishang.fightgeek

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.zhishang.fightgeek

ioc	pid	process
/data/data/com.zhishang.fightgeek/mix.dex	4641	com.zhishang.fightgeek
/data/data/com.zhishang.fightgeek/mix.dex	4641	com.zhishang.fightgeek
/data/data/com.zhishang.fightgeek/mix.dex	4641	com.zhishang.fightgeek
/data/data/com.zhishang.fightgeek/mix.dex	4641	com.zhishang.fightgeek

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.zhishang.fightgeek

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.zhishang.fightgeek
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.zhishang.fightgeek

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.zhishang.fightgeek
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.zhishang.fightgeek

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.zhishang.fightgeek

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zhishang.fightgeek

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhishang.fightgeek

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.zhishang.fightgeek

com.zhishang.fightgeek
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4641

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zhishang.fightgeek/mix.dex
Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/user/0/com.zhishang.fightgeek/app_bugly/rqd_record.eup
Filesize
366B

MD5
b80bdeab939308b8e8aa476965680792

SHA1
61c8565c018251e98a11914640b9b439ee385d1a

SHA256
f041397d670207028e449449f325f8ff76833ccda4bae2180f44f89f1dfd3be4

SHA512
e47802d3d79e3e204513a4ee59b212374ed8c0802b9a652e92dde77e3a7a8ae0f9b9f0e4f3753df5ab65452184d3c0ea9be5bdbb9867af5f6b6e9e8a7d478447

Download Submit
/data/user/0/com.zhishang.fightgeek/app_bugly/rqd_record.eup
Filesize
2KB

MD5
f5c48c42c67d8a93a269501ec7b43140

SHA1
4471e6c8160cc4776838703345bd7c712a95f8ec

SHA256
798be2317b3a9bd32412e8b724dd95fee0da6f557928d9479030e2736d18f6fd

SHA512
383bfa6993d5118059e96ab6f36080189cc747f2587a5ad907c06259b470faccfb58ea5a8be0087b1835e95288f154c1024259dccd988bfebb669f6534e0f57e

Download Submit
/data/user/0/com.zhishang.fightgeek/app_bugly/tomb_1716369277385.txt
Filesize
23KB

MD5
ea3875226949bacf3e25991262e37ade

SHA1
f1853488a734c08dc44265f05893a3c6159d9e19

SHA256
3c2a79eba165a00074e5f7b0be79cbd699eeb06be87fa45c846592fd726636ba

SHA512
5cf0a28a1ae0fab87df610dea3a1beca3c8f8a96150108d84d0bc7c9d963c42087b74a8fac1fea39e785b650fe2669eae3ce621eed010345d9ac4ba0a7b6aa13

Download Submit
/data/user/0/com.zhishang.fightgeek/databases/bugly_db_legu
Filesize
60KB

MD5
ebf4db0b2eb0c2c4f50793c95bde28e4

SHA1
29eadc0157fcdbb2e6b8b5fa3120976d5054befe

SHA256
f11d206faa2a36e5733054b5bc5a29dfecb382e3d50cb324e364b10102a52efd

SHA512
b46f60d95cdb3b514d5359c0f1eda858e054077c23c6421976fee9f64f8ff8ca99901699eb8e862c06e3fa6a29dc5cb8b509fe2085ed083deaae125cf542b9a0

Download Submit
/data/user/0/com.zhishang.fightgeek/databases/bugly_db_legu-journal
Filesize
512B

MD5
fb96e8063e8ce666452a56e184da0e34

SHA1
ea1125a4f94e333b80ed1009cc61b2080d7f2921

SHA256
b08f05b519d23a91df785aca7e84a2ffca2f2da4d3f8ddabc28470a7a817dd59

SHA512
4330ecc89fe0360b46ea6121d395c6826241de292c5044bfd1d1074ec9404682857853de9f61cb41e909826ec6f898f5f97e5830cb31d2568cc1282181929400

Download Submit
/data/user/0/com.zhishang.fightgeek/databases/bugly_db_legu-journal
Filesize
8KB

MD5
db1e44fe1264e848bf219ee74cebbf0e

SHA1
253964864b9e998004df0bf6bba91276895e23dc

SHA256
74ada43e85b3d74fee95f5f262cc4710bdb5dac13916621849eefdc42d123f7b

SHA512
8fbf63cf38e763b71d1e52bfba83167487bf9e62ccd67a0d984693ec0037f03454213d72fb2f4f0ac0dd58a201676cfeb307cd392f8762b6f1f5dbe630308b82

Download Submit
/data/user/0/com.zhishang.fightgeek/databases/bugly_db_legu-journal
Filesize
8KB

MD5
96b9903332bcc6791a7a74fafdcfb228

SHA1
783d0f5d2a43e4ea9565ef11ae300cfabf55e169

SHA256
26a0ec998a86337b250dfddb8ce14719db4a41a5adf5ab024e64bff5df74d80b

SHA512
05c743077b821aaa7c0a6bc0d42624501670e30ef021788b6d80c0b655a4566827599cc6e41a0f2464b342ade0ac5ac8d7e14da24262afa898b91a5fe0cfc14f

Download Submit
/data/user/0/com.zhishang.fightgeek/databases/bugly_db_legu-journal
Filesize
8KB

MD5
05bc89760a761689531dcff55b7a3eea

SHA1
ecaaf3e79d96d4e14812c33bd7f6d6e873ffa94e

SHA256
5491a903b8eeb8441e51470491d6836dd4ca13f8ef9f6e53d4b2e4f7cfceb9ed

SHA512
3ab3e1a9a57e60fa55d78c7cfe2499c3f93bc2e20bc9461e41a47b0c04b6ecec8ce9d3a3159cc44a074ef058517bf8b1e952b5cc2f0842dc23b7d0ed5bc203c5

Download Submit
/data/user/0/com.zhishang.fightgeek/databases/bugly_db_legu-journal
Filesize
12KB

MD5
a54c8fd558440812ff23c304c9436b5e

SHA1
8743fd66a57f215cd66f62f7bae9650f012b0b94

SHA256
782d11f044de6400c35bcaf3c1acd3f7cf5d2f09c8061d7c94044a0e92f92894

SHA512
8d1771d1937671427c453930be07e292ae80bd8d6174d43080edbac4f4ddba9e15548ffdbf566aa863de9b281a9b5c43d60967079c1087bbc06a31340cecb177

Download Submit
/data/user/0/com.zhishang.fightgeek/databases/bugly_db_legu-journal
Filesize
12KB

MD5
440110b5f6c62307218c46bc2f988a47

SHA1
a62505d59ff54351e0d577671651b88ff9d31d0c

SHA256
4174324d15fd661361256e1f28bcf5d8204b25c784eb76bc96cc8b1da8c6984c

SHA512
e465ce8738ce1d670ae64e5c6a8987aa9c5a22f3101e54e9d94a59cfade4c4b95cd48a9e58c91bcec519046ca2f01fc750f5ac5f3f8b2e127837c7d0deba0c40

Download Submit