Analysis
-
max time kernel
64s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 10:18
Static task
static1
Behavioral task
behavioral1
Sample
66ebb778320d4eda88f5ad4bf7843202_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
66ebb778320d4eda88f5ad4bf7843202_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
66ebb778320d4eda88f5ad4bf7843202_JaffaCakes118.apk
-
Size
7.7MB
-
MD5
66ebb778320d4eda88f5ad4bf7843202
-
SHA1
c624e17247f0dbf9015c5a512b4c3719337b31d4
-
SHA256
2951769929610fb5851799fce3cdbea8d6080cb07fde91ae40df8e29b8fa9e0c
-
SHA512
6c98f73011dae065d23ba5cf153833f6be50985cf7bab67db3ef5d5c23cc5ed3286f876380dc2a1aa53f4c0270c1a3d8ed3be0f93260e2c22dc6cb87ff038fea
-
SSDEEP
196608:TGnp/SVYuMWV8V7RI79bL2eheSPKQEUVW+cKrmaG2gsH:TGnpMLMNV9IcSyQdcKrHv
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
cn.digirun.lunch:push/system/bin/sh -c type suioc process /system/app/Superuser.apk cn.digirun.lunch:push /sbin/su /system/bin/sh -c type su -
Checks CPU information 2 TTPs 2 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
cn.digirun.lunchcn.digirun.lunch:pushdescription ioc process File opened for read /proc/cpuinfo cn.digirun.lunch File opened for read /proc/cpuinfo cn.digirun.lunch:push -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
cn.digirun.lunch:pushdescription ioc process File opened for read /proc/meminfo cn.digirun.lunch:push -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
cn.digirun.lunchcn.digirun.lunch:pushdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses cn.digirun.lunch Framework service call android.app.IActivityManager.getRunningAppProcesses cn.digirun.lunch:push -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
cn.digirun.lunchcn.digirun.lunch:pushdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.digirun.lunch Framework service call android.net.wifi.IWifiManager.getConnectionInfo cn.digirun.lunch:push -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
cn.digirun.lunch:pushcn.digirun.lunchdescription ioc process Framework service call android.app.IActivityManager.registerReceiver cn.digirun.lunch:push Framework service call android.app.IActivityManager.registerReceiver cn.digirun.lunch -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
cn.digirun.lunchcn.digirun.lunch:pushdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.digirun.lunch Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.digirun.lunch:push -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
cn.digirun.lunchcn.digirun.lunch:pushdescription ioc process Framework API call javax.crypto.Cipher.doFinal cn.digirun.lunch Framework API call javax.crypto.Cipher.doFinal cn.digirun.lunch:push
Processes
-
cn.digirun.lunch1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4263
-
cn.digirun.lunch:push1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4325 -
/system/bin/sh -c getprop ro.board.platform2⤵PID:4383
-
getprop ro.board.platform2⤵PID:4383
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
PID:4419
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/cn.digirun.lunch/databases/UmengLocalNotificationStore.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/cn.digirun.lunch/databases/UmengLocalNotificationStore.db-journalFilesize
512B
MD537288917e49b413897c6ddec54c214eb
SHA19257af2e277d86d38e52c502838aa16d508cabde
SHA25689203fde8a6d969e1dc358f4bc0643cd552c85bde4e24ee75e87ae98d71d0261
SHA512dbb0ef14d34b7163e446e859550dd52f1ef84f67c62ebcc1e8fccb9c8bdf7dc9cbd38332d97cf06e036caa899cf1ed28e5cf77a8d98fbbbf941e020da96bd96e
-
/data/data/cn.digirun.lunch/databases/UmengLocalNotificationStore.db-shmFilesize
88KB
MD512d42b3ac8b84333e6245234b63257ec
SHA1cf56c1ba1b85513760bb3772ff4d5fd8fb7c7e85
SHA2564772de3fdd6c7b9c40666ed4d3875edc046e7141c83918c095c944469dd13b9c
SHA5128885625aac6f6427dd32a5b41fcbde3ab413a818c8350ba484e8ae89825ae4686197036243b4e6b6a4d36ef1c46931abf2780a8b60a686519c6279b8d78a021e
-
/data/data/cn.digirun.lunch/databases/UmengLocalNotificationStore.db-walFilesize
40KB
MD58e7f41230af67fcd1c0742d9b18dda52
SHA188da76bcce7d4ba2335ef03419819f70e0442b71
SHA256c1e51e90859bbe81541551455911ed733dd0ccb4ff825649455d6b8e18090e05
SHA512b49e8845e7045c3401b00659d03825b69c8c8f117872140c73341f2eb07131ea0e8e42e19478cc4d819292bae027e559ebff91193e6e954741ff4c5032375055
-
/data/data/cn.digirun.lunch/databases/bugly_db_-journalFilesize
512B
MD5b6ec8220ea2832241d1f43ab0daefdd3
SHA1123981a5ee7f11b86f23bf92b86b001b9784c148
SHA256dfcf253e7e10407337c701129cb47af6c7cbafe801916d395aaa6aef3ec4cdc0
SHA5129ce48f9c70ed3012b8af6afd2f59c5663977b574005f71656c66c64c215094c4f470871edbfa66feca658d5d4c02eae8b255995bb68183f9ddf2cb82056f474b
-
/data/data/cn.digirun.lunch/databases/bugly_db_-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/cn.digirun.lunch/databases/bugly_db_-walFilesize
56KB
MD5b6d657f11276fc80ee9621853483d706
SHA17f7e7caba1848dfbb1edf248abeaadb9ba428336
SHA256e39b37362dbdb03637970281993a80ea793de7d0470e4ec238304c73c82e0dc6
SHA512ab7db4e75188451e90497b2679058625a5d6003f62cf0434bbd2c34b3924498410f99663b1401140293e9fa45e38993b10d65b94cd6b03b2e3d2f76fdee4060f
-
/data/data/cn.digirun.lunch/files/.um/um_cache_1716373177590.envFilesize
578B
MD5caba1f2ce1736d6664886bc982953236
SHA1f0051293312b49b9032557445b74f0109081822f
SHA2564794267d43b17c1e47b3fc4fbb340e3cf8bd53c396b847b4fc4d313ce046f0b4
SHA512a1cfff2b63f47b6fae5646ee621f39b8909e2e5c7c2dcf0ae47b4f4081dd458fe485da62867432648bdb9721d54a4e6f3b45fa703a0419373708afdff12da2d8
-
/data/data/cn.digirun.lunch/files/umeng_it.cacheFilesize
310B
MD5d42976cd59585a0c7ce44838b821feae
SHA1889ef77e008d67c01742eaf0665934d204b2ad7c
SHA2564618aacd7ce0a08c913ba54ad226b09ca2c7fcf4242527559d117b584671fd2e
SHA512bfd95bc712ea2c24ed0ec1e1c70401508191b95fc2fc7701e7f03b93eb37880277ddd2bc13fbcefb6db7fd1d3ff4334f976b662a608817a3631e26e91b5506bc
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD5d6e412425f3d0eae5be8c3ed8a546026
SHA18876243d786bfe404d79b227bb217d4775b6dcf5
SHA256434bab35303d4adad4ba92002a3ebfbc2bd5e524f21e9d48ff7592adefff6510
SHA51256ea0234046840aa7e03701ad66ab15e4dceaa3bea393089e7c0f96234c87f8d79322e0b6b99058613e2f617fa0f58f6c029560dc5a1f539eaefe32c4a5f8dcf
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD5fbc2eb159118eaa957a757dcd324623f
SHA195ecceade9aab8eeebd77e9b66f5fbfda17b7ffe
SHA256e9ccee3b4e99c01d3d2daedc9bbb9f2b2e55ca1dbf9c8fb792b8524fd255a155
SHA5126aee93416f4a86fac2229394681bff008242b4443c4ed4703d0ffea051887a4f92b9a4ad1745e3a8f5300f95d36b8e7ebee878de3c3a1a2ae7aff82d600d8f05
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD5a2f4f6058f0c2e4703ed32fc66f51932
SHA14e05d77b383f05dbd30c96da19c19adea1099b1a
SHA2566ce5ec6aa6c26895af185c09df514545f756f140111f72d403eb0a21ad262125
SHA512e72bcf94eb9fdadd26ef3f8781283a98a6462a94484269eae7ff3024ad62fb3417253d441f802384a1f05a2e539bb408c4ad6f180e63afe86db9cbcdd40f822f
-
/storage/emulated/0/cn.digirun.lunch/tmp/db/law.dbFilesize
12KB
MD5b4a82d45d497994608be672810a8c27e
SHA11a2c7899d0835d50c895bbee633d4fd935c3ce35
SHA256f1135c2b65c53cfdaa4b2638bbfe7968bf81f1dea77f47e2ef9df478c070f0db
SHA512a27bda0d2e47de92e7b984d5780b2766f50370ef5849011e4e7ac7d27806a9c0c28b25d2fea46f97e3756c8b6745135336d0a23b84442450c5520194f5ad8b24
-
/storage/emulated/0/cn.digirun.lunch/tmp/db/law.db-journalFilesize
512B
MD59c5a21570df00ba2d56fceef47e3553d
SHA11eb6d6ea9329e2f6eb458224eab600c6d7c7daf4
SHA2560d237058434947c2f678e2280e07c606c3b9ffe9972f6793c2e73c3b1c1d7b56
SHA5125df49c475bcb1d0c322562f2dc5d602a055cbc0e763427c17a9c7a19c668dd40a5db3abe46046c64b9e9b997ac3d9442fa7c6a6e164179a076511b42200a3617
-
/storage/emulated/0/cn.digirun.lunch/tmp/db/law.db-walFilesize
16KB
MD52ccef37621ddebf8c726c819d50bfa64
SHA16a0734581ad078e26254f9659ad14ce3bd00871b
SHA25669a6aa14999e8101535536369fe71d242658c62513bc25960eb7ff7e3ae0a0fc
SHA512f84d65fc10212a8e6f9b699a90e3e29eba42182d4250c2c978a8694dd83c67f8dcf8dcd4f7568c1df1ceefac958ec766f31843dda92f852c2e4e5c358813b2e1
-
/storage/emulated/0/cn.digirun.lunch/tmp/db/law.db-walFilesize
4KB
MD56ef2ce337581988ecc4b1958537e4ede
SHA13e2fa9e20fee431583e56060af70848b95c7d6c0
SHA256aaaa57fa0ea9b42819c7c57677e4d05b52519e81dce89cde318cb65773341b97
SHA512eab65031b0e14e4787617270e51ca98b97ce9af66f37c9ed27c2e5afe9d654535e824454449ff1e8d04d22a9791826a6e019408cb3f6f0ade7f3c74cf13cad10