2951769929610fb5851799fce3cdbea8d6080cb07fde91ae40df8e29b8fa9e0c

Analysis

max time kernel
57s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66ebb778320d4eda88f5ad4bf7843202_JaffaCakes118.apk
Size

7.7MB
MD5

66ebb778320d4eda88f5ad4bf7843202
SHA1

c624e17247f0dbf9015c5a512b4c3719337b31d4
SHA256

2951769929610fb5851799fce3cdbea8d6080cb07fde91ae40df8e29b8fa9e0c
SHA512

6c98f73011dae065d23ba5cf153833f6be50985cf7bab67db3ef5d5c23cc5ed3286f876380dc2a1aa53f4c0270c1a3d8ed3be0f93260e2c22dc6cb87ff038fea
SSDEEP

196608:TGnp/SVYuMWV8V7RI79bL2eheSPKQEUVW+cKrmaG2gsH:TGnpMLMNV9IcSyQdcKrHv

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

cn.digirun.lunch:push

ioc process

/system/app/Superuser.apk cn.digirun.lunch:push
Checks CPU information 2 TTPs 2 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

cn.digirun.lunchcn.digirun.lunch:push

description ioc process

File opened for read /proc/cpuinfo cn.digirun.lunch
File opened for read /proc/cpuinfo cn.digirun.lunch:push
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

cn.digirun.lunch:push

description ioc process

File opened for read /proc/meminfo cn.digirun.lunch:push

ioc	process
/system/app/Superuser.apk	cn.digirun.lunch:push

description	ioc	process
File opened for read	/proc/cpuinfo	cn.digirun.lunch
File opened for read	/proc/cpuinfo	cn.digirun.lunch:push

description	ioc	process
File opened for read	/proc/meminfo	cn.digirun.lunch:push

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

cn.digirun.lunchcn.digirun.lunch:push

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.digirun.lunch
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.digirun.lunch:push

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

cn.digirun.lunchcn.digirun.lunch:push

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.digirun.lunch
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.digirun.lunch:push

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

cn.digirun.lunchcn.digirun.lunch:push

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	cn.digirun.lunch
Framework service call	android.app.IActivityManager.registerReceiver	cn.digirun.lunch:push

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

cn.digirun.lunchcn.digirun.lunch:push

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.digirun.lunch
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.digirun.lunch:push

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

cn.digirun.lunchcn.digirun.lunch:push

description ioc process

Framework API call javax.crypto.Cipher.doFinal cn.digirun.lunch
Framework API call javax.crypto.Cipher.doFinal cn.digirun.lunch:push

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	cn.digirun.lunch
Framework API call	javax.crypto.Cipher.doFinal	cn.digirun.lunch:push

cn.digirun.lunch
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5204

cn.digirun.lunch:push
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5278

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.digirun.lunch/databases/UmengLocalNotificationStore.db
Filesize
28KB

MD5
5b036627aa3cb5507c8bf25f3ecbd1a3

SHA1
46cc299c59dbc6d7c263169192535a2dc2a30c44

SHA256
faf25c29ea6e3ac885b509831f1bed0a85557a6dafbe8eac89867bd1ab806744

SHA512
c9c8e387801473dfa5c33bd30dbca1b7e631bc8b24fa61b34ade7c97d3298e997b934f25f82d5c8e2be1e661c9eeb086337c164b656ab2f991f8d8b7c7d576ff

Download Submit
/data/data/cn.digirun.lunch/databases/UmengLocalNotificationStore.db-journal
Filesize
8KB

MD5
e4c33828464db07361c3ab8efb236a6c

SHA1
b5a6818b675b9be3e14e10526b1d0c3b001227bb

SHA256
f00547cc2a233f800a85d0c1091fa8ee57e0b739847f9747a3c8b2229a820100

SHA512
ab95916bc0b86f7cca23e517bbcb34b5e59cc886faf3ebe9b087d3c3699ce773dd477c02e9877b3f1fcbacb55c0f966f52bfd3df8c33ef64c4f8fb2f484de04f

Download Submit
/data/data/cn.digirun.lunch/databases/UmengLocalNotificationStore.db-journal
Filesize
8KB

MD5
f97763892f85afff56ffe55a77acc825

SHA1
f906be9faa1c2fa0965c606ae83feb104bc9e73a

SHA256
b56159f3e8c146f1a2e3d0c64855c36313a7b4bb1a459646c91b02355d20fbd9

SHA512
265d8a067487681c3c527b2be6842f8c4c4190d78114607adf5fdc80ad0284327fe81b2fc30f72a1712c433d0c8bdf360f811ee2819d20a6a25a5366f3346895

Download Submit
/data/data/cn.digirun.lunch/databases/UmengLocalNotificationStore.db-journal
Filesize
8KB

MD5
871a6c604d50758557bf8bfaed8b8727

SHA1
6a877272db9bf9d2ef61280b0c27ae65caa2aae7

SHA256
456a3fd3ae2fa174184a54bef186dc27fff498e836af714e00b515282dba0cd0

SHA512
5e8251692bd60ba3534c0d9753729aa1fac2a5a16036a3342be752a872059b318f377b1ab170ef2db463e0da4fbe1cc50df947cf8c3ca4f9890be5011d1e8d6b

Download Submit
/data/data/cn.digirun.lunch/databases/bugly_db_
Filesize
40KB

MD5
f3b2e88103e5233650e96e1b16d5eac8

SHA1
c12ae613c0ca842c7063504239149e79349bb163

SHA256
0ad6c2e25fd70c7eac106335e1a4ad5c8d6e7b57d37f187dd81c3ba34b9e64c0

SHA512
7e6fd59656ddb552ce745322f6eea0247b785b8cc171c70b7c0e4d9cdae51c84fea384f6a808e0b19771d15360bfbe32277282e4e2fbf98ec20b25a428aa04de

Download Submit
/data/data/cn.digirun.lunch/databases/bugly_db_-journal
Filesize
8KB

MD5
9c94accb6d4175b64b11cb51f8bd10ff

SHA1
e4b64a76b3968f5feb8ff4376b8e6bfda58af51d

SHA256
063a91ffe0b291d499260c6f9420d8dbeb832a6570b30415e4852278d711c2c7

SHA512
197510671a1969ec6bf5ea3d346a2171d8b72a9be60a37876b20335838fc904335338e12e02e3dfa6cdac8aaf5c891499425857c6b2e6cd7f05542df42190215

Download Submit
/data/data/cn.digirun.lunch/databases/bugly_db_-journal
Filesize
8KB

MD5
09d6ca4029d4e189644f7d9e34c06b59

SHA1
4db916578893a47781c21b03109a0250c6fea578

SHA256
1d5292980651ed3196ad7b8e1ea554aabdb1b8a719ad5f52f652488966650ea1

SHA512
292c5429bb74fdddf464604cb506aae50b522bde626c7b53c9293c9eec78a4504a38eb531d278799f1d9f0cd338212a944a5149c53cb77c57a8148f4e106b6e0

Download Submit
/data/data/cn.digirun.lunch/databases/bugly_db_-journal
Filesize
512B

MD5
3c974a902e55c46623da0370c8f9f7e3

SHA1
ec5e29d12a5a9048cc56a29ca63238eaff01271b

SHA256
4816fafdc7fdf85ca01df48de008aaf94b0c7707e9eb65f6a7519aa6d0e1253c

SHA512
2802dfcd789b0395fff94fa557259a6094c9619041c86dbeb1a4e91d1ff00ffb393e831bba701ea56492a1d89d051cb430f76c3bd5122dcc0ab023bded05a79b

Download Submit
/data/data/cn.digirun.lunch/databases/bugly_db_-journal
Filesize
8KB

MD5
5468abb8a83275b90773f728d8989219

SHA1
1612ef75b15e1330e9f6f2403a9770f7bcf3d769

SHA256
b44fc70fd7540a5270a62b01b06f5ebfee8ee3e73d4d20f23731b8711dd35ce9

SHA512
f82b14bd2d7f447ecbd3b61d0e479ebde661905fcfbf595f36de7f8337d6302704eb7a8704bb5308305da620678816c4539fbf1c4099f3121633c8cf64f7588d

Download Submit
/data/data/cn.digirun.lunch/files/.imprint
Filesize
838B

MD5
04252dbddabecf8c8fc2a8b91466aee4

SHA1
85f68a3b18368c4039a1ef400cbffa76995190b8

SHA256
db8fd0bc9d8eed14f2ee6674a72888f9e8b1270897013b748d3917b03cfb9fba

SHA512
8aac4f0431e747b7158d7f4479f2a13cbec1c8fa2524349734b4b773a1850dee2558e0498fc867930a1650b2f0ca02a31ae5e2f7bb410bb49cd19703884a719e

Download Submit
/data/data/cn.digirun.lunch/files/umeng_it.cache
Filesize
245B

MD5
8dfa73b0eed0e2b5e2d60c1d6d41fc05

SHA1
2f3a9b3c540d5426e2d55e95093f3f85572b64b5

SHA256
ac8e8c70d49312f446c377f2d3f5448b4657d4e074f646c8b79852c56bcc0588

SHA512
301272dd55f380e3bdc485533f1e90b67c2b62a9fbfaf05fe4be5d9c85c75136fd4226b9b7dda9ffcf9de61cdba2d2fdd7c0081ccdc833f03fb1d66563605e30

Download Submit
/data/data/cn.digirun.lunch/files/umeng_it.cache
Filesize
125B

MD5
ad0af8e498940f51a3d2481cc36e8faf

SHA1
16023c1a5b2b5b8cd162f9649ffc7f993158bf76

SHA256
8fbc441944003a74d6189197f713b863b67919a5b930daf09f9f9f7831b2201f

SHA512
aaf955ef0fd6ff3bece9505303a21cb04a911377d50aacd6e27caa64a567702b82107e9a5d286df98b46eec9f997e0baf03bc817adde19d4633002cbb3fdd307

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
a57db2aedcb25ae4bf51ab0ab25b3e64

SHA1
48b3736290bbb683f649475bb88df58a7657f836

SHA256
f1830491ba839d2c7c63fae8a511f83a0339d20c3787d515104dde22e35d991b

SHA512
d53858d76223f623252cf8de4f9039567ca334b6802528a2def3d40f15a23a20f277a8eed02cebe098870b0775af5514ca24e9df8e63155cf809cc57fa96de7d

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
7b07d0f4888115b57efda09e7f164485

SHA1
216e47da1f97546ac106e95ecc4c8981df9a7dc4

SHA256
edf800ffc9b75a0908a7e7c7980566c74a0f274da73034d2a74195edea2fa852

SHA512
49b419acce2b604295de151932d3fc0efaf72323b747091c2ebbfa730487dfd0871426e0bba5945bf690439d8d67737f9267fe31737c2ebfe9818cd8cc3892f0

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
ea3f551acb29a6e33813ed2272515476

SHA1
d35fe8a9f8001aadd3a795a998d35edb319cb126

SHA256
eceb1e6820da20d04225935231db3a58feb3b6fb64c5a2cbf763e72ece88fc23

SHA512
ab798aac13cca23dbb4e42176be6c50fe596543028f8febf44e4c6f8c4a1a7632498dc1c22f3a8bc19fef3454d340c581f2df80631a84384cb9454a0deb502ea

Download Submit
/storage/emulated/0/cn.digirun.lunch/tmp/db/law.db
Filesize
8KB

MD5
cc6dc6bbbaea2b523de90e1f68c4dba6

SHA1
b55b3e840b5d02f55120abdc83419fbc4c321994

SHA256
4686c970e9979d122f20d51c7cf935ce41bdf2423d5f4708e45164e2838e9e0f

SHA512
1d1f05b947ccc43bd6b78eec83a68f6026ac7607cc83d0f7c6a8a1f0c4b6e2ca0c24b2541852c9beda5389d49311e455beb4cb3cff7891ff26d51fb1b4d06853

Download Submit
/storage/emulated/0/cn.digirun.lunch/tmp/db/law.db
Filesize
12KB

MD5
34ce7507467b5c58406aff0a2b9ff025

SHA1
3f4405ad1df687789bed40bee18266d25decf5b2

SHA256
98e1f0119f82a06673269803f2c5abf971e0d59a1c9000dc695d128396078707

SHA512
6966dfb6bfbb9272dd06d299861118a0473585187bea1a7f5c6d58d507f2a3565ce0097f1fc1c7ea451b17e8338ff42175649d125c09f0565045342ac4591318

Download Submit
/storage/emulated/0/cn.digirun.lunch/tmp/db/law.db-journal
Filesize
8KB

MD5
76e874cfe3b8b753221cc09fa8640f21

SHA1
3177ebd4f4ae91f30bf5285393fb0ea3db83f16d

SHA256
2081a8f11ac3cbade0e784da329991f6fcfd2dfd9cc187e5a7c0041b906f9264

SHA512
9facb7245259a43c6fce49ec7f77134570ff5cb04ba5025a17bcd40756f2467bcd2b987336dabfc8c780d1164abbd2ca0c41ae93cf64f31525a17a88d143326c

Download Submit
/storage/emulated/0/cn.digirun.lunch/tmp/db/law.db-journal
Filesize
8KB

MD5
e429333a916e1b1e2928146a95f7557c

SHA1
b24f4e2fd90903b72ae7234b74b0957f0929a60a

SHA256
29dba70ab7e9a8d1d8ed2a488e5c4dc20cd8a0947b86922495cb742ce8a39c43

SHA512
795231edc8ba204a46a5772c12c003e38ce79bcd8db92ff3e449f30b18d2f141b67a61e59e0f2e1450c312cfecb24007ead9b51c7120bd1f9c2db611af8e2687

Download Submit
/storage/emulated/0/cn.digirun.lunch/tmp/db/law.db-journal
Filesize
8KB

MD5
207e6f2d1bde91cb54e0fcd3dec6e615

SHA1
e86ae1869aff4009f432b07e195ae093dc30c29f

SHA256
41de42fd86c48699280b25406bc3842b90788b1055777d15a88df9e5f6593cd7

SHA512
c214f47de164e0bfcd38df20b29f87ed8c789bcc80c3b2f1be613abc78063f1015f32d3352d2edc64dfb484ef9bfb5ea167c30d9989f584f14dd17df6b42c4af

Download Submit
/storage/emulated/0/cn.digirun.lunch/tmp/db/law.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/cn.digirun.lunch/tmp/db/law.db-wal
Filesize
4KB

MD5
d95a2747055bc8a1453128ccd3466189

SHA1
8068f331bcbb24bde4ed4140841674fccd505e36

SHA256
bb2b53d76977d03e07950554d6e0f88ad7da814b6fff78ceb07d15cfd2aa01af

SHA512
e5057658ac54902d05d016781d7f8fc22501c1553b33f2b33e6c059ed1ce88bff78e446902d45410fed9e2237ef9ffb61892a366e908517aae077f1bddea8ad1

Download Submit