8268a7e3ca738deb9341d7dd3beba940c95af5223b10e732f1ef8a6184aa690c

Analysis

max time kernel
76s
max time network
179s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66f3d2c50d20ec1fceaef6efcfc93eda_JaffaCakes118.apk
Size

30.9MB
MD5

66f3d2c50d20ec1fceaef6efcfc93eda
SHA1

0e6fca934f329cf7531e72de91fa50f83a777326
SHA256

8268a7e3ca738deb9341d7dd3beba940c95af5223b10e732f1ef8a6184aa690c
SHA512

1f81e1807a4151de714156f0fbc40b45e483985b65b6fd4440a41b73bf123198850db4472694a2fd17f675f1fc41ce2d53c81b70d455777f35e32b7eca7ab25d
SSDEEP

786432:foTcVC1QQhRdwlSbr6oLgGhzMNbM6wCzMNbn9P5TJSjpSuF+y:rOdhLwlSbr57h+aC+F5TcQNy

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

dev.jk.com.piano

ioc process

/system/app/Superuser.apk dev.jk.com.piano
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

dev.jk.com.piano

description ioc process

File opened for read /proc/meminfo dev.jk.com.piano
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

dev.jk.com.piano

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo dev.jk.com.piano
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

dev.jk.com.piano

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo dev.jk.com.piano
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

dev.jk.com.piano

description ioc process

Framework API call javax.crypto.Cipher.doFinal dev.jk.com.piano

ioc	process
/system/app/Superuser.apk	dev.jk.com.piano

description	ioc	process
File opened for read	/proc/meminfo	dev.jk.com.piano

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	dev.jk.com.piano

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	dev.jk.com.piano

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	dev.jk.com.piano

dev.jk.com.piano
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4617

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/dev.jk.com.piano/app_bugly/rqd_record.eup
Filesize
338B

MD5
c4ec84a1daf42614be46fad0e53534dc

SHA1
d8089bbc43dda15d374ad8d71bb900161d739edf

SHA256
4f53d3ca13d9b93f68b5ddaaf0251e10a7fb0762452f6531292544168c9a27b9

SHA512
840a1cdab230e46cabbeba4a9a277860da275789dd324e0dca7743c926eafc99eb0cb4eb239ee2e05555fc0618fef9de6ae282f079b8ce59540bfc962bc408df

Download Submit
/data/user/0/dev.jk.com.piano/app_bugly/rqd_record.eup
Filesize
1KB

MD5
038c861a97602d2117da263ba2ad0587

SHA1
852f5d38b1911b5fac0f9c7919589149aae54a40

SHA256
20af13e52eabc7eb27283383e59afa046c5c374a3661f83388bbeeff713afe73

SHA512
639aaacd37120ae456bfe43727362a92bae1c74ba5dbaa1cea94c207b5a079fb4d5da33d0f661373d1dd22bd4eefe535116d3ad2edc6d02325e2a575fb4cbb81

Download Submit
/data/user/0/dev.jk.com.piano/app_bugly/tomb_1716373815809.txt
Filesize
56B

MD5
bd0f8f8f3ad93fa07623422ec6e72003

SHA1
c3589295e7a4ddcf35bcd7a2c13bfd381783821a

SHA256
7fe875398dea7537a57a77c5275cbc8647aaf63ab6fd9148443b65df2e1d0647

SHA512
2ec3e073321262b667afbf98fe4e9f51e4c0c58baaad506b120239031f10699d699b94470bef13007bd6199df3d3b03f1eaf147c0cba5178aee7e267072b1c0b

Download Submit
/data/user/0/dev.jk.com.piano/databases/bugly_db_legu
Filesize
60KB

MD5
c1e986473e00b5a3fbb325c164e2dfda

SHA1
f13316bd0ef2052988e3116574c3e6bb4f0caecc

SHA256
e377991cbc2749c2d3d25ff2cdad6fa7fd917414bc215a6098dd5600394b89c3

SHA512
0678195bb1dbadb1829da4bb94db9ebcfb4167dcfe25694ecd473d48caaaff9c18c8004318acef5b73af5062d7d8d8974a5bff6e12177333c33c8d0bd6c0539d

Download Submit
/data/user/0/dev.jk.com.piano/databases/bugly_db_legu-journal
Filesize
512B

MD5
691f732f158b33939e25c38d572c9951

SHA1
a7cac2cd3fed85f606eda079dcac49fd89a58749

SHA256
13d6d2dc1fc1a93372b0595190eba576650a3a06ebaf521f037077585dd4776d

SHA512
6b32442403f0584a0e11ff15c503f2bc11d09e13fe85be445e553424caa98b8a106b738ae11d23f8b2f459dc1667d1c2e3888bcfb61d2de77762035dc9f07283

Download Submit
/data/user/0/dev.jk.com.piano/databases/bugly_db_legu-journal
Filesize
8KB

MD5
b97dba36fb620093d919aa488b141a70

SHA1
e783dead13ca22eb64ca0c58f09170bcf43c5104

SHA256
3aa15bd7c0fba687744827470e50bdbf563a16484eaa7ec06cfc0ef1f92d8e18

SHA512
76c1402c6f9032a42229878e7cd008bf286bb6abdca1bfff898fc61d9af710d4e210875ac3cebf67a1c332a707d7c9c5a2075f5312a1746ec5b44e1f34a557fe

Download Submit
/data/user/0/dev.jk.com.piano/databases/bugly_db_legu-journal
Filesize
8KB

MD5
458dd3212880560fd99275f2d654b3d4

SHA1
b18b48b463864b36bae0e200788b8ef64275ade0

SHA256
5908a89608231790531b5fb767059cb66dc2dd4340f03f42e8a0c360c56e8bf5

SHA512
ece2d7e5187702ddc8c8ac97d3eac1a1da1bd79cf587f6c42f9f6302a2b18a71d2323709d443fa21c9dc2c7a98c84aa3e20d4648044cb98ee597a9a77f960359

Download Submit
/data/user/0/dev.jk.com.piano/databases/bugly_db_legu-journal
Filesize
8KB

MD5
9c09c775f4de7ac7929a1a54ec03cca1

SHA1
8062b29e0d98b6e4da3ce0dc5a186857b00f8fc2

SHA256
f25b25609fc6cb30cdc35f596c13b447c8f87996e043a97995ea4f26625ca4d5

SHA512
b24f6f59b745e0af124c9979b07d5272c0583032172b8ce78a2764ced21c704a896b8bf935bdb367c2a32a6a433d9877cb229385649ba938d5cde09d677a3c19

Download Submit
/data/user/0/dev.jk.com.piano/databases/bugly_db_legu-journal
Filesize
12KB

MD5
e855fd4df01ee79bfaec247a3ecf8662

SHA1
e55ee4662e558840fd1802624b8ac28aba956ca6

SHA256
87918360891e15a31c9a0ba5f86eebf74f8da0db093dd4a5ee49db30aba9a3f8

SHA512
b19202f150cd5a107a5c5778c3fbc672a1a316b813bc061f3ca73c3b15996c4ef5c9586f7dfd12e38f5533b667dd4cbc90028be3e71dea931abefd522e92e2c7

Download Submit
/data/user/0/dev.jk.com.piano/databases/bugly_db_legu-journal
Filesize
12KB

MD5
495da6da59e5adea7fcbbdcf10eaed29

SHA1
02288f1033c2807032dc2db0fdc2167b668bbc4f

SHA256
e4195d7c838e2496b5de5247deafdc4165528dda244a1256fd067ddebd866ec5

SHA512
67374f2c097cf04071aa5d85837b5d2c56be0f34435bb94052dd724adb2370e319a459d491f36b40e02b4fb4c81060daa5e21e11a339c775bcba2f6b3ad98656

Download Submit