0c17c267e6af757129c5423da0c5aedb2ba54901820b14f546a82007ce5b3e5d

Analysis

max time kernel
178s
max time network
187s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
22-05-2024 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67011e4d3d29a465b6f3ccddbdf440c7_JaffaCakes118.apk
Size

12.9MB
MD5

67011e4d3d29a465b6f3ccddbdf440c7
SHA1

1ce4eb32c75f862cff91870253dbc94f887cf621
SHA256

0c17c267e6af757129c5423da0c5aedb2ba54901820b14f546a82007ce5b3e5d
SHA512

9476d3fc08f9e4989508640ada257c84428246e41401194ba1de1c37cfb8de158707e9594b7621f720f36e2bf301f7024a5a5ea410ab399e0d518c567b7573ea
SSDEEP

196608:Gh5N1+xks5SHl/ilRwb1pRXKIVmLFdMLW4UnxNfF2+kQQ+bwPZC6Iqi12BCWyDRO:Vv58H1KIVmLFeVF/QqPZnB0kPahe1

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

org.unionapp.bzjxjy

description ioc process

File opened for read /proc/cpuinfo org.unionapp.bzjxjy

description	ioc	process
File opened for read	/proc/cpuinfo	org.unionapp.bzjxjy

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

org.unionapp.bzjxjyorg.unionapp.bzjxjy:ipcio.rong.pushorg.unionapp.bzjxjy:ipc

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.bzjxjy
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.bzjxjy:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.rong.push
Framework service call	android.app.IActivityManager.getRunningAppProcesses	org.unionapp.bzjxjy:ipc

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

org.unionapp.bzjxjyio.rong.push

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.unionapp.bzjxjy
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.rong.push

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

org.unionapp.bzjxjy

description ioc process

Framework API call javax.crypto.Cipher.doFinal org.unionapp.bzjxjy

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	org.unionapp.bzjxjy

org.unionapp.bzjxjy
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4349

org.unionapp.bzjxjy:ipc
1⤵
- Queries information about running processes on the device
PID:4405

io.rong.push
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4438

org.unionapp.bzjxjy:ipc
1⤵
- Queries information about running processes on the device
PID:4521

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.unionapp.bzjxjy/databases/cc/cc.db
Filesize
36KB

MD5
1b77217d803a7c04af9466680b92d104

SHA1
0cb959f4773c6730e8aed5746706c0f3ecb35c1f

SHA256
66c83ae35e997c33eaffe9c0557d98ee31931c18b99585a64eb6cc8f63d303e3

SHA512
39ea189895ca93855bb71b4a5447815e9373ffd39b50611ac172ae321ee7716fd4af5f86c1fd0d17e12b771f4016a86184620a7c5d07f57b88f017c4ce8312ec

Download Submit
/data/data/org.unionapp.bzjxjy/databases/cc/cc.db
Filesize
36KB

MD5
b986a138e325f9ed31653e246087baa6

SHA1
1cda06c101efbf7c89305f44b552e38282225064

SHA256
6945d75275af161fa082eab8b348f4cdccbab03854963f5e861fde210447e058

SHA512
5894180006885af44962dcd92c6f33a640d6080060a51a38ee4e348ee2dafe9abdcf2a931cfad4c395ebe20e08b96f810ca54b5b1f584fa232cdabc76be0740d

Download Submit
/data/data/org.unionapp.bzjxjy/databases/cc/cc.db-journal
Filesize
8KB

MD5
5f14df3559b629b37f69488b1770393b

SHA1
37654f25f0661f04911558d3ad2facc4d438a953

SHA256
d183ce7b8eb21e5dfa28ad80172512f6e374028e4aea42b7d67f1c791169169c

SHA512
720c9a6143a41435c90b941fc39872366aba0397ce56ff4c6de43201c1c004924c08ec1279cfe19ed27ce7702547e751e3c66315894cc2e63053c170cdadc46c

Download Submit
/data/data/org.unionapp.bzjxjy/databases/cc/cc.db-journal
Filesize
8KB

MD5
8a82f4c902e8abb017026a306c5ad5a6

SHA1
35ded33fd8148f3cfc37e41cca698c02d443a42e

SHA256
a247d6a04de1e422dd4cc86d3efa36f2082403eec3586bdad547032e692b6f8b

SHA512
bd8b5939428b514915fe28feab60c8e976c1d8d619b756484033873a7e8f1c62dc0f8f9aa3015e5bd886ff16c9fb6c9b557e7ee09c66a1bffc870d9fef8434a4

Download Submit
/data/data/org.unionapp.bzjxjy/databases/cc/cc.db-journal
Filesize
12KB

MD5
98c3115c30711ab94a3f68acadf97e93

SHA1
92df436656579397a7b653fa83c27a16850ec460

SHA256
c67a709b1449c94412053f9105d55107c149a0ceee80a2277727d1759cebcd54

SHA512
7c4187edd0dcc6fbdedfce63afe742fad69047369638eb55fff083a8222d1ba64da9f7b5516a3ee10be8ccf75566cffc4fd7401b2fbedd910e502ac154c2f017

Download Submit
/data/data/org.unionapp.bzjxjy/databases/cc/cc.db-journal
Filesize
512B

MD5
d7c7b027636038ce1e0f52d45d91fed9

SHA1
1d6b9f01023e340b18fcc10767b84741b56af0e9

SHA256
6d1e4050a095195c45bfff8554dc4609ec6763e095184b798df6ab972751f857

SHA512
0d0256898a5ff22724d7272d5029e36b8d74e2c4255f15b3efb6616915694750810cc7671934fc27ed92f315e88a1ea3631a66c4b1f10e1da643ffff2580f7d8

Download Submit
/data/data/org.unionapp.bzjxjy/databases/cc/cc.db-journal
Filesize
8KB

MD5
d899405db1f865748c222e875325385f

SHA1
94977960d8c4a84295d5a2d833b78ef81139bf13

SHA256
665464f92973008489ae1bbb2a950793ce6162ca199a2d996018da10a93592a8

SHA512
005e2d6ecbccb50e80962230d2888222a5655f25928116c0cb6c09840a618167873a4a1449612ea06a1412b06adadcf2425d46c45feac635c499b86e9b4f837e

Download Submit
/data/data/org.unionapp.bzjxjy/databases/cc/cc.db-journal
Filesize
8KB

MD5
cd4b6a757674c457a4677cec6652cf39

SHA1
3f9423c5c8567a6b09585f588d96df4560663cd7

SHA256
0764327c284d30603f38379523a39c98ab9ba72a31d0ed803e9db0febdc32d41

SHA512
81456ba7363a19426e439ce3589600b2a97e13d6738b7200f977d2f2967ae863f578e0a0dce0b7eac0fe8a3a7b736fc704457d13f63fb241e124fdadcce0b10b

Download Submit
/data/user/0/org.unionapp.bzjxjy/files/.um/um_cache_1716375130089.env
Filesize
1KB

MD5
189ee1611b26855cd2586eb7f17e0cac

SHA1
4f6aa0ab99840349f8e20682f445179816400cf9

SHA256
8df6a82fc8e76487c36d32b0c504895ba87f99e8a6f8eb3db3f6c65a466777c6

SHA512
6cd0b52b99d1ce51985ceae56f2498ec8fa305ae9d00ec7c3249ffd9215d98ef623c4655fa5e4eaed868c8c2e32871f8e5ceef76f96a72138bd013bd06c27d11

Download Submit
/data/user/0/org.unionapp.bzjxjy/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
e7007a4569942840155c690270f87890

SHA1
d3cde55a3551862aec9c8c052ebe8f681a9b7d15

SHA256
4a7ad3a32b604b32b58b0e3672997647af4e478fa631de90a78b407173241005

SHA512
908ba976878f6351c3a9a8de799a7bdaf5a2663f565f0ce95783d567ee2aba5cec6223de2748964de9f4b8de7d194591f64a6c59df286c8a6852105f96bd053d

Download Submit
/data/user/0/org.unionapp.bzjxjy/files/exid.dat
Filesize
57B

MD5
695f216a9730f9d61d5418f3724b1905

SHA1
e25e02675a22318861bd407ae9af5c1ecf663e2f

SHA256
2d2e19e4a9183d14542ddb9ea06239e88015542f1790df67e30e53ae95c60424

SHA512
2e07c0c87a4df27b82cebf3548496ca6b86c35a36aa3da6903901725d419808a93a938c4f7bafb16c5520ab9c22a6bb81fec71ac7cf479a41917f118ed9bdb74

Download Submit
/data/user/0/org.unionapp.bzjxjy/files/umeng_it.cache
Filesize
433B

MD5
5c52b0d2acad3232af678ce4cd60ffe6

SHA1
b3bdb98da45b981d2e6fa6467acd636f269d7d2a

SHA256
d2f4dfb088a5b58076823f2074171ad9af04e8926deafb6d738c8ce67960145f

SHA512
72f1d3502014791e63a28cc3fec87685f841b068aa8bbb187e919fbc3fbee1234890e891bd8313d5cd67117bc319138606add3226ca0af086fe2fd715247f942

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
042ffc98c1c2a97a4220efbf9337c66b

SHA1
50885d83685e413c7b750ebb336a87a0d5404c57

SHA256
a4e2174158f5c2e2e913d6325b817c9e3f6946a25385a6e2fe008db44d95dc4e

SHA512
358c070508041d39abcda582540465edde4c332eac26265785876c34b089611f54dafadaace980bc17c3755be39c7ec3a78bf3879a9c1a6fa3565330918060c4

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
341715733770f57afb08b00ae47436a2

SHA1
f13bcb91214a7295ac36a2ab636976bdd229d3e6

SHA256
6023f99549325df03c328b7f1625313b1cd5e1898fc083ae0ce73abf014f5c54

SHA512
e9a0654720939a1fc4264b8a815516476ac6f6223e59850ee8bb9678ee674779265a9a3eb1878ffd6dbdae1374e86ef209cc100521919c7dbce856d5fb26d242

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
0f33f4eba098b1b97eb7627a05352afb

SHA1
7501adf73e15c290de90c058c11476e5efd65f44

SHA256
6366c5259144f7f1370cf79731a72022e60e4644b3e98d4f5265241c50774353

SHA512
5dd3ffbdd0c8dc91548bcb507d0ec0d1de7c01855686690f8e5d02c06883cac91d4b1169725e47c826ee0486aee7dab723f9e924dd3d579bfa0032176b89f2f3

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
b6a817e39f22daa4c3647c0c7751ac01

SHA1
1547f4f1b3564cbb0d7827dbbb4ec507934bd5b2

SHA256
6135349c691c4d1135b6eb6af7bd68901599deeea7daeffee35fd6eb9cde25fe

SHA512
2856aed7dde3d091d5bed0352715779a58336a5d8f9f8b0b7e8effcec153b229f16b3cf9f1effb5c5a6c70442a4928b9c4dcab762549cfe6e8ccf9b478f45bd5

Download Submit
/storage/emulated/0/org.unionapp.bzjxjy/cache/image/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit