Analysis
-
max time kernel
158s -
max time network
152s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
22-05-2024 11:40
Static task
static1
Behavioral task
behavioral1
Sample
6722af87b4174e30d71df3e3b43ca919_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6722af87b4174e30d71df3e3b43ca919_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
6722af87b4174e30d71df3e3b43ca919_JaffaCakes118.apk
-
Size
8.8MB
-
MD5
6722af87b4174e30d71df3e3b43ca919
-
SHA1
c770dc26eea9bc7fe9fa3e0eab50ca28ba859a6e
-
SHA256
5308b9735f2cb43aae54be98b8d942ddde286cf6c1a9e6d96459ba0326051f82
-
SHA512
f267759c3b4f303fae11693dcc9597d18504b048ece6f6992eaf083b624d24a2e3e5a58b925fef816e9f1caf59c48b237674473b4aa3fed53684423e6b9025d8
-
SSDEEP
196608:mfpWQmgh1fWkxfW41CnRYWkS7ukq2PJGjH0Oh/iPsgnQErvlfjkgFT:mZh1fWk9h1yYOPJGL0c/mlnQ8lh
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
Processes:
com.pytech.mplusioc process /data/local/xbin/su com.pytech.mplus /sbin/su com.pytech.mplus /data/local/su com.pytech.mplus /data/local/bin/su com.pytech.mplus -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.pytech.mpluscom.pytech.mplus:pushcoreioc pid process /data/user/0/com.pytech.mplus/[email protected] 5110 com.pytech.mplus /data/user/0/com.pytech.mplus/[email protected]!classes2.dex 5110 com.pytech.mplus /data/user/0/com.pytech.mplus/[email protected] 5165 com.pytech.mplus:pushcore /data/user/0/com.pytech.mplus/[email protected]!classes2.dex 5165 com.pytech.mplus:pushcore -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.pytech.mpluscom.pytech.mplus:pushcoredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.pytech.mplus Framework service call android.app.IActivityManager.getRunningAppProcesses com.pytech.mplus:pushcore -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.pytech.mplusdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.pytech.mplus -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.pytech.mpluscom.pytech.mplus:pushcoredescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.pytech.mplus Framework service call android.app.IActivityManager.registerReceiver com.pytech.mplus:pushcore -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.pytech.mpluscom.pytech.mplus:pushcoredescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.pytech.mplus Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.pytech.mplus:pushcore -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.pytech.mplusdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.pytech.mplus
Processes
-
com.pytech.mplus1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.pytech.mplus:pushcore1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.pytech.mplus/.jiagu/libjiagu.soFilesize
485KB
MD5015df5724b50b4fbc6dd0caf7ccb817c
SHA1980780e98c9958aec97ab7a0de8d28a4c5fd9429
SHA256183990718a96d742bc6f1bb04c313e04db6dc62d445ecb294a7f15babd3281c6
SHA512fda8f5343cac8102aade5f1aeac7c5b028ea5d8c92e3d12de92e1ffce30bab47a446f215c9cff7dd1e1bb88980ee0d27b5241e856719fcc1f6a5c25e062e9d40
-
/data/data/com.pytech.mplus/databases/cc/cc.dbFilesize
36KB
MD50908e924aa236931dc7166fef6e00862
SHA17782648d6d8f6e835bd47058d4852932c096a467
SHA25638f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f
SHA5123c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee
-
/data/data/com.pytech.mplus/databases/cc/cc.dbFilesize
36KB
MD567c12933d1e0e63d9801a6aa43092ce7
SHA1b6936908554e4a1986b8eb08289e2d3545e8ff74
SHA256abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40
SHA512db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd
-
/data/data/com.pytech.mplus/databases/cc/cc.db-journalFilesize
512B
MD5813702eda16fa2788fe7c093d29b668f
SHA1aae1004eff2298c9a23bd3d66794029af2a83b8a
SHA256b8145c68a3c93e0d5c2ccd305789822cfa5257853511ff6468740c38fb99c5c1
SHA512afb9c8b19397e124d5b32df402c324e802730a2798d30fde1828ceb1eac58551bc02ebe134d1ae994a39ece123f18e64d07b7e77c6babbb5b97a8f8e9b1893fc
-
/data/data/com.pytech.mplus/databases/cc/cc.db-journalFilesize
8KB
MD55c636c4f247bfb15b5d0d837518f7569
SHA1613ca8b7ab8b50a7a7d94e929f3c05ae42bf491d
SHA2569fa39974dc0007d64a485fe2acaa19beb1862371f521dc9804e24befe69b3dbe
SHA512526a61986365749a284e03407ee03b1d0060f19b3ecd091ec64cf303baff19b834fa008f4d0bfd1e4705361a5e3046fbf7bca35793fb8d3d35d8510261ae36dc
-
/data/data/com.pytech.mplus/databases/cc/cc.db-journalFilesize
8KB
MD522272af2b62dd74e0a338358cf7aa9e3
SHA138a23fc468bb5a07c66be19bc27fbb6d30f34023
SHA2565f94e512ef38e4eedc8bc4d0d7927be7d41b2e8c2c091444c023107845398f39
SHA512f3969cb1f84be284805f84022b6f381e5186c75f0a07185b6bdae7215338f6e946d8cd69cca636fe7a529974bc38e4f3db1f3a547e348b5ed7224c1576356a26
-
/data/data/com.pytech.mplus/databases/cc/cc.db-journalFilesize
8KB
MD5e2edf25d29b265599052e15898180781
SHA1f882e80480402bc0b1a81100c68e8cc72569cc30
SHA25679892dbe232dc82eadafaf18e6dcfa6c62eb3b4be0a83f38ecd9c23a3ea9183d
SHA512d328c5380bdfa22870e648011a3c164bc9fe341f03928711d451b7a060982585296eb6c12cbc8e04a008f6f68bf85be20b1216f96104976835ad2161078ece34
-
/data/data/com.pytech.mplus/databases/cc/cc.db-journalFilesize
8KB
MD58bf35967a0543543b99e150431b36c19
SHA12fa5984b6f75364c05caa07f9567c9d2cbe13cfe
SHA25633ad268d4ba245ac12c15690dd68d07b12c930e8cdd010fac5fca85d74e058c3
SHA5128b777ec957984ae4b90bfa99f12479bb3c90b57273bdb4a2734c7c3cb1b45db1f65d30689f21c08c238af5bcfb76d4123b2ab32a21fd2ece2393e1d97ac6b46a
-
/data/data/com.pytech.mplus/databases/cc/cc.db-journalFilesize
12KB
MD5b44c18454e1f4a3c9ed4bac14aecafd8
SHA18a5ae911581a879ea6667bf2978548cf2ddb5202
SHA25634637ebe47a6c8d46039436637ec96a7609f02fee9b2ecfb248bf6b5e0ff6c67
SHA51237d705f14630afca2ebccc539579027cc56c1c48826141dda5c3b02b9ae942e4a5d44db28d0d639c2dd6e66b099b3c828cdeecf11751bda5c21addef31218ee7
-
/data/data/com.pytech.mplus/files/.imprintFilesize
928B
MD5d94a791ae3870f8d04af286f8cc1fe80
SHA1b7b170c0ff3f23ec9a868b83aa6548fd32935812
SHA25623ba82580b4e781225e72e02979633c5899f44fce8c90108d7d72cff3262289f
SHA512dd045553f46abc6958ba03e202b67bc989a7fb996bf3bba0de2b9dc79427e12bc766afc581c196509c044ad60c028d4452909468d02ab392f7570f542c030857
-
/data/data/com.pytech.mplus/files/.jglogs/.jg.acFilesize
40B
MD525b72ab583925db87746b3c56e500cfd
SHA123818c13d85b12704e067663f3b96fb523cf0a60
SHA2565e77d3dbe0a03f7a836496b17b25221123fa3e0d0f65f1535a5b55829c4ecd38
SHA5129ee12a4abafa0bbc15d8f128edb765529fd9a55d0ad684538542345f252f5e2c4b92eaddbc3f3f3b7f3dc164582676e0bcc6c044feae977d48d9056196fe590c
-
/data/data/com.pytech.mplus/files/.jglogs/.jg.acFilesize
40B
MD5b82010426f08db9ee5ae29bf1659ffc2
SHA162a1c3432c4f7a8f9a0c8c31f0f9917c3279c4cf
SHA256ff0b76ac84e778e1aa098d7b43de8e16823f5087dc8a256f4feff0de2c6c938d
SHA512619e866d22f34d5b5dec93fff1a5ce93f2cdef969cd96aec0ef6725b3c33c1a5b3a323b1739cc4c3504cbfbce51c85a80ea8c09d9cea7e74532bd3f34e1004db
-
/data/data/com.pytech.mplus/files/.jglogs/.jg.diFilesize
340B
MD599c5f7c3b218bf0381c8f01fb71cac9e
SHA1d343a9bb10c49f66a8d3bc8d0448a7a7cf0984ee
SHA2569a009aaecb7c902e6af7809a9d2952ed7437bc7f680b7f192b0727424a0431e9
SHA512838167700dbca601ddf2fb5e5e540124da8cf6e3f166cf38e1708e971859b43a1c4155200e78ff060b30682fc5412c49636c49ddd5d8b709a2be9e89e6caf6e9
-
/data/data/com.pytech.mplus/files/.jglogs/.jg.diFilesize
340B
MD5ebf87e1f3b7e4ce919bc1cae59ce86b5
SHA110676e50b256f88caf806876e51c841413838a21
SHA2566972e2323e438860cc0dc44e2fe51ba926ca2ff6319a03ff41bf94072b35091f
SHA512c60e9e7a9a3fb901bcfc6167daf6117f5917091265696de70a00ebc70584cb7ae60e746dd8d665eb00e3d985b6d9ac48e7369b70b425d708b26a5004e7e370ca
-
/data/data/com.pytech.mplus/files/.jglogs/.jg.icFilesize
40B
MD5313c3b752b7a54c5d995b50350e0f867
SHA12bda43e43a39e22e9538c65d323633f4e7d05c77
SHA256999e2ae4cca388fcbd7ed1434ebe92c8316c1d173cb65192e7c134f6b7d1e815
SHA512ccfbf7b8f53970439bc62a3e88ce72c8e2b3f4d4427b2464edc52d4ce75bc394148ad5564c2037229cd785a5383da375dcf39a42356933ada426a82fbdff42a6
-
/data/data/com.pytech.mplus/files/.jglogs/.jg.rdFilesize
32B
MD594bafa6fc771d6a4c1c2fc34b6785b46
SHA1b717d02c687c4c39b08728ccb3ef363e7d415ef8
SHA2564a16be3365976eb5cab0e67070069737c1cb5746b819d7796cee52fdfd94b69b
SHA5120e1ec82c2e95d8f2ae1ed6d7dc2460b0526066c55574e474603b544a6c8572a6dd05e3b70df2f812b4579db24df05a67ccc9903e2086cd20c2e8c1ce1784f666
-
/data/data/com.pytech.mplus/files/.jglogs/.jg.riFilesize
314B
MD54bc0578aa2f2ce97903f613da55ffd04
SHA12954148a67f0b47588780f1e646ef59a60023555
SHA256bde24f2ba1196d6dbbdcc8ae307462e494ebb0efc15bd73b495932c4e6f9dac7
SHA512ec19fc0063e0b4bd0bbde8e26c7b0c715a0372954a6b6f40e33a11e2054125f7d6dea0869deb49f510c81c384cda20dcf4b4cfe4cca1a259a412c9e6102545b0
-
/data/data/com.pytech.mplus/files/.jiagu.lockFilesize
27B
MD5f0f79f8191a3fe3bae541debe2ea7a03
SHA1243d490ad61eab1d2849bb55a9de35c93cb0f799
SHA256f6f4ce0120f0d354849930db919880c523044629f9369b9388f5c5fa6f269cba
SHA512b9d37b82a896a6b5f98f66529f95cbf7b9ee9b56be12b5dcd4efe237b46efe3c90e957d922660af845b259b08924e6261e96f72ea653d457cbba16b0de1f374f
-
/data/data/com.pytech.mplus/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5db9a84de84f862f99f4e3d9161ea9ee0
SHA192efe1cc32726c5d688f2f894e525398ad6d6788
SHA256a6814832f9c58a8220a858a9b60cc5ae85ea51f3e5560b15743f06f1e5d746b5
SHA512ae128bfdcb18f349fbbb2db3a491831ee3c48ccbf827ed94c2529f92f19b8c7dcb4eec7f03bcad6f25e7175d8664e73021f8e5cdc7c215d8bb8cfae398350735
-
/data/data/com.pytech.mplus/files/config.jsonFilesize
34B
MD550a83c0673b7bd66ed816f28c6d33523
SHA145217c19769ebf110369d28ef41a974cca1b24b8
SHA256c42458ceab8e3d06378aed84a8190f4e0b8caae12282d128cbf838f8bc816cb6
SHA512ea5dda6509b9438763a3c372e78491d507e003ee0e91abf59d2d317e2b1001b01c0064e89fdd1cd6ac0c8fc18bc134e5fe35c107e38f3c20cfd157eb2e00d867
-
/data/data/com.pytech.mplus/files/jpush_stat_cache.jsonFilesize
159B
MD56ce300e78b443f47adce7db3da5cbdd0
SHA16fe65af20124cdf6641cd48782a0cf2139f336fc
SHA25614a4c1bab1a12783941428d2fc792ebf1003bada5148de5717ca966de2d407cc
SHA512285af7d49bfc67c69813bc8e9193accb933305631cb0a38071a948c38de360bdd65b69421f2548f33fb2607716ca4eada29c6218402a67598c9cc9b772ed3b3d
-
/data/data/com.pytech.mplus/files/umeng_it.cacheFilesize
352B
MD5e37c5138c34ac52502a56df71e8ba0fa
SHA103d6814c3b6da21ef0e337e39df73c7e5c0840fa
SHA2561ca890adc21516480499740cbaf2ad2a9d143c6675ab4fe8d10c9bd573ab2ea0
SHA512e3c181c63bff5f2486c3b6d6f37ead70adb80888b628e318d5d8b02699b0e5f8929aec369b0c700e633771a60162f2ce1ef879b177582565cf4aad9bfab4458f
-
/data/data/com.pytech.mplus/files/umeng_it.cacheFilesize
179B
MD54cdf949619105e21a3b52f5136f8c58f
SHA1c608b326a086758731654ebac7067fdb2812b3c6
SHA2569ca19800f807d76850488a7739a1a2d15da40464e96f78c6973d1929ea4383ba
SHA512d18a8d67dbcff92c2d7a364acafc58cf67669c613a5d951b2c24bd90ee9b7f25934ce54fbb5a0242d44e96f66ddac2ee09c0eb4b0a921f65dee515dac570223e
-
/data/user/0/com.pytech.mplus/[email protected]Filesize
5.2MB
MD5d1928a8c5903635706cc02094a17bc16
SHA1289a49e45d3c2d5186864d27feabe5a8f42d6b93
SHA25662e083ed14ee9afac08eb0fc2f5cd69b4bf3c29663665f5a5bb078e19307754f
SHA5127d9831f04623aa645f379d473f4c5a32b4cdb126bd971cc2d9f18e9df0d7b0f763cc27adfc6f474f3382d0b425afb7a6be7d9a3dfbced437d5754014dfc58748
-
/data/user/0/com.pytech.mplus/[email protected]!classes2.dexFilesize
1.3MB
MD5fdfe2f3f84c8555c5be48a5476f23609
SHA18c148a68056f872c2f2cf144053c70dbe9ed893f
SHA2569f7921eb39e73230f0ad8fc1da601ea2521961b04b7f338adc10dae7468e0337
SHA512ab04d1c8f11958c12600576b3da20ce87d5f65ac1a138cb950ecc4efcb9df91db8aef034d6949415d99ff22da13c8fd2eb1e3f86dec33252eb0017dc7b26b3e1
-
/storage/emulated/0/360/.deviceIdFilesize
48B
MD54c4c5285293d5141f582aefa4e038669
SHA1e01852a72e5a8e6f7d63a21426b515118196047b
SHA25636c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399
-
/storage/emulated/0/360/.iddataFilesize
32B
MD5d7ffd4f5f48c2bbb6588bba8717a6201
SHA11ae8364f54cce6d110d16614838e4ef6df4f9f55
SHA2562f56f7fa33a2bbafedefa2881acc167907c25eeb18022f1dd736fc7b87d11b42
SHA5126a3680525f94294490ad538e2c9bfbd2dca5dbfc32090eebdc3a1c5ec155751d81d81007fcad5d38e8eaa3d132121574115b79d9c37006579379813ffd3ee65c
-
/storage/emulated/0/Android/data/com.pytech.mplus/pytechltd#mplusclerk/core_log/easemob.logFilesize
1KB
MD545485da0573882b1692fc411b77c997c
SHA1478326fc76c88fdb62aff641a50a795ec1e95bdf
SHA256e0187e7cc0bc362dd13862f7ee7074f683788b425a2262eb8bf1cde9a77d2680
SHA5127777bb3d4d4a41c01b49b93de2384959202487a5864b58bfed18e9aeab13d8f52e511789d483b041a2cbd61d5c7908e795e6c1cd2e2a493850e20a2ead6e9029