5308b9735f2cb43aae54be98b8d942ddde286cf6c1a9e6d96459ba0326051f82

Analysis

max time kernel
158s
max time network
152s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6722af87b4174e30d71df3e3b43ca919_JaffaCakes118.apk
Size

8.8MB
MD5

6722af87b4174e30d71df3e3b43ca919
SHA1

c770dc26eea9bc7fe9fa3e0eab50ca28ba859a6e
SHA256

5308b9735f2cb43aae54be98b8d942ddde286cf6c1a9e6d96459ba0326051f82
SHA512

f267759c3b4f303fae11693dcc9597d18504b048ece6f6992eaf083b624d24a2e3e5a58b925fef816e9f1caf59c48b237674473b4aa3fed53684423e6b9025d8
SSDEEP

196608:mfpWQmgh1fWkxfW41CnRYWkS7ukq2PJGjH0Oh/iPsgnQErvlfjkgFT:mZh1fWk9h1yYOPJGL0c/mlnQ8lh

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs
evasion

T1426

Processes:

com.pytech.mplus

ioc process

/data/local/xbin/su com.pytech.mplus
/sbin/su com.pytech.mplus
/data/local/su com.pytech.mplus
/data/local/bin/su com.pytech.mplus
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.pytech.mplus

description ioc process

File opened for read /proc/cpuinfo com.pytech.mplus
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.pytech.mplus

description ioc process

File opened for read /proc/meminfo com.pytech.mplus

ioc	process
/data/local/xbin/su	com.pytech.mplus
/sbin/su	com.pytech.mplus
/data/local/su	com.pytech.mplus
/data/local/bin/su	com.pytech.mplus

description	ioc	process
File opened for read	/proc/cpuinfo	com.pytech.mplus

description	ioc	process
File opened for read	/proc/meminfo	com.pytech.mplus

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.pytech.mpluscom.pytech.mplus:pushcore

ioc	pid	process
/data/user/0/com.pytech.mplus/[email protected]	5110	com.pytech.mplus
/data/user/0/com.pytech.mplus/[email protected]!classes2.dex	5110	com.pytech.mplus
/data/user/0/com.pytech.mplus/[email protected]	5165	com.pytech.mplus:pushcore
/data/user/0/com.pytech.mplus/[email protected]!classes2.dex	5165	com.pytech.mplus:pushcore

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.pytech.mpluscom.pytech.mplus:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.pytech.mplus
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.pytech.mplus:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.pytech.mplus

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.pytech.mplus

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.pytech.mplus

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.pytech.mpluscom.pytech.mplus:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.pytech.mplus
Framework service call	android.app.IActivityManager.registerReceiver	com.pytech.mplus:pushcore

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.pytech.mpluscom.pytech.mplus:pushcore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.pytech.mplus
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.pytech.mplus:pushcore

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.pytech.mplus

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.pytech.mplus

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.pytech.mplus

com.pytech.mplus
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5110

com.pytech.mplus:pushcore
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5165

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pytech.mplus/.jiagu/libjiagu.so
Filesize
485KB

MD5
015df5724b50b4fbc6dd0caf7ccb817c

SHA1
980780e98c9958aec97ab7a0de8d28a4c5fd9429

SHA256
183990718a96d742bc6f1bb04c313e04db6dc62d445ecb294a7f15babd3281c6

SHA512
fda8f5343cac8102aade5f1aeac7c5b028ea5d8c92e3d12de92e1ffce30bab47a446f215c9cff7dd1e1bb88980ee0d27b5241e856719fcc1f6a5c25e062e9d40

Download Submit
/data/data/com.pytech.mplus/databases/cc/cc.db
Filesize
36KB

MD5
0908e924aa236931dc7166fef6e00862

SHA1
7782648d6d8f6e835bd47058d4852932c096a467

SHA256
38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

SHA512
3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

Download Submit
/data/data/com.pytech.mplus/databases/cc/cc.db
Filesize
36KB

MD5
67c12933d1e0e63d9801a6aa43092ce7

SHA1
b6936908554e4a1986b8eb08289e2d3545e8ff74

SHA256
abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

SHA512
db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

Download Submit
/data/data/com.pytech.mplus/databases/cc/cc.db-journal
Filesize
512B

MD5
813702eda16fa2788fe7c093d29b668f

SHA1
aae1004eff2298c9a23bd3d66794029af2a83b8a

SHA256
b8145c68a3c93e0d5c2ccd305789822cfa5257853511ff6468740c38fb99c5c1

SHA512
afb9c8b19397e124d5b32df402c324e802730a2798d30fde1828ceb1eac58551bc02ebe134d1ae994a39ece123f18e64d07b7e77c6babbb5b97a8f8e9b1893fc

Download Submit
/data/data/com.pytech.mplus/databases/cc/cc.db-journal
Filesize
8KB

MD5
5c636c4f247bfb15b5d0d837518f7569

SHA1
613ca8b7ab8b50a7a7d94e929f3c05ae42bf491d

SHA256
9fa39974dc0007d64a485fe2acaa19beb1862371f521dc9804e24befe69b3dbe

SHA512
526a61986365749a284e03407ee03b1d0060f19b3ecd091ec64cf303baff19b834fa008f4d0bfd1e4705361a5e3046fbf7bca35793fb8d3d35d8510261ae36dc

Download Submit
/data/data/com.pytech.mplus/databases/cc/cc.db-journal
Filesize
8KB

MD5
22272af2b62dd74e0a338358cf7aa9e3

SHA1
38a23fc468bb5a07c66be19bc27fbb6d30f34023

SHA256
5f94e512ef38e4eedc8bc4d0d7927be7d41b2e8c2c091444c023107845398f39

SHA512
f3969cb1f84be284805f84022b6f381e5186c75f0a07185b6bdae7215338f6e946d8cd69cca636fe7a529974bc38e4f3db1f3a547e348b5ed7224c1576356a26

Download Submit
/data/data/com.pytech.mplus/databases/cc/cc.db-journal
Filesize
8KB

MD5
e2edf25d29b265599052e15898180781

SHA1
f882e80480402bc0b1a81100c68e8cc72569cc30

SHA256
79892dbe232dc82eadafaf18e6dcfa6c62eb3b4be0a83f38ecd9c23a3ea9183d

SHA512
d328c5380bdfa22870e648011a3c164bc9fe341f03928711d451b7a060982585296eb6c12cbc8e04a008f6f68bf85be20b1216f96104976835ad2161078ece34

Download Submit
/data/data/com.pytech.mplus/databases/cc/cc.db-journal
Filesize
8KB

MD5
8bf35967a0543543b99e150431b36c19

SHA1
2fa5984b6f75364c05caa07f9567c9d2cbe13cfe

SHA256
33ad268d4ba245ac12c15690dd68d07b12c930e8cdd010fac5fca85d74e058c3

SHA512
8b777ec957984ae4b90bfa99f12479bb3c90b57273bdb4a2734c7c3cb1b45db1f65d30689f21c08c238af5bcfb76d4123b2ab32a21fd2ece2393e1d97ac6b46a

Download Submit
/data/data/com.pytech.mplus/databases/cc/cc.db-journal
Filesize
12KB

MD5
b44c18454e1f4a3c9ed4bac14aecafd8

SHA1
8a5ae911581a879ea6667bf2978548cf2ddb5202

SHA256
34637ebe47a6c8d46039436637ec96a7609f02fee9b2ecfb248bf6b5e0ff6c67

SHA512
37d705f14630afca2ebccc539579027cc56c1c48826141dda5c3b02b9ae942e4a5d44db28d0d639c2dd6e66b099b3c828cdeecf11751bda5c21addef31218ee7

Download Submit
/data/data/com.pytech.mplus/files/.imprint
Filesize
928B

MD5
d94a791ae3870f8d04af286f8cc1fe80

SHA1
b7b170c0ff3f23ec9a868b83aa6548fd32935812

SHA256
23ba82580b4e781225e72e02979633c5899f44fce8c90108d7d72cff3262289f

SHA512
dd045553f46abc6958ba03e202b67bc989a7fb996bf3bba0de2b9dc79427e12bc766afc581c196509c044ad60c028d4452909468d02ab392f7570f542c030857

Download Submit
/data/data/com.pytech.mplus/files/.jglogs/.jg.ac
Filesize
40B

MD5
25b72ab583925db87746b3c56e500cfd

SHA1
23818c13d85b12704e067663f3b96fb523cf0a60

SHA256
5e77d3dbe0a03f7a836496b17b25221123fa3e0d0f65f1535a5b55829c4ecd38

SHA512
9ee12a4abafa0bbc15d8f128edb765529fd9a55d0ad684538542345f252f5e2c4b92eaddbc3f3f3b7f3dc164582676e0bcc6c044feae977d48d9056196fe590c

Download Submit
/data/data/com.pytech.mplus/files/.jglogs/.jg.ac
Filesize
40B

MD5
b82010426f08db9ee5ae29bf1659ffc2

SHA1
62a1c3432c4f7a8f9a0c8c31f0f9917c3279c4cf

SHA256
ff0b76ac84e778e1aa098d7b43de8e16823f5087dc8a256f4feff0de2c6c938d

SHA512
619e866d22f34d5b5dec93fff1a5ce93f2cdef969cd96aec0ef6725b3c33c1a5b3a323b1739cc4c3504cbfbce51c85a80ea8c09d9cea7e74532bd3f34e1004db

Download Submit
/data/data/com.pytech.mplus/files/.jglogs/.jg.di
Filesize
340B

MD5
99c5f7c3b218bf0381c8f01fb71cac9e

SHA1
d343a9bb10c49f66a8d3bc8d0448a7a7cf0984ee

SHA256
9a009aaecb7c902e6af7809a9d2952ed7437bc7f680b7f192b0727424a0431e9

SHA512
838167700dbca601ddf2fb5e5e540124da8cf6e3f166cf38e1708e971859b43a1c4155200e78ff060b30682fc5412c49636c49ddd5d8b709a2be9e89e6caf6e9

Download Submit
/data/data/com.pytech.mplus/files/.jglogs/.jg.di
Filesize
340B

MD5
ebf87e1f3b7e4ce919bc1cae59ce86b5

SHA1
10676e50b256f88caf806876e51c841413838a21

SHA256
6972e2323e438860cc0dc44e2fe51ba926ca2ff6319a03ff41bf94072b35091f

SHA512
c60e9e7a9a3fb901bcfc6167daf6117f5917091265696de70a00ebc70584cb7ae60e746dd8d665eb00e3d985b6d9ac48e7369b70b425d708b26a5004e7e370ca

Download Submit
/data/data/com.pytech.mplus/files/.jglogs/.jg.ic
Filesize
40B

MD5
313c3b752b7a54c5d995b50350e0f867

SHA1
2bda43e43a39e22e9538c65d323633f4e7d05c77

SHA256
999e2ae4cca388fcbd7ed1434ebe92c8316c1d173cb65192e7c134f6b7d1e815

SHA512
ccfbf7b8f53970439bc62a3e88ce72c8e2b3f4d4427b2464edc52d4ce75bc394148ad5564c2037229cd785a5383da375dcf39a42356933ada426a82fbdff42a6

Download Submit
/data/data/com.pytech.mplus/files/.jglogs/.jg.rd
Filesize
32B

MD5
94bafa6fc771d6a4c1c2fc34b6785b46

SHA1
b717d02c687c4c39b08728ccb3ef363e7d415ef8

SHA256
4a16be3365976eb5cab0e67070069737c1cb5746b819d7796cee52fdfd94b69b

SHA512
0e1ec82c2e95d8f2ae1ed6d7dc2460b0526066c55574e474603b544a6c8572a6dd05e3b70df2f812b4579db24df05a67ccc9903e2086cd20c2e8c1ce1784f666

Download Submit
/data/data/com.pytech.mplus/files/.jglogs/.jg.ri
Filesize
314B

MD5
4bc0578aa2f2ce97903f613da55ffd04

SHA1
2954148a67f0b47588780f1e646ef59a60023555

SHA256
bde24f2ba1196d6dbbdcc8ae307462e494ebb0efc15bd73b495932c4e6f9dac7

SHA512
ec19fc0063e0b4bd0bbde8e26c7b0c715a0372954a6b6f40e33a11e2054125f7d6dea0869deb49f510c81c384cda20dcf4b4cfe4cca1a259a412c9e6102545b0

Download Submit
/data/data/com.pytech.mplus/files/.jiagu.lock
Filesize
27B

MD5
f0f79f8191a3fe3bae541debe2ea7a03

SHA1
243d490ad61eab1d2849bb55a9de35c93cb0f799

SHA256
f6f4ce0120f0d354849930db919880c523044629f9369b9388f5c5fa6f269cba

SHA512
b9d37b82a896a6b5f98f66529f95cbf7b9ee9b56be12b5dcd4efe237b46efe3c90e957d922660af845b259b08924e6261e96f72ea653d457cbba16b0de1f374f

Download Submit
/data/data/com.pytech.mplus/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
db9a84de84f862f99f4e3d9161ea9ee0

SHA1
92efe1cc32726c5d688f2f894e525398ad6d6788

SHA256
a6814832f9c58a8220a858a9b60cc5ae85ea51f3e5560b15743f06f1e5d746b5

SHA512
ae128bfdcb18f349fbbb2db3a491831ee3c48ccbf827ed94c2529f92f19b8c7dcb4eec7f03bcad6f25e7175d8664e73021f8e5cdc7c215d8bb8cfae398350735

Download Submit
/data/data/com.pytech.mplus/files/config.json
Filesize
34B

MD5
50a83c0673b7bd66ed816f28c6d33523

SHA1
45217c19769ebf110369d28ef41a974cca1b24b8

SHA256
c42458ceab8e3d06378aed84a8190f4e0b8caae12282d128cbf838f8bc816cb6

SHA512
ea5dda6509b9438763a3c372e78491d507e003ee0e91abf59d2d317e2b1001b01c0064e89fdd1cd6ac0c8fc18bc134e5fe35c107e38f3c20cfd157eb2e00d867

Download Submit
/data/data/com.pytech.mplus/files/jpush_stat_cache.json
Filesize
159B

MD5
6ce300e78b443f47adce7db3da5cbdd0

SHA1
6fe65af20124cdf6641cd48782a0cf2139f336fc

SHA256
14a4c1bab1a12783941428d2fc792ebf1003bada5148de5717ca966de2d407cc

SHA512
285af7d49bfc67c69813bc8e9193accb933305631cb0a38071a948c38de360bdd65b69421f2548f33fb2607716ca4eada29c6218402a67598c9cc9b772ed3b3d

Download Submit
/data/data/com.pytech.mplus/files/umeng_it.cache
Filesize
352B

MD5
e37c5138c34ac52502a56df71e8ba0fa

SHA1
03d6814c3b6da21ef0e337e39df73c7e5c0840fa

SHA256
1ca890adc21516480499740cbaf2ad2a9d143c6675ab4fe8d10c9bd573ab2ea0

SHA512
e3c181c63bff5f2486c3b6d6f37ead70adb80888b628e318d5d8b02699b0e5f8929aec369b0c700e633771a60162f2ce1ef879b177582565cf4aad9bfab4458f

Download Submit
/data/data/com.pytech.mplus/files/umeng_it.cache
Filesize
179B

MD5
4cdf949619105e21a3b52f5136f8c58f

SHA1
c608b326a086758731654ebac7067fdb2812b3c6

SHA256
9ca19800f807d76850488a7739a1a2d15da40464e96f78c6973d1929ea4383ba

SHA512
d18a8d67dbcff92c2d7a364acafc58cf67669c613a5d951b2c24bd90ee9b7f25934ce54fbb5a0242d44e96f66ddac2ee09c0eb4b0a921f65dee515dac570223e

Download Submit
/data/user/0/com.pytech.mplus/[email protected]
Filesize
5.2MB

MD5
d1928a8c5903635706cc02094a17bc16

SHA1
289a49e45d3c2d5186864d27feabe5a8f42d6b93

SHA256
62e083ed14ee9afac08eb0fc2f5cd69b4bf3c29663665f5a5bb078e19307754f

SHA512
7d9831f04623aa645f379d473f4c5a32b4cdb126bd971cc2d9f18e9df0d7b0f763cc27adfc6f474f3382d0b425afb7a6be7d9a3dfbced437d5754014dfc58748

Download Submit
/data/user/0/com.pytech.mplus/[email protected]!classes2.dex
Filesize
1.3MB

MD5
fdfe2f3f84c8555c5be48a5476f23609

SHA1
8c148a68056f872c2f2cf144053c70dbe9ed893f

SHA256
9f7921eb39e73230f0ad8fc1da601ea2521961b04b7f338adc10dae7468e0337

SHA512
ab04d1c8f11958c12600576b3da20ce87d5f65ac1a138cb950ecc4efcb9df91db8aef034d6949415d99ff22da13c8fd2eb1e3f86dec33252eb0017dc7b26b3e1

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
d7ffd4f5f48c2bbb6588bba8717a6201

SHA1
1ae8364f54cce6d110d16614838e4ef6df4f9f55

SHA256
2f56f7fa33a2bbafedefa2881acc167907c25eeb18022f1dd736fc7b87d11b42

SHA512
6a3680525f94294490ad538e2c9bfbd2dca5dbfc32090eebdc3a1c5ec155751d81d81007fcad5d38e8eaa3d132121574115b79d9c37006579379813ffd3ee65c

Download Submit
/storage/emulated/0/Android/data/com.pytech.mplus/pytechltd#mplusclerk/core_log/easemob.log
Filesize
1KB

MD5
45485da0573882b1692fc411b77c997c

SHA1
478326fc76c88fdb62aff641a50a795ec1e95bdf

SHA256
e0187e7cc0bc362dd13862f7ee7074f683788b425a2262eb8bf1cde9a77d2680

SHA512
7777bb3d4d4a41c01b49b93de2384959202487a5864b58bfed18e9aeab13d8f52e511789d483b041a2cbd61d5c7908e795e6c1cd2e2a493850e20a2ead6e9029

Download Submit