c35c7507fbd5e9db6805a7edbfaa59c3e999be2d0f43db90d1f37de7d2ce42d1

Analysis

max time kernel
10s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

679beffb869959c5a7cd1c7999975360_JaffaCakes118.apk
Size

3.9MB
MD5

679beffb869959c5a7cd1c7999975360
SHA1

ac787eb55b7fab6be973081562361ee84c994c75
SHA256

c35c7507fbd5e9db6805a7edbfaa59c3e999be2d0f43db90d1f37de7d2ce42d1
SHA512

28ac8ab81f797cedfd003cdbfc9c756deea98e04cdc42fe97751670ba1eb9e5e484c6736b97585ddbce011e777c2517441176f9b539e74e43dbd6589f346ead9
SSDEEP

98304:arOWdCBdRVXMm8ZgQ0kyPraOiaT7qVcf0nZq+PN2uwDv:arTdCBpz8ZYkiBiY7qVcsnZl7wz

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

io.virtualapp.luohe

ioc process

/system/app/Superuser.apk io.virtualapp.luohe
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

io.virtualapp.luohe

description ioc process

File opened for read /proc/meminfo io.virtualapp.luohe
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

io.virtualapp.luohe

ioc pid process

/data/data/io.virtualapp.luohe/mix.dex 4579 io.virtualapp.luohe
/data/data/io.virtualapp.luohe/mix.dex 4579 io.virtualapp.luohe

ioc	process
/system/app/Superuser.apk	io.virtualapp.luohe

description	ioc	process
File opened for read	/proc/meminfo	io.virtualapp.luohe

ioc	pid	process
/data/data/io.virtualapp.luohe/mix.dex	4579	io.virtualapp.luohe
/data/data/io.virtualapp.luohe/mix.dex	4579	io.virtualapp.luohe

io.virtualapp.luohe
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
PID:4579

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.virtualapp.luohe/mix.dex
Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/user/0/io.virtualapp.luohe/app_bugly/rqd_record.eup
Filesize
360B

MD5
2786dd418e356244255135b9b9bf3d62

SHA1
4b352a30009119d396f85e8b63b138ff619b7d0f

SHA256
267ea46f7fbc1a492a4e2268a29c55fefa4852d19ae9f2cb85043b77db1ba55b

SHA512
7807535ce37f892b8d48884fdcb6812a2e6a90337d665ca7149a689771d6dfca0e29ad1e52bca2ccaae52d2edcc923e93ecb2184f208cc12cd344bdb58fc9fe9

Download Submit
/data/user/0/io.virtualapp.luohe/app_bugly/rqd_record.eup
Filesize
1KB

MD5
82e2119440392f8b62a5bf3e41a92964

SHA1
d64ea211712003b5465429048b66b1fd40c9bf4f

SHA256
e1e5d2d52334c4865b48eccecc4ee590d4fd0082dc1105a1c14f156b694e752d

SHA512
b52d2afc1eede69bd87ed98cf1dc5e65c2686930ca304e3464e947ecaa71b734dc0c1206c3fc154a33df85801fbfbcf88b7af6f35e1725dad24032d8aafe4ee4

Download Submit
/data/user/0/io.virtualapp.luohe/app_bugly/tomb_1716388873658.txt
Filesize
23KB

MD5
09b06d23d36df101c351ec30692f73e3

SHA1
d2d7e678f083cee92e731404ca65808fc29da9ca

SHA256
8bddf330aaa7ee077de81a285baa61d62422ed085717c398ed09f9d5db2b1c42

SHA512
ee2c780ec98c7255a32efe28ba056cc6db415cd0a1fe43722061cc63006cede7ba80406d5b5156b463155f18ef385d41993d7b33532b36f850b9a6386301ae3d

Download Submit
/data/user/0/io.virtualapp.luohe/cache/tomb.zip
Filesize
4KB

MD5
a1b9600cc2d929a86e0a4e86c2a9521d

SHA1
2844f0d012878c4ba428f231afaafb08938fb0e8

SHA256
2e41594aa014dc10d29ad1f661aed8200bfacbbc82c2572daf6904a92ae1b2f5

SHA512
fd796410ee4b3ec05fcc57efb6f4503ae536b65a399ec8f50d6c49dd53d393a8c9584089d2849b6294e7ba72f2f1f657aa27555ff8e61e965963921a8279ab75

Download Submit
/data/user/0/io.virtualapp.luohe/databases/bugly_db_legu
Filesize
164KB

MD5
3160229f8b49686933bc0e90824f324a

SHA1
c057afa0d9c60aa8e706525fed214a786111c5d5

SHA256
e217b25109c5f958120995221cbda5859d93c8e8d002aa6e49551c7383d0d46f

SHA512
0f402dfa758e4ca5a1f63d764c9bdbcb1b036042dabbf71a564ecd4ae46e23712fe6f680c76e2e0600d084f6573269e8b859c909640c2a3a864202d61dd861a2

Download Submit
/data/user/0/io.virtualapp.luohe/databases/bugly_db_legu-journal
Filesize
12KB

MD5
b9080f570ee8e2a7bc9cb615d49efe15

SHA1
7f19e7081db17dfba01efbae930c185c7616a4e3

SHA256
13c5dda6206bc1c15d623ac2c5f97f216013a9cdd594e2a73c67e1da4e3003fc

SHA512
1c564f8a8603658e7cf1d49f34250626d8d18371a05669f829994e3b87ae54253edf728324c76400b4d0843b7306e38e2c33943be365a7027ed282375dc18b88

Download Submit
/data/user/0/io.virtualapp.luohe/databases/bugly_db_legu-journal
Filesize
512B

MD5
36384898e0343335b06c54eade80d88f

SHA1
e6b71b5a942bf87fef81ae28f42a54d744d5dfee

SHA256
4750ccf616b06a61357a975d92d950b79f9d3293f9f12a8eb9c89550d5f225b5

SHA512
c75abf559945ae5ae22d9ae3fe4233b50e51ccc600f0b2b58c0a8a0d646e3c77985503160af91c3233c87bb561994bb7a2d9ce8f31ff82bbb43d7d748f4e19c4

Download Submit
/data/user/0/io.virtualapp.luohe/databases/bugly_db_legu-journal
Filesize
8KB

MD5
f7b32005ee22b8af6b051fd37a04a4bc

SHA1
10eff5d444bb91d54baab353ad854c08afbb3e7c

SHA256
b2d99c3f4e76f4a8cceec799b388a41b12393d64c6352e612fac0f72b709e11d

SHA512
2cf58b9e37b118209ec1767fe2355e0e7337561657368eeed0a32b747e081fdc0aacd070f19df65097df6bd2cf5ec4ef1aa9ba0d96444569322a5acfa7f52325

Download Submit
/data/user/0/io.virtualapp.luohe/databases/bugly_db_legu-journal
Filesize
8KB

MD5
938680adc261f7e940ac44e176d1ad2f

SHA1
56a4b9dd9fcd34af563acba0c3dec2a421af5f14

SHA256
07d84a0e8cf8419b6936aa56c83d979f67ddbc9ab2fa890cdc0398fdccbc6aff

SHA512
8a1e483fea91f5dd8e226a433caa7588d4fa552f1132f4d6266ba8445cd02121709e1e38e4a9c11fcf9ce9c93c5bf6b8507cd2d8c4f8a76cdb9c6354b1094e7e

Download Submit
/data/user/0/io.virtualapp.luohe/databases/bugly_db_legu-journal
Filesize
8KB

MD5
9450ad8a4d9525b119cc915b12c8e60e

SHA1
01c32211c7b75217ad4a1434478bd57c800d7c9f

SHA256
0e55b40ba20cb78870d3cf62befb44adb06ddc17514f1d0eb099ca29a8a23da8

SHA512
8166e030778a4ef4fe1017339bb6cfd9400b511fa25347f674627f9853de69263027f699988e8ccf415b88bbf3473689738f2d05e146d0929bd91f77606b1765

Download Submit
/data/user/0/io.virtualapp.luohe/databases/bugly_db_legu-journal
Filesize
12KB

MD5
d248c49aa3396ae09e3b2a8ef6903094

SHA1
8cde726ea8dfb414720f3682dded0ea2935e37a5

SHA256
41fd703147a1bdf279889e27e2195236bad1c6f676f89b2e4c2ab7ee5046c212

SHA512
6ee066d08bde88991959840031acf5ab7340d04af2799ca3991884e37b970ac56d93f65b86983e056514cf972bcf62b468a953a882b56626129f9472232d8b75

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads