7681a478c165ca99cabca396ab12f8a4e0ca9f3d20fda09e1f3504077c0ea127

Analysis

max time kernel
177s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67f3acc2d260b47f122232069880a570_JaffaCakes118.apk
Size

16.0MB
MD5

67f3acc2d260b47f122232069880a570
SHA1

81a1e03be6823ddfbd20ed3fb389c182d3ca86b6
SHA256

7681a478c165ca99cabca396ab12f8a4e0ca9f3d20fda09e1f3504077c0ea127
SHA512

d261ef4209ae308e64883e71bc41c5cc55773834773411a94dc68ab9ec8659f2bf12f9f7e818088a4edbb3c26986737b8b403e8212f6ccb00c35125e02a62555
SSDEEP

393216:dwWB2GX6ii4/0PLPSX1VQRdr+vvniGI8WQRh4N66:dzBRX6s0LPSXTMDg74V

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.zhz022.d202com.zhz022.d202:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhz022.d202
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhz022.d202:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.zhz022.d202

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.zhz022.d202

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zhz022.d202

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.zhz022.d202com.zhz022.d202:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.zhz022.d202
Framework service call	android.app.IActivityManager.registerReceiver	com.zhz022.d202:pushcore

Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.zhz022.d202:pushcore

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.zhz022.d202:pushcore
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.zhz022.d202:pushcore

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.zhz022.d202:pushcore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhz022.d202:pushcore

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.zhz022.d202:pushcore

com.zhz022.d202
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4245

com.zhz022.d202:pushcore
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zhz022.d202/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.zhz022.d202/app_crashrecord/1004
Filesize
512B

MD5
9954fef8dd7a2f86856f84c28b206c41

SHA1
f12776c0cac9a5e696e9839a1d6c9b90c27d9792

SHA256
481818823f8a380354be1846a9b996b451544aebd8e7bd039dd6cd5531f3024d

SHA512
29c7fcb9e64fe1589a7ba668a0897414c1318cf2515f996e019a66bec604c588f08684a7ce04782bfa1cccd323b7d68277ff226f1ab2c2b2a16674deedbd394e

Download Submit
/data/data/com.zhz022.d202/app_crashrecord/1004
Filesize
222B

MD5
aacc0b2ae4d833ad25f29c9cfd1209d5

SHA1
a51f54e30402720dd8c23b713a575a7cb4589d3f

SHA256
e765f476b3fceedd32116a1a18752671b6dc8e38e46cddca370d8da5969d716c

SHA512
d0550e20dda4b18469fd83d7bcb3425efa2bfca420830e5c93c303b1e21510d897ad0f94630db685baf2b9e4611fe7baf64f2f5fdc8e8805f87bbeb7030c39ac

Download Submit
/data/data/com.zhz022.d202/databases/bugly_db_
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.zhz022.d202/databases/bugly_db_-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.zhz022.d202/databases/bugly_db_-wal
Filesize
64KB

MD5
32b6e7f40648079857c405bd07424ff2

SHA1
4526b45f5ebf1438f83fed7b197336cc3f507e10

SHA256
80762ef5107c09afaf0c38afc425b5c1a5bd62b3ec1313495722fcd3d5a49473

SHA512
e62cad615c0897f67288b35db13d361e4db827d153fae8a4693460c9e69d54cf01f0322e9ec1f1ae3638f0bc6800bb35131527f807ebccaab4ca78fd45823c50

Download Submit
/data/data/com.zhz022.d202/files/jpush_stat_history_pushcore/normal/nowrap/a2342125-7730-4127-9c8a-b9a2c15ffd56
Filesize
202B

MD5
a2364d1f97783f3434d60502e031e301

SHA1
c05bd266ed385e2d11682b2e934ec52abf4b0106

SHA256
2d71c94dfc2929e85d9d9f62f2ec2088b9a2796b509b8374ab1f18b17baa9c50

SHA512
20ef6fdb2da6843426e945bce05cf7e62d5c18333ef2d15e8de80234d6176646b9b38f3b27c6daa116bfb7ad9b95a2e5cd56aaffee150964f6554ee9ef790b27

Download Submit
/data/data/com.zhz022.d202/lib-main/dso_deps
Filesize
136B

MD5
ddac3b5fce683d4facc87c640daecb0d

SHA1
8a1a44632162028e30f91146e0ed78d4f9a2a87b

SHA256
1d379d1aed5a63a8441a6d64f79a0db008ccb0d7df3d300534ae68cdf0082a46

SHA512
7d55aec49de0d9f390be28f84d5a0dfbb883a19c1591ec3bbddb6cbb117af6bf894f85934effda77f2d86a49ea7f4babce2e4ae6a70fc90b00ebd3c5ec09aff4

Download Submit
/data/data/com.zhz022.d202/lib-main/dso_manifest
Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.zhz022.d202/lib-main/dso_state
Filesize
6B

MD5
9cf36d2c599b0e78b8bb05c3d2710ee3

SHA1
683961f7ca767c49517ea80b8c5052e6abe90b47

SHA256
e84224a6584ad88b2c5aaf3484a1f3927160ed07b91c2dcdd73f78a8cbf3145f

SHA512
8494b9ae34b3241a46965e6d5ba2ac5a4bb71762ef96fbd49685102fdbec5006dd271c4f81efaa01ebfb34d6877938e0d47278371d71ac4bdd7e97f1bf727cca

Download Submit
/data/data/com.zhz022.d202/lib-main/dso_state
Filesize
231B

MD5
9ed3cb1b83b6fc54390630228daf2298

SHA1
43361dcea6b2862063a98143d6e48c2d28a85cf0

SHA256
ebdc1d1577aadcf330932ae6f9f76866fa5a6f7e4008a259763bdc5060869091

SHA512
e54ce034ac0828192cee27923682404ef147a8f60df88e9f73ca5598d4ca5fac6319e153533c5246f7e815b21d13207beb4f6450cf070eb83583f1d0c06ff4eb

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
4437954df024aa5fb0567d463e31461c

SHA1
613b2171eab0a07092faad6dcb654a8940d4b528

SHA256
a54b8b67b68c35bbc9806bb83b5c19d2b47b4fda8812f76b7a12216eecbbd4be

SHA512
d2a3e43ba5d3fa2d38a3ac9326884460995ab801a2b4cb374c061a37dfd34b7fcb106438121118b72f3ec6ca260dbbe447cb3c04665dcf2cc0d638ecae3026aa

Download Submit