7681a478c165ca99cabca396ab12f8a4e0ca9f3d20fda09e1f3504077c0ea127

Analysis

max time kernel
176s
max time network
188s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67f3acc2d260b47f122232069880a570_JaffaCakes118.apk
Size

16.0MB
MD5

67f3acc2d260b47f122232069880a570
SHA1

81a1e03be6823ddfbd20ed3fb389c182d3ca86b6
SHA256

7681a478c165ca99cabca396ab12f8a4e0ca9f3d20fda09e1f3504077c0ea127
SHA512

d261ef4209ae308e64883e71bc41c5cc55773834773411a94dc68ab9ec8659f2bf12f9f7e818088a4edbb3c26986737b8b403e8212f6ccb00c35125e02a62555
SSDEEP

393216:dwWB2GX6ii4/0PLPSX1VQRdr+vvniGI8WQRh4N66:dzBRX6s0LPSXTMDg74V

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 6 IoCs

evasion

T1426

Processes:

com.zhz022.d202

ioc	process
/system/xbin/su	com.zhz022.d202
/system/app/Superuser.apk	com.zhz022.d202
/sbin/su	com.zhz022.d202
/data/local/xbin/su	com.zhz022.d202
/data/local/bin/su	com.zhz022.d202
/data/local/su	com.zhz022.d202

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.zhz022.d202

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.zhz022.d202
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.zhz022.d202

description ioc process

File opened for read /proc/cpuinfo com.zhz022.d202
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
evasion

T1633.001

Processes:

com.zhz022.d202

ioc process

/system/bin/qemu-props com.zhz022.d202
/system/lib/libc_malloc_debug_qemu.so com.zhz022.d202
/sys/qemu_trace com.zhz022.d202
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

T1633.001

Processes:

com.zhz022.d202

ioc process

/dev/socket/qemud com.zhz022.d202
/dev/qemu_pipe com.zhz022.d202
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.zhz022.d202

description ioc process

File opened for read /proc/meminfo com.zhz022.d202

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.zhz022.d202

description	ioc	process
File opened for read	/proc/cpuinfo	com.zhz022.d202

ioc	process
/system/bin/qemu-props	com.zhz022.d202
/system/lib/libc_malloc_debug_qemu.so	com.zhz022.d202
/sys/qemu_trace	com.zhz022.d202

ioc	process
/dev/socket/qemud	com.zhz022.d202
/dev/qemu_pipe	com.zhz022.d202

description	ioc	process
File opened for read	/proc/meminfo	com.zhz022.d202

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.zhz022.d202com.zhz022.d202:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhz022.d202
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhz022.d202:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.zhz022.d202

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.zhz022.d202

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zhz022.d202

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.zhz022.d202:pushcorecom.zhz022.d202

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhz022.d202:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhz022.d202

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.zhz022.d202

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.zhz022.d202

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.zhz022.d202

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.zhz022.d202com.zhz022.d202:pushcore

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.zhz022.d202
Framework API call	javax.crypto.Cipher.doFinal	com.zhz022.d202:pushcore

com.zhz022.d202
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4496

com.zhz022.d202:pushcore
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4535

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zhz022.d202/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.zhz022.d202/app_crashrecord/1004
Filesize
8KB

MD5
5bfd863d330484eac13c4e0028117b17

SHA1
fee3062f6dc564cda6f49090789646a3da9caddb

SHA256
85b8b5de8b67f2b110c76ff6adc6c2aa802c578c1c13c992f230b73fd228b24c

SHA512
5bbee17b4e574b43cb03abc571da846ab453ae6f5f652e139faa6ae22f85c4fb08afdb6026481aa167a7e9dc38ed7d1ed875eeb813ab8ddd17721716d212189a

Download Submit
/data/user/0/com.zhz022.d202/app_crashrecord/1004
Filesize
58B

MD5
eb3961bd6a5a2583deea7acb5bbf60ab

SHA1
0af2a93dbba28642523ee6a44935c362ec4e354b

SHA256
7e558a14ebf977f61db8b16f683bd203b7d3b69584646ac532eb880ed95a6f30

SHA512
521f563df2bcb873e3afbf67e21ade14bb630b586549b16e46e5a216d70840ce04be0a61aa1a1a2cd8c2aa91efd0718b1202df3a9bcb126dc24d7cdf0a15a208

Download Submit
/data/user/0/com.zhz022.d202/databases/RKStorage-journal
Filesize
8KB

MD5
899245af0fe85f3036175cf323239980

SHA1
6a475b12f06d27e88fc493143f8127201eaac7bc

SHA256
df7ab06807cfa130d37659bf3f6315c074e36cfb0c1940e4d22ee4c02576bc85

SHA512
3733228475c23750ff5d44b36edeaa1da2a5ed6d937b37cd2d47e6fdb1488e497513204703770877b3c2828ef730531315223aa5cdbcd54dcbb025b46632a70e

Download Submit
/data/user/0/com.zhz022.d202/databases/RKStorage-journal
Filesize
8KB

MD5
2edac960d878782bd6516ae59ef83853

SHA1
64daa6e30eb54789c30c5448092b036699bb56b8

SHA256
a96301a133bcbc61c0875fa78cc04cc83dd9b04c30bf9e4b0450bde03bab944b

SHA512
d2aa5ccd912a7cd023832cef59cc6cc7fb65b8a931a7bcfa038b995e5ff6df669fd659ad7c6b6f7b953ce7542d50a1823d0da68e5d7e055fe1be79de3725f408

Download Submit
/data/user/0/com.zhz022.d202/databases/RKStorage-journal
Filesize
12KB

MD5
27f9b31c9d0c1bba7b8c89cdd414e366

SHA1
eedb93162757f2283d8ad201adcd6294e506d708

SHA256
275d3cc3f29590102ce4bbafe5b734dc065f55ab3d292ea3550808ed0586f1bc

SHA512
e75ef1d660044b43f8dee77147cb6d49257dd15dca014e3126942afba92a0166fd3b999ab746c7c9ad0ce97ca482b76e8b9837fa4a4628f2b6871a9696aebf43

Download Submit
/data/user/0/com.zhz022.d202/databases/RKStorage-journal
Filesize
12KB

MD5
7dc6b6cc4bfbf637227a8d06e858741c

SHA1
726c40c00ef3345f96010097390868b668eb8d92

SHA256
af4a738b18254d803784352e210d802465b3c2301499e72c4390be80381e184a

SHA512
8e29ff3b7e140c19641fd20b1169169c4fca0f30f604f7576bc8dc449e39031396a5b270da9a61a347d8f3dc43b94b2b220db50312abd608fe399e13b2900efd

Download Submit
/data/user/0/com.zhz022.d202/databases/RKStorage-journal
Filesize
12KB

MD5
601b6bab1fccae94d53b723eeb2db58a

SHA1
aa6fa55fcaa3c1811a041cf9fffa98b558c008a3

SHA256
4bb41c682258f5e872f62644768a70b7ae1812229058907b560a7b3a327646d6

SHA512
08b5f6814b2cb5d63d97d32fb034b3b66731bdb244e27026dbfd60beb39ccbb46209c8119a67902b7f9b670eb1b185b675414707c665ebb4367ec0200b6f0765

Download Submit
/data/user/0/com.zhz022.d202/databases/bugly_db_
Filesize
52KB

MD5
fecc8f1d6f3509fa9e02a30ba89e2874

SHA1
ebe4f45f41435244be2de49f8509f39c00da3b53

SHA256
b3f2ba10a13437acb30f0507937b21e615d781c4a019838c0f6ec89f6f8a17ff

SHA512
31542963bdbf7521273fd16cacd3343e89125e3f3c5b4198a9487141f01938032c546f1c8e6ec62135f877b7254ab941cc2bcf133bcdc4d90ad902d3e5e6cb09

Download Submit
/data/user/0/com.zhz022.d202/databases/bugly_db_-journal
Filesize
512B

MD5
14482004238d2a32854cbec47ac29b40

SHA1
eb0fbcd10362dfd1c9466f32f4dc03792eba3aac

SHA256
eaa75958cabb4a7cc431ba9d62c516f048cb23262728be6151490e81ff40cd8f

SHA512
47fd819c36a99dbfaf3acb505fca55b970bdfc31a246f2b74ae18e4c797ebd9737af01e09dc4b9eaa33f8c14812c0212bf26fde821b979d2d45b1eda5e0426fc

Download Submit
/data/user/0/com.zhz022.d202/databases/bugly_db_-journal
Filesize
8KB

MD5
10d141e0437c41b9a51a408666d9a79b

SHA1
2e17c4d8bbf1b8c2beda18b172ff806bbdd909d0

SHA256
4fff28a5b89c6f131edec144d541f570a2b1f74dd131811b46b0bb4de9ef78ae

SHA512
18d1cda99015a5fc2f9348aa06a46798f4c5b93920bb588078a4f0692a10aefeeef844858ee3ed4bdbd93676c9a65e0121a092949dabec42fac8cd88fc8dfdb3

Download Submit
/data/user/0/com.zhz022.d202/databases/bugly_db_-journal
Filesize
8KB

MD5
35ac901ae333c3ff13849befa56cd503

SHA1
81d101a1554c7b0f7869445fde8a22b4bb871eea

SHA256
bd5dbe5f154cf447bd719d1f193f2faa4414b870a1105ced8a767c06e3c35bdd

SHA512
41243cb359c6a70d1d32a362f5dbb199bcbcfd93acaab7c3f4b368d47ae62223f4eb4c66dbe6d8f911332cc1ba7b7c0f39937a7897cd20846081afbc075e7f07

Download Submit
/data/user/0/com.zhz022.d202/databases/bugly_db_-journal
Filesize
8KB

MD5
21558987273f5802e4f7c345adf36b56

SHA1
efe897426a6278fa948acf7bd0e8ea86d35f7a9e

SHA256
852165fbce08fa1e443e46c2013c30c203b2ce0e4c110fd4cd658e6dba9bb036

SHA512
3fc3bfe3eaa7ea61e6dfd72a4dae853042788dd79c0c1ee85ddbedc5ec0e6699b5566cc6b4b129ceedaff0e5d3eab65c6b69a1e31eab9e7e9a0347233f7671c1

Download Submit
/data/user/0/com.zhz022.d202/databases/bugly_db_-journal
Filesize
8KB

MD5
9337a2bf900833f46f7af14e2a6e5d57

SHA1
a40a17c8f30e47d61eb489b59ccf25771d20191c

SHA256
dee166811e4ce85500e909690380b94081ab707fe347cdb8003e2b911b659b15

SHA512
f2bfda379028bdaa7f2b18a8cde1dad8bfa13643d97e5d65117dfda61562a6017b7066ced43f64d7177bad24cc3857a16174f53d9e9e05484221b56cc4e61ae9

Download Submit
/data/user/0/com.zhz022.d202/files/jpush_stat_history/active_user/nowrap/709a6447-3b20-4ca8-b2c5-2096c2989f88
Filesize
159B

MD5
8c6d2a280c74735cdeca6d0343b29f04

SHA1
0cae6f21f8562c2279f6553f4b3a0013024dbbd0

SHA256
e5c2b5d6755e8a106e02f78dee04dc860fbb09d8e4551c9975e3de53964e58b1

SHA512
00278fb8d5d46c949fb29039f3da11cc2fb3a21015699798ab85072b5b43c1622f2a4ab919a26d0305cf9c3ab76996db0cdf1ea0bd4d6bc2a36cf73938740fcf

Download Submit
/data/user/0/com.zhz022.d202/files/jpush_stat_history_pushcore/normal/nowrap/1939d106-e0dd-4a09-afe7-57fead75c702
Filesize
20KB

MD5
668add3d408bb8abea84a8f6c1e16f45

SHA1
bd8a06360c7673827a7bcd2f2e96b8f3cb08d079

SHA256
fcdb2599cf6bde2b40b1265a5c8d6ba9a4772d9492c555df539a0fb2f66d2229

SHA512
2a571ab9539709ed932ae240863a25bbc5f6b5e3f356941aa83b39a87237176f0815593a2c4974140d219a35bb5b3866c955bec619029322be82cbf23db82102

Download Submit
/data/user/0/com.zhz022.d202/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2Mzk3MDMxNjE5
Filesize
1KB

MD5
37b9810c6eebf2645734aa63eba678cc

SHA1
331b946f6c413fefa79ccfe6d5d14f51b87507fa

SHA256
56bf236f0833a37a695b277e9d3148cbfaa45443489346c49e25fa86f6c8a090

SHA512
aa9e66df71ac354ac939913e8537477c1da0509b68e3affcfe19c6679da7941a65f40b334548f11541b94edde01e97d672a5b8c0d7d3c04efe08dc72672cfc2e

Download Submit
/data/user/0/com.zhz022.d202/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2Mzk3MDYyMzI2
Filesize
1KB

MD5
04a7fa8bd22302965e65889caa4710e8

SHA1
f65a76de139d9cbc4b51a7d15a91f1a7ab6923d1

SHA256
07e6bbfbfbc64ab4a4558f68097f4781ffa30500e41e8fa53fec6f1b1c2b6d93

SHA512
2ee2648d4db1e5c874fb27aff620f4960cc1d3961d1cb37923cf7985210b4f714e751132ed4787c9eda6cae7dda2ee16f53c2a0ae878f958f452595023640ffe

Download Submit
/data/user/0/com.zhz022.d202/files/umeng_it.cache
Filesize
350B

MD5
59540ab564405bb7db389579ab750366

SHA1
67396978a84d6a8407f89f127e2bce04373503e1

SHA256
57037a0bd14d0b89b19ec8faac7fd2f0bdf07cd1b1ebbcbd76b27318ab9f174e

SHA512
1b6b426ad0b5f5da66188f88ffb982f5d760f10fcc19ee4b38b27d0b956670ce02fbde96af6fe376f7d14ad0a49eb3dacd25633edd3a4e3e9c7767cac4dd9fd0

Download Submit
/data/user/0/com.zhz022.d202/lib-main/dso_deps
Filesize
192B

MD5
a8ae846fd85cbf7e3f9f2465dc093b38

SHA1
385143d11ce63559d1324d38241a9342c0ba9cb4

SHA256
27675fa2264992a6d0420eb77b064ffa3ef8b80dfe5b3ae8929f41b0d4502b69

SHA512
7d74dfdd3a0bbae3912ed066adc0c31e995d5e6eca46262ab02dd13c3332374a5af4a001b48105eaade8e83dfda74816e0088623e2cc226710b5844afa8ef66c

Download Submit
/data/user/0/com.zhz022.d202/lib-main/dso_manifest
Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/user/0/com.zhz022.d202/lib-main/dso_state
Filesize
6B

MD5
9cf36d2c599b0e78b8bb05c3d2710ee3

SHA1
683961f7ca767c49517ea80b8c5052e6abe90b47

SHA256
e84224a6584ad88b2c5aaf3484a1f3927160ed07b91c2dcdd73f78a8cbf3145f

SHA512
8494b9ae34b3241a46965e6d5ba2ac5a4bb71762ef96fbd49685102fdbec5006dd271c4f81efaa01ebfb34d6877938e0d47278371d71ac4bdd7e97f1bf727cca

Download Submit
/data/user/0/com.zhz022.d202/lib-main/dso_state
Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/storage/emulated/0/JXCP/aff/com.zhz022.d202
Filesize
231B

MD5
11f6249b46e7f1ecd33000fcbad9ab88

SHA1
a13099b92eaa24d85945b34154efe16a8206a6cd

SHA256
2f2720e588680b9486fbab71388e701fdb10916cee2bed9e71a443a4072826ea

SHA512
4209ce937770b08e18219a5abdc524cb2d932e91975851f698d806ff2699dbf417a54f96b811ed6ebe2a7687e32d8bd2965c17d495d1ae87b00534382046a62a

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
512B

MD5
35d0664f77e7ec13636bae6be1947771

SHA1
553cb687f2dae533da6690b5896e84a63071c7a8

SHA256
d911f76e8cd8dfdc87f782538e17d6ab5c8de17f0793a41d8148dc85108efb27

SHA512
eb24086f0503f384cf1693dfc13409f3828623bd4dd73516b929ea1cb5adcaf609e672d08ead413ed7fa0467f07c099693ff16d5b28e4eb00989868c1793db95

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
c7a5d05ae9464d20dc0c17313050a400

SHA1
6af0300c8f567e497acdf3598662d3533c06af8a

SHA256
99b4a3e5a2da3ec2565449f83dca73dc95a275bee61ec92648fef19ef0fb3b27

SHA512
35836a0b2c965280329100f2b424154f9b2b8d0865d45d58839febf531f368a6336312c1da22f58efc43fc451b59d4cdb14d0b2353e4d2ffc70eb277630eccb0

Download Submit