7681a478c165ca99cabca396ab12f8a4e0ca9f3d20fda09e1f3504077c0ea127

Analysis

max time kernel
176s
max time network
188s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22/05/2024, 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67f3acc2d260b47f122232069880a570_JaffaCakes118.apk
Size

16.0MB
MD5

67f3acc2d260b47f122232069880a570
SHA1

81a1e03be6823ddfbd20ed3fb389c182d3ca86b6
SHA256

7681a478c165ca99cabca396ab12f8a4e0ca9f3d20fda09e1f3504077c0ea127
SHA512

d261ef4209ae308e64883e71bc41c5cc55773834773411a94dc68ab9ec8659f2bf12f9f7e818088a4edbb3c26986737b8b403e8212f6ccb00c35125e02a62555
SSDEEP

393216:dwWB2GX6ii4/0PLPSX1VQRdr+vvniGI8WQRh4N66:dzBRX6s0LPSXTMDg74V

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 6 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.zhz022.d202
/system/app/Superuser.apk	com.zhz022.d202
/sbin/su	com.zhz022.d202
/data/local/xbin/su	com.zhz022.d202
/data/local/bin/su	com.zhz022.d202
/data/local/su	com.zhz022.d202

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.zhz022.d202

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.zhz022.d202

Checks known Qemu files. 1 TTPs 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/system/bin/qemu-props	com.zhz022.d202
/system/lib/libc_malloc_debug_qemu.so	com.zhz022.d202
/sys/qemu_trace	com.zhz022.d202

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.zhz022.d202
/dev/qemu_pipe	com.zhz022.d202

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.zhz022.d202

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhz022.d202
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhz022.d202:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zhz022.d202

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhz022.d202:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhz022.d202

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.zhz022.d202

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zhz022.d202
Framework API call	javax.crypto.Cipher.doFinal	com.zhz022.d202:pushcore

com.zhz022.d202
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4496

com.zhz022.d202:pushcore
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4535

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zhz022.d202/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.zhz022.d202/app_crashrecord/1004

Filesize
8KB

MD5
5bfd863d330484eac13c4e0028117b17

SHA1
fee3062f6dc564cda6f49090789646a3da9caddb

SHA256
85b8b5de8b67f2b110c76ff6adc6c2aa802c578c1c13c992f230b73fd228b24c

SHA512
5bbee17b4e574b43cb03abc571da846ab453ae6f5f652e139faa6ae22f85c4fb08afdb6026481aa167a7e9dc38ed7d1ed875eeb813ab8ddd17721716d212189a

Download Submit
/data/user/0/com.zhz022.d202/app_crashrecord/1004

Filesize
58B

MD5
eb3961bd6a5a2583deea7acb5bbf60ab

SHA1
0af2a93dbba28642523ee6a44935c362ec4e354b

SHA256
7e558a14ebf977f61db8b16f683bd203b7d3b69584646ac532eb880ed95a6f30

SHA512
521f563df2bcb873e3afbf67e21ade14bb630b586549b16e46e5a216d70840ce04be0a61aa1a1a2cd8c2aa91efd0718b1202df3a9bcb126dc24d7cdf0a15a208

Download Submit
/data/user/0/com.zhz022.d202/databases/RKStorage-journal

Filesize
8KB

MD5
899245af0fe85f3036175cf323239980

SHA1
6a475b12f06d27e88fc493143f8127201eaac7bc

SHA256
df7ab06807cfa130d37659bf3f6315c074e36cfb0c1940e4d22ee4c02576bc85

SHA512
3733228475c23750ff5d44b36edeaa1da2a5ed6d937b37cd2d47e6fdb1488e497513204703770877b3c2828ef730531315223aa5cdbcd54dcbb025b46632a70e

Download Submit
/data/user/0/com.zhz022.d202/databases/RKStorage-journal

Filesize
8KB

MD5
2edac960d878782bd6516ae59ef83853

SHA1
64daa6e30eb54789c30c5448092b036699bb56b8

SHA256
a96301a133bcbc61c0875fa78cc04cc83dd9b04c30bf9e4b0450bde03bab944b

SHA512
d2aa5ccd912a7cd023832cef59cc6cc7fb65b8a931a7bcfa038b995e5ff6df669fd659ad7c6b6f7b953ce7542d50a1823d0da68e5d7e055fe1be79de3725f408

Download Submit
/data/user/0/com.zhz022.d202/databases/RKStorage-journal

Filesize
12KB

MD5
27f9b31c9d0c1bba7b8c89cdd414e366

SHA1
eedb93162757f2283d8ad201adcd6294e506d708

SHA256
275d3cc3f29590102ce4bbafe5b734dc065f55ab3d292ea3550808ed0586f1bc

SHA512
e75ef1d660044b43f8dee77147cb6d49257dd15dca014e3126942afba92a0166fd3b999ab746c7c9ad0ce97ca482b76e8b9837fa4a4628f2b6871a9696aebf43

Download Submit
/data/user/0/com.zhz022.d202/databases/RKStorage-journal

Filesize
12KB

MD5
7dc6b6cc4bfbf637227a8d06e858741c

SHA1
726c40c00ef3345f96010097390868b668eb8d92

SHA256
af4a738b18254d803784352e210d802465b3c2301499e72c4390be80381e184a

SHA512
8e29ff3b7e140c19641fd20b1169169c4fca0f30f604f7576bc8dc449e39031396a5b270da9a61a347d8f3dc43b94b2b220db50312abd608fe399e13b2900efd

Download Submit
/data/user/0/com.zhz022.d202/databases/RKStorage-journal

Filesize
12KB

MD5
601b6bab1fccae94d53b723eeb2db58a

SHA1
aa6fa55fcaa3c1811a041cf9fffa98b558c008a3

SHA256
4bb41c682258f5e872f62644768a70b7ae1812229058907b560a7b3a327646d6

SHA512
08b5f6814b2cb5d63d97d32fb034b3b66731bdb244e27026dbfd60beb39ccbb46209c8119a67902b7f9b670eb1b185b675414707c665ebb4367ec0200b6f0765

Download Submit
/data/user/0/com.zhz022.d202/databases/bugly_db_

Filesize
52KB

MD5
fecc8f1d6f3509fa9e02a30ba89e2874

SHA1
ebe4f45f41435244be2de49f8509f39c00da3b53

SHA256
b3f2ba10a13437acb30f0507937b21e615d781c4a019838c0f6ec89f6f8a17ff

SHA512
31542963bdbf7521273fd16cacd3343e89125e3f3c5b4198a9487141f01938032c546f1c8e6ec62135f877b7254ab941cc2bcf133bcdc4d90ad902d3e5e6cb09

Download Submit
/data/user/0/com.zhz022.d202/databases/bugly_db_-journal

Filesize
512B

MD5
14482004238d2a32854cbec47ac29b40

SHA1
eb0fbcd10362dfd1c9466f32f4dc03792eba3aac

SHA256
eaa75958cabb4a7cc431ba9d62c516f048cb23262728be6151490e81ff40cd8f

SHA512
47fd819c36a99dbfaf3acb505fca55b970bdfc31a246f2b74ae18e4c797ebd9737af01e09dc4b9eaa33f8c14812c0212bf26fde821b979d2d45b1eda5e0426fc

Download Submit
/data/user/0/com.zhz022.d202/databases/bugly_db_-journal

Filesize
8KB

MD5
10d141e0437c41b9a51a408666d9a79b

SHA1
2e17c4d8bbf1b8c2beda18b172ff806bbdd909d0

SHA256
4fff28a5b89c6f131edec144d541f570a2b1f74dd131811b46b0bb4de9ef78ae

SHA512
18d1cda99015a5fc2f9348aa06a46798f4c5b93920bb588078a4f0692a10aefeeef844858ee3ed4bdbd93676c9a65e0121a092949dabec42fac8cd88fc8dfdb3

Download Submit
/data/user/0/com.zhz022.d202/databases/bugly_db_-journal

Filesize
8KB

MD5
35ac901ae333c3ff13849befa56cd503

SHA1
81d101a1554c7b0f7869445fde8a22b4bb871eea

SHA256
bd5dbe5f154cf447bd719d1f193f2faa4414b870a1105ced8a767c06e3c35bdd

SHA512
41243cb359c6a70d1d32a362f5dbb199bcbcfd93acaab7c3f4b368d47ae62223f4eb4c66dbe6d8f911332cc1ba7b7c0f39937a7897cd20846081afbc075e7f07

Download Submit
/data/user/0/com.zhz022.d202/databases/bugly_db_-journal

Filesize
8KB

MD5
21558987273f5802e4f7c345adf36b56

SHA1
efe897426a6278fa948acf7bd0e8ea86d35f7a9e

SHA256
852165fbce08fa1e443e46c2013c30c203b2ce0e4c110fd4cd658e6dba9bb036

SHA512
3fc3bfe3eaa7ea61e6dfd72a4dae853042788dd79c0c1ee85ddbedc5ec0e6699b5566cc6b4b129ceedaff0e5d3eab65c6b69a1e31eab9e7e9a0347233f7671c1

Download Submit
/data/user/0/com.zhz022.d202/databases/bugly_db_-journal

Filesize
8KB

MD5
9337a2bf900833f46f7af14e2a6e5d57

SHA1
a40a17c8f30e47d61eb489b59ccf25771d20191c

SHA256
dee166811e4ce85500e909690380b94081ab707fe347cdb8003e2b911b659b15

SHA512
f2bfda379028bdaa7f2b18a8cde1dad8bfa13643d97e5d65117dfda61562a6017b7066ced43f64d7177bad24cc3857a16174f53d9e9e05484221b56cc4e61ae9

Download Submit
/data/user/0/com.zhz022.d202/files/jpush_stat_history/active_user/nowrap/709a6447-3b20-4ca8-b2c5-2096c2989f88

Filesize
159B

MD5
8c6d2a280c74735cdeca6d0343b29f04

SHA1
0cae6f21f8562c2279f6553f4b3a0013024dbbd0

SHA256
e5c2b5d6755e8a106e02f78dee04dc860fbb09d8e4551c9975e3de53964e58b1

SHA512
00278fb8d5d46c949fb29039f3da11cc2fb3a21015699798ab85072b5b43c1622f2a4ab919a26d0305cf9c3ab76996db0cdf1ea0bd4d6bc2a36cf73938740fcf

Download Submit
/data/user/0/com.zhz022.d202/files/jpush_stat_history_pushcore/normal/nowrap/1939d106-e0dd-4a09-afe7-57fead75c702

Filesize
20KB

MD5
668add3d408bb8abea84a8f6c1e16f45

SHA1
bd8a06360c7673827a7bcd2f2e96b8f3cb08d079

SHA256
fcdb2599cf6bde2b40b1265a5c8d6ba9a4772d9492c555df539a0fb2f66d2229

SHA512
2a571ab9539709ed932ae240863a25bbc5f6b5e3f356941aa83b39a87237176f0815593a2c4974140d219a35bb5b3866c955bec619029322be82cbf23db82102

Download Submit
/data/user/0/com.zhz022.d202/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2Mzk3MDMxNjE5

Filesize
1KB

MD5
37b9810c6eebf2645734aa63eba678cc

SHA1
331b946f6c413fefa79ccfe6d5d14f51b87507fa

SHA256
56bf236f0833a37a695b277e9d3148cbfaa45443489346c49e25fa86f6c8a090

SHA512
aa9e66df71ac354ac939913e8537477c1da0509b68e3affcfe19c6679da7941a65f40b334548f11541b94edde01e97d672a5b8c0d7d3c04efe08dc72672cfc2e

Download Submit
/data/user/0/com.zhz022.d202/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2Mzk3MDYyMzI2

Filesize
1KB

MD5
04a7fa8bd22302965e65889caa4710e8

SHA1
f65a76de139d9cbc4b51a7d15a91f1a7ab6923d1

SHA256
07e6bbfbfbc64ab4a4558f68097f4781ffa30500e41e8fa53fec6f1b1c2b6d93

SHA512
2ee2648d4db1e5c874fb27aff620f4960cc1d3961d1cb37923cf7985210b4f714e751132ed4787c9eda6cae7dda2ee16f53c2a0ae878f958f452595023640ffe

Download Submit
/data/user/0/com.zhz022.d202/files/umeng_it.cache

Filesize
350B

MD5
59540ab564405bb7db389579ab750366

SHA1
67396978a84d6a8407f89f127e2bce04373503e1

SHA256
57037a0bd14d0b89b19ec8faac7fd2f0bdf07cd1b1ebbcbd76b27318ab9f174e

SHA512
1b6b426ad0b5f5da66188f88ffb982f5d760f10fcc19ee4b38b27d0b956670ce02fbde96af6fe376f7d14ad0a49eb3dacd25633edd3a4e3e9c7767cac4dd9fd0

Download Submit
/data/user/0/com.zhz022.d202/lib-main/dso_deps

Filesize
192B

MD5
a8ae846fd85cbf7e3f9f2465dc093b38

SHA1
385143d11ce63559d1324d38241a9342c0ba9cb4

SHA256
27675fa2264992a6d0420eb77b064ffa3ef8b80dfe5b3ae8929f41b0d4502b69

SHA512
7d74dfdd3a0bbae3912ed066adc0c31e995d5e6eca46262ab02dd13c3332374a5af4a001b48105eaade8e83dfda74816e0088623e2cc226710b5844afa8ef66c

Download Submit
/data/user/0/com.zhz022.d202/lib-main/dso_manifest

Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/user/0/com.zhz022.d202/lib-main/dso_state

Filesize
6B

MD5
9cf36d2c599b0e78b8bb05c3d2710ee3

SHA1
683961f7ca767c49517ea80b8c5052e6abe90b47

SHA256
e84224a6584ad88b2c5aaf3484a1f3927160ed07b91c2dcdd73f78a8cbf3145f

SHA512
8494b9ae34b3241a46965e6d5ba2ac5a4bb71762ef96fbd49685102fdbec5006dd271c4f81efaa01ebfb34d6877938e0d47278371d71ac4bdd7e97f1bf727cca

Download Submit
/data/user/0/com.zhz022.d202/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/storage/emulated/0/JXCP/aff/com.zhz022.d202

Filesize
231B

MD5
11f6249b46e7f1ecd33000fcbad9ab88

SHA1
a13099b92eaa24d85945b34154efe16a8206a6cd

SHA256
2f2720e588680b9486fbab71388e701fdb10916cee2bed9e71a443a4072826ea

SHA512
4209ce937770b08e18219a5abdc524cb2d932e91975851f698d806ff2699dbf417a54f96b811ed6ebe2a7687e32d8bd2965c17d495d1ae87b00534382046a62a

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
512B

MD5
35d0664f77e7ec13636bae6be1947771

SHA1
553cb687f2dae533da6690b5896e84a63071c7a8

SHA256
d911f76e8cd8dfdc87f782538e17d6ab5c8de17f0793a41d8148dc85108efb27

SHA512
eb24086f0503f384cf1693dfc13409f3828623bd4dd73516b929ea1cb5adcaf609e672d08ead413ed7fa0467f07c099693ff16d5b28e4eb00989868c1793db95

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
c7a5d05ae9464d20dc0c17313050a400

SHA1
6af0300c8f567e497acdf3598662d3533c06af8a

SHA256
99b4a3e5a2da3ec2565449f83dca73dc95a275bee61ec92648fef19ef0fb3b27

SHA512
35836a0b2c965280329100f2b424154f9b2b8d0865d45d58839febf531f368a6336312c1da22f58efc43fc451b59d4cdb14d0b2353e4d2ffc70eb277630eccb0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads