Overview

overview

8

Static

static

6

68153348e9...18.apk

android-9-x86

8

68153348e9...18.apk

android-11-x64

8

plugin-deploy.apk

android-9-x86

plugin-deploy.apk

android-10-x64

plugin-deploy.apk

android-11-x64

Analysis

  • max time kernel
    179s
  • max time network
    190s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    22-05-2024 17:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68153348e95a2fc5fa214ba287ba4678_JaffaCakes118.apk

  • Size

    15.6MB

  • MD5

    68153348e95a2fc5fa214ba287ba4678

  • SHA1

    9b7e0d5d87ad1e7df429a665091c8ee5d4f56405

  • SHA256

    3a1feb3a45aa2775c57d682586522c0e778d3b0a468dcc8f212ffa69b9541ca1

  • SHA512

    e4ebcb3e0671dce4db16ea52fc2af8c595672f71ec5527e4b6951211eb8633e9010d0f4000681c38a75a320fae8d2de98747fe3c6b74c9f5189c27c036b7f8df

  • SSDEEP

    393216:w5pnLjMlfGlqX3x2X7v0JJ8CWisF3/NLLBIl:upLtlqHxIvoKCLkC

Score
8/10
bankercollectioncredential_accessdiscoveryevasionimpact

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 2 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks known Qemu files. 1 TTPs 3 IoCs

    Checks for known Qemu files that exist on Android virtual device images.

    evasion
  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Checks memory information 2 TTPs 2 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 2 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries information about running processes on the device 1 TTPs 5 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 3 IoCs
  • Checks if the internet connection is available 1 TTPs 4 IoCs
    discovery
  • Reads device software version 1 TTPs 1 IoCs

    Uses Android APIs to read software version number for the device (IMEI/SV for GSM devices).

    discovery
  • Checks the presence of a debugger
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 5 IoCs
    impact

Processes

  • com.cutt.zhiyue.android.app1138007
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Checks known Qemu files.
    • Checks known Qemu pipes.
    • Checks memory information
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Queries the mobile country code (MCC)
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Reads device software version
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4630
  • com.cutt.zhiyue.android.app1138007:ipc
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4785
  • io.rong.push
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4816
  • com.cutt.zhiyue.android.app1138007:pushservice
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4886
  • com.cutt.zhiyue.android.app1138007:bdservice
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4966

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar
    Filesize

    213KB

    MD5

    d2ab42b895bd3b08d7c6be22cbbf242a

    SHA1

    b6aeebccb1f8bceea3535b9ea5c60d33ce4a0a3f

    SHA256

    0b6877aef9c1f5a425fdd7ddb02bc124e1c43b04b8ed73c493ab543422b63cfa

    SHA512

    cc5c4f453c525f4aaff401216c1e93e46417472549f2b037e0c1653e9ba7d95fafde3bfe2988e11bcc2e00bfb2cc63bc496f643822cf613a64827f3ec23da6fd

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.jar
    Filesize

    530KB

    MD5

    bdfa71feb08b80b649fddcd7488b03b4

    SHA1

    bcacf11199fd2c353034a7271b5dbfe2dd4cbddb

    SHA256

    f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d

    SHA512

    37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/app_push_lib/plugin-deploy.key
    Filesize

    512B

    MD5

    ee09ed8d053332d8d375ecfff2a2ad36

    SHA1

    cc8afab869154ce5edee6c3d9251fcdbf46af791

    SHA256

    72a01141b01038ee5532ca4a3a715b29cef1b2d037bbf0df7c8bea13ffc995f0

    SHA512

    5d9429e30ebeec549dde9fc6c2f1db0b995bbf3668543ca6943beedbce99e964dede79cca4557b0f41a14952f989c66d41ebd40923e4f6f31c4aa3b5b766db33

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/cache/uil-images/journal.tmp
    Filesize

    8KB

    MD5

    2d5244b3aa27cbc1342cb1bccb059136

    SHA1

    47cf4db48432a6c4f0d88c8fdc5908094d503119

    SHA256

    62fcbadac7e70cb9d656221530f3424ac45ea5ed4feda16b8d0485ce30020c4d

    SHA512

    28e5d0e436588bf81b08e99dbc1dfd4e7efaa78aabb94c4598a5e013090a879ac2d4dda76f4a82ed13d81a85df8798701a01120a9eeb02483853615012831089

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/databases/rong_version.db-journal
    Filesize

    8KB

    MD5

    40548bee328d0b1a724ca77004142828

    SHA1

    e7af706fca2282083423c134735e241fba21b4bf

    SHA256

    f28ca9db4e9594f27d27d1c31e8a9f86e3f3324b42404dee5b7f4756bd58e791

    SHA512

    4e9e0d715dc0d9d50f8bb6b717eb88b413bf0bd511158aa7610557be9f5727414f999ca6167c6e9a60057a38bf1b21267282247d252cb6f8ada8a977f09bad9e

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/databases/rong_version.db-journal
    Filesize

    20KB

    MD5

    059bdca57d200fd341827dca01e21354

    SHA1

    11b7c14b9e37aa53acf863372b8c35adf7bf9b2d

    SHA256

    5443a35d0c34de925d3dd16c848746392a525d38bff3fdec2a8ca9a0dcf42be6

    SHA512

    ccf66402adf0add095001c4e62267d3419c5186180cc11ac5e192891cbfbd238d275e15712384ee910dc207133428181883d6e2043197904eff5826149a2ccc1

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/databases/zhiYue.db
    Filesize

    20KB

    MD5

    d00bed7cff1ec028875264a61c680b10

    SHA1

    aa8b50578b1cc78eb77b4a32323c426e923f936e

    SHA256

    6b22dc0cf6ba59c164442face72013124f63ca7110ead3d53790e2057bd066ae

    SHA512

    b58bcd1ee5fbd09d6a726dfef5ea49006e8e20a345ba01c5bd410d10341b925a5d19efbf2cf7545f09c3d9bc95f380938fc9c3f7d7ca664242dd3cd7b521c443

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/databases/zhiYue.db-journal
    Filesize

    12KB

    MD5

    a5f5908ead51d85c382b33c09174f65b

    SHA1

    2c8e051f3630b8ee504fc30a6097796bee967bc5

    SHA256

    f8396f46183d2178c92af8d1e00e26fa40af9344f1fe552089c72041cc95215c

    SHA512

    b51163e8fa7edb00cbc035d2bad28d36254d7e4e2c77070ad16b45fa2948b88b576466e881bb807c73e72a7409da44c19a52699a63f62ae8703f141e188fd862

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/databases/zhiYue.db-journal
    Filesize

    8KB

    MD5

    27e3e5cfdefda305eb11d80d5319bdf2

    SHA1

    e036e10b975dbbd95a80c054aca1a26da947a894

    SHA256

    36055e618d0c0b32c714fa96c2b06a9ab955616c12a7d4f43bfebe00b1297ae0

    SHA512

    08183af158f03cc3cf35cf2f5f37c556e0d7c7fb7b43e6915494a292b893918b97624f6eb9ba8ea4952d91d723e48ee409e1e6d01e9345520868aa9dcbda794d

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/databases/zhiYue.db-journal
    Filesize

    8KB

    MD5

    f16af00b6de74138f235c9d0a2fbe6f7

    SHA1

    8eb71435a04ba7e2f6c85c278b84354d474f3b19

    SHA256

    585a2e7bb8efaed0bd13f322ec06da8d68b754b2311d5590aca9d234d4fde842

    SHA512

    52102b84d435c1d7eaf22090702afb716abeea9576a4deb6a32dccb3797e5dc65943b5ae79f0db04e290a582a9ecfd23aaa9f72144e8ccf409e70a96fada9b3b

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/files/mobclick_agent_cached_com.cutt.zhiyue.android.app1138007
    Filesize

    123B

    MD5

    5bb71f068d3594146800e4720287f555

    SHA1

    781591665dc6fc65bf09a6e1098594e576c3a8d1

    SHA256

    04d8a61bf0236d414bc720e21208c527a834f28fa3957d593715457e6a0815e4

    SHA512

    1e577e1c33d10bbf11b35cd912eb3865cedf53760b13e3153f89026ef823014b6917dd5b17a6e4ec762bf91db41e84df3af2f09bcb9f4750bb480b64fcfeda3c

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/config.json
    Filesize

    44B

    MD5

    df9afc7879f00c8a3c5b0ec6d09fc8e4

    SHA1

    d4c4ea174d3cdd56cebcb959a6d4f0fd933ac6fd

    SHA256

    bcdc1dc3c64ea91ba575597eb7e9da682d7cef57a22a67f7ff33543839b20442

    SHA512

    0c1948cc79028a5db4e5f483866eb48b7b4d5782c370548808c148fbb0fc65792b4f402c332f98a558c6e79f2b26bcd709763167cc8f451a114ae4ea386c24f6

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/constant.js
    Filesize

    4KB

    MD5

    b692fc6edd0ec1d62a221ce68f9dbbc7

    SHA1

    bcaeb888705d788c73b12b78152b6c20ae9c2e7a

    SHA256

    4b19ebb45e9f843caf02e3ab4c16df37e5556f963e1afbff60faaee777a288a8

    SHA512

    430c439e519b2817b74f3d44af1cd3a0e8ea0a9647522bf2db5346de7322d0e47a769a2766d641fef833582998c75c3a21c889782ca8003e09e38089c21f9e9e

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/platform.js
    Filesize

    20KB

    MD5

    fc8026593aca6fba4bfb07f20c76fcca

    SHA1

    3fcb2335819ebe6441d08e4cdbb96225fe2ca79d

    SHA256

    b63f03fdbc0728313716aaf6064ea98d7aa174f1e9d583269a43806cacd92f75

    SHA512

    a35f63dfcdd097b97123b1e05240c4de3542caec438c30a349cfd57f77662e8ca862bf1986d3f0b9bed601de86df9cf260d2a274a0543d8cc81b1685dd99ba89

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/tencent.html
    Filesize

    4KB

    MD5

    5a117771f6fea5346cfdc85529ab6dfa

    SHA1

    a391daf7bd0fd2b0f440e409dd040fe002bc25b3

    SHA256

    162e5ec1c53a0ab52fd2258b87ab5990eb31075c56cf181da2fc1c50ff34ab53

    SHA512

    7335b0c4f512570c7b9814593f9bc1d6ac9f94f9354d450bcff9e0e11b98e20b7485a37e4b003f725215b3981ab9572c58cbcb6d3eb888a19408e02ad7804547

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/tencent.js
    Filesize

    37KB

    MD5

    02f13a2cbbef94e80f50bce62efffdae

    SHA1

    212cdbe575dbd9fe40b7830f60ae14eab85e3d22

    SHA256

    5eef28625d10f5b962d175334cbdaf1a3430820c34c1ee14fd07f0f2527601da

    SHA512

    0698975154ce5d728aa5e9e1018c4391ab88467ae8a141c6bd9d5e8bc4e9d66c62c2f0b0d8966c423e2c13d82064e7893d5baaa2e943e3df48a094bacdb98828

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/utils.js
    Filesize

    3KB

    MD5

    58a26503d705cb5ccde97f2791439e07

    SHA1

    f3d564fd7512b78d5b1d981863139a5254632d84

    SHA256

    1d3418e3709678997252c5db7d7806af8a6b9c8122d17f12cc977e2f8dc31f11

    SHA512

    5434286101aad9ff1c54cbf97270e6c2a78863d025c2bb5086f5d3e31476fbc6cb14ee16d36229ef58dd993e46a74ac45232556f94a445b98e6e227f4e5f9ea2

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/verify.json
    Filesize

    289B

    MD5

    f173ddabd541bf23579f2ab677b69f99

    SHA1

    a1c6096a12d9e121f7e49ec16f9c0aff9c6ce4ea

    SHA256

    e085c105984c6c0f8c706e8d6fe4deb0ece151865992ec4dbdf2b8314c67aa43

    SHA512

    2b453d86ab597e2c59fbf3dd7311e7b6fbaa18531c2aad800e3bd769b4b2bf4036ecc11468343ba762be7a554dfe422b83ca5a08113ce3db9e9f64c0f6b4637a

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/js/verify.signature
    Filesize

    128B

    MD5

    08ec5e7b54359b4efc65113940c67189

    SHA1

    7ccd5ba836f59480bcd3dc3e42d5dc369714f0da

    SHA256

    e7e3d26c0714e5fca4389cc4ced543f84440a5d39433d5a4ce67be9d52d48c88

    SHA512

    9edafe00f971315445adc2895525e7eb65ede649861182eed3e252169b5c3ddb20f121a8aad45c2c0ab4ea96d20a22ce827745153fefbc1b83e27948b2faf2a6

    Download Submit
  • /data/user/0/com.cutt.zhiyue.android.app1138007/files/tencent/temp/js.zip
    Filesize

    17KB

    MD5

    55aab6e3ebed1c89cf76e400353dfab2

    SHA1

    425598bf796d3226d2a1a7f5ad262ff88b829137

    SHA256

    8f490873dca4e47233bb7309ffe3d429cd352de4a118afa5cfd197f49e4978bd

    SHA512

    517d707d5df228d378a06fa93fc79dcdaaa5eea7800f7ce4c36350cb64196c621d13828ad6d95c0061adec832bfc2bf9f17e376e1581dfceb0f6784836927be0

    Download Submit
  • /storage/emulated/0/Android/data/com.cutt.zhiyue.android.app1138007/cache/kit/journal.tmp (deleted)
    Filesize

    31B

    MD5

    8c8bcb7d36cb5a71729c00c4e7f2d330

    SHA1

    a352667c61dc45f43cae74a7102fa692fba98d3e

    SHA256

    fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150

    SHA512

    4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62

    Download Submit
  • /storage/emulated/0/Tencent/OpenSDK/Logs/com.cutt.zhiyue.android.app1138007/2024-05-22/1.app.log
    Filesize

    141B

    MD5

    87ab627a8bb8c63e6945cdf1bddb3469

    SHA1

    6550b4dec7738da8efb3856dc66d52b3e7b453c9

    SHA256

    2903f64091fe9a644802ae9bc059b4b7548408e4cff7fd6fdf29aace20b34c68

    SHA512

    8f7b557b1ac6a220da3b5535da8bc9659207c9f364a577ce7d4c4f43837dd0eed7eede8dece038cd756dae841748f97a732f772e89d71414ddc6f22e146ee5fc

    Download Submit