Analysis
-
max time kernel
10s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
-
submitted
22-05-2024 19:24
General
-
Target
6858b30c001644b6451f2830f7e2f9f5_JaffaCakes118.apk
-
Size
12.9MB
-
MD5
6858b30c001644b6451f2830f7e2f9f5
-
SHA1
c77e18bb049d2e319d63774c31e70e917b394356
-
SHA256
cbb979fb5451144fecbbe6e6e503ff58d9dc5f5b476e3145debd41bc675b3052
-
SHA512
52079fa3efc6329e1954646c36ba108fcfce91df74fd1adab7dd21e84555d0d8ec7bfbda9dc579fd2750ced7804973ee151116d0bbc5dc81ea10c4e5a0a180d2
-
SSDEEP
393216:d5oYjs/Y5O4+wgkFgyRRDfiH0k9sIjGUCp9x5g:pj/5/gAR96Uk9xIvy
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.zycf.chege1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.zycf.chege/mix.dexFilesize
292B
MD563f77f99bd2c2b772a479923bde11974
SHA1c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA2564c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA5123aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c
-
/data/user/0/com.zycf.chege/app_bugly/rqd_record.eupFilesize
350B
MD58069227a2afb3cfc303f285c4950f8c4
SHA157ce32016e896890557df30ffa553d028c0eabd8
SHA256d8e5f4e8fc68d9f6979fb8fa01d5da79efb2652f5417671ac1a46586b4686024
SHA512ae8a6e22f8445bc7bf578d427a6b90a0edc35453b5a4da53965c46f2d44ad8d3762a94839fc8b1dcf94f8f417b04d4233909642fd16ba0df4501b6a87b8a52c4
-
/data/user/0/com.zycf.chege/app_bugly/rqd_record.eupFilesize
1KB
MD5fec0c9fc2cda1a3e1178a01faeeaf5da
SHA11ab793b1e71cea0dbbc41d09dfc989a8cb7a3c00
SHA2561dd4db25317b5e7d44543dde48d8e9f66c8425d5d4e38efa18d270b0db55d2df
SHA512e4195fa4b4ef996a66f4146ba1fe3b61b8f9c844b9f9a19615c814e6a505fe25ea62e1ee49bb6e16df6ae0e907b29b235d7fcf3ed3a438bbf4339d43ddf9d442
-
/data/user/0/com.zycf.chege/app_bugly/tomb_1716405882698.txtFilesize
23KB
MD5d1b598e5b9785f4f16b8ff148460a77b
SHA1b0678dc368685075e645e2c40ec0fe5a590ec038
SHA256424859ff2d66c62313eb47f4b0fda9dc715fa3703ffccfe15a75b62c0f25423b
SHA5128480eada3aba3ea4ed705e87300b750db11df985dce4c74d513def94d06d08500bb051d008e3d7cc811e988b0a850f53813516419d85a523cf2b4e42b8cc4e95
-
/data/user/0/com.zycf.chege/cache/tomb.zipFilesize
4KB
MD590dbe47568f408ad0aa5c8e63c15b19b
SHA1322afb07b1ff227122a603dbae469dff7b0e9580
SHA256fdd8923e809f61d6dd3ef61592ee6ade72b34a785482972afb22ff505fd2d1c5
SHA512254367dd42c9cd85d0efaf78ca05994dfb515e72ed6599eea61674e0d4e535da2085d95c74ea908c5957ab245d757f797d56ea56db57d6aef87054fc43103b69
-
/data/user/0/com.zycf.chege/databases/bugly_db_leguFilesize
140KB
MD54abae1f9d337fdb1670421e61140c8b2
SHA1c69a25425369ad8a961740c975acebda608881bf
SHA25689b606faed211d16e9915d2b7c1af8d14b92e43854f342a1642139d0eaff29b7
SHA512f6efb4af8dc11d0c38ae40f5b9221e01ee91b103a5bbf3f20e398fb74a36234a566b15de1d1769d93fb953fb13003f2ae67816b982b1e2ba246ca39cc8d97535
-
/data/user/0/com.zycf.chege/databases/bugly_db_legu-journalFilesize
512B
MD589725b65a5d3d2a2923595e864c080fd
SHA1073d31c2955d9c12dccbe89c2e920a20c572c895
SHA256e901c32e36f5ca64e177fb9bfa3742a75115b4f0f0d188054ff600cb2d561b92
SHA512d295633e8903df6d4f885bfa925829c8154d24db8c331fd99b24f947e15a131f99472081647383c2f66da8f8df415abcbf3a7d98316db1be2beca3b7528bbe5a
-
/data/user/0/com.zycf.chege/databases/bugly_db_legu-journalFilesize
8KB
MD580ed944680f4bd7592ebbc33aceec7bd
SHA14a22ec1e5044277701964959d1f261e1267d550c
SHA256d2467fa12b4b1b0451d50f5032cd0435eae020774241947c4f54bc143cf0eba8
SHA512c70f52ac782d406772581dc72fe06074fb5450025dc32fca083905e1e2e18d5e219b1f4859e350b97c3bc6846684c482f1e4b3bbd6c029522f76643a7e219e02
-
/data/user/0/com.zycf.chege/databases/bugly_db_legu-journalFilesize
8KB
MD51390792e13f6c26a9daa3ea82a81ea94
SHA185e2c7a2dba251bddcb9f7f213c53d83ae928524
SHA256a515f2d12905b2fd690af3453ca4363b6b405ae1ab70d5b6438ff4609d85405a
SHA512c45fb8325381fbb63597c55168279af85aeda4be2ea280ace33d33fdbadc27f466c3b1fabc15169a22972b63af3f993749105960399f7ebd33eb26b0347d209a
-
/data/user/0/com.zycf.chege/databases/bugly_db_legu-journalFilesize
8KB
MD54c4a1b964465c94ab8b2de26d458f709
SHA1c708ecde74e194490391c2dd9aaca291a40f3e0d
SHA256778d3a9666cb8e11a2c4dd71d15daedf9c93f363b750180cc77443b4e3be7bcd
SHA51254c26e903de7ca0ce911766338b8f86c73a438110d3ea2b45cd247640394805fdac9d6d7fa738a2e67bc562b739ab34e28b85f836d7da478691d296c82ce02b3
-
/data/user/0/com.zycf.chege/databases/bugly_db_legu-journalFilesize
12KB
MD5beacc5ac9c901d94d178065a06b4c23a
SHA1021b1d3d3ea0ae27cbee536f2f9ec50c11001d73
SHA25651ab2df0ec224d3dbe64d702871476231a8b9be18c60a4aa17ca388b8cfa0b94
SHA512e6f47276ca68fb937193d4f65b60999e6c355db519f6938d6744d9f976bbb399a11d275118c16facad802f8512664b7f06d5410c8d019bf5076e76b0514d57b0
-
/data/user/0/com.zycf.chege/databases/bugly_db_legu-journalFilesize
12KB
MD517fd34c601ee34a074efd88d3ff329ab
SHA14229cd0b62f0fa96237fc5651d573d4f94d22957
SHA2565cb0838bac26b77a4a173255bc37c2a8b6f749eb85d291bf7b1fa88696eb3a93
SHA512423feb0483e0f19c6b4f3305d81455254a68416eea27b01a8fbb4a833295368d5b29c6d62e8245fd08aaf5213734c565d980d6a665eb499539bfb5d7845d38f0