084e4fe454b83425feaea2a1b067c0eabf27c7a36cc56d27000bdfef0a00c24d

Analysis

max time kernel
179s
max time network
189s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

685a0fd0b0f15322f19822dbd7e54086_JaffaCakes118.apk
Size

25.5MB
MD5

685a0fd0b0f15322f19822dbd7e54086
SHA1

7b161150ee57fd0c2a9c5132497471724a092769
SHA256

084e4fe454b83425feaea2a1b067c0eabf27c7a36cc56d27000bdfef0a00c24d
SHA512

6181e505af3c97332bb98f39f75c63cd92ca0c1ab99cf1f21b26c36d9902ce8f340a5a86fc523725cdb259b83af4f31054270d3ad23de18d2eb53e6a99a40756
SSDEEP

786432:vB59S1fmvPgDLy65xjNQrrxPncnYSD/fXmchgJUREvH2Q:vWfcYK65pEllI/fX9gJURcWQ

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.cdel.jianshe.phone

description ioc process

File opened for read /proc/cpuinfo com.cdel.jianshe.phone
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.cdel.jianshe.phone

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cdel.jianshe.phone
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.cdel.jianshe.phone

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cdel.jianshe.phone
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.cdel.jianshe.phone

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cdel.jianshe.phone

description	ioc	process
File opened for read	/proc/cpuinfo	com.cdel.jianshe.phone

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cdel.jianshe.phone

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cdel.jianshe.phone

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cdel.jianshe.phone

com.cdel.jianshe.phone
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4527

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.cdel.jianshe.phone/databases/personal_clock.db

Filesize
24KB

MD5
c3cf2e981677364c1c898b2d1fe66757

SHA1
25105cbc6ca40b7eda7bb992c1268a67491e6944

SHA256
1817d849a5859eb631c00723bc08550b0a62307f327fdb82d1f58ed131cb0c8d

SHA512
ed3fedebd2af13ee81c6fade663c53d8ef43ef64eadc9ae6fc163eb3dd721b28f0be9a7f9f64f92214193a84192ab56f2724e6a70b616be377696c755a980867

Download Submit
/data/user/0/com.cdel.jianshe.phone/databases/personal_clock.db-journal

Filesize
8KB

MD5
412540f67910bbcd38fadb936361efd4

SHA1
11087356f6f71b2aaf08c5af0d7b5fdf317d3d56

SHA256
32e2f273a256226850302361b64f151ed5e92bccbb4dffbf1e166ad68bd03a63

SHA512
e301b0dc9f3c10f315cd8717cc58f30ff9d62ab22ffc4891eeddc4a9fbda24e144994c82b580c234ef0ab40094e23f26991f342f0cda2ffcb24b1551943f64ee

Download Submit
/data/user/0/com.cdel.jianshe.phone/databases/personal_clock.db-journal

Filesize
512B

MD5
4fcf163983a170e083261ffa3ea46331

SHA1
56a4d717428055c788439cfd5ab4d07aebb7d5ca

SHA256
ef30617a17ec9cd1efafe34ca1f23a8ef540b289a0fe7386b147fd75fc37af68

SHA512
cc1ce79e229a06213f7be829cf6f786778425095ffa56ffae2f60919079e33387ccc8e7b07f3428c289b4254ee2c938d8454cd902a276c416803b5c1173f1d54

Download Submit
/data/user/0/com.cdel.jianshe.phone/databases/personal_clock.db-journal

Filesize
8KB

MD5
4563edf59aaab1afdad2bcfbac475022

SHA1
eed46173ee16f0dd030028f53eb096230237c756

SHA256
66ed51c9f441bb09c0dd27f8a8406e22e3542ea014c1946d75247b9cb122cb52

SHA512
d9323126b7010ef77c68d83b54607bd4ed9ea7687c19f139cd3edf45b740cb7c37ff6d7297963bf34dac04ee9819523469131bf5cb1d424dbfe72c20eec9f98a

Download Submit
/data/user/0/com.cdel.jianshe.phone/files/jianshe.db

Filesize
272KB

MD5
6b8121cd253fe31c653efc3ad0a1a9ca

SHA1
dc8056ada702dcaa144b727f95acaaad860411ef

SHA256
fc28556c1f792e9b672ec9a3eb1367480745ef95bb0e2fa5be33d4c31c8fb885

SHA512
5bf0b64912a7d5aed2c99dbc9c6038bc64ab41c2fc063f3f80f9155e7aca57aedc09fe0a60cb40b0358f91fd83a48ccb42f7fb45efb72b5b00d6d837af84c5f3

Download Submit
/data/user/0/com.cdel.jianshe.phone/files/jianshe.db

Filesize
356KB

MD5
91223cc313b57c557cb6e855e882ce4d

SHA1
33f509d8fae22b1aac4ac634657e9136ce64a595

SHA256
269023fd34e7322f7610685b8cbb86e19239560cc31869c9ae5067e1eceb4120

SHA512
a2e92d0501686d61cb21a92daff4e9d5c50bdfc99e877b10d0a1100211401a050e25e655b1ab708154f147a026eb2130b773dc840d185f3ba17dfa4af44c938b

Download Submit
/data/user/0/com.cdel.jianshe.phone/files/jianshe.db-journal

Filesize
8KB

MD5
a2b0e75f39eba4f0459b6cb2573d024b

SHA1
b590b1d2398c8ed947176bec17c462d44e05f7a4

SHA256
a4b7f2571bd6d3e99f3716e4a7926b137bf75a3f246f816e8b37cf6eb1125822

SHA512
2a1ecf26c8c60e4c8c9fd26c1028a9263b6ec31d4836262b323d40df2d37c383e24542ec5ac41811d82648004c3b704c0e282ea9e17a50d24c3f1936f72356d1

Download Submit
/data/user/0/com.cdel.jianshe.phone/files/jianshe.db-journal

Filesize
24KB

MD5
d0220d55f843b87ae418035e267eafea

SHA1
d3dc5a42ebbdaed14e8fa73f3d21d317c2efab1b

SHA256
cf44fbf5bc63c01aa8359e917c5226f4ea21ff064295b847b7f854134c13af3d

SHA512
86978d17a86ed021e62d4999277cff0f9a0a632bb4af1d637c68602fb37649772b034b096fdc69e0d1aec4bc1feaf237b4560ec550bdade7ce9ff517d5e75762

Download Submit
/data/user/0/com.cdel.jianshe.phone/files/jpush_stat_cache.json

Filesize
140B

MD5
ddd190501980b1c7ab7483a3046ce1e8

SHA1
e04db32a8946071cfaf16b357b17c7bdcae67913

SHA256
6a4812960763fbf202b67a239dcf9c34b990d30fae0fd1cd996639fc73145ae5

SHA512
5b525eae9bf229cd2f733a46345261eaadda41de12a931306a841aa439872623d9816614177891fa4c1a66015779cf23f36d5dd41713d692c85a88d3cd79b3b6

Download Submit
/data/user/0/com.cdel.jianshe.phone/files/mobclick_agent_sealed_com.cdel.jianshe.phone

Filesize
527B

MD5
a47bc4acb5d23a973c159e518cc36c72

SHA1
27ea6d35a6d53c7398b76bfbb09c875f2240e1a8

SHA256
4a5cae126c7430512f92fbc8b6ed49ab8894903993499735adb53795172b53e2

SHA512
b563bed2e3c3abbcf1cd3b2af24600f774fe76577f63ccd1659abb861480c5537275be03aca5aa689c18e0d5199911de8c58c7771039136eb6ec28e23b467ca5

Download Submit
/data/user/0/com.cdel.jianshe.phone/files/umeng_it.cache

Filesize
148B

MD5
60576cb7949d4b69087fe7a64dc962e8

SHA1
aeccfe09414fa23d0e60c9c69daeee62057e370a

SHA256
4b99813f63d74edf750fbce5d2b82e9f7af1a26fc7b5c1f0f5353a2d991b3a99

SHA512
c2dd374b6cb47107004f19311059ae86f372d737a6486defee16e0026f61cf740e6065aeefaf03fb6c00f4849b7f9af7dd540a468e374a1494f28d5ef9c743fc

Download Submit
/storage/emulated/0/com.cdel.jianshe.phone.txt

Filesize
10KB

MD5
4337367f287cc81fa74125df5cc6e652

SHA1
1dd5547af5822a5a483ff6cf5b1a5b7b0eaf874d

SHA256
45f667cbcebed18e413848b75da4764219a147860d423a8b5fe33562e54ef413

SHA512
0c1fbf29b8b6be55783fdfc4fa4794677351881de6356457d029cdc9c8ef1b23fac203b80d5aef633edf4d4bef5c5aef2571a9f20205b70bf917078297801e05

Download Submit
/storage/emulated/0/device

Filesize
16B

MD5
49f639e0ed0462aafde55aa92d0c1f64

SHA1
0ca43e7631d738e69006bb66151ebf3ebbd92dd7

SHA256
39006bdd759dc9edf2c7637c9832e49508b1317310e11f259add862c2eda7791

SHA512
ffec56b0fb32ef31ee06e465a95f26daee63cd26a5dd5b0f7e68c3146de4e3a5988695b262982f9845241e0eed13e866c9e771515a859a591e5db3a92541559d

Download Submit