cb81a06c056a438ccf9ceb4a3db5e8e2d43c96e01d5ad5290c2552d896c3f0bb

Analysis

max time kernel
73s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6864b12ccf68093159ff1e9d771bc716_JaffaCakes118.apk
Size

6.5MB
MD5

6864b12ccf68093159ff1e9d771bc716
SHA1

be6dc2ef5814df66151245a3004f77d7430a4b9d
SHA256

cb81a06c056a438ccf9ceb4a3db5e8e2d43c96e01d5ad5290c2552d896c3f0bb
SHA512

6203866e5c822d271cf3565ee5fcf68460ca736568d994483ad45b63d6da551ac57d291bee2a9051ab13eddde96416d12f04eafa675750f2183f46b2a25797e3
SSDEEP

196608:s/zcWNvDF+ulf8v0KZQEnyJg6uyHcuw7H2WM:SND+ZygdyI7HJM

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 6 IoCs

evasion

T1426

Processes:

com.zydm.ebk

ioc	process
/system/bin/su	com.zydm.ebk
/system/xbin/su	com.zydm.ebk
/data/local/su	com.zydm.ebk
/data/local/bin/su	com.zydm.ebk
/data/local/xbin/su	com.zydm.ebk
/sbin/su	com.zydm.ebk

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.zydm.ebk

description ioc process

File opened for read /proc/cpuinfo com.zydm.ebk
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.zydm.ebk

description ioc process

File opened for read /proc/meminfo com.zydm.ebk
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.zydm.ebk

ioc pid process

/data/user/0/com.zydm.ebk/[email protected] 5187 com.zydm.ebk
/data/user/0/com.zydm.ebk/[email protected]!classes2.dex 5187 com.zydm.ebk
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.zydm.ebk

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.zydm.ebk
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.zydm.ebk

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.zydm.ebk
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.zydm.ebk

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.zydm.ebk
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.zydm.ebk

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.zydm.ebk
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.zydm.ebk

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.zydm.ebk

description	ioc	process
File opened for read	/proc/cpuinfo	com.zydm.ebk

description	ioc	process
File opened for read	/proc/meminfo	com.zydm.ebk

ioc	pid	process
/data/user/0/com.zydm.ebk/[email protected]	5187	com.zydm.ebk
/data/user/0/com.zydm.ebk/[email protected]!classes2.dex	5187	com.zydm.ebk

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zydm.ebk

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zydm.ebk

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.zydm.ebk

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zydm.ebk

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.zydm.ebk

com.zydm.ebk
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5187

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zydm.ebk/.jiagu/libjiagu.so
Filesize
497KB

MD5
e102893683a16d223c852ac584155d58

SHA1
5560d79d71fb1951d6ab0a464af87429a4933c2b

SHA256
41c76fbc6aabf843f22a1cf49a457bb99a7579b7260e46b2841c30afd82523c8

SHA512
3129498f917661361bc9a0eaba6b7b6490c2216e19dd7cc802b1f2f22fc16ae43b86a7ca97273cd2e2504a7e7e08a173daac34f5085a21ffd4ac1d84e76cb8ab

Download Submit
/data/data/com.zydm.ebk/.jiagu/libjiagu_64.so
Filesize
569KB

MD5
b1863e639e6fdf0a1e36fc5a3bda35bf

SHA1
b0809bff74eb482bfe687c026e4595c9ad210a20

SHA256
82c2dbfdf2dcc3364d1616185d218f6471100f9f1feaa74420a2bce852981650

SHA512
a29de350e977ae51aa57bec536335631a4857e7ec75c82ab1e2a4a8de605569a8bc892b2dce272c723ae46c1de02c7e9f6a8d8808b4f990e513ca8140a0a69a1

Download Submit
/data/data/com.zydm.ebk/databases/download_mgr_info.db
Filesize
16KB

MD5
5b670a4a85f049e9f9f505cb0f51a6ea

SHA1
65828fd7489f358aa8347a6696163694d679761d

SHA256
af837b21724c4ae8fe3000d204799e4fa31f76d7c1f281600918973e7459fc35

SHA512
54b74eba66d2fccc03b41db7a3e9715dd2d799681018c0bf1fa828d4cc734ecfc94ae75cc0643081b959b492a3a3f992b9b643611a28717951e86814ade5ba65

Download Submit
/data/data/com.zydm.ebk/databases/download_mgr_info.db-journal
Filesize
512B

MD5
61bc7a1d5f88e61fa450bb6ae31cf4ae

SHA1
d49f659fd90a78f165b7ccc47a6de28a28d18edd

SHA256
aee338c1d4bcb0531767f1669c53095cc4214b66fcd5fbbf2ee82f5c0622e0c4

SHA512
6e66f2bf2cf73d8f76d64f28d4ec099e22205a1903fe9d6991338cc611f482330f529f3285a9ab288c5d4c114faa2feb56ea7e22ce666a42e0e6373c75d30f54

Download Submit
/data/data/com.zydm.ebk/databases/download_mgr_info.db-journal
Filesize
8KB

MD5
daa4fd7965f6f579a46d2539befe995e

SHA1
159b138d892262b9ea340166cf0a6bbe700188e3

SHA256
a308effa5e4842ed88c3799efaa00e0a9d1115b6effa698af5a9a9005f085ba8

SHA512
250a6fcbffc968fbcb011080bf7a8f4fa82f0207d5b2f0cb890b563a9bc7f59beeb73d88074da4daa8a89fe88d187b5d9d1ad90730465fae10339475d3e0be80

Download Submit
/data/data/com.zydm.ebk/databases/download_mgr_info.db-journal
Filesize
8KB

MD5
d2e8002f92a09c51b6c25b2c58a8b08c

SHA1
b8bdbd1e81724f5682955e42bde3e66228b042ad

SHA256
bf7a3398eafbb9cd8c597977eb57a7766fc5cab2fae1d9f6749bb59f97a24692

SHA512
73870eec6348ac1cbc543479bc8e3ba6a500c0c9471ebc12bf8335b65aeda38576a78b692b2c732e942b84894e91896c323ba4327147afb11efa54ff9b32fcf1

Download Submit
/data/data/com.zydm.ebk/databases/ttopensdk.db
Filesize
40KB

MD5
59e3d7c88fe91fdcb61a07679bf54d84

SHA1
2ba947e32db83edad85ceac4ce6f788b84f7e81a

SHA256
c5bb7d5a1422693e5fbafc36e2b983c6171d35a87b45b6407d29455342cb7875

SHA512
51cefa88d71fc3ef74b2e231e7cf2f3f54cce45910b5f0f491f53d71f60fdd5cf1e0ac765584234d8997cd6a61eb5d48255d6f483854a46cf950a7f127312a2c

Download Submit
/data/data/com.zydm.ebk/databases/ttopensdk.db-journal
Filesize
512B

MD5
b695ae6e1280bfb3c7533947f16aa582

SHA1
4424c511cdf5e1eac897a6b21252ea47053cdbe1

SHA256
da5c47e0f4ae4fc8ba6b344f44516b8aa9ec49fd7b89d38acfdf80a411f5b9e2

SHA512
3ff602059283dccc6eda2b508972f0110f4eb072392c2ec82745ff1bfe049b18f5d588db7cafd4adba7145b50652769c004c9310529363e8056726ace33b1b65

Download Submit
/data/data/com.zydm.ebk/databases/ttopensdk.db-journal
Filesize
8KB

MD5
5d8b630726c31bf3f2ceb76c5d0b72fa

SHA1
eef9a3e9c7144d1b5e81aeb1a7344ffcca0c9eb6

SHA256
b790494c689392f1445ff5b844a7ec0abae5dcbc0b5331cdefc7db0736a3aa32

SHA512
40a8abd4d3227b7301966a5d35f6a89a27356ca3330b3daa7ffff22847cfba8df066f1313e67ea348d790dd5162a09d1f152383c2575316656942837bf783bc7

Download Submit
/data/data/com.zydm.ebk/databases/ttopensdk.db-journal
Filesize
8KB

MD5
9b12e66886f7e128376bf94fe5ff38a4

SHA1
08d84d34b9c5cc3d5fed8cc83b1d598d7d1d3031

SHA256
9dbbc797b15cfe3d8172bc82930cd9a6d5e37b393010f345e3cfb5186a06ef2e

SHA512
8a2e1e3bde4ea9f4453d47d680b291777392cf013915cc8c0db71c09fe5c644ec6183b58bf0428bd54d2c73ef92d86e40a2ee10fbac7843ffaaf7a6007c7934c

Download Submit
/data/data/com.zydm.ebk/files/.jglogs/.jg.ac
Filesize
40B

MD5
8c4feb070847756913cff4bce47395ed

SHA1
ad07948482cc158e3665ab479ef42b03c69d7448

SHA256
dd6ddb98f2ccbc5d0ecde496bed09bd3cd81e80d04aeb7540615ab46a7459e1b

SHA512
c1cc06b3d5bae106229b36db9b539f4f89862e2d2f40c144af08d6f14a6dc5cbee89399b69a7ba300e850f13a63b4000c748d4532c9bac839bf602acc39fcadb

Download Submit
/data/data/com.zydm.ebk/files/.jglogs/.jg.ac
Filesize
40B

MD5
3a14ca466603d4cdebaf821fcecb794d

SHA1
7250c38c28bb930e8e10bb85cea28a624fa29cce

SHA256
a4daeea38a514653ee6724c0fa372ab484f054f77b2eef9688e9636e4da705ed

SHA512
58795e4fb7cc2134d8d836d94270a6ab0fa811242b49ba465a1fc80aa91411838470219b505c5ce5b334ef8ebd1d5004ccb066546d1ea9edbb85307971ca1aec

Download Submit
/data/data/com.zydm.ebk/files/.jglogs/.jg.di
Filesize
348B

MD5
e705635531268b4f490d6695f6990ca0

SHA1
d26c9b5cb0203c2284e13de62dbacfca349f275d

SHA256
15302f3e2abefc79358d398125d989344f27faa92b9f3176d1964a47360be4e0

SHA512
23fdb3bf39d09d298f6cc5eb903d71c707b7e114fcba11a58c2e8f7fe0aec31275e2681ddd0abd5b00252c62d7e439005d1d29897bce9baae6254f05294dcb06

Download Submit
/data/data/com.zydm.ebk/files/.jglogs/.jg.di
Filesize
348B

MD5
013022982ee3e91bd36b84e55794e5de

SHA1
74fee46bb040307dbb5fb0dfbfa488c50e3dce11

SHA256
a4831765bf8e1364213d13785102505054d94f7808336c8757559db74a668095

SHA512
4c9d22748481fd3323bf49260631dccca464118de4456cc0742124b2f734d6491707937586814c5fd79769ce74eab7c0d7a2cb030ffb2baac435d562a15084f1

Download Submit
/data/data/com.zydm.ebk/files/.jglogs/.jg.ic
Filesize
40B

MD5
f14270993ad5952d69958cfc8450ab5a

SHA1
2f7c6ffb13f2fbe497bde18e505fd9aad007f0f9

SHA256
97522f211667eca88df89485ab3cc8563c7688a6f9945ecbd5e08a5b2edad634

SHA512
27fe6a27eaa24c1e9d5a9b77ce93ab3d1f226845fc031f6720d0871f71c7ef83642319da53ece53a5aadf9d68de151d74c73b3832ad2efec76dbd3e3f2e0e3dd

Download Submit
/data/data/com.zydm.ebk/files/.jglogs/.jg.rd
Filesize
32B

MD5
2ae2bea12ba9ad06c4d64368db90add7

SHA1
dbe85dead66b57fbc60453838a2d8e6cbb77d488

SHA256
61eeaaf5809e41755628f09d81f840401a2de9a5e31841423a6520e61af85a00

SHA512
3be921a42ca4e170551c09e4fdca6ada2f299f140372356c3c39c4e791f56e87b1604d8c02b8bb408199a058890a88d410753a38d5da16a0887bd33e1efeb9f7

Download Submit
/data/data/com.zydm.ebk/files/.jglogs/.jg.ri
Filesize
314B

MD5
4a5cb5a016bd38548536f48dd184f392

SHA1
995f24d0f32a229bb9686af41cb23f17c27917ed

SHA256
f98459f9b95759609b39d129071a56c385a8fdd32261df7dba0373c5806a2590

SHA512
28f83e52cd65ccd7249b2862be754a875d29ff6694e7842196c51c6199a064fdc3a3d5f7312801855b4a1e1d531237eb63c1efc26a7dbf9ad964660280fce0e2

Download Submit
/data/data/com.zydm.ebk/files/.jiagu.lock
Filesize
27B

MD5
369d0a9d1822dbfa3c4aa0b387eb2555

SHA1
bcb9db55c46331711225ddab6a91a0e441c165b3

SHA256
d71ee7ee38250fa20cd5c83f09523867d96c058360d93a84e119783cb818e825

SHA512
9e7bdf221b1ff7359dbae8d902ef1014dc533f43a76738f29681f9669d7aee9d1cad398c249bec17aa966b1e1338bf235d9c8ddca7aa2917ecb078387af2ec50

Download Submit
/data/user/0/com.zydm.ebk/[email protected]
Filesize
4.9MB

MD5
47ce906e675d3957522a9e9d17101bdb

SHA1
696a93423bb1e4633c5e239ef3da3f12d2d11f61

SHA256
1b179e9f44ecd576ee419f1e4579c4410ed5c854c8f398b7e0aee33cac1cbaf9

SHA512
4e3e51ace657ec66505f3230783904020f607b2eea0e4051d7b055767948b1858b546319c45df07d246e894cc2af2f2c63fdd6e6fadfa97a9bfd3ced8aeea108

Download Submit
/data/user/0/com.zydm.ebk/[email protected]!classes2.dex
Filesize
4.8MB

MD5
f7fd791bf3f89d69633cb102c7954f85

SHA1
d0a0519199c46dd88a2ff701db6daeefb6df8d1f

SHA256
fa3be5e823cf11f0908f91109d753d1335409210850acf373b583f465c0267e7

SHA512
0f8ecd853bdd057fbd6c85dbafab1a1ed6716f4c858191669c447a0c5102e37fe03735f0f08210151f0e75427a46d882cb97443efcc21e6786d71764140aa70f

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
b353b14e647f574497f5bb23bc23b82e

SHA1
5dd2093b803c1c9416c8b55efd90406563c30c31

SHA256
72154772e7646c78c6b54b6595b548cebef2aa5aa0b9495b8b8df7fba7371531

SHA512
dc8687d2e10a912d5c86f3e154fe2e67e763d389c22e7708fe5af3b5f2ec7568afdf03d0afe1f4d7492db278f8a994d4a559881b0baec1983db997be5429aa3b

Download Submit