084d7d0f0f3c8378127fc27e4fa104f64c4ccbe46890718a6835fd3dfc012fc0

Analysis

max time kernel
175s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c729ecaf3a1413cbce2cbfec9159014_JaffaCakes118.apk
Size

11.0MB
MD5

6c729ecaf3a1413cbce2cbfec9159014
SHA1

5f9b43b8228bbbff6e7891785eafa53f77db424e
SHA256

084d7d0f0f3c8378127fc27e4fa104f64c4ccbe46890718a6835fd3dfc012fc0
SHA512

77c7bd7ec44ebf81972eb000f3dce38991548d04d3c74423fbddecab1a42ee233319e12b53230bbeb366052669da2b6480c0b8d170969b8cba01a70ac4d64308
SSDEEP

196608:CmdJifUPeu1S18Hm9Oh3G5lV7ejQAQ1n6AA+tQ4IgIKl6iUobxJBOobxJ2L:tdJioMgV0l9ejQAQNA4ZINKgGZJOL

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

System Information Discovery

T1426

Processes:

ibuger.jieduibuger.jiedu:remote

ioc	process
/system/app/Superuser.apk	ibuger.jiedu
/system/bin/su	ibuger.jiedu
/system/xbin/su	ibuger.jiedu
/system/bin/su	ibuger.jiedu:remote
/system/xbin/su	ibuger.jiedu:remote

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

ibuger.jiedu:remote

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation ibuger.jiedu:remote
Checks CPU information 2 TTPs 2 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

ibuger.jieduibuger.jiedu:remote

description ioc process

File opened for read /proc/cpuinfo ibuger.jiedu
File opened for read /proc/cpuinfo ibuger.jiedu:remote
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

ibuger.jiedu

description ioc process

File opened for read /proc/meminfo ibuger.jiedu

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ibuger.jiedu:remote

description	ioc	process
File opened for read	/proc/cpuinfo	ibuger.jiedu
File opened for read	/proc/cpuinfo	ibuger.jiedu:remote

description	ioc	process
File opened for read	/proc/meminfo	ibuger.jiedu

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

ibuger.jiedu:remoteibuger.jiedu

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ibuger.jiedu:remote
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ibuger.jiedu

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

ibuger.jiedu

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo ibuger.jiedu

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ibuger.jiedu

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

ibuger.jiedu:remoteibuger.jiedu

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	ibuger.jiedu:remote
Framework service call	android.app.IActivityManager.registerReceiver	ibuger.jiedu

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

ibuger.jieduibuger.jiedu:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ibuger.jiedu
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ibuger.jiedu:remote

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

ibuger.jiedu:remote

description ioc process

Framework API call javax.crypto.Cipher.doFinal ibuger.jiedu:remote

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ibuger.jiedu:remote

ibuger.jiedu
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4248
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4326
- getprop ro.board.platform
  2⤵
  PID:4326

ibuger.jiedu:remote
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4364
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4654
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4674

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ibuger.jiedu/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ibuger.jiedu/databases/bugly_db_-journal

Filesize
52KB

MD5
29cf078fcb28a7551afe80f2f88df911

SHA1
72cde2579a7d345df0e21ddcea7bf044066ea14e

SHA256
1cdaaab4fe418a08027f0413c503ea4588d158e7ddcfdf6d6665d38e961453e8

SHA512
7bbd4b7695d7f6bd686504d0a2c111e772e18d52b9eb6622399143b7e551704e4ed88e0eda5d0df9bc9f5c3141db06874a070311bdbcb73cb10254b3e1bff49e

Download Submit
/data/data/ibuger.jiedu/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/ibuger.jiedu/databases/bugly_db_-wal

Filesize
48KB

MD5
29205c112e0628acea0f33e8f88e74bc

SHA1
5d8975eb3d52532305867fc86624dd4c03156072

SHA256
1fca50c3109664e3b4f2874787b2fda1c9304d3da9229f6db66e65ef113661f4

SHA512
2b1deebf31819f278e0cba1799bdfe7a266ba956a82036e571ab2ecdf5eca7993161ae7624f137f4b560160219ccd8f2d759e5bcc6863801e1efe690248a1802

Download Submit
/data/data/ibuger.jiedu/databases/pri_tencent_analysis.db

Filesize
64KB

MD5
c3a7606944e79690f33e9455c9160fdf

SHA1
6b4e98827e5d142b9d8aae143aeb5dc7582b0075

SHA256
a3a2695316153067cdd0f9290bab5558b16855684357a15e5f8ce98a081e8b19

SHA512
2701ba19564a6d7dfba149725a592dbc79099b27a201a699388524e45196d060ee597040045431f3ec67c0dc5307d5d2410efe5888a41a9a787bfadcea1a152b

Download Submit
/data/data/ibuger.jiedu/databases/pri_tencent_analysis.db-journal

Filesize
32KB

MD5
e68170355ac2cd07800d3da694c16192

SHA1
0bcc0481d76413876efe2f58cfc1b86cde9aa5e6

SHA256
04435b11c979782e3bdc00afcc83ca039cc801dd8d673bbf5df200638516e113

SHA512
c37f35f94c8747ea90339bc945f9f51f058a20fc93efae9087662a1fb04ee1e51d07f74ae529a75b0ad6e90a5e4256546b369cb0461110e5c5af6ba9ecd429b0

Download Submit
/data/data/ibuger.jiedu/databases/pri_tencent_analysis.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ibuger.jiedu/databases/pri_tencent_analysis.db-wal

Filesize
52KB

MD5
45de6a75ecbbb962e59da2b25d311c42

SHA1
16a1d54604f4da4db2ba0cbfdf0ed0f7233020f7

SHA256
0730085b6aa6c4752b05ed3eba4bcb10d6ab530ca9a01b4634aba29c81d44ccd

SHA512
71d73dfdfbed2485aa0c2e09bbac3903992beb5669606889a977b83d75ef953e243c223977d4aa36af52ce33c37734af14e77029084f744ad76a0ad000e005b2

Download Submit
/data/data/ibuger.jiedu/databases/pri_tencent_analysis.db-wal

Filesize
56KB

MD5
a22c5b00fa1997ac5e7ffbddaa87aabf

SHA1
99bac4d06de88b0d2de4a8dc32925ff87e8eae1e

SHA256
a829182eb6766cac9a68cf2895c17f3b2b66f1333f690604b2f17fea770a2749

SHA512
16e2233596db603106e8ba149956b7adeda03b0829b558f3c563d4375c51c9ab54277f13a85bcaea6385211034d60a8914c6f79b6b1e95db68fd6d9578d19db3

Download Submit
/data/data/ibuger.jiedu/databases/tencent_analysis.db

Filesize
4KB

MD5
0140ada85e6240ceae304239bf0367a1

SHA1
4b4ff52752b8e00c74601097519dc547d6264c1f

SHA256
3008b0d9a1b310e4c23738d6ad781e368f725bbb2bff13860f94c8e429164662

SHA512
75538bdbce5a67cf49f3d8c291edd21a088137e420952a1488c93121127517469b21b14881a6bf636964172f7f0d475891217758ccce51f30c3089c9c19ab4ff

Download Submit
/data/data/ibuger.jiedu/databases/tencent_analysis.db-shm

Filesize
40KB

MD5
de873698010f21758ed4996bfcf474f8

SHA1
ed55de1cfe82d42300db29c3416640161f73a589

SHA256
6e6a9679f159fd91de3dfc02767163a516b69287f307fec6670c963376479171

SHA512
e1acf50e8d87485d8e15f71e46c444fbd2fd0d773f5413a04d153e83392c510954571e61b8ee5036f8d1a2a66b4e0a65589b16fe0e24260933acdd9976a5b0d7

Download Submit
/data/data/ibuger.jiedu/databases/tencent_analysis.db-wal

Filesize
60KB

MD5
c8995e7d71845a99e65e19bb8da39886

SHA1
5b2aa396d3c002ccdff1215e27ab0f0df65aceb6

SHA256
2bd1d5fa4d77416e0551cab65d7e9aa81df58ff484eccad454935e9bab79f0fe

SHA512
75248bba0ee202f70c887153d3a1b5fe1cb11a52bc5cd416f7b5bd93572efd4e9f1b56e41b98858cd31617d4f20dc8f3b02f870a3213d4a11dc268cd05af4d27

Download Submit
/storage/emulated/0/Mob/.dk

Filesize
107B

MD5
7f9acef2e0c33c4617cd4ee06284e4bb

SHA1
2453af7ca8877a39e096ec505ccf50a2787ecda5

SHA256
ad0077b88c224a311f502b87ec4dcf2a9c4dc237149ccc16430ec8bf6c425c43

SHA512
3fe8210eee78c068aa972b3dd77051fec0b8884896286ced6961a02e0750620fe821cd1b737e654d52c1d95caa4cb1247b52f4d2bce25b870c1af6a9db35476a

Download Submit
/storage/emulated/0/Mob/comm/dbs/.duid

Filesize
496B

MD5
9d04152329e2c4dee2412a6b10cd1812

SHA1
0cfc9be710fbc25726a108eaf786829ea0a1a824

SHA256
050d9e1a693d8e8804c896c84c209c8b48812de7faffbe8c27b1b77b3b2b0558

SHA512
918c9c12f43f523fb034d08cc6c8c3603cbbe76b038dfa7ba775bac4da4afecacd816ce7e55d3644532c27ca8f4299a5cba3a3152943c2523cb3ef3a96a8d411

Download Submit