084d7d0f0f3c8378127fc27e4fa104f64c4ccbe46890718a6835fd3dfc012fc0

Analysis

max time kernel
179s
max time network
189s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c729ecaf3a1413cbce2cbfec9159014_JaffaCakes118.apk
Size

11.0MB
MD5

6c729ecaf3a1413cbce2cbfec9159014
SHA1

5f9b43b8228bbbff6e7891785eafa53f77db424e
SHA256

084d7d0f0f3c8378127fc27e4fa104f64c4ccbe46890718a6835fd3dfc012fc0
SHA512

77c7bd7ec44ebf81972eb000f3dce38991548d04d3c74423fbddecab1a42ee233319e12b53230bbeb366052669da2b6480c0b8d170969b8cba01a70ac4d64308
SSDEEP

196608:CmdJifUPeu1S18Hm9Oh3G5lV7ejQAQ1n6AA+tQ4IgIKl6iUobxJBOobxJ2L:tdJioMgV0l9ejQAQNA4ZINKgGZJOL

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs
evasion

T1426

Processes:

ibuger.jieduibuger.jiedu:remote

ioc process

/system/bin/su ibuger.jiedu
/system/bin/su ibuger.jiedu:remote
/system/app/Superuser.apk ibuger.jiedu
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

ibuger.jiedu:remote

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation ibuger.jiedu:remote
Checks CPU information 2 TTPs 2 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

ibuger.jiedu:remoteibuger.jiedu

description ioc process

File opened for read /proc/cpuinfo ibuger.jiedu:remote
File opened for read /proc/cpuinfo ibuger.jiedu
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

ibuger.jieduibuger.jiedu:remote

description ioc process

File opened for read /proc/meminfo ibuger.jiedu
File opened for read /proc/meminfo ibuger.jiedu:remote

ioc	process
/system/bin/su	ibuger.jiedu
/system/bin/su	ibuger.jiedu:remote
/system/app/Superuser.apk	ibuger.jiedu

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ibuger.jiedu:remote

description	ioc	process
File opened for read	/proc/cpuinfo	ibuger.jiedu:remote
File opened for read	/proc/cpuinfo	ibuger.jiedu

description	ioc	process
File opened for read	/proc/meminfo	ibuger.jiedu
File opened for read	/proc/meminfo	ibuger.jiedu:remote

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

ibuger.jieduibuger.jiedu:remote

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ibuger.jiedu
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ibuger.jiedu:remote

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

ibuger.jiedu

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo ibuger.jiedu

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ibuger.jiedu

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

T1421

Processes:

ibuger.jieduibuger.jiedu:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ibuger.jiedu
Framework service call	android.net.wifi.IWifiManager.getScanResults	ibuger.jiedu:remote

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

ibuger.jieduibuger.jiedu:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ibuger.jiedu
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ibuger.jiedu:remote

Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

ibuger.jiedu

description ioc process

Framework API call javax.crypto.Cipher.doFinal ibuger.jiedu

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ibuger.jiedu

ibuger.jiedu
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4519

ibuger.jiedu:remote
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
PID:4584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ibuger.jiedu/cache/HttpResponseCache/journal.tmp
Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/user/0/ibuger.jiedu/databases/ThrowalbeLog.db
Filesize
20KB

MD5
8b764288e5b03915523b257bc39a11f7

SHA1
783ca102effa2b92bd1fb3cce9c2ea0d1594942a

SHA256
0c8b1c78d80c381d25def8f85ef795827fd263b2e1cf5febd4f81417c2f2af24

SHA512
8c7da795855d39f32776e36d0b825e4073961112ce142dae1b82b18842979ab8f5468325498ae3da0f1d504ea0eca8c4b3c13f60a6c6a624d9f02a9e3de20021

Download Submit
/data/user/0/ibuger.jiedu/databases/ThrowalbeLog.db-journal
Filesize
512B

MD5
9083bf107da4bcb114c483c7b40cc07d

SHA1
913e7e63f82bcb27db343c5730cca01542677599

SHA256
de79465fa1c5800eec6ea7a162aa3012cbb7e076df2b4aedfc26efc3d216cedc

SHA512
f2e9aeb1e02531a3bcd18da088f10df59fbff9310c16a287c7f950606d7b03904a6e81c57fe0f728ba3947891e9910a0e2ed36fe8d89b43ae5e5974262d09bd1

Download Submit
/data/user/0/ibuger.jiedu/databases/ThrowalbeLog.db-journal
Filesize
8KB

MD5
5792517792649ca9de68fd26e1f14201

SHA1
f3de17d1e8d06e79d0105db51ec55d7d382b8b51

SHA256
81c22e858399aed2a053604c213b02eedeae8429dcfe3af363c2ed612253d3c6

SHA512
f0c81f7bc04446463fcd98c318f7dcf3ad9d40e44b1d19359b8cc2428dec813694925ef6d00ca413769df3c69726b62a47956d776d0a73c97232bf6f17f16f87

Download Submit
/data/user/0/ibuger.jiedu/databases/ThrowalbeLog.db-journal
Filesize
8KB

MD5
bd6c93ff481513f776a4190504321d80

SHA1
794ccbe3db9dea9c1ce51a56e5cedb83a3bfe06b

SHA256
33c2f19f2a47a58fe5db0fe577fc70dfcb4ec86e7cc70a28018d43842454fd80

SHA512
0e8f89b84da5b7e08d24cf1d9e9a9c2725655733d72db713471fd882dce7bc1ce2dd74128760fbefe4f8b51dda1fc1fc79953ec2653454132dee030e3f5b0a60

Download Submit
/data/user/0/ibuger.jiedu/databases/ThrowalbeLog.db-journal
Filesize
12KB

MD5
8a67dfeb155586a37f8c5b6b952413f8

SHA1
40f11415d844340faaf388ba0d3925d04af7ea7d

SHA256
4335f808b8d470cdda2a9a94c64edec10ca7c397cc58318c2a53122a4a4a9668

SHA512
53d00c4ac9c41c0ee5fe5dbf5ab34eb6ad2387b92b1ad24b32d48b567e3ce5144a0a3cd683b04f865729605a890323564f32585e6810c6819bda7cc8b057e606

Download Submit
/data/user/0/ibuger.jiedu/databases/bugly_db_
Filesize
32KB

MD5
6e4214ef0b0688d98d2d55928c480f74

SHA1
d8b253642f6c6099c5a3f3e08036ed314b7b3e68

SHA256
997e402851c6dd95b11b115fc051d811028945e9f56d8ada6c9480251b582a56

SHA512
14dafd041fe7bafbbecb8cb4da2cec66f97e1a432386143910af3193fcd463111586fa1478a2bb8fba432ac0874a160641cc504dd1e00f184b77880cf8765635

Download Submit
/data/user/0/ibuger.jiedu/databases/bugly_db_-journal
Filesize
8KB

MD5
bd5da6e50716863da9782a871fb52c39

SHA1
ddf0240409531fbddd5c841267f12a002ec84aa3

SHA256
4ebe442311d756e9b12b550348f373cba814621b35b23dd4a378c14d6ed7b416

SHA512
39b3790be90b19ff8a44e6aec0882293886e5f891cbbfb3c4103a446ff661e88c7815e457fba140b8cf59950b5263831ec0c4cfbabf14b6db86015401e24ca14

Download Submit
/data/user/0/ibuger.jiedu/databases/bugly_db_-journal
Filesize
12KB

MD5
7288bcb54b5b8bc9101fa8045f5b4ab5

SHA1
e30e4f62287e8d37d0702327ea0c4baaeaeebe9b

SHA256
59b1a3b9c8afc66b29d0a5198462600d3c953d89eed168a01f2d4417bdbc494a

SHA512
b7e60254dcd9b502805dab7f41f917395c17740b199f038d1cf56579612b807bc77807c8c2fa72b0655047bc720f26aee156ed1b04d5f46fbe9a62844f4b30be

Download Submit
/data/user/0/ibuger.jiedu/databases/bugly_db_-journal
Filesize
8KB

MD5
f1612fe4d81d71cd7748b952b2394020

SHA1
9da8517335c2e0c265cf7c068021ddefc50c2ca6

SHA256
06e7507a6bcc87331f3bfdc038cd92e07987e538d2e4bd1c721b192bb18fb680

SHA512
c55a92874a350a3e8b5e23c7f42f96180b8f37b117cdce6e57e83f058ba307de1158839cddfd177fb6dc3a52c9f02f1bc1bbd2c9713c06fa38295ded602352dc

Download Submit
/data/user/0/ibuger.jiedu/databases/bugly_db_-journal
Filesize
12KB

MD5
7b875befdb634c496da1a0066031cb0c

SHA1
e5d5ec32df23beb4536583af021ed9f12f7916d0

SHA256
de69a8706cb59ab3a24ac8a3ed55041e010c78f418893b224add9c0edf18be95

SHA512
6ceaf2421eac7d930103e45233f7c4624c7bd3ab54709ebdf51c261d88604fb0af9219c69cde0a01ab0d95749becf51b7607c2f885ee3c24562189868774e42e

Download Submit
/data/user/0/ibuger.jiedu/databases/bugly_db_-journal
Filesize
20KB

MD5
bd1fee0ec842a7caad26fcfa8361af0d

SHA1
9da924dc1981210d1ee4f7b575df84ddf2323ae2

SHA256
5bf53fea0185326218960ff27bdde662c93b338fddbd2b6de057c2b799504641

SHA512
fe463694443ab2f70b716ab731054233d063886b27da2e176a54482d5bf4f8a393c6e31bb97e37b3b64f7a7b0a57f3976b3d6c8000cdde0b7f1259b6d875b82c

Download Submit
/data/user/0/ibuger.jiedu/databases/pri_tencent_analysis.db
Filesize
40KB

MD5
967fafcc9e5d0b1f9779b512c6217e42

SHA1
8615dbfc252999c5a64deb8d23960fbf1a5c56c3

SHA256
ec2aa83240fe1e988bb32aaeb17f88c18652d6b478343c5d63e3e7e28ee6d6a1

SHA512
73d5bc17b2dce67753a9398c4f8531733c3edb165b51ce7e3b3447054287bb715ab65e18a20fabceb4551da478dcf656a7063eedc89e1a08bd510213e2be300d

Download Submit
/data/user/0/ibuger.jiedu/databases/pri_tencent_analysis.db-journal
Filesize
8KB

MD5
28dff7e65876bae26c1b89eb0f81f0b6

SHA1
5197b8453d6584c9d59badd068ca527327a98da9

SHA256
a96671ec896776e40aec04cbe0f6c2566c7e558a1099e8d064635b82d3b6fe89

SHA512
ac9e0278c776e535862a1ec8cc40177f466ead2f1ee6dd573d364160a7d54f40178221b8c3655f78e7547feefe5af05695784a0f24d88ca4607bcf543abbc907

Download Submit
/data/user/0/ibuger.jiedu/databases/pri_tencent_analysis.db-journal
Filesize
12KB

MD5
e785d49b90eb0d396c2becfca58a7d7b

SHA1
164cb09ed471d9ccddaac1a068bcb040b6dba50a

SHA256
564c3a4e3419e960b8ca1c8d9e2b55ae7d08896b236b4cc9e74a1bf9de0395f8

SHA512
b4a93cf2d2eb72551d370aa4fb0ec3e2656e85df1c759598f4d79286e8fbe0083db76eb695e21969d7e5b8b7f90dcdd1171784eeebbf99344f9fa6616116cfe4

Download Submit
/data/user/0/ibuger.jiedu/databases/pri_tencent_analysis.db-journal
Filesize
8KB

MD5
393067c7138e7630c19e13c6df24ff31

SHA1
25d9d0fc09b68fbce9986d183d27121498a1fce3

SHA256
34b482919ab636c2876396183133ecd6c03021bf84b6b23d47f8ce20766faa4c

SHA512
76163e86eafa98ee37a8a37e53b5a998013067b97996eaab0b49edd1b2ecc6a8260189b66a40f915ea1b2fb6cc9043ad3bed3a249966ea24024bc0193252a62b

Download Submit
/data/user/0/ibuger.jiedu/databases/pri_tencent_analysis.db-journal
Filesize
8KB

MD5
83c8f908adb5ffcb0bb428e98b4939c6

SHA1
38d236d199ddedb975e4360c2a5e2a2acfe583aa

SHA256
9ea098eef3ce2c9d1483dc8ca88ce3d0886f7d386644c48dd3b4c57e89a978f5

SHA512
f29a3874db554d95f1990b664a3875b7ef5b1de8168571e4fa2f189b4cb8d6c5241b8dd6a07c8675199329828b6a307172110cf97d8656934718e7a8d9ec9186

Download Submit
/data/user/0/ibuger.jiedu/databases/tencent_analysis.db
Filesize
40KB

MD5
fbe7ba9aed6f840fb24dfea363cfcb84

SHA1
e091e531405b7c64cebd27af80d4c093ef2d43e4

SHA256
940d39534fb9e30a7d486830090f4ac077f9500310239cb03cd5b3889f18d39f

SHA512
33c34c154ac65d117f491bb05fd3221383a6e2347f5a438bf35f74bb724413967c674928a63562fadf9a73489240eb01b2a5a02274eef3e7c0b6e614dee45e25

Download Submit
/data/user/0/ibuger.jiedu/databases/tencent_analysis.db-journal
Filesize
20KB

MD5
4f91410747bb2ba7a43ee7b298fc9417

SHA1
597e95133bff38aeb4154b8a79aaa0d31ee99fcc

SHA256
4e93ae7c16a145783f04d535aad7112b561b401ebbb01cee861aeb67f01984cf

SHA512
c13d30e367c948ac6899423954fdb0ec3a47b74bae428e0ebd8c7bd3544f21953d22a1632ce567fa5b7c999004d53add84a7bd0e226c40de41af04ef86a64ca4

Download Submit
/data/user/0/ibuger.jiedu/databases/tencent_analysis.db-journal
Filesize
8KB

MD5
7f835fca30f5b066f7add9de523a6951

SHA1
a0d18a348af7d1bacdf1ccdb83cf247460b67034

SHA256
a570d32bbf9c726d147f42dbd719c30b4431c66794b88dea270109246c177512

SHA512
a0447cfeeb8419af27aca2d446b0646ba2f50f83e93594eaf72a0eb6e0dc97e02ce4d66ba9a29cf492100506adf44f3a6b253ea51b6a6bcc144ffb5aff9f39c5

Download Submit
/data/user/0/ibuger.jiedu/databases/tencent_analysis.db-journal
Filesize
8KB

MD5
3927cadcf707b023c92b923ba79a3c2a

SHA1
1939ac3230b9698b820681ce20a7aeab5ff0a78f

SHA256
a0b0a1af55fbe5fe750d9c89d3c6e4136c86e2faad9e634e9ae79555bce3a2a6

SHA512
dbf1e7dfbc5d4e780af1052f7dceabfbe1f81752c7f5bed8b95569b168e07d813e40aaf925aeefdb37afa346b42f646291fff8051d2cc93c2af53dee8d67e7f0

Download Submit
/data/user/0/ibuger.jiedu/databases/tencent_analysis.db-journal
Filesize
12KB

MD5
46060c46ce265fba40d005fd391cd670

SHA1
0282bbe6a5da7904373aa2c732704f904ff21a2d

SHA256
39d516180bf6f0b9ee6a510b651178d8cd5d3ed39a2e3c2b8fc8fa1775d88ad9

SHA512
936debe55ed9e69feddab9babd9dcca6bc2becb099229732b12c877ed944d7b6cf18f01418c3d713b864fba5ff0154fe2f9c48a21f2a06d430b106ef3d68402b

Download Submit
/data/user/0/ibuger.jiedu/databases/tencent_analysis.db-journal
Filesize
12KB

MD5
47d2eab2962c2b2450a09074eb086b24

SHA1
5e11c09c682ba62086510a9a098073313a412e7b

SHA256
39596c2de677ceeb0ecaf297734f145a3e64524c49871bb3dc557bede94840a2

SHA512
98edb0a73482467bf4df6b2e5e99e911a788b9a7435f68cc8d369de63ee595bc9bce373befc03e8a6ced0b75d96682fe5afa514881e551452bada7fd9957f807

Download Submit
/data/user/0/ibuger.jiedu/databases/tencent_analysis.db-journal
Filesize
8KB

MD5
14f6b9fcb90c6651b270d05c5f630176

SHA1
5c2cdf99d75e384a1c842c3de6597b0a22711915

SHA256
0646cd22864f17e55f5df9297cebdedacac52a39cf2fa433d7bd67c0bb433ff0

SHA512
eba21fd1ba6011dd976179332f7f9077b421294564172c319c7daa180e66c4a624cccd3de9ffc7ef0e9a8c6e344a59a460a38021154eb6ee2414087300ffeb68

Download Submit
/data/user/0/ibuger.jiedu/databases/tencent_analysis.db-journal
Filesize
8KB

MD5
3956d8284b387cd956a261517906b814

SHA1
6aff6d7796803785f959658ff4868be832146e15

SHA256
69ac206c5ec248de2cc17fd51a5af03da11406825296c484a49e9b3c8389a379

SHA512
9a10faf162cc60fdaeb9456d8158b3710fc2b695bf130c66ff9861977a4448014d4b50baa1c2fce0130bfb2bd6adb0a74935c22e003579242a3920661271183b

Download Submit
/storage/emulated/0/Mob/.dk
Filesize
107B

MD5
63729630bec101b3598fe1e731d39d4a

SHA1
c323e3cda205b1f1c29a1efb9ca408d1e429fe87

SHA256
90d147e83314447d51273251c812550887401b9af34ff8a0292b77bec94a212c

SHA512
c9bdfdda8660c534c837f82d9aabccbe21371ac468eb871e284540edefa824b17ca20b75d5b14f0dc60e4e056b1d303bd0671c7f57a0601bb0fb43f89c0811c0

Download Submit
/storage/emulated/0/Mob/comm/dbs/.duid
Filesize
480B

MD5
d6ad7ca453a5bf96dd4af669c29a47b1

SHA1
012c91fb61877f38453b10b5362dbd3f6276674d

SHA256
781776c442d8df0c45e7c1f8441330ec863b24591d762837f93812f91d3e2979

SHA512
2e1422342dbe6f13851d7279be06a89f7d7ca4c6112e73e163e30ec281eb7f7f525c21d1f7458b08ba9f642bb4788d0417d5985547cf95859b4ed97d87780719

Download Submit