8d55bee23ad78905663a25e01d958cd9726148bee92a2162fda54c628068b6a7

Analysis

max time kernel
176s
max time network
185s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
23-05-2024 04:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69ba1f1ade25eda9fc2e41a5f1464dad_JaffaCakes118.apk
Size

9.9MB
MD5

69ba1f1ade25eda9fc2e41a5f1464dad
SHA1

1efe4ad44c6f78f11229cd8f162b65d156ccd36e
SHA256

8d55bee23ad78905663a25e01d958cd9726148bee92a2162fda54c628068b6a7
SHA512

405e09b30ce9ce3175379885b4809b6891b5f1574e73bbb12b9cd28863c67739d4e2c7970680af2f033baf5816298680507a765d6516d4e40897bbaa06aebeff
SSDEEP

196608:y/HIApKG18qHqDMyzgjA2/7dLckj1tokSnVN9eB+8i2ARdNdvbH5nj0FkCQt:cJp1GU/7dVj1WkSV7G+l2AR1vbH5nj0g

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

System Information Discovery

T1426

Processes:

com.viaton.teacher

ioc	process
/sbin/su	com.viaton.teacher
/system/bin/su	com.viaton.teacher
/data/local/su	com.viaton.teacher
/data/local/bin/su	com.viaton.teacher
/data/local/xbin/su	com.viaton.teacher

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.viaton.teacher

description ioc process

File opened for read /proc/cpuinfo com.viaton.teacher
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.viaton.teacher

description ioc process

File opened for read /proc/meminfo com.viaton.teacher

description	ioc	process
File opened for read	/proc/cpuinfo	com.viaton.teacher

description	ioc	process
File opened for read	/proc/meminfo	com.viaton.teacher

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.viaton.teacher

ioc	pid	process
/data/user/0/com.viaton.teacher/[email protected]	4343	com.viaton.teacher
/data/user/0/com.viaton.teacher/[email protected]!classes2.dex	4343	com.viaton.teacher

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.viaton.teacher

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.viaton.teacher
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.viaton.teacher

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.viaton.teacher
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.viaton.teacher

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.viaton.teacher

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.viaton.teacher

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.viaton.teacher

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.viaton.teacher

com.viaton.teacher
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4343

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.viaton.teacher/.jiagu/libjiagu.so
Filesize
486KB

MD5
50750315eef281575611bc425174b939

SHA1
acaff02526d7b4c257e00002ed09af364f66a401

SHA256
c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef

SHA512
60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

Download Submit
/data/user/0/com.viaton.teacher/.jiagu/libjiagu_64.so
Filesize
568KB

MD5
32a8cba7e6fac645ea3d1fca87cba90f

SHA1
6b01347c0d6777ea644c9859214decf5a00431b3

SHA256
ec2270b007c53f33ec3ae7c49e78fde28a64bf2eaf4309ce60abf9e03035227f

SHA512
018c9c65ed954c48b98d6a42e28f6b2e5850179079497367bca849667fdd69a96a2182b43c2a865ebcbfd8548d6973d9b0d2f9570644a36bc7549b1a420557d4

Download Submit
/data/user/0/com.viaton.teacher/[email protected]
Filesize
5.5MB

MD5
e865a82527e7cf2c5b19609a80bc5d8e

SHA1
1ee00bb447ffd8a7f722cb25afe2913d50c72348

SHA256
afbd1950691f86e1b5e80cf2e5e58310f7a8edab20217a7cbde770edd7140173

SHA512
b1ac51db4bf0f7870608888bd76bbce6cf47bcadca7ab220f768579e119782d2c85e9aa0e1f89288d1434f9fe637e5c093b33665a350abd78ff1311cc893bb86

Download Submit
/data/user/0/com.viaton.teacher/[email protected]!classes2.dex
Filesize
2.4MB

MD5
987cf257f3cdb73c16e6f61efb13980b

SHA1
e3dd41a1a94e2acd374e63f9848a08d4d7bb2909

SHA256
399ac943751e627df6f01b7daf90d7d1a197301c33a2acc5d9afbc5ef4f4d5e0

SHA512
717f75cf203a6f12efbc24f06993293d7f78043c71d6ccdd84d249a4aae880426748e748ab20365b58fe97c62d6051420282eb871b2ebe92085e52115889a508

Download Submit
/data/user/0/com.viaton.teacher/files/.jglogs/.jg.ac
Filesize
40B

MD5
5dc27d56b43cb131b50d53defd47fc7b

SHA1
e2ab69e3e13dedbcce63ddec802b979b9ad40c97

SHA256
f1db453ee323a5178d79a382da7774149fe08c20f7d0120ac4de005455b57906

SHA512
ec83af0a1ce9f07b4330e5ec3a7e38578ce0a245c82ffcdd351d49e7e6a41dd98d3de54a89ae27e7e0e52e2cb141334436db57ade1bd0dcaa0520a9b9037b086

Download Submit
/data/user/0/com.viaton.teacher/files/.jglogs/.jg.ac
Filesize
40B

MD5
76c2696d0190054e9227aedd74721328

SHA1
76f213b75448229b4051326e422543bf5dc097e8

SHA256
85d1f0409ea20372d1c58ca4b26c5e186522b5480130162f450cd3b96e5a3256

SHA512
fd201f48b81c0d86039826c3908724687db487f6d642c8b1a0b666816f8bee49dd2697eb67c4f62c7a47736238b47670d4dcf324e8635b0e3f04a56a9ad108aa

Download Submit
/data/user/0/com.viaton.teacher/files/.jglogs/.jg.di
Filesize
348B

MD5
3c0dfe58ed67820313b842254f43995a

SHA1
33af06818ca4d4357c2ca92a2e088fea395e9d00

SHA256
a71289a5386cce79ff4b548a443fddaec82398a58f8fa11792bc9665712276c4

SHA512
5adfe0f68215a18fe8023980db00499def75b4ff630ac7265ca9d44790e4bcba8be1f383214f8b2eeaf1268b7d266032507f0f32bd66096a8ae6452499abdbeb

Download Submit
/data/user/0/com.viaton.teacher/files/.jglogs/.jg.di
Filesize
348B

MD5
532dbaaa74ba3cbe64e6f4228c7340fe

SHA1
7b377c1744aa8a04c99652407d3c6694b89d4dba

SHA256
faae210423b18b2e0c9e2647c06f951c77de24ec3e6d9ce5238eb9d5ac99de68

SHA512
1735e1185bd91a79e75050799a0fb2d2ce4511d32b63e5d495bf9010919fed2ae7acfa6e57d8d5235b9bf1bf11f04a055853fa477a408867681863429988957f

Download Submit
/data/user/0/com.viaton.teacher/files/.jglogs/.jg.ic
Filesize
40B

MD5
deb971b962099028bb4582419a3b54c2

SHA1
332d0c6889b32cfdf4f8fd9783324fe67cb59008

SHA256
3881feb974b21e3efd6a17c4f61c0285fc0ea51bd9225b5c83fc3f1e6e92dda7

SHA512
cecebfd132762ac6a3815e9396b891fd8f9080f4af480a6902e3e2d8616fdb9749f3b0e92ff7298b14932b52333c5c441c83d6c7f79f4ab65d03f06d1af4c236

Download Submit
/data/user/0/com.viaton.teacher/files/.jglogs/.jg.rd
Filesize
32B

MD5
acbed6f16b18fc737c2a65b7e136856d

SHA1
7af23fc3517aa086d95422f6f34c326f57955c3a

SHA256
2ee02f1e4e2a1b52c052458046abc9684df2c5cd1d44b0f6182e2ec250035aff

SHA512
c8f4b37fa688ce7a6563404ab79f21c43d21af209464c8ecf39c4d9f2e2c8ee32ad2cfa2873f66a89930ff0e971391417132e93576fc13b4c4ced1cba8fbbdee

Download Submit
/data/user/0/com.viaton.teacher/files/.jglogs/.jg.ri
Filesize
314B

MD5
bb8696e330ce34df76afab98489ffca5

SHA1
78d965ce80b3b132514b49c17b71535cd6b47efe

SHA256
50d5aa7c7886c46e93f44642b9aab294124dc25b30e040876e62f3e61076f4f0

SHA512
d1ce374e244307c6a127ce2b5d2a9b4afc4bac35477170fa8321076f82531aed7411aecfc913b4b6e0d1d8d7eb0ed519e711479fc9f615ccf8071c3d760784f9

Download Submit
/data/user/0/com.viaton.teacher/files/.jiagu.lock
Filesize
27B

MD5
fb4860699a148ec4e6690cdddc88f99b

SHA1
f7fc13425c1c6515b719cc665f2756f8dde90c87

SHA256
5362f1ed7d8704029cac82ece66d3d7ca2fe96817b84e4b5f82545b07e022acb

SHA512
af02844b1c99af50ad5d6ad0dbe01059612f243c6a570eb1a4917e6e812b6109785b8aa937c5b22519a9b6cd8e35032240099c8e662b596c86b1d56c6a16eaf1

Download Submit
/data/user/0/com.viaton.teacher/files/jpush_stat_cache.json
Filesize
119B

MD5
36eb3bc43e9682c1ffc30f7dc3ad9694

SHA1
1aec7fbcf5070689169b76369d9152f65faabf30

SHA256
2f4f36fcb52e33b53be1b1f8f52061ca0551d051ba16b9cce178fb15139b60b3

SHA512
024c1731ed209b1c8fc9529baa20d2b2fbbdc5c0f141e786405ff88ff85954d8dd4043101f8dd738dfd3bb4fb0e7ef088df2067ca90178206f22b1f95e2b969b

Download Submit
/data/user/0/com.viaton.teacher/files/jpush_stat_cache.json
Filesize
119B

MD5
2b6690a6b8159ddba603f297ac7897ed

SHA1
28db1eecf43d634e5d7e3f05d0cf3af8512673ef

SHA256
f8b875bed0f44e92ee6cdcbb5165e96ae699002a705498d9882dfed9a5e10393

SHA512
ba5c218f6c553a1cd8adc853df42434281d9e1fa2e4ef17ca8a2d660caa72188e8c85aa6c93bfbc7aecaf1206458e2df851cd5fbdaf8b2911c1ae49cd5ae5c5e

Download Submit
/data/user/0/com.viaton.teacher/files/jpush_stat_history/active_user/nowrap/be276a66-cb87-40d4-a87f-b02d2805347a
Filesize
159B

MD5
4015ea34f2d489899e1a3ad50a69fe91

SHA1
6d70996adb7daf6c9803e2e7334314e60e36c1cf

SHA256
fcf2a42d4f709fddadd4874129c314f750cf86954d86e82c4609a8a93b61d45d

SHA512
733af1d47a344f656e282e394782db81da7f4bb92ab33e1e40e06e44339adbb17e934b38e487abf5932ec84295fc7b0079be8029e1fb91eb76bd1a02a95c8a27

Download Submit
/data/user/0/com.viaton.teacher/files/jpush_stat_history/normal/nowrap/ae1a66e9-2a4d-42e8-9369-1b914f824a28
Filesize
187B

MD5
e95ef79b229a81a8f0510c5f4dde840b

SHA1
634e78f04ef3193a3987c667dd6a1cee9fc4f3b1

SHA256
5a186f8bb3290f3f3a2ff4dfea1e927b437ba2730c6d72346f741fa9e1e94e70

SHA512
2818b1249a3efa95ec6f5025b8800b86367c6c00d41a1df7fb2537557391f6b4e6f3cae961811c7745e136e5019a260643f6588461d7584c88506b8d0c28e0e8

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
fa0ed995cacc0a83ee7133880d095e29

SHA1
7a72ec9999dde45871bee412fbc2f5114bf05e56

SHA256
ca819207f66f97d175b770dfed035daf2e381d52a4d27a38414f9247da8b5bdc

SHA512
d866d43fde0792c79d252af9f871e6765f999a918146f7599a7c14f4db3ac946fd66138a99d6ab278e92bfd1863791027872ea002e1a224fee30fa8f0ed40c1f

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
df04db8bf717ff18b662abf60046d2e4

SHA1
15c9629f4bd5009c816f8ea77a84fd6c0d4a2fe1

SHA256
d6b8044e7a1446d170df38031cd265abda136923d960e3f0e81d5c6b4312c2d9

SHA512
571d0a73ac92dcf7e1641ed8b4a53ac89089cc82a1a1877147c728c72a42422fcbe7e835d910169beeda5404fa9985ef0be9fd042bdeaa94799633c05d207cfb

Download Submit