dc98d26e1aa52d721cdde5dbb644ee8253dedb380ac18cdbea9db66c59829707

Analysis

max time kernel
179s
max time network
132s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
23-05-2024 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a230fe3712c1be6fc6467b55e0923b3_JaffaCakes118.apk
Size

2.4MB
MD5

6a230fe3712c1be6fc6467b55e0923b3
SHA1

efa65b4348a9de50971d182b5f0ccef731cd478e
SHA256

dc98d26e1aa52d721cdde5dbb644ee8253dedb380ac18cdbea9db66c59829707
SHA512

5d044b61bcb3f973144ecb7583c793240fe57ec8d0674190efb12c9b21ab515d92e7cccafbdfafda075d4711e846ca2dfebf5d5e883aa838a48d21005e37418d
SSDEEP

49152:2sN5a/y1IlzFnvj8TtiP5QLZx/VXvOLYCcBQLLlpxU/NV8:W/ym5b8A5QLjFvc4UlqNV8

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Requests cell location 2 TTPs 3 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

T1430

T1627.001

Processes:

com.juxun.dayichang_coachcom.juxun.dayichang_coach:remote

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.juxun.dayichang_coach
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.juxun.dayichang_coach:remote
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.juxun.dayichang_coach:remote

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.juxun.dayichang_coach

description ioc process

File opened for read /proc/cpuinfo com.juxun.dayichang_coach

description	ioc	process
File opened for read	/proc/cpuinfo	com.juxun.dayichang_coach

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.juxun.dayichang_coachcom.juxun.dayichang_coach:push

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.juxun.dayichang_coach
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.juxun.dayichang_coach:push

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.juxun.dayichang_coach:pushcom.juxun.dayichang_coach:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.juxun.dayichang_coach:push
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.juxun.dayichang_coach:remote

Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.juxun.dayichang_coach

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.juxun.dayichang_coach

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.juxun.dayichang_coach

com.juxun.dayichang_coach
1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4265

com.juxun.dayichang_coach:push
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4372

com.juxun.dayichang_coach:remote
1⤵
- Requests cell location
- Checks if the internet connection is available
PID:4421

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.juxun.dayichang_coach/files/lldt/firll.dat
Filesize
76B

MD5
fd445f524636fce02bffb83cb026c770

SHA1
faca2bd9e1edf575ee790e0afdf6282b4cbbd80d

SHA256
760f77056fa66d5699321ebd56c064018fbd55d3d86a3fe312c1d72a0f82d95f

SHA512
16662bcdd3860ebb2fce48761b274c34cf47ff6afcbd75828ce76a7548836ac0bbb1885cba5ad6fcaeddced7d8540b2d38d17fe2e343758d3c797a5dbe8f534e

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl.config
Filesize
235B

MD5
1294c71ce85d9de95d44d47f0dc1dd08

SHA1
d53dbb0b956d77a154afc1ce4b18526fd593533b

SHA256
fb06d5bef4aa2f71c2bc0af0efa586fdf63c7598cbfa5815d879bff093a00d19

SHA512
a6162f52ba43984c089c5c2fe7307056c0bc63fc6a044b0f34f873f90156aeb171f26802d151163263355f3cfab055b1bd7dc19deb3cfd970fdcef70586d8182

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl_location.db
Filesize
28KB

MD5
4a5738275ba2210055579a5cb2b8f245

SHA1
8684e24b58caa38f49e0e3dc58722d542517020f

SHA256
16969d55c6f0e55c63c8e9a0c98011387ea74d1deb141cae8d781ef910a74eef

SHA512
768e58b37fb90f36df11e66494ad15f059bb7e0bbf7e76e17471babd8bf97d07b6c7974628a944e2f564bfb9dbb188a6192a3c03f32547eb48ea67edf2b95488

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl_location.db-journal
Filesize
8KB

MD5
3f3f1e59bb4620e19173dd37674c935c

SHA1
424658963f3eee7f9df4b6852351c746b19b171b

SHA256
39fba50cf53caf8aee8a8edb859a0f178e81b827fb1a1ff4f58c8535b308dd4d

SHA512
83031ad9e1fc62eb15182d772eea3f6e7467cae05bb32c7a18dd09b97dfd453dcc01bfa8c96b9775448727bf6eef935fe0aca9c8b18c059ff7db1f06ede3d7cb

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl_location.db-journal
Filesize
8KB

MD5
8a01de8697f51123e49d17edbef99b35

SHA1
631f4e8616e84a3ed4873728c24ea00fe3d0ed71

SHA256
9a5a15139430b121d13ac1f31184a3cd764093b6925b97b94881a94ee25c06c8

SHA512
4d87327e7f40bd775bd4d99c6c6952d32e1feacc7250479a5d94adfebcbd2dbb9a84566d7a98a29950c9d253c3ec6d72302178c33d33d8a0c395a5febef00531

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl_location.db-journal
Filesize
8KB

MD5
964b7007fd3170af3ba74b8fe6b91211

SHA1
dc2d2e3c3388ce8074d806a6849ec5c9c6f7c89d

SHA256
0cbfee46504eb61aa84fe2b126996e48263859d0eeb700d2cf91d31247d13aff

SHA512
53ca3bd5115f28eaa6ecff43b6882cbb82f806b4994a61e2976b14bc921349c1f90cbb118da653f704e6cf0a976be16fca6dffb31b661f012baefc3ce9f2e83d

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl_location.db-journal
Filesize
512B

MD5
617f83d5f84328878adf35ba3b53d662

SHA1
82404fb5b07af6b1658636ef9fbecd88733d66f0

SHA256
83b8843cc4c46e77848a7cf522a7da5ec98d663e8a3229e27c124739705865ac

SHA512
c90a764dd086ac0d7808a8e6e79f8f0ff640cd9dfb1f5e23350baf30cee582fd69f088388ea0c6315048eb716655bf5a80ca8e7a94ff750003aa18a621ec4b9c

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl_statistics.db
Filesize
80KB

MD5
cf2cea7e9b08ffeccdad60248f536765

SHA1
61f97840aaf57a7d1c9ce994a5176ccfcdd7188c

SHA256
b761bcedaf9a60a17270a5e5b5ac7fb2d333d66a7023a105e9c07c50eae55be1

SHA512
c24815df7cd1dba14a84805b4684e43d6d20fbbaadcdaf8e85ac533941ff1331ff78e697c240f401e4e0386495b6f311200c28d112064efeb9785b72edc79009

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl_statistics.db-journal
Filesize
512B

MD5
efc0b1b9ef120f0b45cff7d64b012917

SHA1
8fc077cb764f479e7ba211e2ccacf416eafe93b6

SHA256
a248cf339684308d78450c2d71ba1ef41964ec5098ee2d475709e676c11a004a

SHA512
02532b5c6783c7e7d8d9017a99c988bbca413fb129ae9f467148cbe9c6d78ab7a13dd6a0a65f18cdd68384ec97347bf10f2d95cfe4abd91b82fed72ce1f02f77

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
0af592082fc555900741688cf592564a

SHA1
9003361ae682e9587421fb3362dd56023d332b3b

SHA256
38e4cf3f5f0617be5e643e40cc063455d00e652930db2fbb9870fcf966135fb9

SHA512
a466ed69a22aa28d66ba2dea5ff90e71530f927663eae9f935c8a5529d915c113888b60cfbdfc95e2635df0aafe7eae514e3d42885a86e523a2a1da57b6fd02b

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
e80469a747ffe3c547ce6da3625712e2

SHA1
6c59cfff9869c0b0bad44fcf670f134bfad5bf45

SHA256
2223772d4078190fb18255e373ff83db52efd426f78211cd69931beb7a3a90ac

SHA512
4779630b4b9cb52f7d81d1f6e3cc14f81ded0131898aac419bf64af927d5b8ad2c2ca950668896f9ac47c2d76786a2217846af0a8f98856e2a626e5bace19663

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
1bd7236ceec4583cddc29a56e15958b2

SHA1
0b20f02c1dabeb56fce6fb530bb314f8e9b23b10

SHA256
69de107846f8e489e1a4b6545c3bee74a155ed572d0ee66770f97cd085125d93

SHA512
ded6e5b72893bffdf54b732a3cc4fb9f3a9d816fdd9defd901c727e18d155b820f12be634710ee772e0673cedf2e4bf3cb3121021c05ac709370cc7b13d2482c

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
e19362a306460732661e74e20701b97d

SHA1
8b8abbffd89aa6aca7932a13030568f649dda588

SHA256
40280ec948a5f3afd512e24c579bac53d2a60ea8668944f99426fdaedd8509c9

SHA512
d97a4a6eeed517d537fa92f4e6c603b032456c8f590a63351172d6c2a6a94418649b15b226cdf82febb7ce7535e49994cb54a7e3c016c11642af5322afdbc792

Download Submit
/data/user/0/com.juxun.dayichang_coach/files/ofld/ofl_statistics.db-journal
Filesize
8KB

MD5
8f243a67576276eb6d7ec69b31b1ce42

SHA1
255a3b094f71bd8454536304310cdc0af4b6f92f

SHA256
d69a85097d8809d2a02d974754eee7bf6097cf5fb773f76845396f593a9ed7b4

SHA512
92bd68d430a72db76cf89c982e24d7ac72a174e142d2bd469b303bedff281df1b305333aa50b6adcf0763a929781bd7655d8437e805ed38172d1bd31d448a679

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
28KB

MD5
f8df032b186b8daec21b955238836997

SHA1
6670b787d78d0391ca067ee9d89c1fc99ab248b8

SHA256
0eb2691193d5b1af9ae73ce1110ea204d7895f5a39d8d5155f6de13dd3d1d283

SHA512
97472fd05b640d30f6e8d2a722e57a1d670e77391506c54b8e55ddb6109a21acee6a74af8c5098467317fd9292460e54ddfcdcf46e44684ebe7798f7890bbfe8

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
8KB

MD5
cf353a21fbad9976357c7207ddb02598

SHA1
29f047874977432b76a7a1526ff74ccb15e8ef20

SHA256
f5699e85bbb1e231b3f8e466a5e91ba98cd752f269d0dfec4aff8125157708da

SHA512
74a58813c021323c4576e58328b2638b719fcdfbee03673a8e93f67f55a63ee494926ec5c1cdcdc6e2bc62c6e2217738c76789d35459052975b663e8f9689865

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
407B

MD5
7fc97f5982298653d951a9156c273474

SHA1
11ede7c84f1eee7a87f1dad53d2cfcd8c3c8e0c7

SHA256
eecf1853033059956eba2d167a9fb73a60e6286e2cb775876bed05d72ffba99d

SHA512
ca0e8b412621d6cc94b212c18a899390eb2f0d870aafeeec03914b5724c53ddad0d2a7e6fb42b415064edfc73f749c4218830b6584d7e1de033a63537e6e2e21

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
512B

MD5
e2eebb5489cc8b669e5dd9ddae6d542c

SHA1
753d8932af6bfa2547345bf8cb2e21ce3e721a53

SHA256
de0e36bcd0d29327347598f2d89a28d2310a1eacc9034d08e026a6f667bc7ba3

SHA512
f92e654852e1104eebd5b83b0d2c5332eaa81296febaf6170d26b6066e27a74ac7a7b123ecfcf4a979f44135508c4ea1ca45af87510cc7b0a859da9711ea3228

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
8KB

MD5
99a27ca220bc40d7a44b290844c6a4ad

SHA1
39a78350b5510623339cd57cc9739b575001df57

SHA256
71244b0ab721ba47c7b8f4f503da383d6bf2f4c447cf0208399b6d16c46b3f1a

SHA512
2cef6f8f67c996c839d945c22475af0e8b9f9c101f7b4696d95e808c73d42c34137cc6816b889da0d3d0f2b06e6f006b64b78f194d17a1324d25c7b522879911

Download Submit
/storage/emulated/0/Android/data/com.juxun.dayichang_coach/files/baidu/tempdata/conlts.dat
Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.juxun.dayichang_coach/files/baidu/tempdata/conlts.dat
Filesize
162B

MD5
3dba1e254f67dea4d977015c3b8b1cca

SHA1
c02a850f04b9225ff83b997afed415730b938bfc

SHA256
b8532c97c4f7eede8f3830c077a1c22724352811f5d60ce4ade462419a3ee34f

SHA512
6f7dc19c5d278cc7ce5e5fc969465814ff94d5093c188c6befcfc6bf2e2fef5bac094079b5c6a6b5c6121f97e7738a8112e070ed0e0d6564b7365221b3c58d6e

Download Submit
/storage/emulated/0/Android/data/com.juxun.dayichang_coach/files/baidu/tempdata/llg.dat
Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.juxun.dayichang_coach/files/baidu/tempdata/llg.dat
Filesize
438B

MD5
ba1658253728a00ad587371c4d936cd5

SHA1
d4b97f05e8c54adaa9f028bdc0ab053bbc6cfccb

SHA256
4b9b14f281778ec5bf9b3443f3f6e49d98724e8793b3ad828990300ac252ad00

SHA512
6d4b4880814daff1ceeac7e23e9a2eafa1a9dcdfd62cdefecf3462bdb94ae1d825628e9b6df67feabd84f8e891747793c19f53445e07c959a529a6d2ee520a9b

Download Submit
/storage/emulated/0/Android/data/com.juxun.dayichang_coach/files/baidu/tempdata/llg.dat
Filesize
1KB

MD5
6d85ee1a3c2c1d99cf99a93145d6c8a8

SHA1
593f4f323a51eda2d7615bfb4576152660410c07

SHA256
5de033aeb4fe314154928260d30da35d909f458a5b6279cf2d92425fa20fd60b

SHA512
b35b4d8e4f07b63f191661589e082dfec86afe598b1af007fb8cc2ca12bc4a40f1ccad90030a71810b3c1aa2e0b832dbb26c29efaf8cf33fd16d00ada3056a7b

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat
Filesize
96B

MD5
d6b2f418e6dad5223fd8d3dd54e74f84

SHA1
da4a26669cffe0bb56ca2a768cf11864c024fefd

SHA256
2b6ec2493f537cbfc93164a917ca1bd07851097c8552e428eaac3d003caef881

SHA512
384c114d7b50dd19603048a2de4bac4dd021c4749a69a63c6f4c59213ecf18f3375151ca2f7f15695ca73bd9e5f26d8aad1154fe5bab4fe9eac548fec7420e55

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
8KB

MD5
353e2993ac45d861b61785dde7d4a47a

SHA1
9a431c54043a1a3372e395b325600cd499697f82

SHA256
1c4abb8bd68f760100a4e0a3964459091dd3eca7bfc912ee9c6feb296a1d2b57

SHA512
28ea772bee5bfb37096f5bcd44cc6a84692ee7cea470f78d044bf71fbb0f5eb11716b1c27f2f94a30628aa0579aaf6d3bdc80d984d4456170902fcb0232bcf7b

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
4KB

MD5
5125000d0fa4cfacd7c3bfde07d008c1

SHA1
804b6e8966350ef47aa54714a31fcc5922d2d2cd

SHA256
53a1797da72e69d8b472ae3667ae7db8e8c7d272bf334a91a6fa3d74af27a8b9

SHA512
348cb7b7c4b5e66f3c3054962ccb2f6c959fb6871c8802edbba15627d87e31862f3fd496f8903d1e7c7352997bd28bcbf69fb5caff3b012c3395d4172651f516

Download Submit