134c8dbfb663eb00e0df968a4f4ee9c362ff68c6a8b9fb6599377083063bb800

Analysis

max time kernel
10s
max time network
186s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
23-05-2024 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a7c5255f13dc929c096f385ce848a81_JaffaCakes118.apk
Size

21.4MB
MD5

6a7c5255f13dc929c096f385ce848a81
SHA1

903ea534f35656e8843ec1856c2c6b66d83c3431
SHA256

134c8dbfb663eb00e0df968a4f4ee9c362ff68c6a8b9fb6599377083063bb800
SHA512

c042cb9537d626a1fa0791034bbba85730c9442d995d4a31e2422b0286e48598e48f996fe9d9200d2c0044006096fa9cb6c9a5f751321da6960bb139fbcc0d8b
SSDEEP

393216:XQx7hXBkePJ/IKeAuk5StsuBgzmoDzeyyiErh2Tqd/Q9D0QefnHZl3254Wxnr:XW9+wKKe9tqHrydr/Y9IXfnHfaHr

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.bm.guorui.po

ioc process

/system/app/Superuser.apk com.bm.guorui.po
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.bm.guorui.po

description ioc process

File opened for read /proc/meminfo com.bm.guorui.po

ioc	process
/system/app/Superuser.apk	com.bm.guorui.po

description	ioc	process
File opened for read	/proc/meminfo	com.bm.guorui.po

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.bm.guorui.po

ioc	pid	process
/data/user/0/com.bm.guorui.po/[email protected]	5108	com.bm.guorui.po
/data/user/0/com.bm.guorui.po/[email protected]!classes2.dex	5108	com.bm.guorui.po

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.bm.guorui.po

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.bm.guorui.po
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.bm.guorui.po

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.bm.guorui.po
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.bm.guorui.po

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.bm.guorui.po
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.bm.guorui.po

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.bm.guorui.po
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads device software version 1 TTPs 1 IoCs
Uses Android APIs to read software version number for the device (IMEI/SV for GSM devices).
discovery

T1426

Processes:

com.bm.guorui.po

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getDeviceSoftwareVersionForSlot com.bm.guorui.po
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.bm.guorui.po

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.bm.guorui.po

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.bm.guorui.po

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.bm.guorui.po

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.bm.guorui.po

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.bm.guorui.po

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getDeviceSoftwareVersionForSlot	com.bm.guorui.po

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.bm.guorui.po

com.bm.guorui.po
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Reads device software version
- Uses Crypto APIs (Might try to encrypt user data)
PID:5108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bm.guorui.po/.jiagu/libjiagu.so
Filesize
486KB

MD5
50750315eef281575611bc425174b939

SHA1
acaff02526d7b4c257e00002ed09af364f66a401

SHA256
c8d37512f73bef5a1c1b060676cdc6d508a8d8dd36f2438f5d6353c9b8524bef

SHA512
60584a993992a68e8d0a53be705e3a9d52fc126df26b9bdcf80d14e659f1d70bceb926e0a99a69fdf40f1c09fd61aa52c2d2c008ee5c3ef59af5922a75161ea9

Download Submit
/data/data/com.bm.guorui.po/app_crashrecord/1004
Filesize
225B

MD5
e5be811829893c6742ab81074ad57429

SHA1
a7b4adbe2e5d34d1273145ca826cb7f5e5d32c83

SHA256
538da9ff9564993b23b3e5143063d9c0c649e0e889432ed7336db5f1f9847255

SHA512
719a0c6189371c8ffa86b52973d055fe06a384b9a0827af51508022e6435e0cfe0a5b8c2f609336273f2c235925905814c16f2f52d93187c1e4f05e7f9cc3ca5

Download Submit
/data/data/com.bm.guorui.po/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.bm.guorui.po/databases/bugly_db_
Filesize
96KB

MD5
54544d9ed691fe9422708a21ab388a95

SHA1
637b4cb8320ec12a5fcc5a44a2d2dda26de72478

SHA256
54cbed1a1f73d337103b7a39e651e430d280b5892c33f231ddaf87c0ca1ae169

SHA512
4317bc2c94b8ff8e8d1ce2baf0a9735b9070b9268da143f98c0058f4bc40491eb78ccd6af5f886c25b0f6c5fcc66315eaa0b64603fb2240a34f1b9be6b60895e

Download Submit
/data/data/com.bm.guorui.po/databases/bugly_db_-journal
Filesize
512B

MD5
0eb1174e4ad1db0c2be78a1ba4b79623

SHA1
ba2e742e3da2aecc6f902c923937d563419c31d1

SHA256
2b81f4a7ffc9ebded8e1a720636ce1fd4be246d3c9268a54a981c852186a5b8c

SHA512
6c4f0827c4251621d8ea372ed8cbd8361477571a316ae397441e3194d4c8e174177099f5187e9f8565e7ba83bb19b761dbaf2d830ee1c0306227bbc56b068f77

Download Submit
/data/data/com.bm.guorui.po/databases/bugly_db_-journal
Filesize
8KB

MD5
dc4981c551cc4910fa2cb3b0d05659d8

SHA1
35399c4f3c6eb7bb3ce9047e550db93e90f5339a

SHA256
b893191d1a43aafe1b4bdadc4f79efb8e5dcbd99338dc43aa5d35dabb494993b

SHA512
2bd0c13f448a8b84614db8bec436782d2a9ba178425ef9cf02bcbcc291e54954b556e8ff932bc97aeb32e1d53b4dd06e13900e19b51d2a1bae118cd51844eabc

Download Submit
/data/data/com.bm.guorui.po/databases/bugly_db_-journal
Filesize
8KB

MD5
0fe7efd56e9d9d0c1822201a7ffe38bd

SHA1
c650cb6fd0e33b6a2a83796a2b3204c707b871f1

SHA256
1ac3489b822ada6ca9e251bd0758cbcd36585e33786c6a36dd83c9a86704ccde

SHA512
f0eb9ecc35fb55802c0042b9570c98e42aad45d2f226f966ff2f22f1e8c20cde3ab7fe300c30590732d8211ae024f3e86b069c1cbc74073e37a7765b66333632

Download Submit
/data/data/com.bm.guorui.po/databases/bugly_db_-journal
Filesize
8KB

MD5
439a9c1b23c16a92e66bfbb212577288

SHA1
ed14938c569e6eeb13e1ec319537f9b50e6fdbc5

SHA256
8a5e0495cbace90780453951120996b018ddd8ac0c62fb416f16d9b628ccdd3a

SHA512
b3b225ea23a41f4ff5a54f93bd9079f83425c3b33958ab65096bf4b40deed7dd005f38860701a8e105607034f57e1aecf7a8d236c12dfe4ea56f649f95023e0a

Download Submit
/data/data/com.bm.guorui.po/databases/bugly_db_-journal
Filesize
8KB

MD5
e32ee328b7df34c9233b9e3fc7f2e83e

SHA1
a6bc173f77ec8c7c3d002b3725fb4361e456ddfe

SHA256
2526e2e01c588f2a3113f1bcef4cedf147b3a98cace91954edb0609cd007e2c3

SHA512
34f23ebeb15664809667e54536a783a1f0452c47a78855b7fdb7854065fb88ef5176e9651a85efca50a2b96bebb57661da92d74fa4d31c320b7b247787eb6704

Download Submit
/data/data/com.bm.guorui.po/databases/bugly_db_-journal
Filesize
12KB

MD5
b604c538b5694930bb1270a33a2af316

SHA1
40e40f329376d8a09736f7e0d7243383ad77becc

SHA256
874a4745f529b4d5973cb23f2a836d7c683b65df21ef655d6af37cd8617f5732

SHA512
e699290cb3c1e86740f5421baddf295e3671d47d378300339aa6a80b9e1ad5684f0fa0d8a6d3c58c3bc8c3b82258ce208173facb4d4dd79692a1eef1ce1ef846

Download Submit
/data/data/com.bm.guorui.po/files/.jglogs/.jg.ac
Filesize
32B

MD5
f9a2522cc288302eb78d5daecb8347bd

SHA1
498d582c6dc68da08ee1795e641c928f447a387a

SHA256
1e0ef68442b3563f30aaf66f48f19521727589e4b3b2d1e46338c745687e33ae

SHA512
59e4d8fd14b15e9f423006dd156e0d197f15a74ca68051a97e0d6e52666e376f726e016719eb74d1177cf03876d34366cbee7903f3c6a7c24e515d20297f8e7e

Download Submit
/data/data/com.bm.guorui.po/files/.jglogs/.jg.di
Filesize
340B

MD5
e74fcab14ff8ad7488df6c6b5c56ed23

SHA1
18a72292e440d77d5e72f4ca515e992eabe79388

SHA256
0f77d592ff591c095ae35eb15efab941c6ac3eaa922b999efcd893a67ccca550

SHA512
e685e3982037bb826b1580a2aa4b8668cb79f90d437eb7d18b55d87375741e0ca6637f24208881b72aff923d8816e9084324e3bf12f6ebad4e590d66e15328d7

Download Submit
/data/data/com.bm.guorui.po/files/.jglogs/.jg.ic
Filesize
32B

MD5
71a5da2d24333c5eb9f61c75ed4a424e

SHA1
857945b6d38efaecefcaacb48582cc5bdfb8bc62

SHA256
1c7e6edb85cfa31fd8a232d303adaf150d4183163cbda7784ae68c7958fe4a98

SHA512
a586d30fcf242c572862101166231402131fec43f6ad5f4e7e5dac5feb5b692899e0a4aa1da0908c46da71104b49a5e4f1ec1a175d3f8e3c04154f7e123917a2

Download Submit
/data/data/com.bm.guorui.po/files/.jglogs/.jg.rd
Filesize
32B

MD5
5a2ee30c11dab8a220b1f88021cca32d

SHA1
6a9d625c4f7e9f1c0d00576fab066ce2d74e2cf9

SHA256
f9fbc1649774873c47a43b47f7b744e0c9fa95deeec6dea78c146034694ed184

SHA512
decb0277702f58d61a8c0a8beda4f23707fdfca704f5cdd3871c18a1f7903127ba9f488931d08f8a408034349fe8076ff8bcc9ae40deb30d1a017661d0f54202

Download Submit
/data/data/com.bm.guorui.po/files/.jglogs/.jg.ri
Filesize
314B

MD5
7027accac7bd5a7b4e0324e428e6d3f5

SHA1
aa7537de61c1f75c5dffc113fa9b79532de15ad0

SHA256
85faa1a572f5c0bc4e8670b95d5c46d2e5356af42b007f096eb9f03026a66c33

SHA512
c8cc1d1a15a534b512fbc7971f9530db2d3ba56aa3662548f03cf324421a0f9bb9b7d9f2ec457184b6e37c1c00ad1aa17ec9d6934c5bc0f7d067f3b88dd68cef

Download Submit
/data/data/com.bm.guorui.po/files/.jiagu.lock
Filesize
27B

MD5
83c97ef67ac0a361d02cdcc354477108

SHA1
9e2108d1eba9dde0550be35be1820b8a2f13a7e7

SHA256
ffb35ab0261bb83f731f13851dc4750beca361c7051bb531decc3fdf2f68bf4e

SHA512
8035c2c1927682f2d733ac2d3bcbb552212921b58bf959b3ccbf2d925b37c313bf038008e7354cc5850a45599b446fdd537035aaa5246083e2bda7fe527935b6

Download Submit
/data/user/0/com.bm.guorui.po/[email protected]
Filesize
6.3MB

MD5
a01798a8e019e9e55855baadd59d252a

SHA1
81775129a19a9aa221de41b5231bb78363957125

SHA256
5c7674acb205879b31a0a03ec71c651b704bc9b3b5b2add48361ec51f70ff240

SHA512
020a7eb016219f426815695291ec9269de794fa968328de13c4429c17d073095af0e4f0367f8814d7027f99072be896268d007d70b8efc208bd39f14b0146319

Download Submit
/data/user/0/com.bm.guorui.po/[email protected]!classes2.dex
Filesize
2.1MB

MD5
11bb417c7202db7582116b58910da433

SHA1
02339b82ed5943caed41017dd7b163d5e90cac4e

SHA256
78101fec533de0e65588dae74e48211df482fd9aff7fbdb02a6a1c76bebd61e4

SHA512
f004041c1260a41a70ad5f514f52559dd6ff7fdb9529562505b4babfe15ecbbcb12eeb10a6f819ae62febb2f49661f68cc20eb08f7e41213048a5782bc47f2e0

Download Submit
/storage/emulated/0/360/.deviceId
Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/storage/emulated/0/360/.iddata
Filesize
32B

MD5
5c5b40667c012546126d8aa441776229

SHA1
529f68fc9c6ef91186bc488578e622596d55cd8d

SHA256
067b8c99678557ac8287b5a611e2089b5e7861addba5ddb2012a636723f02441

SHA512
9090c2a63190e41ebf7392b06d21199628238f18793f686e187b72e8914a199479ade145943f6e7801e89f3d739ded3a0f45012675a65562b9a27dfdff605b27

Download Submit