cf3bad2610c81f185d1adc6ad7eaf2ade0c63cc92ca529f767cbf0e2dce23b65

Analysis

max time kernel
104s
max time network
185s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6aa131876809cb855dd32c54efe78c52_JaffaCakes118.apk
Size

10.3MB
MD5

6aa131876809cb855dd32c54efe78c52
SHA1

3726a5e90476b91bc9ceacfbbe75c68cbc54fabe
SHA256

cf3bad2610c81f185d1adc6ad7eaf2ade0c63cc92ca529f767cbf0e2dce23b65
SHA512

dbf75eff62a498dbb461b8e274f8f2d28b07c6b866775430e5d3b45cdf7433a1d97b22d57eb5c1efd1f3fe56c25a9dc2c66d2de02cce79eb6759ce6e2c1f910c
SSDEEP

196608:olL1J4+LqG0pkRvMgTaCdJ++fMQMbNJqtKTau0wAkISwX:ol0aCp0vMgTaCj+MvQLAmE

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.jierui.android.jieruiparent/system/bin/sh -c type su

ioc process

/system/app/Superuser.apk com.jierui.android.jieruiparent
/sbin/su /system/bin/sh -c type su
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.jierui.android.jieruiparent

description ioc process

File opened for read /proc/meminfo com.jierui.android.jieruiparent

ioc	process
/system/app/Superuser.apk	com.jierui.android.jieruiparent
/sbin/su	/system/bin/sh -c type su

description	ioc	process
File opened for read	/proc/meminfo	com.jierui.android.jieruiparent

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.jierui.android.jieruiparent/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jierui.android.jieruiparent/mix.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/data/com.jierui.android.jieruiparent/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/com.jierui.android.jieruiparent/mix.dex	4255	com.jierui.android.jieruiparent
/data/data/com.jierui.android.jieruiparent/mix.dex	4387	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jierui.android.jieruiparent/mix.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/data/com.jierui.android.jieruiparent/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.jierui.android.jieruiparent/mix.dex	4255	com.jierui.android.jieruiparent

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.jierui.android.jieruiparent

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.jierui.android.jieruiparent
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.jierui.android.jieruiparent

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.jierui.android.jieruiparent
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.jierui.android.jieruiparent

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.jierui.android.jieruiparent
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.jierui.android.jieruiparent

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.jierui.android.jieruiparent

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jierui.android.jieruiparent

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.jierui.android.jieruiparent

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jierui.android.jieruiparent

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.jierui.android.jieruiparent

com.jierui.android.jieruiparent
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4255
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4315
- sh -c getprop ro.yunos.version
  2⤵
  PID:4337
- getprop ro.board.platform
  2⤵
  PID:4315
- getprop ro.yunos.version
  2⤵
  PID:4337
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4368
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jierui.android.jieruiparent/mix.dex --output-vdex-fd=51 --oat-fd=52 --oat-location=/data/data/com.jierui.android.jieruiparent/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4387
- /system/bin/sh -c getprop ro.miui.ui.version.name
  2⤵
  PID:4500
- getprop ro.miui.ui.version.name
  2⤵
  PID:4500
- /system/bin/sh -c getprop ro.build.version.emui
  2⤵
  PID:4526
- getprop ro.build.version.emui
  2⤵
  PID:4526
- /system/bin/sh -c getprop ro.lenovo.series
  2⤵
  PID:4563
- getprop ro.lenovo.series
  2⤵
  PID:4563
- /system/bin/sh -c getprop ro.build.nubia.rom.name
  2⤵
  PID:4594
- getprop ro.build.nubia.rom.name
  2⤵
  PID:4594
- /system/bin/sh -c getprop ro.meizu.product.model
  2⤵
  PID:4620
- getprop ro.meizu.product.model
  2⤵
  PID:4620
- /system/bin/sh -c getprop ro.build.version.opporom
  2⤵
  PID:4646
- getprop ro.build.version.opporom
  2⤵
  PID:4646
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
  2⤵
  PID:4671
- getprop ro.vivo.os.build.display.id
  2⤵
  PID:4671
- /system/bin/sh -c getprop ro.aa.romver
  2⤵
  PID:4697
- getprop ro.aa.romver
  2⤵
  PID:4697
- /system/bin/sh -c getprop ro.lewa.version
  2⤵
  PID:4722
- getprop ro.lewa.version
  2⤵
  PID:4722
- /system/bin/sh -c getprop ro.gn.gnromvernumber
  2⤵
  PID:4746
- getprop ro.gn.gnromvernumber
  2⤵
  PID:4746
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
  2⤵
  PID:4770
- getprop ro.build.tyd.kbstyle_version
  2⤵
  PID:4770
- /system/bin/sh -c getprop ro.build.fingerprint
  2⤵
  PID:4794
- getprop ro.build.fingerprint
  2⤵
  PID:4794
- /system/bin/sh -c getprop ro.build.rom.id
  2⤵
  PID:4819
- getprop ro.build.rom.id
  2⤵
  PID:4819

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jierui.android.jieruiparent/databases/RKStorage-journal

Filesize
512B

MD5
039ff99daa21b6e704a3848d70a386c8

SHA1
57a8e4feabdd4654553837ebf7335c58bc96bb2f

SHA256
1686fa88c255e8e1d0ded8a204f801d43e4291a7778096aa3cb1cf11721ead94

SHA512
169e02809ddf6928b5aba5901e6a28f1d66e1d9d5c7557cf48d68b19b74c44610d375b5c763053ccf1897888019c7f14621e356acce8c269bbd17ef36f7239fc

Download Submit
/data/data/com.jierui.android.jieruiparent/databases/RKStorage-wal

Filesize
32KB

MD5
8cdf5871ff4902777cd0c93614613743

SHA1
fb4ce4f0d8ed2f9d10ff85b72d204d39413594b1

SHA256
a4e969db5fff915d17838699bae75beceaac2f92160450ca70a6c6054c4f8903

SHA512
dd842a68fa712d8c32c2cd28c0c9666b3c60d0430f8c0590ae72c36d6bb575aa837643813bbc715b4539f992de2b52c3cf7e1784161831c5b7af5391e96a59e8

Download Submit
/data/data/com.jierui.android.jieruiparent/databases/bugly_db_legu

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.jierui.android.jieruiparent/databases/bugly_db_legu-journal

Filesize
512B

MD5
dbba58bdbfa51d6f6b99e9f0b83b8136

SHA1
f1fc2eec20992f574439002e44019efccae6d4a5

SHA256
5d2ba73e97718ffcea1e04d4abd845cffb96cfeff6e972ddde034d813ff6456c

SHA512
bbb39510ccea1392672fb810f40aa48aec13c7b1a24cd3d4089ba9a65d03b59aead9236e18bbe0685610e1207bd927f5681fbd6ea783515f3b3edec3c948758a

Download Submit
/data/data/com.jierui.android.jieruiparent/databases/bugly_db_legu-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.jierui.android.jieruiparent/databases/bugly_db_legu-wal

Filesize
144KB

MD5
53dee9029dc4c4426f9e16acf0b10c94

SHA1
5d3f004527f47893ebfb7713602e6c1b5720e91f

SHA256
95b7aa4619faffcf9015f684fe11963bbf202b8d0a0920cd6c52e155ec49297b

SHA512
d95ee9f434cbd58ba72c2ce2c155ba706e4f965d2995451a8505715c037087bd472ecfa720693550b7bf86aadae1121e845b831f547e9bdcbdea22884e51ba18

Download Submit
/data/data/com.jierui.android.jieruiparent/lib-main/dso_deps

Filesize
340B

MD5
c8ca1190b8a142ed2cb44681d74b5efd

SHA1
45a6425ee5604ceca17a6101dca70616c4e2ee96

SHA256
29ed9a0f46cc74fc63ca232284056fe75165021f1486780d98c29fc7b3941eea

SHA512
218e21a494505972c327e500cc98c4a7abd29e6625fcb63df4a64fb73d91ef2800dcd734a4418160d81e6a4913777b4d451ad898730a491ca93310891bc5a24c

Download Submit
/data/data/com.jierui.android.jieruiparent/lib-main/dso_manifest

Filesize
107B

MD5
0faaa23b4b977673f5a91382d1943da4

SHA1
03973df0ac6806cce25f8e5533dde0bd9d5ec0a3

SHA256
b489997abc76591455e6982648a366cb20a2f1961440d5dc9db09424bc42380d

SHA512
be301ec4c06f9708c2705745ced17864e6d5e539bc6d7156187019e674bb60c077293f65728ad775b5305cf0daf8a9c0be790a763505a9406956798c0bbf0fde

Download Submit
/data/data/com.jierui.android.jieruiparent/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.jierui.android.jieruiparent/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.jierui.android.jieruiparent/lib-main/libshella-2.9.1.2.so

Filesize
100KB

MD5
087700c3f0c53c2283fc04aa93a19e38

SHA1
9eb91a9d681f0b8acc355b9a2a65ceecd0cacda9

SHA256
0d286a328d7bfeb8263852ed591958b3824393c07b445e2a9016e557969511fe

SHA512
b5b4a7aaa50232a5addfa8f9ccd00b297eda106b50f251f38b0b504e8e4552104f1ae79b3333a072db2efd41b21d1dbc85b0cadc29dc7a4dc1668d4472efd599

Download Submit
/data/data/com.jierui.android.jieruiparent/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit