b380607b74d08ebd3dcdb2a222cf96dcd6a6d9ae7ea053667cdbad38fe6b6150

Analysis

max time kernel
8s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b6acde177a7465cd0badd4652732d88_JaffaCakes118.apk
Size

4.2MB
MD5

6b6acde177a7465cd0badd4652732d88
SHA1

2d5512c53de6349357afbf65fb6c9a724a8b8d79
SHA256

b380607b74d08ebd3dcdb2a222cf96dcd6a6d9ae7ea053667cdbad38fe6b6150
SHA512

3980d1b8666d7922838fd81080dbd6d2473d9504c769950381d2b70b37a901b5296707b1ca58e8e599f598f0011210022cc7127fafd1005e0c9049db06ed78b7
SSDEEP

98304:/qrOfMpNYeMSW8f3hCbnysWH4S90Ooqcw/:irqlevW83hCWH4rOoqh

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.plda.dualapp

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.plda.dualapp/app_e_qq_com_plugin/gdt_plugin.jar	4596	com.plda.dualapp

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.plda.dualapp

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.plda.dualapp

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.plda.dualapp

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.plda.dualapp

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.plda.dualapp

com.plda.dualapp
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4596

com.plda.dualapp:x
1⤵
PID:4668

com.plda.dualapp:x
1⤵
PID:4748

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.plda.dualapp/databases/.ua/ua.db

Filesize
32KB

MD5
92d207defbe4c9b47f33e6b324e4d176

SHA1
a6617408af8076e77e0b5ba8246f538c5ba2e683

SHA256
99e3cde92766d4ca7cbd3982e6d2f261352af4088925d000233b14c0d7beb34a

SHA512
9441af82c1ea9612b0c73aedfdc6ea5374139e838d442fdb8cee246f52ba8c8f94a23cd3b23aa63c412aa3548ac799e8daf343643deae27b99a476b848d6cf42

Download Submit
/data/data/com.plda.dualapp/databases/.ua/ua.db-journal

Filesize
512B

MD5
775b1e964b4b86cec6cf2df887fff555

SHA1
927558a0520fdd1fb2ea3b530e9365676826eeb3

SHA256
796199bdb7ffa6ce4615647e1d6a93d87afc93cd0bef8bed0e69c28ffa9099e3

SHA512
7bffcb7084e102284a070bf8963b01e4c665f7c9b79e361db65a9b774fea4a188ac17593614817f987c0cecbdae89852c79d644f812e0ceffad3a5b3d7de06fa

Download Submit
/data/data/com.plda.dualapp/databases/.ua/ua.db-journal

Filesize
8KB

MD5
77ef06016ac9e18a54849b5f8b45362e

SHA1
ee87542e10db2cc6c20f16734e20688c7e289743

SHA256
ee0400a74345785b6b5c3f9dc892a9a27494525832fcb215be5655868674f12d

SHA512
c21fcff717f5d313a1f51deeed7f288de5a33eb38f50f75b876ea4bc4d42fb5cb32f023bb7aca09e98dd555a1acd0b3c4fd1022384815bc04c8b520dc286021f

Download Submit
/data/data/com.plda.dualapp/databases/.ua/ua.db-journal

Filesize
8KB

MD5
be1cbbb13f4c20a6dd707f0c38a29426

SHA1
40b7b42de91ae7917cee4769d75b11a772df54ec

SHA256
874522efa9090ad15ccaae600b5e14a932a801b07b6648b36ffc74d55787f3bd

SHA512
c9a938faa56a77cc1de50cba5b691b8d36af67290f9ed7fbfe66bc9e953fd757ab029bb7ed602a1ff2b1030f8d00d2bf4dcdb13aa554303b353ba171aec18f3d

Download Submit
/data/data/com.plda.dualapp/databases/.ua/ua.db-journal

Filesize
16KB

MD5
c8fda527e9a98ce0b80378379e414957

SHA1
46ae01ab0213ffb84f38ef5dc4ecad4e03dd89d6

SHA256
d598ef7649093f8dd77a59d163a4c4701aea966fee46716d033e60ec484dcbcd

SHA512
734eef81638c96b1fb68fb58393b9614f6fa76e0e859adee68975ccce43e6481dcd0a265ff93d6c45e2fe0a051e425164b049560196a88644e858d3fb465e2e0

Download Submit
/data/data/com.plda.dualapp/databases/cc/cc.db

Filesize
36KB

MD5
4cfe777c9f6e7859f5efe2197401d8e5

SHA1
bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

SHA256
c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

SHA512
6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

Download Submit
/data/data/com.plda.dualapp/databases/cc/cc.db-journal

Filesize
512B

MD5
20c72ccd39522e37c55eabf67832973c

SHA1
5414590a6312e2c1bce135ed4118a24c89f852fd

SHA256
67920d00f7388b59b488ba7e88df12387ea3f36cbf48ba15bc3af18aaadd4b2b

SHA512
e5b0218b0ef00d9a8607aa345290cf9233b7fc46d431185d556f278639ab8e613b974e3c0356780c1489c9aa50519dfb443095e9e2f42e0cc97639e3c5fff6eb

Download Submit
/data/data/com.plda.dualapp/databases/cc/cc.db-journal

Filesize
8KB

MD5
5ccc082318cf9fc6f9f2f5ca6e21188e

SHA1
4a4a132e3eb9eb13056d2048feabc95c0e3bfef5

SHA256
5d6a9bc0a60a8dfa6f029a3ec5094a278dc86a768539fa211272e147435faaf5

SHA512
8d86faf9c90951737d25552096a7905afb3dab6265ac70bf8964cbc63e2dd3a3b6f36faa6beb2e36a80108792a301186bb4116f6085ca8c49aa155932e40b4a6

Download Submit
/data/data/com.plda.dualapp/databases/cc/cc.db-journal

Filesize
8KB

MD5
2f6c3678750387c1a22cb8351584a575

SHA1
f683e1f8da59c267c91d9392de55167ca39f3a32

SHA256
d12e2cf3d071da425f7b953fe03d8b3667df368169b93a0e0784305c2080326d

SHA512
6562667006f0630c24bf9859e1032eeb79a17cc3daa8ea97965c073d2a6129a1e6f750894145df25f9f87a96915d8acd89e383366c7ce5ca57645f2a5de8583d

Download Submit
/data/user/0/com.plda.dualapp/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
142KB

MD5
b83b615c0532b71d27750f34dc77a10e

SHA1
48cca51d5af08d0bf60784462a92a181f1307f63

SHA256
d27d6d9dbc15e5aabf8cc4aecca006c7b504477dcc161c49a192c58dbe47a637

SHA512
ed91b083d23a5440f213f61cfd26f196cbcf0397b99387c46299dfc28d1ad6309cb1df1a2cc5cc110472b53600e0b40d31af86c34e3ddd9360ddeba725b64f3f

Download Submit
/data/user/0/com.plda.dualapp/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
336KB

MD5
2f967aa3f80fe90ffde5750d518cae9c

SHA1
f02bcb923c96030e82c1341ea9c8aabac65d17fa

SHA256
da69e142b048cdd182b12820626587c0c20072f9ef3c3acba7a260bb6b09b32f

SHA512
45510ef2f37294770ad6509b66528938d952840429b4b279beb6744925f3b6e41354592eef7f9ef2d5942dab86242cab1243fc90966bff70e781ea0867e20418

Download Submit
/data/user/0/com.plda.dualapp/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
b2e0fcb0baf2c74bd6c2deedf7e4d8e4

SHA1
4bdd76d22b5c25a8d6288aab5d1a6a07f149f080

SHA256
0ed57a16a05405983862ee2ae41492addd8d520bb5c3fce5be0b629a2ddfbae2

SHA512
f957ad7678b7dc00ce54bdf589463bb8514ef23fc45f4acbcc6634b3d5f1e8000edbb848e948ed91f1eaffe5c0bb9b22765c656437c24b57011c006b652d826c

Download Submit
/data/user/0/com.plda.dualapp/app_e_qq_com_plugin/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/user/0/com.plda.dualapp/app_e_qq_com_plugin/update_lc

Filesize
1B

MD5
0bcef9c45bd8a48eda1b26eb0c61c869

SHA1
4345cb1fa27885a8fbfe7c0c830a592cc76a552b

SHA256
bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec

SHA512
91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

Download Submit
/data/user/0/com.plda.dualapp/databases/GDTSDK.db

Filesize
24KB

MD5
d9546e7529040098de5b03ef296970a1

SHA1
7781f0f230dc2bd574bbea97194d0033431d350e

SHA256
585184ebd52cf769be667e0b871dd9324197f21e37152fbd5fe1cefa5f523ccf

SHA512
acf1935480b8b99c231fff1b1de32b7456094853cdf0d7819c57302100d608ae884bc2d44ad3ef3ff8c2cbf2d4d66ec8d77827e6c9605ebda1f31cfc522b542a

Download Submit
/data/user/0/com.plda.dualapp/databases/GDTSDK.db-journal

Filesize
8KB

MD5
5eb65d5a73b9cd8d9071a27f2cac5449

SHA1
0f04fd4c3c4caf02c45b64d104f03bf6237a3a64

SHA256
b60196bae9a70703049f57f1f2fc25c341edbcdc3752d54ea0ecc204db6cf645

SHA512
28b0f6b60c79afdc5de2f67f1165a3e9d5998fdb922f89a4ec3738ecb7ea87e57c574c20f24bffa84c0633da7ddab331f3d0af8d443576e0c14dd90ebb42cfda

Download Submit
/data/user/0/com.plda.dualapp/databases/GDTSDK.db-journal

Filesize
512B

MD5
38b3f0dae75bf4d3024f0bc9e5eca2e0

SHA1
c57cba75e92bf5c90c591534c0d0d83367f7efa6

SHA256
edd46e6b3eb2f6d183ffcc829071031ffc6e3d4d727f6642927ad98aa30f9f69

SHA512
d0092e411b560ab9e021e38efe6a58437c111f284889eedc2f1cd15e21b5d1d0249bafa5e90866921e035be9ad6667605181fa0b92186a79f3117b817e5bd4ff

Download Submit
/data/user/0/com.plda.dualapp/databases/GDTSDK.db-journal

Filesize
8KB

MD5
a32da89926978170add66cdae09e4371

SHA1
8141b851c75ed499799b7f25d4ec005f955ee80e

SHA256
9d07f6504ca3e8c2a61e9515b680fff3e753413dcfeffb8de9c0b737a7ff049a

SHA512
30784a6d8cb02f9e1a2549489c791dd72707e8d2ef9f1ba6f6264e47eb142ff63c5e1becdef53ff962ec24ad9790fccc46183fd88ed0b5a01b1a07a8de7980ac

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads