55035f4bb41653c94b75d256176bde55dcdb543dc73df7b329a436d5ff7500ee

Analysis

max time kernel
179s
max time network
187s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
24-05-2024 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d12a0ba5958ef60908946d1c9687fe6_JaffaCakes118.apk
Size

30.8MB
MD5

6d12a0ba5958ef60908946d1c9687fe6
SHA1

ea745933444cedc6aab302296e58e8268021f038
SHA256

55035f4bb41653c94b75d256176bde55dcdb543dc73df7b329a436d5ff7500ee
SHA512

ffe3999f80b53769b56c148e8697a030ca3cca167af892c7ba33b0e7191f0a4a440ee86828deab9148cf83eaaff0bf624e6321815e20e2f04e4c4d9baf919dcd
SSDEEP

786432:C+HOYbTV6A7GlFTUb4QU8Tw/sat1+T9+2ZV:pHOYXeFTQU8Sz+p+M

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

T1426

Processes:

com.ynxhs.dznews.wenshan.funing:pushservicecom.ynxhs.dznews.wenshan.funing:remotecom.ynxhs.dznews.wenshan.funing:pushservice

ioc	process
/system/app/Superuser.apk	com.ynxhs.dznews.wenshan.funing:pushservice
/system/app/Superuser.apk	com.ynxhs.dznews.wenshan.funing:remote
/system/app/Superuser.apk	com.ynxhs.dznews.wenshan.funing:pushservice

Requests cell location 1 TTPs 4 IoCs

Uses Android APIs to to get current cell information.

collection discovery

T1430

Processes:

com.ynxhs.dznews.wenshan.funing:remotecom.ynxhs.dznews.wenshan.funingcom.ynxhs.dznews.wenshan.funing:pushservice

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.ynxhs.dznews.wenshan.funing:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ynxhs.dznews.wenshan.funing
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ynxhs.dznews.wenshan.funing:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ynxhs.dznews.wenshan.funing:pushservice

Checks memory information 2 TTPs 3 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

T1633.001

T1426

Processes:

com.ynxhs.dznews.wenshan.funing:pushservicecom.ynxhs.dznews.wenshan.funing:remotecom.ynxhs.dznews.wenshan.funing:pushservice

description	ioc	process
File opened for read	/proc/meminfo	com.ynxhs.dznews.wenshan.funing:pushservice
File opened for read	/proc/meminfo	com.ynxhs.dznews.wenshan.funing:remote
File opened for read	/proc/meminfo	com.ynxhs.dznews.wenshan.funing:pushservice

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.ynxhs.dznews.wenshan.funing:remote

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.ynxhs.dznews.wenshan.funing:remote

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ynxhs.dznews.wenshan.funing:remote

Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.ynxhs.dznews.wenshan.funingcom.ynxhs.dznews.wenshan.funing:remotecom.ynxhs.dznews.wenshan.funing:pushservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ynxhs.dznews.wenshan.funing
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ynxhs.dznews.wenshan.funing:remote
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ynxhs.dznews.wenshan.funing:pushservice

Queries information about the current nearby Wi-Fi networks 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

T1421

Processes:

com.ynxhs.dznews.wenshan.funingcom.ynxhs.dznews.wenshan.funing:remotecom.ynxhs.dznews.wenshan.funing:pushservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.ynxhs.dznews.wenshan.funing
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.ynxhs.dznews.wenshan.funing:remote
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.ynxhs.dznews.wenshan.funing:pushservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs

persistence

T1624.001

Processes:

com.ynxhs.dznews.wenshan.funing:pushservicecom.ynxhs.dznews.wenshan.funing:remotecom.ynxhs.dznews.wenshan.funing:pushservicecom.ynxhs.dznews.wenshan.funing

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ynxhs.dznews.wenshan.funing:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.ynxhs.dznews.wenshan.funing:remote
Framework service call	android.app.IActivityManager.registerReceiver	com.ynxhs.dznews.wenshan.funing:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.ynxhs.dznews.wenshan.funing

Checks if the internet connection is available 1 TTPs 4 IoCs

discovery

T1421

Processes:

com.ynxhs.dznews.wenshan.funing:pushservicecom.ynxhs.dznews.wenshan.funingcom.ynxhs.dznews.wenshan.funing:remotecom.ynxhs.dznews.wenshan.funing:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ynxhs.dznews.wenshan.funing:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ynxhs.dznews.wenshan.funing
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ynxhs.dznews.wenshan.funing:remote
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ynxhs.dznews.wenshan.funing:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.ynxhs.dznews.wenshan.funing:remote

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.ynxhs.dznews.wenshan.funing:remote

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.ynxhs.dznews.wenshan.funing:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 4 IoCs

impact

T1471

Processes:

com.ynxhs.dznews.wenshan.funing:pushservicecom.ynxhs.dznews.wenshan.funingcom.ynxhs.dznews.wenshan.funing:remotecom.ynxhs.dznews.wenshan.funing:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ynxhs.dznews.wenshan.funing:pushservice
Framework API call	javax.crypto.Cipher.doFinal	com.ynxhs.dznews.wenshan.funing
Framework API call	javax.crypto.Cipher.doFinal	com.ynxhs.dznews.wenshan.funing:remote
Framework API call	javax.crypto.Cipher.doFinal	com.ynxhs.dznews.wenshan.funing:pushservice

com.ynxhs.dznews.wenshan.funing
1⤵
- Requests cell location
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5147

com.ynxhs.dznews.wenshan.funing:pushservice
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5229

com.ynxhs.dznews.wenshan.funing:remote
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5314

com.ynxhs.dznews.wenshan.funing:pushservice
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5399

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ynxhs.dznews.wenshan.funing/app_crashrecord/1004
Filesize
20KB

MD5
9c050b526f990e0984b43a8ba83e45d9

SHA1
7f7b3cea4bd71990b94819b2d905cab5c1f4e8ff

SHA256
04d825cd131ac0ce851308bfb913168e8beddeca077873f7134a312084e246d2

SHA512
ff18b8e87cb451d1a4ba1b298c971375a929880620454c2e3955a54d94784baeb5dfbdcba106e2a4e72988c076e53e6267fe56b625952d16505aab6f5a58a879

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/app_crashrecord/1004
Filesize
8KB

MD5
096d571fb8c4f7e0fbadfc1653594e7c

SHA1
81cb867a8e506d5635aa4649154692521da481f0

SHA256
fd2aa1cbf6b482a42281e187cda4db0014333dccc976b479e76bea17940de64a

SHA512
646433cf07167f4483856315a830b71ff880a1597258d0f240bddfae181795f5d82c185462a85a9d579f9c7623f8bca9bf0612754b397a26b12386133089709e

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/bugly_db_
Filesize
52KB

MD5
45d2b12c81443093871213b643a40684

SHA1
565920491a3c3655100359b3fcabe9c75bf5065f

SHA256
4dba891ccbf97c5bb7fe84f681a5651ea79899a9adf371dde045d94f1763fa10

SHA512
2300b2e9f26c1175c379ec39060f32d4c35fc3b87505993708acb6e6f243e361b0b0936160dcf2578f49f7d81691dda14b149831a53c81a3be0b661f14f3c7b7

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/bugly_db_-journal
Filesize
8KB

MD5
62743c3c217ab9fe6ce3c10dbb16454c

SHA1
3cb95e7453611c4dcdfd1428e88ee41105f6adb4

SHA256
ae8256ec9a018a6791013d22d3ebf1c252f1dfceed95b6ce4601942605f9ccff

SHA512
edb7b908381174486aebe635a3c72a03b3ac676249232fb4883fb138ec2ed5af62cad290d75628e556ec74787578d5129f56e9860e703b70ea803c84e880412f

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/bugly_db_-journal
Filesize
8KB

MD5
e6352e5f8f21fd4120885e0a8abe0e8f

SHA1
ba400bf6397190e359279f23b18bf51dde2d99b0

SHA256
efc1ffe1ff9feec82282105c04cb0eca03c16faf65a01346a0e21daedc6deea5

SHA512
a602f3af6cdb93477d77ee45e9181d9b79ee1fd2a2248bf13445bc45b8357ae718f7f9aea6c8d950469eec6351c2ec78b6c112a9981f7f3e2b7bed4c8a2184f8

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/bugly_db_-journal
Filesize
8KB

MD5
cae3b61a4433e1a00f10446520248653

SHA1
2a5be50f2b1661ffc1e39235109364e97a8252de

SHA256
2be3259fdfbfb0261d29de09b6550bfcd3a141141581204033bd5993be2b4ffa

SHA512
6a73173c686f6ce1b58420178994775d5bd979b5e4a830ea24392263600299fa8177641724bfb660121ce796a68442eae29de976ade1f898e7b1f6cf6682bc72

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/bugly_db_-journal
Filesize
8KB

MD5
214a538cac148aa4980a681ce96e2a43

SHA1
5bfd1c4ebcb57141aca655c8c4d860edf24b9ebf

SHA256
120bbe748e5beb3b0b7991175ba22f6efca3cf55cf12e69face3be7a289cd2e4

SHA512
e70692705af2d539442587e4267413596097e8069240aa950e44d945174d2efe81da451a865dde10f9deb85d64606e0009fbe32812794cce672413acd99f79f5

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/bugly_db_-journal
Filesize
48KB

MD5
22f3bdb59c18b8b60755264981675676

SHA1
2c0ac350e2acf66944b2d227bbf5f80ebbbaa065

SHA256
84e4777128834fafe2cba58d0bc78f658dedfdf52bb0c19b3526d59c5fdb0f7f

SHA512
ac739a62fadfe15606f57b7b8fb85974e58066b4ec84cc75e040004a5fe746d17991037b5e6f2cdb22af7fe48593d60cf91061726930e668351c413024604462

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/dznews2_wenshan_funing.db
Filesize
20KB

MD5
f874217c85b5661e8295f47d4c81aa31

SHA1
6651d80f475772dd6eaa9b77f0845610ed54a5f2

SHA256
b03d0cad85ca0d51e5a3ba5c738a3e020b26f587a7ba815dd4bb4fbc1ad9ba1a

SHA512
e1b9e130a7e334a8a2f3907c2874c8730d88ecb61b804155ffa7637c02c549a8fccb8718a8c3e4988805ba43d7794e74db1a723eaa41cc61e471de67bac3d671

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/dznews2_wenshan_funing.db
Filesize
24KB

MD5
cbf29b09271b54cd7455ed86c128e8ca

SHA1
c91bd048689fee2388845a8a52c92bce2745679a

SHA256
8bbcca3e1ae572401c800884e8fe9c56fbbc9ddc037f1a155dd46da7c08287a1

SHA512
feeec7daf98b7038c4d6bca1b3fc1961fefbc475d55bca702901702a651eeac81056c2deb6e312fbf391305b105f8cdf7bb9aa6fc037c161d8358a0e08714842

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/dznews2_wenshan_funing.db
Filesize
36KB

MD5
773773933927121da0a0db782742d996

SHA1
af98cb91b615ec632eca81e52c4ab7f12b492062

SHA256
0091d86cd869f732d015d17c7072d5f0286f1e44a7b0a46d27907cf87533116e

SHA512
f5b8bdbf67fc11e657b8c1a2df8e60137a0edd11b2bbd18bc97f2393f035d76269755c849150344c2b9b963cce33587810c16747ead2414f33a26d1659a57e41

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/dznews2_wenshan_funing.db
Filesize
40KB

MD5
b8624732a43914bb3ec1efd6a5489e29

SHA1
9927e984b2a4bfdbb6de10f7e83cd4f2c241c414

SHA256
a4bbf1f3103d6fba50dcdff6a1c3231fdf93621287af066dff7267c84125d4d3

SHA512
dbcdb5721e3ed898b59204c245dc272026cfb3646f5619bd9cf416f8e2fe227327e27f6527a95463f89e54a9819448d23a4a5984c4d88a0999112222fc73de10

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/dznews2_wenshan_funing.db
Filesize
48KB

MD5
802d8f0612ba54d739b129cf670217d9

SHA1
605b45aacb535ab4ee4c90b986a8eeac47c9f447

SHA256
8423dc5d7b78ab3e3b72753127f6cfe9e740af70a9bcfbe1c94fa1f924114844

SHA512
7f5e17f227611cef53e0e20ac17a7da3c94b3105af45fb526a051e4d484b1c72a873a8a8b8eb655b5a3f3a2e7835bd2a2666cff1a77309516291192b0448797e

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/dznews2_wenshan_funing.db
Filesize
16KB

MD5
938f943767c9b23c24e184b65bc4325a

SHA1
3e6fa8cef267ea830f6671c907f6a425f0467b35

SHA256
ed53eddb1a967a03c2d34b2f032ae2e8670fb1c15c1ee197081f45f21ea010f1

SHA512
7e9e73afb11d53b6cadcd1b28adf5949dcabf8a2d78d3354bd84ba5e5f163c7d26abfa7520ae3f86cb16be9da73fe80db674828a31c1735064ec910d106ac4a3

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/dznews2_wenshan_funing.db-journal
Filesize
8KB

MD5
1741174f5da32eda98c286d1ea92209d

SHA1
7b6362ff2dc98a36dd49bfdb076dd5fde5ef80a4

SHA256
97b5f35c0ea88f355069c1634cfd6b8bd60280fa68c58834d9b26f4ef623ef19

SHA512
958a224e8aa803c60f1ac3b24b6cb77a7d7519f8619c67f85a6b19c9899acc7c69210896ad95657e5da9290b0123cac1ce9221ee904523de4ce18bd3aa76f078

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/dznews2_wenshan_funing.db-journal
Filesize
4KB

MD5
da7ffbab1c3d8985ab88a8882537dc25

SHA1
728187dbcd692089bd4a07c219ed338e4fa83da8

SHA256
ea719b621596bfe2176dd80932a384b026f126243d3021f15433dde31926fff3

SHA512
6faf2ce489d78a5195a5a0a5092bb86127ca3844a01d1a1bbb5d936c96bc65a2556f36a9953b5e5ae05f3b18901fd1ff74f6a71076fcd0d1b980719fa39154a5

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/dznews2_wenshan_funing.db-journal
Filesize
8KB

MD5
3ea2a4a444348b33e39a480335363922

SHA1
19b24c0b920ab68af14134b2dad393b4c9d2f63a

SHA256
847a9b1d724c35e284833cb13568141a10dc75af12a43b7dee417a5fcdc80523

SHA512
d1d111592f0635736aebc373daf38fc6b68f91582b0fde80e554163e2cccf9af34fc9aa2476633378dd76815d0a342a7f56cca5f447c110965f4d6ca7e3b1a40

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/dznews2_wenshan_funing.db-journal
Filesize
8KB

MD5
ecb47c5a52d13a676e3d8bef69c38ac6

SHA1
d82381f649ed92c64c50ea3259c41838b927e68c

SHA256
df828cf9b009d31c0ec3cb4664cb71c2ca4cc6873e7c613e149cbd7edefe0888

SHA512
75d6b283d86a3b2eab2a6b99f1ac6c75c365792fb91d3dbd73d1489b1d989f6b07731122dc2f0fe0f19fd12549e47d63b035ffc1aa21e2520b7847506c110260

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/dznews2_wenshan_funing.db-journal
Filesize
16KB

MD5
457e554cb125c6d5b3dc918e357f9e76

SHA1
44fe8926e2906061f364ee8bc42042706a6386df

SHA256
1c0df8799e0a42fce8c24b5cb0a85073123d11f978e64475ab3693c6300bfb9b

SHA512
893d739d43680f98715b822d41683b817c59d8bdc882373e6670bbcf73cae471a9d3eaf173e4291e3fa40b0abe86e966c9bd6d8fac0524a56e289e4ba996ea14

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/databases/dznews2_wenshan_funing.db-journal
Filesize
8KB

MD5
c89f3af3d7aa65eccd17488dc49486ac

SHA1
80c1d720479178ee87b3622c31b8762e72c045b9

SHA256
03567f816a55a9ca386c1ee6f28687a912011cd71aa5a8e9424fbc7fe929a9e9

SHA512
6415a36f02c69915fd66c038bde51ce386566314df494a897dd8057054b07ed345b64ecd9de0e2154422b26cf02cc0f49cef765593ab857afe731513750182eb

Download Submit
/data/data/com.ynxhs.dznews.wenshan.funing/files/libcuid.so
Filesize
109B

MD5
c10c23cd92d1dd059d7ba81e8b53974c

SHA1
407edb91954b6771d8942cca8b6ed8894481aaee

SHA256
cc65458e0df38e9d0d0198dfa47c225daae04a4a909a5860ded789542c066ba6

SHA512
6d815384e63df0d4a6a083ccc1b72394a890ad0ef953b522ebb0ca8c05e9a95b9a9ef7c9ae6af182049516d6b6fb2b9c32a9f82e477d7022573e94cfb4fe7f28

Download Submit