Overview

overview

8

Static

static

6

6d5c291bab...18.apk

android-9-x86

8

6d5c291bab...18.apk

android-11-x64

8

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Analysis

  • max time kernel
    8s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 04:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d5c291baba6ae10bffe42dea07820bb_JaffaCakes118.apk

  • Size

    14.1MB

  • MD5

    6d5c291baba6ae10bffe42dea07820bb

  • SHA1

    42a86500261510dc98d54c71141a7b1f971cf95c

  • SHA256

    58e95ad9c6a0996d17dc2a556209b9d535f0628e5055c1a8740fd660a3a562d7

  • SHA512

    f4423e89dc4c7b7069cfacf66d23faf32a9d92baa27540df88e50c2b1da79069ffa8ad76e1d04d1ed5a2128f8212651e7fc3385992b3695e025c62f5f7ce399c

  • SSDEEP

    393216:+sxu+Vc+rfatfThpXdrXg2uL2W2uxb3LU9NYwHL7E24a2d:+SJSjflhdrVuyW2u6Y+L7T4aA

Score
8/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 5 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.huazhuan.app
    1⤵
    • Checks if the Android device is rooted.
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4294
    • sh -c getprop ro.yunos.version
      2⤵
        PID:4338
      • getprop ro.yunos.version
        2⤵
          PID:4338
        • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.huazhuan.app/mix.dex --output-vdex-fd=58 --oat-fd=59 --oat-location=/data/data/com.huazhuan.app/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&
          2⤵
          • Loads dropped Dex/Jar
          PID:4363

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.huazhuan.app/app_SGLib/libsgmainso-5.1.81.so.tmp
        Filesize

        416KB

        MD5

        b95a0efacf26bc332114089571991557

        SHA1

        9dd44f68ba17d7f7dca27814b8dda6489d11fd30

        SHA256

        a52e0ed43ff0b11fdbf5aa65f296ad98ab08afa1be5826a29f2db001054716a1

        SHA512

        894c190f76489f379aacadb273a70cb7b96d81d534dfd0111e11545b9d7501adfccc3a8b674fd8955db96ede7c1573e7f576a8d2a99492f379aea35570982c27

        Download Submit

      • /data/data/com.huazhuan.app/app_crashrecord/1004
        Filesize

        225B

        MD5

        c8f9a64a56d7f748582e3e355d422ba9

        SHA1

        577dc62ff44f95850bd7ebd9e1fcc0f1751c9ea6

        SHA256

        ec16a3e955dff513e99a8829196ce57afcf2f86f3a708f30ca5cdd436553b803

        SHA512

        c99b1d7c40cb67a3888c384e8f90233a16bc14cf83341c51852e6f678ac0d80e20606cdc13abaf4fddcfc33bed353833342cd08248f2f59b602168bddf271fef

        Download Submit

      • /data/data/com.huazhuan.app/app_crashrecord/1004
        Filesize

        58B

        MD5

        0d210bfb2a0e1f1b4c082a6a0f79de07

        SHA1

        bb8ed9e364db79d1d9f2fcde3f15091893222faa

        SHA256

        988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

        SHA512

        536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

        Download Submit

      • /data/data/com.huazhuan.app/databases/MessageStore.db-journal
        Filesize

        512B

        MD5

        a8cb4e9a78f048190ce1009da2d2a012

        SHA1

        60cc3355a664e0f7efcd320e69493789a40ff63b

        SHA256

        461c2ab6a330badeb3d3ffeadc5524e941e4b9c58cd76a6b02cddb89988a0994

        SHA512

        742f4b9cb728735986304b9c2312fe74ccd754c6dc4e3b521f1ee8b814aed3642d9859eebfa744787e34b6413d8bac4c07d82d753f9d6a47cfa9dc78fc4c38d2

        Download Submit

      • /data/data/com.huazhuan.app/databases/MessageStore.db-shm
        Filesize

        28KB

        MD5

        cf845a781c107ec1346e849c9dd1b7e8

        SHA1

        b44ccc7f7d519352422e59ee8b0bdbac881768a7

        SHA256

        18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

        SHA512

        4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

        Download Submit

      • /data/data/com.huazhuan.app/databases/MessageStore.db-wal
        Filesize

        48KB

        MD5

        6905dee89dd0f391eca4ab4353ba0a52

        SHA1

        126fdde12e9a8016f2a4ed5f16d609b1d5f55c4d

        SHA256

        89271f8a101bb8a7cb63a7cd279a16c34ebcd35afac5a56b3e82cf65b6deacc4

        SHA512

        f12b46bc167c6d3fd08f17330ff611e3af30baad716ed3c1014d26d4e4c8d1be86123f617657dc7b23d3226a17f9e1cf08517382fb9c1b0c986b3708e505d546

        Download Submit

      • /data/data/com.huazhuan.app/databases/MsgLogStore.db-journal
        Filesize

        512B

        MD5

        0aff4c1e471b0556fd1eefa19765a60b

        SHA1

        7993e561e5f4b3cec77e0df5c6238d851a3c42de

        SHA256

        9e4017a27b7014fc18a65bc347ca86d2a75b523730391d363ca780daee9ca35d

        SHA512

        3d336a5f82edafeda5559c35c0b5bf44de23c53aef01ca309c58c76d456d2fae99713a1e232404a5b98bdfe99073636902e95781f32a253d009b1a4fb5cd7a76

        Download Submit

      • /data/data/com.huazhuan.app/databases/MsgLogStore.db-wal
        Filesize

        68KB

        MD5

        af66fbee2e6dbe1cc2ae82f106a45558

        SHA1

        382c9d509b6a1f63228f54839f97659e1558b63f

        SHA256

        768591b2b58aa439b9ee599301e7a5e9df2dae8f1ed0d19f2078ae837df6ca10

        SHA512

        ae2c84d6475952e5c4fc25fbf89a7bf01a07c715c012d2a42c88babd942223a2dae87cdcaba31d190e31cade4a04d629371dd6bcfc020693eaefeb563e77fc5a

        Download Submit

      • /data/data/com.huazhuan.app/databases/bugly_db_-journal
        Filesize

        512B

        MD5

        15b423bb19c6dd5bafd850ba8c30fb95

        SHA1

        f460e18fe20950d88b971191b51b93620444d740

        SHA256

        2f47aa1204455dd6a13c11588d9c947c11eb6d0453fc9be6fdd584d3c18f798d

        SHA512

        975e52a477da75057a34c644e42059f10657217535eb717ed006f48d2248ece3327efd2f8c2c7db6ff0b506b270d0f4e8e54f8d86f010d4a7bcb4f2a77198fb8

        Download Submit

      • /data/data/com.huazhuan.app/databases/bugly_db_-wal
        Filesize

        68KB

        MD5

        3814ae3ba56141e0ad1988050bd4df60

        SHA1

        144395a9c0e7d9ae85c9a961a09ee535dce06bdb

        SHA256

        185827cb14a0289171d1d81d22d93e09d5c7d3e5aebba0eec6bb9d57c9c70321

        SHA512

        b3f4c437c00a03c81f5f21ab7d8028b31b4f42e6e3b3bb375776b312ab6d6f7f61364feeada1a34eef114d00fb4268247c2bd1f97a6447522199ac71623fb1ec

        Download Submit

      • /data/data/com.huazhuan.app/databases/bugly_db_legu
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        Download Submit

      • /data/data/com.huazhuan.app/databases/bugly_db_legu-journal
        Filesize

        512B

        MD5

        89ff275408655b36edb512d15c4f3221

        SHA1

        9520d0e6cbbaeadb01f7b34ea4829ea870677bc4

        SHA256

        2b1a2dfe6fecb4eba13d7d9c136550e4a77e3b7c2a3593042e15d60212325f57

        SHA512

        7faaabefcfc483491ed0a0e906db12b3047ff37e8c31b0ce00c5318bc96dfc18fabbf30d4993502f505eb1242f073016134113e5ae6e55ff09f1042b5d2848cc

        Download Submit

      • /data/data/com.huazhuan.app/databases/bugly_db_legu-shm
        Filesize

        32KB

        MD5

        bb7df04e1b0a2570657527a7e108ae23

        SHA1

        5188431849b4613152fd7bdba6a3ff0a4fd6424b

        SHA256

        c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

        SHA512

        768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        Download Submit

      • /data/data/com.huazhuan.app/databases/bugly_db_legu-wal
        Filesize

        92KB

        MD5

        d78089f45bf6ba0e8c1c5c2dab7f7389

        SHA1

        37ea0d6699bc1ed18c8016566a2181990fa35b0f

        SHA256

        f57c40d36b1410192ee58b69bfb8b3e2b6768dabebb3df3e199271ac6edddd98

        SHA512

        24a1a391458ea608bc90c373c5e7e0672850f3b5236f3e4ee1e235044a3219a513d975dd51ee559e655e18e4fa3d0ef7e51c7334cd598637c3bd09922558bbe4

        Download Submit

      • /data/data/com.huazhuan.app/mix.dex
        Filesize

        292B

        MD5

        63f77f99bd2c2b772a479923bde11974

        SHA1

        c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

        SHA256

        4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

        SHA512

        3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

        Download Submit

      • /storage/emulated/0/.DataStorage/ContextData.xml
        Filesize

        111B

        MD5

        37e63308cb125f629dd6948439e4cfd3

        SHA1

        45f0b51f2664e23fcccdbeef6083b57eaf72a29d

        SHA256

        2b13c7cd0af8062e28b93ab36a59184d78d8883ac11d64bff6d51ee30cdb08a1

        SHA512

        f0b15ea57b7195bd0c8e077d4e87a1fc7205d7b6d1e993b680576405ed4d4eeea4d776d1ee75a3c61c860b6e41c88f4ee0bd59a6ef45957e32e3557b8efa73c8

        Download Submit

      • /storage/emulated/0/.DataStorage/ContextData.xml
        Filesize

        213B

        MD5

        9534c256e3a8c3f2fa0efff44f09f986

        SHA1

        c6488aa4ae6b4384fb94c872669a4bf8d025559a

        SHA256

        3a5cdef86428a598fb40ee9435e6a81e5a81b9cfaa1480167e1385e53eff682a

        SHA512

        f1d2f5e53c2cb5950901e0241e95f41f7cee33ba09a8b36018a9248e3ccb1d6df16f8e220940cc12499971d56cb57a3712ff2adfc82f0df1f450d66aac64cd90

        Download Submit

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        65B

        MD5

        9781ca003f10f8d0c9c1945b63fdca7f

        SHA1

        4156cf5dc8d71dbab734d25e5e1598b37a5456f4

        SHA256

        3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

        SHA512

        25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        Download Submit

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        111B

        MD5

        4c9127ef2f358c096a74bd8829458846

        SHA1

        33a61139e005094bad7520a513d99975d9915418

        SHA256

        59aae348fc4573f368b52dbeb89d65639dd9b4698758947a446de4bff9a19dcd

        SHA512

        d45c391268a46f34e69659ff81eeade2b96a83a5654b7dc52769b8231a119a3c90188463e5e5a2691ab4f718ece01518a4acaa8b0c97d06cd49ba3044de68c16

        Download Submit

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        167B

        MD5

        42b7533fb8b1d6121eeba5a028277811

        SHA1

        7476e3dbfdd5783a773332667c955a8919c5ca81

        SHA256

        f4c5666315dee88baf44587b83c8d293d76dfe79d27a611ccc16bb2936574e10

        SHA512

        b8b3a26df1d6abb1841bddb4f10c4237c899ed81580d99ba921a642e2eeafed159480d8327ac03f94eaa5acbcb04668a1adf11ede1e739de89fb516a02fee799

        Download Submit

      • /storage/emulated/0/Mob/comm/.di
        Filesize

        57B

        MD5

        70a42cba408700f9a6c01c7941a8829e

        SHA1

        eab01cc2c0671538795fb0b1146017dc099d0984

        SHA256

        499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

        SHA512

        8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

        Download Submit