58e95ad9c6a0996d17dc2a556209b9d535f0628e5055c1a8740fd660a3a562d7

Analysis

max time kernel
19s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d5c291baba6ae10bffe42dea07820bb_JaffaCakes118.apk
Size

14.1MB
MD5

6d5c291baba6ae10bffe42dea07820bb
SHA1

42a86500261510dc98d54c71141a7b1f971cf95c
SHA256

58e95ad9c6a0996d17dc2a556209b9d535f0628e5055c1a8740fd660a3a562d7
SHA512

f4423e89dc4c7b7069cfacf66d23faf32a9d92baa27540df88e50c2b1da79069ffa8ad76e1d04d1ed5a2128f8212651e7fc3385992b3695e025c62f5f7ce399c
SSDEEP

393216:+sxu+Vc+rfatfThpXdrXg2uL2W2uxb3LU9NYwHL7E24a2d:+SJSjflhdrVuyW2u6Y+L7T4aA

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.huazhuan.app

ioc process

/system/app/Superuser.apk com.huazhuan.app
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.huazhuan.app

description ioc process

File opened for read /proc/meminfo com.huazhuan.app
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.huazhuan.app

ioc pid process

/data/data/com.huazhuan.app/mix.dex 4668 com.huazhuan.app
/data/data/com.huazhuan.app/mix.dex 4668 com.huazhuan.app
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.huazhuan.app

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.huazhuan.app
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.huazhuan.app

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.huazhuan.app
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.huazhuan.app

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.huazhuan.app

ioc	process
/system/app/Superuser.apk	com.huazhuan.app

description	ioc	process
File opened for read	/proc/meminfo	com.huazhuan.app

ioc	pid	process
/data/data/com.huazhuan.app/mix.dex	4668	com.huazhuan.app
/data/data/com.huazhuan.app/mix.dex	4668	com.huazhuan.app

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.huazhuan.app

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.huazhuan.app

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.huazhuan.app

com.huazhuan.app
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4668

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.huazhuan.app/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/user/0/com.huazhuan.app/app_bugly/map_record.txt

Filesize
39KB

MD5
7afe5438d0e3f94bd8a2413f3b8f9eae

SHA1
a7fbfcc800982c6a76e24e120dae99dd476323c4

SHA256
1069ff6b292bb0b73f46dd3a7b43eb3411bbc95ba4ada2c68c72fe27305876c6

SHA512
7cecc30c844171b8a7d0549e225888ff5065e68cee62136de416dd36b4df10822470c0312f2525ca855e976bdc93f104e819819ce01c321824b58def958ae1bf

Download Submit
/data/user/0/com.huazhuan.app/app_bugly/reg_record.txt

Filesize
599B

MD5
f07a07bf83cee9ed7badf4f9fef6229a

SHA1
a717ee472c7f9eaa9a873ab69c3f90f953066757

SHA256
5877d10de888c1b1d455cdf11836d54f50254f10910258d42a4dd979aec6f90a

SHA512
245bd16d08d7bbeec9694bc88a70f29cd46c79035ca832a30c8a4248c38bc5e821dde786cdd5ecebbaabdc9b9f791f3071bbebd1124e777afa379681dbacd6df

Download Submit
/data/user/0/com.huazhuan.app/app_bugly/rqd_record.eup

Filesize
29B

MD5
5ec758aba3fc538354888e38ac5ed313

SHA1
d35b6573d25b6e282a680a4ffe9ccfceebec74a4

SHA256
12eb72ff09eef9137e67ce8f0588607a28976e0e082b80125f7ff572405a582e

SHA512
13e094ecf0cad0cec897853bd3fad125b5ab07db68652cad4affb1b03da9d50a19815b268361a45543205cd54774148691a3433abb075a48ef0c846dae73ccec

Download Submit
/data/user/0/com.huazhuan.app/app_bugly/rqd_record.eup

Filesize
108B

MD5
01cc01f9a5b210e94253ca84721be12b

SHA1
0ce72c0678d65eacfd10bee2be57978a22731097

SHA256
59c8ca5e3ac8b5ce69eafccf8132eb2eee0270ae0e4eddfb25d346d1af6d69cb

SHA512
0220c792d55501bec2214af91cd1176e04fe3b2f1a2b40670a963074cb013038ff5d9a669f51117e71436c6da47445152835855ca7848ea8f7e28c008363b36b

Download Submit
/data/user/0/com.huazhuan.app/app_bugly/rqd_record.eup

Filesize
538B

MD5
ba3296d9ab72e27e87243b032388f77a

SHA1
7ff96fa46143779242244ff8a345dae9be7e7c37

SHA256
b9fccbfa5f4e69ca7aa5fded6355917c1261fd2572d06c32b07f7ab7b4075ef2

SHA512
05d2db4851f77abc0c379a5bfbc24f0ec9dc5f5f6c0be119e81c4e4b0dabdf1773dbb43df147d5c233e48dfdda198f63a784b41dbed482af3a1b8983a03acd76

Download Submit
/data/user/0/com.huazhuan.app/app_bugly/rqd_record.eup

Filesize
1KB

MD5
47f3ba50ab19a3bd5ee71b867357298c

SHA1
5a807a6e15687fe2081722bf4f953591afad66c8

SHA256
cac076b2f4f3cf485501d7cfd22e075aa050aa8c2874d7efc9e9e1f4a192126e

SHA512
09603c79e33220e0df62b4207e230c7e19b787d52dfaf5f1a7a3c46dbb278ae28030ae3c12f184c02480c250e5d94168bac7230bdbae2183ac3738f461aa644b

Download Submit
/data/user/0/com.huazhuan.app/app_bugly/sys_log_171652567356571.txt

Filesize
1.9MB

MD5
a26153e472a2d13a8c09991a90905813

SHA1
8bd1ee1e3d15b6671fb1b1672e14382e9a8cd306

SHA256
ba8446210da96a72f0ed90ee20b456b1071b605780ac06cab9cbd1590f81308c

SHA512
b567b71b5ff344bfaba57c642bc3dd4ac7ffe8194523886e3df75ef19a705c51ef3f6815da5dcfa3be008c7756f00e3c63ef382988f6e45d7da9b8e32f978164

Download Submit
/data/user/0/com.huazhuan.app/app_bugly/tomb_1716525673418.txt

Filesize
1KB

MD5
9f084f9370a6fc1dc7226f00eca09f17

SHA1
b5bcfc516511882e6e434602d4c57ee034237d6a

SHA256
d7ccaf10d90a5606e479a063626aba9dec7309747f28567484cdd4f385ea9254

SHA512
2d8e26feb45375dc86650d2f87271dad490f2430a9adf954f0aed0a9bea89ff84063837f4096162f6fceccb1ae66bbe1070da59f7902eda9b20ed172766abee2

Download Submit
/data/user/0/com.huazhuan.app/cache/tomb.zip

Filesize
700B

MD5
7e22e190caf6936b055d2d6ddf6271fe

SHA1
0f03e653132936d357a38e584ae1a6cae4c615aa

SHA256
0aff90e972bede112e23705bf5b5ca8dc2052abc5082d54a217d411849143bf0

SHA512
3f8ae3d85a5d86d8a5bebc1c61572ad94652808e6b69c2e83d37ba25ac439c6e8340f3808e142bdaea17931f660fd2404c4ed2af85220bf1bd53b60ec82d2012

Download Submit
/data/user/0/com.huazhuan.app/databases/bugly_db_legu

Filesize
164KB

MD5
138478f642b68999d50bef7e4d1a534f

SHA1
d8536bdabf682a375545439f3da4368340fb600a

SHA256
eaa8a4faa80c1fec71923b986f2a1f46a600335c25f4701eb73893300feb67a6

SHA512
16b4a5f8f749b8f1e56978d2c973a58a3ae02fc3337048b54686d2ccf182d589f476fea8a225449503cf3dff703c42e00f98d70deda40223070c115b845b4286

Download Submit
/data/user/0/com.huazhuan.app/databases/bugly_db_legu-journal

Filesize
12KB

MD5
3758d293e63093d9f1b5ba4503a90b81

SHA1
64fb842853adb299f65afceab7b8207c0fc65114

SHA256
3fdfc8810d49719784202d4e164c17709c28dd67ad52ad19085d050475cae043

SHA512
e023ae75c8e859bdde1ae5c56842437799221eb58312b4c02ad9b72feca822a6695707911ce9a50b910ba99df0e910a420654089857b77c19e57f7b58f9f641e

Download Submit
/data/user/0/com.huazhuan.app/databases/bugly_db_legu-journal

Filesize
512B

MD5
e81b3a2dee780e63baedd8903e0c7a62

SHA1
5b03e9b0a1e38d97b8b91e4ea906a49c0db26b70

SHA256
d8e6d46041ad1a1963e0632d02eff05068c5dc202d9d6dbe9d0341110ba41a5d

SHA512
0b783929622b4a6dde0879c1a2e06bba1adc1e5353c93df5023f46e946c88507a1baf8caa6774fec45be672d648d0b47bcadd89728863191763feee20440df81

Download Submit
/data/user/0/com.huazhuan.app/databases/bugly_db_legu-journal

Filesize
8KB

MD5
bb6f0fcff8a1a1ba6626f138119b9002

SHA1
6370da00f2165fc24ad91d9dc9178ad827b7cfd7

SHA256
22c3435cbdf0b47cb123745debf1a4f88ecf82f3f64217d31a8b16f4dffc131c

SHA512
e89fc2501cb23d2093d489d90869baa7534e0ebbe5e4193086e9923e38a93be3e10c3fe3b2e9f8762b4e0c5248ae4b28363f7fff5e0338107fef1497b117d9a5

Download Submit
/data/user/0/com.huazhuan.app/databases/bugly_db_legu-journal

Filesize
8KB

MD5
bf47b9d7cd9d4a2f0a5b6403cec0bbc7

SHA1
4ba431e0ba67b868f67762509fbff87015a8ea2c

SHA256
1a8de2a01f9e7157993dedee54c0d51cf23e533dd3242ced5fbe0f8569940ee9

SHA512
b80a5f5107b94d560f9e3cee7f1d159e927a8a7b76f3243e8b1014b9f31cdebf3db0e8ff4c06ee65a16a346e07aede9a974919e32369dbad280b5dcb0f2d8e26

Download Submit
/data/user/0/com.huazhuan.app/databases/bugly_db_legu-journal

Filesize
8KB

MD5
41d63231c488d397b4b0e69ecd24f07a

SHA1
e97c3cb202ff0f0623ff6d625e6266471423537f

SHA256
ca2c97d6305b3f25eb55edc8a4dc0a2a7775ce6e11de4c59ab693b81ded6b660

SHA512
5509ad0997e155b640db5661636513e5ff6bd661994a2b59f24fc7a7612102975eb5103290af3d617cf68dfa987f53465ef9e40eecff68dae78df500ed21cce9

Download Submit
/data/user/0/com.huazhuan.app/databases/bugly_db_legu-journal

Filesize
12KB

MD5
d9c733343e7fbf7aadaccefbfa989fc3

SHA1
f5d8438a996ce1e44367a7ce57dc79ca1d70b8ed

SHA256
14be5533deca2041a3f4a69d529e5aa58c97a8aaffb810892fdf826ff3404918

SHA512
534ccccb91d0f41c3b396b39237d30aacc3de6ccafb29a7d3e02e08ec44f4655105e2e9f2caaf3bf18683c803c3aa51e931bed0d9f21ddd5940b8b6ed92d8a19

Download Submit