4f77ed49690a79ba5485c28df81beb3745b8bc6fd639758c4492ae249214f160

Analysis

max time kernel
23s
max time network
141s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6dbe032f61ea2c0c4d682546ca422c2e_JaffaCakes118.apk
Size

12.3MB
MD5

6dbe032f61ea2c0c4d682546ca422c2e
SHA1

53d3135157c8df3fd1b21772d3b14f60933356ba
SHA256

4f77ed49690a79ba5485c28df81beb3745b8bc6fd639758c4492ae249214f160
SHA512

c40f8a0a24ea5ded7aa431ccad8d8269e7ccb6e7aa93839ea1efd2dac24d3358def3ba4b575137d90750fc3dbbc4cb47ec50e3f6e372335d4d4283169e8e31dd
SSDEEP

393216:CngAj10YFvySZ7EEHmM8RuBApMmbgeAEbw:CZj1RFvySZ3HsuB6seAEbw

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.estrongs.android.pop

description ioc process

File opened for read /proc/meminfo com.estrongs.android.pop
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.estrongs.android.pop

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.estrongs.android.pop
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.estrongs.android.pop

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.estrongs.android.pop
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.estrongs.android.pop

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.estrongs.android.pop
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.estrongs.android.pop

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.estrongs.android.pop
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.estrongs.android.pop

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.estrongs.android.pop
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.estrongs.android.pop

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.estrongs.android.pop

description	ioc	process
File opened for read	/proc/meminfo	com.estrongs.android.pop

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.estrongs.android.pop

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.estrongs.android.pop

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.estrongs.android.pop

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.estrongs.android.pop

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.estrongs.android.pop

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.estrongs.android.pop

com.estrongs.android.pop
1⤵
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4299

/system/bin/cat /sys/block/mmcblk0/device/cid
2⤵
PID:4360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.estrongs.android.pop/databases/notify_items.sp
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.estrongs.android.pop/databases/notify_items.sp-journal
Filesize
512B

MD5
f5ac99f76f2e76d051207984e5d2273d

SHA1
e16bb64c94a320587417ae650f7346338ff5da2a

SHA256
aa5b315002ed10779c34d3e6cd4cd2e4707be49e7021081f8727fa2353838bf9

SHA512
236cc38c624a986e92c6c2181d5f02ffee87d3ca64fd9c8f534122e89f8566761e3531914f39712883e1090ba8aa3221a7d712369929705f303e13fc83c20e1d

Download Submit
/data/data/com.estrongs.android.pop/databases/notify_items.sp-wal
Filesize
108KB

MD5
6a2057eb3d81b3d57379334a4f349100

SHA1
f02b7ba16264e04bae79a65aa8f6012b62328dd4

SHA256
9b21fe9ac8e60a1ba38e9d35c9378f71a87fcb041788de70f9f2fb58c759efec

SHA512
34aaaac4c3b0bafc6246123747ed195fd06842c7fe5647f7d7a0ff7375597335d449958cc3bf585f063e8b81a920f57f49c5494533a428fb86de2c9587feb36c

Download Submit
/data/data/com.estrongs.android.pop/files/__local_ap_info_cache.json
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.estrongs.android.pop/files/__local_stat_cache.json
Filesize
605B

MD5
6f8f004c60fc207aa19405f72a85401e

SHA1
ee6543fefd312fe276f7f2955956719673c82959

SHA256
8ac805678666845d2a6952a33bc5a6c3480c4004b8189ca4e5c34787912fca65

SHA512
bd3cd9d737dc1949597bb3513644ae267740b9a787216b14d8ec6449eb820e4963d4bf87044ebe8068045cb0b901510a86a841322ac12f0d14470dd9e29c46ae

Download Submit
/data/data/com.estrongs.android.pop/files/__local_stat_cache.json
Filesize
523B

MD5
cb03f31eaea020d09d29f541180205b6

SHA1
3a3f5dce390b109e7fe3633ddc59235e7d45cfe4

SHA256
b5f920780b02ab2f4fcb8b5439e72d7b862f4e3eb7ffee2023ba3b33eae52b99

SHA512
6aebde24868b27246b4dbe58b24dd658df266af6858cc358aafbf9b8da023816721d47965100193e66a923318976bc5fa9d0bce3534cf736d7c02feae7392f01

Download Submit
/data/data/com.estrongs.android.pop/files/__send_data_1716535633204
Filesize
641B

MD5
77baba1028badae6d0a3f491c6753e20

SHA1
3d8aa6cb2ae173df059f92c63b5d096577b37e7e

SHA256
2e6b56b1badb9a42ff8e2ef1ea380cd3182d3deffd02cece46d4e08b956313bb

SHA512
532ba05c5f8b97888a20bc3db6e757ef145a49faa08222fa15e0abfa2744657e414c39b1b701bcdec8ff37a0201f51a454d30c16ab44d5785de25065133e5ec5

Download Submit
/data/data/com.estrongs.android.pop/files/libcuid.so
Filesize
129B

MD5
a482019580d84a8735dbeb068d568aa5

SHA1
ab784853fde70c888d935ae3a3b6d8b329eb372b

SHA256
037227e2b13f4c7ef9f63650acfea5ddc0e5a80f13024ddbe0f83c6aa23e7ba5

SHA512
3d1412ff5432b5afd79981786bec0436d3b61cab020a4ad1a09ffe9a807e21e25d70c24ec683b20a3f53e7c3b2298a3d90f632c89623f17303506981845230f2

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid
Filesize
89B

MD5
c73ed47be7ef94a64c618481f6445399

SHA1
2c3e0da143cadf93748e85c556b6ca8d6e0c9867

SHA256
f7824cdcebf6ada184881fee93251b861bf41598e258b1f3d06d6fd6a9b5b377

SHA512
6ba6169e55fba10a538525c7e925967a631755e2c7b50dea75c115bca6b04ac1ea1ed5ea1daffa2fa81e7601d5896fac9174096da528ff26a0f0f6e1ee5a2527

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
24KB

MD5
20b4c5a4e7944c6575524b67929456e8

SHA1
8c00624e72d53734b11bbd36d92523e4d80ed5b1

SHA256
269e0fdb977c639320baa5a0f88db814d17c1058fe5aaffdfb723764e5029f69

SHA512
c4d54bdd070a8c6b8e8be330700b75c278cbebe6f2325337dbd958b2604b81f9d23e27a537352abf1c628e35a88818efa0c37b6b796b16619754db62f9481cfa

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
24KB

MD5
04cc44d0b470dc2f2d2215a3cecab7aa

SHA1
abe8d30f51f0d4e5a1f3fb33e29abb0faf50095f

SHA256
e94558b81efa3dc043e4d49cd03963dd8b61a24d61322081bcd2b855f206b45e

SHA512
d202ba85a36ef6d3f82838e979235750116571be50d3381624a641de06c6221578008d152c85033739b7b6ae3f492ec4874a57137edddc7c95ad23fa541f91b4

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
28KB

MD5
89a69a771137e3a4a3ba77a84f0f2363

SHA1
46c00ab3e7ae5e4ae95013bd263dd0cc323e8963

SHA256
a8e6f8b51a1b9242d2eb71dd48bf6179bdbcaaf2fe061e99504f4796468919af

SHA512
5e9fd1b4980a41cac047e3067ba68f7c60c91b1aa28297f5f154e373bbcaedc642ecc633eb7996e72b7aeed763f1068acd9338976a2c0ccbd2748599793950b6

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
36KB

MD5
4f885064b4bc5b7dcf5cb791f23d430d

SHA1
93ca1a87b8996395294ce3e6c548c0d750f3f154

SHA256
70a6d86733f0f0ac11f2697c25170d288560dfbedb988b9ce1aeb7fa16c835c8

SHA512
a6a963aab8c382abe6249ee605f4d90349ebcaa3a63ed26f987cdbafae888d82325d6a72f129af49f837a3912c0d5ee6b5de66de10711c29c13800abe80544af

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
20KB

MD5
048c73f536f234f0ad0d2fa8bdbda899

SHA1
dba2e666721e0b0988807b8bb3ce0452dad3448c

SHA256
f1a64586ce75e770e2f36a7ef6f7419e26ebb9e9e786df3c5adce50a196d2d07

SHA512
6ae398c682724f0008ce47cfc790a7ad3dd7cc801fb3a8a692d28da5533ea7ed830ea36933bd3e3219fc8cbade90f073c2c418611921bc7d6877d94b6745c4f0

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
512B

MD5
1ffd16efdfd04773608e8245aa34ff57

SHA1
04be7678d6fc860863ef19850522e06d92eaf8da

SHA256
e3faf5131e01392072e8a5a2fe33ecc66e6016bc9d282bd4f627ea5ccd448623

SHA512
3917b7ba513b357ce56a01782dc5a612d8407a34e5bafb9032eb190e56abd18d5e582f77e5bffbda1b370fcb6322d552d5ae8f7e6241374b249fe4dd7226e684

Download Submit
/storage/emulated/0/backups/system/.confd-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
12KB

MD5
2fb25eeebf4770b6b93af36665fae16c

SHA1
114f121a6257a75a6f76d28cea785265a70381d6

SHA256
c418a320fe1c380617ca7219b6f02a5e1ea9c2cb6699ea04bf0143217350d43f

SHA512
4ed91640b25e6a7a6118acdeb205d0bf0d53a6332fc0b3aa17e0f69bfb6734e3cc721f48f2811b5e52b3b58d4e3a3ea51cbf7708f1ee63a5b8dc2080795d9925

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
8KB

MD5
c90eaa36486e8e999227eb27c064933a

SHA1
afe0585fef7d1da00d918d77db8d7e3f3eba96e3

SHA256
aaa9e20fec7ca24157a6fb6929b3940fb0230359c03f3d0e076091e690ba637a

SHA512
96d8b1b93e485750700df8ebf4fef04fa21471c0421d0960e1591a72e6aaff852d1acfe6780b88bb63cea7c0ab60e9b8ccaab53c138cfb41860cf054b6be3c9b

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
20KB

MD5
b510835fb410416d6e49a0737812b508

SHA1
dd080def13f5b402f8e5572add37bb27c517727e

SHA256
de6773e12ec757ec1983758aeb68fe205db9027dd73be5f057ce403b0f4bf5d4

SHA512
b02c884f538de18ea78196b73d0dfd723669279563f438b6bc46b833218b6e9f877909b81c5b4a757c5492ee72839ee481d7a23ac67e98633a3b2ed571a1f745

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
20KB

MD5
da5f0e7447f7c5227d606d85c75282fc

SHA1
9662a9ef2d919ad4a8f28e5bd8a869c3ff07c0b5

SHA256
62543dc0b0f78a879e2529699e9414a0f7a7cbb110acf62fa242c6e72abe5ff9

SHA512
3d1154774ca2d4d12c265a845b9c547584e5e280666caab2b8ce2bc4e826697fb6698673062ba1b9e3030b8ca13e833f0a45deda4e177a55e5cde5d0189271c5

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
8KB

MD5
887d7dc471bdf7be78100e64a6877c70

SHA1
fc629fe304ee5feb1eba537d95491e2cbce9ba2f

SHA256
5fd4d4705f56765dd6a7e759e318c366ac2ec9bf41d7bc1b69a9b10c3e12be76

SHA512
728c477dca87ed271ef808a95cb79d0ff639786e23d90c38a0305d1e196230a32602e1320a5d4f8138dca18d5eaa2ad444778e99790a47add21be772a59ef76c

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
20KB

MD5
658641298e5eca04bab18234bd654b4f

SHA1
3424f11c35bef4c6be9a9df49cc59e850077feeb

SHA256
dff953b6b8f9c5928f90fc77b82399846f3383c508dc3dc8b4012caaa2386f5d

SHA512
b910ac9ed9130da9e30e1a974976ced8d5941514071c76d783e954285837b7d4567072077bb97ca032587b456b288d46b37fa9096412a2d275f0f995addfad70

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
8KB

MD5
ae9f12f7b8c6310155afcbf13136fa3d

SHA1
4edbbd458d6547e630b648a1d3162fb026f4884a

SHA256
fb76f8f7f850c02e39eefeff9546bf5c9daf9ddd9f6b23d0882ada9253bab2df

SHA512
4e1657ebe43cfe4625dff6bbbd6e137d0a6ca886c90660ea5a73d92d0b853c51da90c1e65983edaf8f12f5cd3e165d6eb0a15a9c7e2db24435eca711bf119db0

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
36KB

MD5
319d03940d3de6f670992a5f4765242d

SHA1
14c5379d29acb332dc7ed973338bfcd2c9c72fb7

SHA256
a026df8fb47098f17ccd08848efb7cb8d785ff760833e298b0552c19382ceec1

SHA512
c819faf5512ec18a5a6d57f86a0ed628e8069fbee77668257aeb222c24ea9c7c423fb30825b603d286c63b9d6d8361efd796beab1762916c8643ead7e9766c9c

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
25B

MD5
3f8e22f1759eb065118ccf2de2be85d8

SHA1
c11952c9d76082d8c3c82398a01dee023d0a9a63

SHA256
c436f1e465f0fbec2b58aadeed8bf6f9ed179a6e72e3429dad4a94acb16031da

SHA512
3e9cab038d5f44925284ad17aa912dc38341eb9ca247ec4c0f30b1b87b96e1fbb94b808961f9139e03efaded52aba144949297a5057b05bc84af46ca89d96ac0

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
55B

MD5
72824677c83f975c7af4e72beda3beff

SHA1
fa6014a7a0992e4a9227c49a2a8e0bd082836051

SHA256
be3518044826b1b41d3deeec71d27675b68e7383996937e04e10c0da915185bd

SHA512
b9e24f46d742c1f12f315dff2e8fcc79d08e04a8157c78ebc061bf85fb95645771d1f7ceded66ed1d0d35edd05199150512941fb1288ca4e7afe33ee68de53cc

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
84B

MD5
7c67c7c7e328c3203db4d8cf94f56074

SHA1
8727495fbba5b9a552dc3ee7e7b0ebde864d91f9

SHA256
2486ca2c0f3800ef7ae4ebef13e522ea89f79aeb5e92e5b384353338864b1379

SHA512
7bf3d0d7b685e107b9444a18c8ba81263913f10caea43dd4048fb2a92fb9bfe4c5366eaafcefd89c9c3aadd32f73093b3a7e442e6310139f7d85e405bcbdc443

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
114B

MD5
52907251d4cd65a33afb3892948770fd

SHA1
8f211c29bab461a2a1eea35d8975b995d5c87b31

SHA256
4f88e7db9876e92042caf9d187f1f787a6da40cbed2a59f49a1a5a18dd127ad1

SHA512
4db7a36f65ea7377af12b5e12837a2b0f125234486fd56b226698bc2a29875019187157901e880db399a1aab3ceca57b863ac119a367daf6f8fb8695cf4d05ed

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
138B

MD5
8273613f2758c5af71307eb2a667b2eb

SHA1
42996762d60c6ad27bb6b4f0a5a559bf6dd91424

SHA256
74eeeefc4dc4569723c2ff66d824acb926816fffdd24bad618e133fcdc422057

SHA512
6df6a54f2602a0b8320bbcc4da08889286b0e7b5d7e4cc3c1a02052349971384c4ffe000995e38ba75ab7b48a8e0b6bc5602e794fa87cbd5e0dc46b7cf8c013c

Download Submit
/storage/emulated/0/dianxin/notify/.cache/846b/network/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads