4f77ed49690a79ba5485c28df81beb3745b8bc6fd639758c4492ae249214f160

Analysis

max time kernel
24s
max time network
155s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
24-05-2024 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6dbe032f61ea2c0c4d682546ca422c2e_JaffaCakes118.apk
Size

12.3MB
MD5

6dbe032f61ea2c0c4d682546ca422c2e
SHA1

53d3135157c8df3fd1b21772d3b14f60933356ba
SHA256

4f77ed49690a79ba5485c28df81beb3745b8bc6fd639758c4492ae249214f160
SHA512

c40f8a0a24ea5ded7aa431ccad8d8269e7ccb6e7aa93839ea1efd2dac24d3358def3ba4b575137d90750fc3dbbc4cb47ec50e3f6e372335d4d4283169e8e31dd
SSDEEP

393216:CngAj10YFvySZ7EEHmM8RuBApMmbgeAEbw:CZj1RFvySZ3HsuB6seAEbw

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.estrongs.android.pop

description ioc process

File opened for read /proc/meminfo com.estrongs.android.pop
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.estrongs.android.pop

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.estrongs.android.pop
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.estrongs.android.pop

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.estrongs.android.pop
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.estrongs.android.pop

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.estrongs.android.pop
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.estrongs.android.pop

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.estrongs.android.pop
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.estrongs.android.pop

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.estrongs.android.pop
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.estrongs.android.pop

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.estrongs.android.pop

description	ioc	process
File opened for read	/proc/meminfo	com.estrongs.android.pop

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.estrongs.android.pop

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.estrongs.android.pop

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.estrongs.android.pop

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.estrongs.android.pop

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.estrongs.android.pop

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.estrongs.android.pop

com.estrongs.android.pop
1⤵
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.estrongs.android.pop/databases/notify_items.sp
Filesize
36KB

MD5
24c62c6aeb4caa44ba10d7a88804cfb7

SHA1
8d8a5b28db2bb23fc4c26800b340dd8ae1ae4a20

SHA256
98d78f40a20e83be95a9621e251320107877a92eae7f4d1ff0cd01619e8766e1

SHA512
d01ac45ecc3649a30d14be5b39124cba1150334f0577bcced8025ca6ff2b7423ded3ac7a6ba37e15a0ab807fcfe08761bffae0aca63fd50fa5a30ffcd9cdb247

Download Submit
/data/data/com.estrongs.android.pop/databases/notify_items.sp-journal
Filesize
512B

MD5
a31c324b5e941c08335bdd0265a24bd1

SHA1
3f2708e327207f83d54a87d56bfecc2d3d889c90

SHA256
f32eb303fa887a08a30c671c9394a7c9648f94cc7c734c707c8efbee02edd5d0

SHA512
d1a16181053c1e2bd0227aa4e88137bb9b8112a63c0f8c4cb814ead717f4cc6b753b46f28a73f52d1f8bc9e41e479b9bda4eec6effd0bf3d1085f805b193b757

Download Submit
/data/data/com.estrongs.android.pop/databases/notify_items.sp-journal
Filesize
8KB

MD5
a27679365686c87c3161a53a9e0e1c7d

SHA1
e11180bdbd4c154ead1073e3d94f2ef0b97fd1aa

SHA256
72974aab872313f9e56e9825c41fbb6e4987cb970f7fa992d7570db6ae38c890

SHA512
324fb26d5d59ff95c37ab8fa730920cf590d2b63d91cdb6efd85e95b43fb63fa1e09f2da8919df7ab5774137311609e8633a36386f3f74f7309a48749d21042d

Download Submit
/data/data/com.estrongs.android.pop/databases/notify_items.sp-journal
Filesize
8KB

MD5
e6a2821895567739b137f549954cc40d

SHA1
204313d6145d23c3c2b2a2ce7cf52d279b060b2d

SHA256
a53cfc6276b2ca225b7c531de515a6b88ee6c8b69a66c5ea5b364356f57f1799

SHA512
cf9ec6228396465c4906483a0d75d385a504e84a4147be221dca2df6a00a8b8ae8ab4c91d5ca8827936b00a1e00fa41a9bb1202afa07c0695757236e082c622a

Download Submit
/data/data/com.estrongs.android.pop/databases/notify_items.sp-journal
Filesize
16KB

MD5
86e8526395f497b195e71676b37f68a8

SHA1
1aa8390e82ca10b872651c4be3ee5283a427396d

SHA256
d988fae8ad0bf10e1633e3d778240f7c5be40418a1507966cff97199367673c5

SHA512
44be9695a79c3f7a562772e974838dbb3e32e47092ba11bd68bf1e28170dfff23245bbc019bcaba549200df2b0e882aa44487d45e70d5ddd5507fff7f79be5f3

Download Submit
/data/data/com.estrongs.android.pop/databases/notify_items.sp-journal
Filesize
16KB

MD5
74c83f68e5ec035855dc0210bd1ad106

SHA1
3343261421ca5a86e5127ca90ea228f0ec1eb294

SHA256
101527c0aacf4d829f086b97900a3842119921ef62f8949d94063ee95adb2375

SHA512
a0475910ec818e6b1fc7e9ff94b25fef810dc16f638202baab6a456c44bc88e3191aa60f84122f975c5be8975f27ace1212361d740b91de505c4082eca3a2152

Download Submit
/data/data/com.estrongs.android.pop/databases/notify_items.sp-journal
Filesize
20KB

MD5
46f92c450f971609d3cc0fb8e1038138

SHA1
352686eda3f21da53cd962703f7f2258dad90d40

SHA256
acdb8e0cd1a897ec069cbafb59b99c0dc94359daf802557906fa84e005916230

SHA512
58560633cafe1b24f1810853aebfd088db8a5d283cbbb26c5a83fca07c4709bff39740645e961daef3b736eb983ea251f8d214008231243b5ac9deee12fae8a9

Download Submit
/data/data/com.estrongs.android.pop/files/__local_ap_info_cache.json
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.estrongs.android.pop/files/__local_stat_cache.json
Filesize
496B

MD5
476a3cb6f249856ae517a845985141ea

SHA1
d9d2913bca0c3b071bc81c163b44b9999ca73196

SHA256
47cebbc578ece830534a0b923565af26de6e5639151c8d085794349e3c96180e

SHA512
764dbc7c01ae138fa512fd068a660b775b8bb599aa3cd5f8a24b9dcf30a2331d0577b429dc1864a67fd095a562bcb8102b8a31cf770e75046890003e9702013e

Download Submit
/data/data/com.estrongs.android.pop/files/__local_stat_cache.json
Filesize
578B

MD5
d8be852f458d091a37a98fcd171cd8dd

SHA1
823d9dd5eff268af0b0e70eca4b3d08a6827d093

SHA256
737fc4db5a2d3f9ae051e17a3828b7f9810d57087d91f413bbb15f517e05293f

SHA512
6d06b6f5914dc29f8272ed9a831826672ee41c9ae372c4f3a308e25c3ad5e9f9cb869452842cc2870b17a150c709233aeec6e2f640deb08dd98b99d5b26f3a45

Download Submit
/data/data/com.estrongs.android.pop/files/__send_data_1716535637421
Filesize
614B

MD5
8b74425b3d51b899730de650259dd664

SHA1
9f17cfc6e8ea775b798ac75e5258c6073c2eef16

SHA256
2111c72c0f745cc2a8477598e1a279ce99db089d23ed093e6383ed7310c2684f

SHA512
240dd2fae263acea42ab34575f2e967d37f397cc8a30444f86ba12f511100ed4f2934b1bd6e9a8b789235a2422c05b9218bc4906c3525da21840b3f36743743a

Download Submit
/data/data/com.estrongs.android.pop/files/libcuid.so
Filesize
109B

MD5
36da364b94c56d09c72e6729482db0d3

SHA1
a86c1036b84a5e5f6667bf48923a3df5c2cef46e

SHA256
739e76451884723be17fe1a5f28482b2388c1964508cfb5216d516b7e7d652c7

SHA512
6de832aceb92d05e5592f60a7d21de08f483e47fad73a64cc722c992b78f87c372fef62fef12ba28c4db4dad73d915f668a4b54add0917b4f36bd37753729801

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
24KB

MD5
e833300dd2e1df29b95a9139e1e6bca1

SHA1
e0158acfa7495e2fc2bca567d0a4196c94d0ba9b

SHA256
67e386e6ca8398d959d3dbb45f5dc06f205c2cc4f68958d1e4fedfb5c423cae9

SHA512
4c14c4e57ed780de2e8a1e921ac090c4e84068552c47b6e260b47b84bfdbba047a7b84e1e6a77dc4b8ce7a934ef9cc7ce31bef72edf9b2c6493378c7210800b8

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
24KB

MD5
f3c91a779116d318cc885206da91aa52

SHA1
cf08a9e7fb56cfea3351c7ca2df5f5930271cd14

SHA256
2149f5cc1cb334a83fdb24680a8120565efefc95cf21cb25033a858902675edb

SHA512
612e0da8543449aba128e38c6a998bbf8a3c4458bb691c7fd3f50fb461d14bb8c15467357287bfa834bdc4a8da29583fff65818e44104fbfce1cabb5b276236d

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
28KB

MD5
2f5d119d5abb004f56f97f6119ff205f

SHA1
a7cededcf4701b98795e023382ee1f4625236b45

SHA256
f7d70a5398439b3fdc39ccd6350e121dfec545f22c0ad10cc6afc8da48ec3ac0

SHA512
390831a88f1ce75a6ac9b96a371d8fba8c84e7dbccffc9515837777f2b0fb3067ede059a7a34c9c1b2cd8fc81f81bcaa95484412ece307df259fe068621403f1

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
36KB

MD5
7078409083e10d961914b17813247c5c

SHA1
0f7b1ef048150d03cd35d8c7b952ec00bc5efbf1

SHA256
0d6088fd5214c876b4fe5d1abc735bbe1071c316a7c1f51583adea777def2147

SHA512
1c089d70b85fdc4c6d370db7f89df3c5860520856736bd36eb282fbca6dfea7b3b849c1b1a6516ee1adfbb6be24c2183591c68b56e2d6916f3d47bff98dcada4

Download Submit
/storage/emulated/0/backups/system/.confd
Filesize
20KB

MD5
826d5e706922799591873ad10d261b23

SHA1
01d46a29ea4a338669f7753a50a19d6ab54f5c4e

SHA256
2418a7e344c022770996b8db13d3bb83ab784ad167c1c1f40f2689a4c2c30028

SHA512
1b143edc7b49f7289fd3e7a52ee0a90c72bbdc8fda7825b3d854f94232528e6c8f920470ae7552881a32c3f4f2275e670e4836f3bface35fd3150edfb1c3e815

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
4KB

MD5
6c6a2184beee0595eb51794a6000956b

SHA1
e423b5fb438156e66064591d5bbf1f3c2eefca6d

SHA256
29157015e1cee780e5bc0d084acf2e1e7c22d9388921ac737ade267f214e6213

SHA512
9cccecfd3d1a9d574b674ba8c2cab43b4f45d55e470705b1c235dfc08872aa3d458b304157824cdd06d0b2e862d52948cc89f6c02fcc9961b37149294c33fd47

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
8KB

MD5
bf5f8f366a34579ce3095410f2c9adb7

SHA1
3e3ce94a1f161f9520067a409d3989efef3f8aa3

SHA256
482800e4a52331d534e534ec9d92a10599a92596457f92739b5b61b82625aea6

SHA512
cf225d58d022baa7b165b2aa411b18aeddb941afe7fed06699c82c4b11655531441fef6f61745d5fc3f8b989fa4fc3c484acff551e2f9d8575cfbb871cb339bd

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
8KB

MD5
36e9455798bd7a6fbb41d6463de219c1

SHA1
b6eaaabd4e97c52797b15332f809ec68eb238f1d

SHA256
ec3330d50a295043832f1c646103cffcfc51b2880395e754c80ab73a09aa3894

SHA512
689791385f188ea4d5972d2308ccc62b579f557875eb09159cd5fe539abd78b938adf44802557581369430decb0f580b4fe09067ef358bf9a97e207568758e31

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
16KB

MD5
a0fe79dd6e180b29010177b0ad9eb298

SHA1
209169d580f2ea1d96d78ba26b9b421f1e940275

SHA256
9a5e4b29d722fd6f577e4246312c3c6fb99b2a8449053df3efd559c2c46e662b

SHA512
edc3bfd7ca819084941ace1b574aeff902ce71067110e2942b3b090277a616800ae2dc5db671c9959843504518d140a5931d38d1da81200a9d723fa1391c81fc

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
512B

MD5
fac7a019d8ddd514092d47a90fec5a08

SHA1
2eb896cf3f9259e108dd1958abd1de038cc5b3a4

SHA256
d24485117e332901832539136f924fb50c9ec9dfeabd4b13d13529b06d60fb6b

SHA512
94e679b10c6d5075b57ae929656aea8ab29a1f58310687acaf335fd2b6607ccdf5d95600a3bb880cce6f0e192484ac648b0b296edb979ca2f56650bb5dbd8b37

Download Submit
/storage/emulated/0/backups/system/.confd-journal
Filesize
8KB

MD5
474d9a15af28df18b425a8dc991536bd

SHA1
85eb423288a87a1f407484ab190ed23b4cd4fd0e

SHA256
8044d21a261f43a81920fb713c0afe35081e99acaf8a71d8f2c151ae8f12e7bb

SHA512
beb7070cd281b3bfbebed20f7ac8c377a6f97927b7e7339f7c6dabf992166d687f7e8f441429b293b0f8e7be6fe370aeee0d0a6c46de0a0b04fb64bf3bcac750

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
25B

MD5
3c73be00ed0a49013d5010c84b32519d

SHA1
2dafccb249c5a0febe4289e5c675c12ae44d609c

SHA256
ea539d13436cf86057d0931c88587de09e35fe276a8ef4a2b33a781ab416c105

SHA512
1ea7bca58ea68227ccc2ae41a4680e437bdba4be7275338ee3d50189efe2af0e0050e3578c0f6a2d2d5f83c69ab0bb7e3267fea745e82f393f233d7b887c8e99

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
55B

MD5
05c612a10b984bf9f94a0e9c0ecb15b4

SHA1
a77f6ed895da3c0dbb8e27066322f83e8d4564d0

SHA256
5f5ec1ce17bc734304283887940e99d1d7f25ce275c60f4b52711a176d1f9967

SHA512
bfa2baaffd0b20c061d51ecd86a8fb086b4455be7aa86e012e98d7194555312162b954a4fecbe1adcaa69277e9b103690fa3c5ce3dc5812cb9e1565e9e77f887

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
84B

MD5
dadaf232d54c047ed01006eaa06a1564

SHA1
61357cbdcb4e1d2cc0315af9eabae8eb7e169018

SHA256
58022a37073ad6e6a0884fe5d6cc0e0e85a560fcc227ad35f46d9a7111c4de1a

SHA512
0162ceb2eb8d37a1912e9ff83f4ac5e6b4dbc675d810802d3fedfd11cc372941aa272193a01d20e8359902b88bf99638329e39e834ca2fa2bfe209740ff13f24

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
114B

MD5
19e183384dc6205cc6d7b697d784a719

SHA1
b1438fa57d0bf3f711fa55cd880ceecf30dde1a9

SHA256
e6abcd7b41511afab10e305da156b74d982f4e338a82a8d86482c3c458998321

SHA512
2cc576bc9cc2cdd50aaa1c899ec764922bb901eae4a6fc3d05955e4a59679b5fe9e453b4da63f54510322cdfd0f7926eb45416abc44ab6d9b9c6fd733df046f3

Download Submit
/storage/emulated/0/backups/system/.timestamp
Filesize
138B

MD5
f1484b15f86a100495d2150d6da666ab

SHA1
faffa5952548b8a373e4eb8c7ef709367ef1d0f8

SHA256
f2e7e0d0e141119c3246c5624ee1eaf2829044951c1a01d0a5e0054dd6acd434

SHA512
c3708040a42443ea31d038e69cdd9ab5e7a79b6fd3aa6055a86c06ed18de56e8d852ae95545d5fbbef7488034743135f1188fb46c1a7d88354554eb2ab9baf95

Download Submit
/storage/emulated/0/dianxin/notify/.cache/846b/network/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads