c0ad8207d3bdeacf36dc9ba2fa24f12c843a683dbfe7a23480477e2063d9d123

Analysis

max time kernel
156s
max time network
151s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 07:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6dafdcd16ed9b1de12d941c953bbcc5d_JaffaCakes118.apk
Size

859KB
MD5

6dafdcd16ed9b1de12d941c953bbcc5d
SHA1

384706a68ce01681195c93df8218ff5fb8f0b4ff
SHA256

c0ad8207d3bdeacf36dc9ba2fa24f12c843a683dbfe7a23480477e2063d9d123
SHA512

217c9944a065fbaccb7063d43266dc54c41344f66641439bacafd589174b066409c33877d8e5af330d83d9bc69632c7ce4488db76b0e0b03f41259d93078d7cf
SSDEEP

12288:z25RdddddIG5ojiW5HpdaTrxi1gmPLiqOU5ZUWWcZgk6vacVpLJNtcVJWQxDAFja:iDAiGHfav8zTrWtdCJ/DAFjQGPfUTgg

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.xingfuxiaoqu.erlingsiba

description ioc process

File opened for read /proc/cpuinfo com.xingfuxiaoqu.erlingsiba
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.xingfuxiaoqu.erlingsiba

description ioc process

File opened for read /proc/meminfo com.xingfuxiaoqu.erlingsiba

description	ioc	process
File opened for read	/proc/cpuinfo	com.xingfuxiaoqu.erlingsiba

description	ioc	process
File opened for read	/proc/meminfo	com.xingfuxiaoqu.erlingsiba

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.xingfuxiaoqu.erlingsiba

ioc	pid	process
/data/user/0/com.xingfuxiaoqu.erlingsiba/app_push_lib/plugin-deploy.jar	4672	com.xingfuxiaoqu.erlingsiba
/data/user/0/com.xingfuxiaoqu.erlingsiba/files/__pasys_remote_banner.jar	4672	com.xingfuxiaoqu.erlingsiba

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.xingfuxiaoqu.erlingsiba

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.xingfuxiaoqu.erlingsiba
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.xingfuxiaoqu.erlingsiba

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xingfuxiaoqu.erlingsiba
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.xingfuxiaoqu.erlingsiba

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xingfuxiaoqu.erlingsiba

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.xingfuxiaoqu.erlingsiba

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xingfuxiaoqu.erlingsiba

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xingfuxiaoqu.erlingsiba

com.xingfuxiaoqu.erlingsiba
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4672

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.xingfuxiaoqu.erlingsiba/app_push_lib/oat/plugin-deploy.jar.cur.prof

Filesize
464B

MD5
c829092f20bf7d9351a38d62a6c8c7b3

SHA1
0aa3a4ddbddd7d5b5c5616a0715699e3d22e8b39

SHA256
c2fa2f075f042a112a126e533000d02f9311b495ef0438e4219ed7c4546b34e4

SHA512
5dcfa8485ac8378f3b18b633bd0279d8a8f9b8e7ad7572febf568927e03635a40c5b1af530a0c29af4bcbc09e317e93d1baa4f54a81fa4a2b0da8441807b96a7

Download Submit
/data/user/0/com.xingfuxiaoqu.erlingsiba/app_push_lib/plugin-deploy.jar

Filesize
410KB

MD5
1ed16b1d3282f62f77248719224a465c

SHA1
9c2fa945dd3e94cab3670e833a09d07d3107ec71

SHA256
ef9892398b431dceb1977e3f47459f47f9981472fbc3be44995164e4e4473b3f

SHA512
bb08f2b9cd7deb3650f495c60650d7a916d60b1b8a7ee8c995e7cd62afd2eb80dbd3769e61ce63b89d5c358343dae63e1937d715621dfde19840884fab85d764

Download Submit
/data/user/0/com.xingfuxiaoqu.erlingsiba/app_push_lib/plugin-deploy.jar

Filesize
849KB

MD5
e7c3daf2ded513bd70508f9783d1a1a4

SHA1
eeec356bd82f09fe3c2accc7b9e262fc1033f733

SHA256
d02a9a3cfb3e223513fc075a21f8adcdfa6931ee5720d04b8e502db64b5fc2ad

SHA512
5117091f31d6f4d12a67d0572c47c63112ef4d84d227abeca1a037e00f0b60baff8b2449221b9482d2eb4f6b38f4bd45a4b6760cbce690854c5e3d5c41be1e88

Download Submit
/data/user/0/com.xingfuxiaoqu.erlingsiba/app_push_lib/plugin-deploy.key

Filesize
174B

MD5
598042b568a687f07cb8e2f1e675bb2c

SHA1
c4f36c31cdd916e541d4d5f8590e496ae7c65cbd

SHA256
9d89e4f4ff2b98cf5079e6d74bee91047eb4b8678f02955a77f7abc14c41628a

SHA512
59dc37c0b3a769bf2415ed7329f2e5fd9923939df7333bedee86beb55589cc76669ef515512de0d1fd71df43e200a658eb000606b41a90a3bac78e428cb4f503

Download Submit
/data/user/0/com.xingfuxiaoqu.erlingsiba/files/__pasys_remote_banner.jar

Filesize
417KB

MD5
96d208e818748da0a0510994de5be961

SHA1
8f093544c3ce04ef1dc323730d2937f889c911c6

SHA256
9fab83f42fe2573d80524e4b91caffaee37f2ca37f56f6a97a2c626fb7927215

SHA512
55a2b0c3a86ed751f31f96774aadebcf9068a4c3b828f0e1f4e30f0a5acd7a66ef14df7361ad2d9cccfe8f560db8e8cb2c67d9a459a75d24fbf762528f32bbf8

Download Submit
/data/user/0/com.xingfuxiaoqu.erlingsiba/files/__pasys_remote_banner.tmp.jar

Filesize
295KB

MD5
289aa52188b4a1eb9a3a5904b0638ada

SHA1
3efe010f8832bc5ee7df88152e01ef1f446663c4

SHA256
947be2e29c43127ccaa6ab05b2600405cebd5aef985204a4cf2e17ecf7cfaa91

SHA512
34078ccf3fc42c63f338bb9f62eb139d953ad9e0e5fd813465d9f4d37f708fc20d7309897919cdf6be37acbda2669fd6d32ff4a233279e2cd6e2a0ba62cdc47d

Download Submit
/data/user/0/com.xingfuxiaoqu.erlingsiba/files/oat/__pasys_remote_banner.jar.cur.prof

Filesize
392B

MD5
0ae98042c6e92457290b10aaf9185dac

SHA1
1649760ded25acb277a33f70d074033196221ed4

SHA256
ee948401a0447587d9734a20b2108e7257cabcbdaba7230fc8fe7aa8316c5215

SHA512
9e4837780c781d3b6ff3e1329e1d969b6406f06334a89f9181b102964bb71dd9d19e4bc8c836ea000d5a569ddc4fbf4238ad94e943e2367c99d031eccba611f5

Download Submit
/storage/emulated/0/baidu/hybrid/lightappdb/lightapp.db

Filesize
60KB

MD5
2f77f2bfe8cd9cf7eedde4688508a490

SHA1
02f4d728fb6abba4f867afa7418ebaa78162085d

SHA256
9992fa257024a89a5db0493ef0eac1775825883327bb3fe86ac5502a9a9a0d87

SHA512
5033a122016fd7c7fc6d29d42d39f4d95e91a462357637078dcd8659e5a6ddb46adbfda6a1d7d45cbf52d3eddda0eb29a212e169f571da6759b318a3e7d930ca

Download Submit
/storage/emulated/0/baidu/hybrid/lightappdb/lightapp.db-journal

Filesize
8KB

MD5
9b012200cdd5c976a19496928d60e4cc

SHA1
ed3e0ddc3a91a086480772aaf1ba356519ed0ae8

SHA256
1501ebbd10ec9747b17ac4a8385761e3925c22b5f7835de5bc089fff7a1dd82c

SHA512
1b8e3b0ab23041af432b745ecfee73bd4aab6ab7bdc839da771754a871e3b14aa0ada756cc500b939193d2b26281735f0787b15bf7171b1baa81c791ebf3236a

Download Submit
/storage/emulated/0/baidu/hybrid/lightappdb/lightapp.db-journal

Filesize
8KB

MD5
a22c305e7b2e63c823c7d51d7b6e164e

SHA1
de97dee0a429500cef6bfd9f12ba654e76d3f612

SHA256
8a83cc0e93f04d084314624827f081319363a0ffaefc88b61af9f4fe0a188d84

SHA512
e5aaa691dcd753a7f9f20d6ceb8ef1a001a6e5202ec458f6c900364f496aec2806e656d79a3d91870273db327f98e30dd85a2ca5f15bb6f758d51ab0b7d1746b

Download Submit
/storage/emulated/0/baidu/hybrid/lightappdb/lightapp.db-journal

Filesize
512B

MD5
e5591b77fa500728dd88db33d6a42811

SHA1
ae629ccf92757d0eebf4d84b3590b5736dc1e16c

SHA256
a4a6e6c14ebc3a7d252946a14f4d0c224fe9931a1c834b522bb990bb9d1430e9

SHA512
38efbe1781370330107a9e27fdf087953e36320b5729a2473ae41f86bc0e84872a46de2f6d9fbbd87074273d912c302e85dce482ff3f0563de21df037eb39f8d

Download Submit
/storage/emulated/0/baidu/hybrid/lightappdb/lightapp.db-journal

Filesize
8KB

MD5
78fb375afaccb43245847aeead3df820

SHA1
206a310c4e0ea564c3327848b4d5b1d0b0e830ff

SHA256
47c46af8e7a37b6c34e73855d0939b73712cb478fc37427aa2d86879400528f9

SHA512
168a955d968c697c99511c4911441abd22c4ff15c27c6d8fdfc497beda1ca81026c80a2983056aa584aa78ee58e5e602498f61bafc2397837215efb34deeecd9

Download Submit