1f748f4f923820776d411279e065e24acece9d2bd7d1a620289a2026737d55f7

Analysis

max time kernel
12s
max time network
148s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 08:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6deb68dbba0c53bb20bbababb3879df7_JaffaCakes118.apk
Size

20.6MB
MD5

6deb68dbba0c53bb20bbababb3879df7
SHA1

31b94616c9564344a40e12483a8564fbcfbf2e81
SHA256

1f748f4f923820776d411279e065e24acece9d2bd7d1a620289a2026737d55f7
SHA512

98026e3d17864011a806076d896a55c4bee641c944f13456286fc173242369a6a608f690475c129d3d284646fa7553a4435c11e4e0cf449692cab7b13aff571c
SSDEEP

393216:15de5Yf+4PMrYeF7ueD/BGN9h9CAGk0KpBtT4rFvdc4rFvdkbHUcbRLxojV:bL+4PMrYs7ueDJG3hQAGk0K94Rvdc4Rh

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.taojinjia.charlotte

ioc process

/system/app/Superuser.apk com.taojinjia.charlotte
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

/system/bin/cat /proc/cpuinfo

description ioc process

File opened for read /proc/cpuinfo /system/bin/cat /proc/cpuinfo
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.taojinjia.charlottecom.taojinjia.charlotte:pushservice

description ioc process

File opened for read /proc/meminfo com.taojinjia.charlotte
File opened for read /proc/meminfo com.taojinjia.charlotte:pushservice

ioc	process
/system/app/Superuser.apk	com.taojinjia.charlotte

description	ioc	process
File opened for read	/proc/cpuinfo	/system/bin/cat /proc/cpuinfo

description	ioc	process
File opened for read	/proc/meminfo	com.taojinjia.charlotte
File opened for read	/proc/meminfo	com.taojinjia.charlotte:pushservice

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.taojinjia.charlottecom.taojinjia.charlotte:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.taojinjia.charlotte
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.taojinjia.charlotte:pushservice

Queries the mobile country code (MCC) 1 TTPs 2 IoCs

discovery

T1422

Processes:

com.taojinjia.charlottecom.taojinjia.charlotte:pushservice

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.taojinjia.charlotte
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.taojinjia.charlotte:pushservice

Reads the content of the call log. 1 TTPs 2 IoCs

collection

T1636.002

Processes:

com.taojinjia.charlottecom.taojinjia.charlotte:pushservice

description	ioc	process
URI accessed for read	content://call_log/calls	com.taojinjia.charlotte
URI accessed for read	content://call_log/calls	com.taojinjia.charlotte:pushservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.taojinjia.charlotte:pushservicecom.taojinjia.charlotte

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.taojinjia.charlotte:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.taojinjia.charlotte

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.taojinjia.charlottecom.taojinjia.charlotte:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.taojinjia.charlotte
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.taojinjia.charlotte:pushservice

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 2 IoCs

evasion

T1628.002

Processes:

com.taojinjia.charlottecom.taojinjia.charlotte:pushservice

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.taojinjia.charlotte
Framework API call	android.hardware.SensorManager.registerListener	com.taojinjia.charlotte:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.taojinjia.charlotte:pushservice

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.taojinjia.charlotte:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.taojinjia.charlotte:pushservice

com.taojinjia.charlotte
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Reads the content of the call log.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4263

/system/bin/sh -c getprop
2⤵
PID:4303

getprop
2⤵
PID:4303

getprop ro.product.cpu.abi
2⤵
PID:4519

com.taojinjia.charlotte:pushservice
1⤵
- Checks memory information
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Reads the content of the call log.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4441

/system/bin/cat /proc/cpuinfo
2⤵
- Checks CPU information
PID:4658

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.taojinjia.charlotte/app_crashrecord/1002
Filesize
245B

MD5
2cfd754f8e9a6f5c78b657baeed75829

SHA1
b55dbe74d8bec5690a3ca1c405b518fad1c707f1

SHA256
f605383f154b0337352de622ab3c70cf0bf1e3434c6fa75f00169d9b030ffe9e

SHA512
a82cfd8c4a8b11fc2f7feb6c1454184e13d1205cc3c8312cf9119a55104ca446368d64488337cfb525154a626d3fb6d5a2c971ba50a73c3bc491dfe8616b60fa

Download Submit
/data/data/com.taojinjia.charlotte/app_crashrecord/1002
Filesize
233B

MD5
d154baf320c6a967abd76f98608a6b36

SHA1
b10c0b076c260a987b7d62649346334adf2dbd27

SHA256
9ab2811cbadadc1edcbc55dbc1eb5c5cf719f5fadb9d7012bc601c6069a9f987

SHA512
b99193ab070bad972c67db3777142ce8231c1c53245e3942e3348053916a1069667dc0a0be6b80d9cc4c03d8f601b34a9c9965aa02fbee92fba8095288b14677

Download Submit
/data/data/com.taojinjia.charlotte/app_crashrecord/1004
Filesize
233B

MD5
fef7bb790c5bc640005f5abd381e8058

SHA1
001de2db7f15e9322e8f98f1dfd02ca200266293

SHA256
3f673ac650788f22bac8d84b39298b81704f948731f957f3de02bf5670904344

SHA512
4953e7c9ed19df6b4d1473de606cc58e81b066901df79b77bc05298811a53ff2b0289952e2070e08fe11fb74a0da3ce9fab742bb75a67f0e1916f3f7ea9167ad

Download Submit
/data/data/com.taojinjia.charlotte/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.taojinjia.charlotte/databases/bugly_db_
Filesize
4KB

MD5
aa99281ce0cd69a9302f8b64b918ad75

SHA1
ccafc0e5fb16198e466b209a888301f4100fafe8

SHA256
a3cde8388c50e78c7b3c8dab1d0c46c64c375248031adbb6a5802e3da65bb431

SHA512
a8b80f09a555652d3e4b9775b6aa58341dad7fb120509e128df417533ba361353b19530306e8691f1ce5fc0c69f1a89d29bd2eb176291a5e85b945d14c9eb085

Download Submit
/data/data/com.taojinjia.charlotte/databases/bugly_db_-journal
Filesize
512B

MD5
282edf7e7d7c2ee8ccbd38f04e11768d

SHA1
5b7668a07577332ee2b2cd1195ed6103860a841a

SHA256
4a734c4643bb1c1aeb776cecb2b50e6060ed0b6b0b2d9393c97bc7613d7c26fe

SHA512
dd10c6750256849b6a81c66fb24fbf0fae1eff0cc5cee6f7b70d4a4861c283d5a8f4a607fa0f17d6790541fba590a6d39685d26466bae41313da99bb6ce422d1

Download Submit
/data/data/com.taojinjia.charlotte/databases/bugly_db_-shm
Filesize
88KB

MD5
4e05bb879bda327ea2f22032d9647fa4

SHA1
ebb00fe44fbde0cbb99bac5496fbf01a50c9d7ea

SHA256
1a8befe25dcaf1662aa0174044e434893009043ae3d956939b688e0945bf095e

SHA512
86378d12069b5e4b4c30d530cba141edc0a417fa4f7a2f4b61a26b95f8d2eea7f3b00dcb3d9416b18f174e633c83ca11708f71c48fa33a449bcb48953c6f4cc1

Download Submit
/data/data/com.taojinjia.charlotte/databases/bugly_db_-wal
Filesize
80KB

MD5
ae09a04003fb6d0f9be608a5e6349825

SHA1
7f1f8cdd318f5becb5d877c3d9d48cf5273492c8

SHA256
69e66a5b4c0b0507ad99e8b8785784127afc2cc0a41d1dedfe9e87b85bcae3cd

SHA512
0e08b7b4d939b7e7071527c66b7ab84685b51da4524464fe23541ffd30fa4c3e7ae6efea7ec6644c02a0db6e90155431f67429b0649a82b3e910ba236e6c8790

Download Submit
/data/data/com.taojinjia.charlotte/databases/city.db
Filesize
224KB

MD5
be2c0eb90c48e76f006d5020581af5ba

SHA1
48b923efe81911a1cbb19a2226063c191b6cef45

SHA256
613f2ae563c92c4c051c7041424a00a5c6374022a960fb73915c693170d040ba

SHA512
3f79d3b0df701f768dfe8fa29e71fcc593dcffaa379c0e51497ef2458228cbf94c67929c03224550442dc71a59e4be44feb0740401167ba1ce318a10464e7f78

Download Submit
/data/data/com.taojinjia.charlotte/files/buried_point/unknown_20240524_1716540187228.txt
Filesize
164B

MD5
9eb64c97f89b51f5910af660ab3aebb5

SHA1
8a438b915bd50c1fa6ef52b118b5ff296169bf6b

SHA256
e54e50177c05d7282a483c4bf0a44b48b6996571a014849b45c761b310585c75

SHA512
d063e305273817abbaa3f3902e89e5765a3739a7b2d849b29f917731d269090d2644b7ef5503a7118bbeadd00fb3eabbc4ed5e063a9e8f194d438087cf913ef3

Download Submit
/data/data/com.taojinjia.charlotte/files/init_c1.pid
Filesize
14B

MD5
985039e5b1c44ae66c420b6289746fa1

SHA1
d5e680ef078331b2503090b85c4169e0249c4b05

SHA256
92ac958fc2106dd79f6e52a3ce39a9193ab267c5784c971e9ee33ab8c71d3d7c

SHA512
beaaf3de1169afd01655b755f447ef15889bc41af38b50c833471ccb60b97d0cfd24e22672b58bb1f498de28546eacf59b03907375182eaaa0e4910207bdf52c

Download Submit
/storage/emulated/0/Android/data/com.taojinjia.charlotte/cache/uil-images/journal.tmp
Filesize
45B

MD5
272e1984cf64691e63c5eb2fabb97ee5

SHA1
e460d2505ce088f209e648b759457fa846685e62

SHA256
f12a26037d2c96f7fd8f7b726b73d9e94307a001a52bd651a3aa1e19a95a2cbd

SHA512
e35cc9596be6d15860e7d6a50f25e9145835e2631c8540ca53c63d51f6df129d88d14efe37a92581c8970473d65e95f3d2c3399f06223ce7bd8607d73935a97f

Download Submit
/storage/emulated/0/Android/data/com.taojinjia.charlotte/files/tbslog/tbslog.txt
Filesize
2KB

MD5
4288fa23ac9a1dce92e388f869cff903

SHA1
fadf325b734f9b65903c940c08a437ed9f1d6e0b

SHA256
b3a77781d2171f5154455217cf77c15646c1161d7c42be3403942e1baa170e8d

SHA512
8e163c14a9705e0c637c418cbdd9d1aa9ed2a4a8edc41e08a3bdd1955582d24344867514393f530e93732bf34031ae0b232e4eba81575564ae9a33e8d898202f

Download Submit