Overview

overview

8

Static

static

6

6e4f832a0b...18.apk

android-9-x86

8

6e4f832a0b...18.apk

android-11-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    24-05-2024 11:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e4f832a0b7c5532a260961112db6ea1_JaffaCakes118.apk

  • Size

    12.7MB

  • MD5

    6e4f832a0b7c5532a260961112db6ea1

  • SHA1

    4072de39aec1461a7dbf72531898f77d06d5773b

  • SHA256

    3ca8596dd737d2adfd8c496e8116d11ad19028808b457562dee968b84b0c3b44

  • SHA512

    751cc64b138e944a4b7c17ba36fc6d5e2e0c2d192fbb499f04c48b300aa79fab74e8408f0bfdfb0db4104092d97f451d21f655b31f61657ef447adf0b4b7ff78

  • SSDEEP

    393216:lK+0nJUuzhmH/f+IO5nEEfS8YgfxZqIHuS:lK1FsHH+I/+vxZqIHuS

Score
8/10
bankerdiscoveryevasionimpact

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.gao.da
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4597
  • com.cyjh.gundam:download_server
    1⤵
      PID:4653
    • com.cyjh.gundam.service.ScriptService.p
      1⤵
        PID:5309

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/user/0/com.cyjh.gundam/databases/UmengLocalNotificationStore.db
        Filesize

        28KB

        MD5

        10f8ef8c6cd206127ddc67b48854a613

        SHA1

        8624b3791b3a4129f33cb5990d343b40c8a3c32c

        SHA256

        dedc5a592efd506995d3d076f80943561b24d5657ac1563ac78206137a25de84

        SHA512

        e0a74999bab1c92110af7ee84733c620679fe55c2dc8bd0d154f28886221b3c64bef1a5738f29bea3f07ac163dc3c7133037a0ab1252efd7155788c3b0dda143

        Download Submit

      • /data/user/0/com.cyjh.gundam/databases/UmengLocalNotificationStore.db-journal
        Filesize

        512B

        MD5

        544c22e248115b8df15d6bce12ece622

        SHA1

        cc98f2f9aa76ecb5110d50c400cd858414f82954

        SHA256

        12235aba559e797fce607bce9ff54e892c215b24cbe0e423516b31fe5c1f2a7a

        SHA512

        f6e363cbaba7e77503c3762d50615a919f27591752dabfad80f39b6db330ec25bc779b95bbf3b07f09550629f5f28b5b4c7d09c21740ef49480e9c5ecb7645df

        Download Submit

      • /data/user/0/com.cyjh.gundam/databases/UmengLocalNotificationStore.db-journal
        Filesize

        8KB

        MD5

        e4b1f4183dab38d5f2f62880adcc857a

        SHA1

        fb3ab06aeca9e642cc79ce8b0441ed40dd057c38

        SHA256

        67c9ddc46be5658236aa7f262be7b48a9d6d692b9b250e171a34e5ab547ceae0

        SHA512

        1c855398d43939dd42e12b58c378188f4bcae3599ec55bb8dac3c53085551ec187ae67dacaf3b6777f9bd2f3507df5abc404d54d702970b2a3b784a8dfe8d2ca

        Download Submit

      • /data/user/0/com.cyjh.gundam/databases/UmengLocalNotificationStore.db-journal
        Filesize

        8KB

        MD5

        1d125ee85987ca8a85b135bfa0bd2636

        SHA1

        84e5d7493f7896018832c848947509eab481954f

        SHA256

        1152598e83235a65e68c9f9c6ba0ce1e805a6d5a75397956b5f05aebbb28bbcf

        SHA512

        b7cf364c3a51b7d5cf094cc8e261efa64de132e260ec1c5a4f67e615a56d87d4152805cec2337d84b7a73f6ef8129f3ead58c384c0b771d5af993261b210f99e

        Download Submit

      • /data/user/0/com.cyjh.gundam/files/.um/um_cache_1716549273374.env
        Filesize

        649B

        MD5

        ccd4b007b6274e8c1de303e35679ab9b

        SHA1

        cb5d93196fbef567a82ac3c92a6246317e82ad88

        SHA256

        62de3373da627ea9c4d704e7884f31e75d8f56d4198b718c4355977305b274ce

        SHA512

        84aa77366c824660d9e454df8633eb1dfec90c91913cea998043f4717fa34c3c441d1b413846b8e27b7c0a43c214ffbb1d6536aad398b4dbbe680ef364b09a57

        Download Submit

      • /data/user/0/com.cyjh.gundam/files/umeng_it.cache
        Filesize

        328B

        MD5

        b83cb2af94bc3884517eeb38fc6d0440

        SHA1

        06632e2c2330db78c71add46cbf8b6924513e948

        SHA256

        491ab0d1c0cb896256ccbf29f65a3dc81b41035f978ea051caddf063be43f987

        SHA512

        e0330bc1d7b11a70c58cc51795aec082a4a3e3584ef22e537d26d442004783bcf621389249a5ad6253eed5c94d374654c75c39827060350b9827649ff90b98eb

        Download Submit

      • /storage/emulated/0/.DataStorage/ContextData.xml
        Filesize

        111B

        MD5

        2bd3d4936cfe4c11f3e2692e3523d061

        SHA1

        56ce39c3928168b359d1f367e7bd5bcdb56e1485

        SHA256

        7270c993e13ca849d1cf1a04d66a737314c5af702046e12e581467fd5108ef08

        SHA512

        db79ba3c82b8443c2dc52f6fbc8249da1067c390d455bb812a673f3d0d2fdecb67706f6d67f1df5188b197a2fd5dd361ba5583ab95ef75c84bba8f70dff2a628

        Download Submit

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        65B

        MD5

        9781ca003f10f8d0c9c1945b63fdca7f

        SHA1

        4156cf5dc8d71dbab734d25e5e1598b37a5456f4

        SHA256

        3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

        SHA512

        25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        Download Submit

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        111B

        MD5

        cbf27d0cb8521f854bb4a20d19732b04

        SHA1

        b92d5990fcba7f7ada3979a0c3facf33d648af83

        SHA256

        afedbe1033ba1fb20be7bd1bf93bb4b4157e14d0b7e3578b842f9bb84c92263d

        SHA512

        11bc59c3b2e3e2bcf2ef2e98d03bca06c7e6d4a36c1d54a0574b1c6ae7f80e7aba06085bd174cf9b1bc65e18cc8cf275b315d37ad9e883c9b4376f0ca566fd5e

        Download Submit

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        408B

        MD5

        fdbbee1ad2e3f0fae993ec0b7b660f26

        SHA1

        72b1445c1203f55d23403fef88a04309dae1529d

        SHA256

        ba8aa80485301e50b3ac03aa672cb057c1b2a43dedee3f1cac797ad9933b9c17

        SHA512

        f187da3694ff44883d10704475bbe9e26552da1f68ce7b7217b699a045e2d5e93b39ef6afc45ec3722a3775c7ec3dbf3ec3778031bfe218e16f24726050eb32b

        Download Submit