92d82ebbe6a35ea9706bb6e3ee50411f8357a48c9f688a7a9a87359ad7c8c1f1

Analysis

max time kernel
106s
max time network
184s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e7e535b1178eb91d904eefdab925e02_JaffaCakes118.apk
Size

6.0MB
MD5

6e7e535b1178eb91d904eefdab925e02
SHA1

73105ee2329c6ae9968d7a2949d59a9b0821451e
SHA256

92d82ebbe6a35ea9706bb6e3ee50411f8357a48c9f688a7a9a87359ad7c8c1f1
SHA512

230f01cf23cfe5fd1a7e88c96fa23a076d573a643d3b8172f7987c0e1c29a19c75853a31b579d98795663b8415aaf26035f789dea8a4b7a1efd96b0709088836
SSDEEP

196608:INGP+HpIBccQgu0MbM+4hmEm39V98oEm39V99ayjQQwRQ:QGPJBq7vTvXVd

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

io.dcloud.H59AF9586

ioc process

/system/app/Superuser.apk io.dcloud.H59AF9586
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

io.dcloud.H59AF9586

description ioc process

File opened for read /proc/meminfo io.dcloud.H59AF9586
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

io.dcloud.H59AF9586

ioc pid process

/data/data/io.dcloud.H59AF9586/mix.dex 4650 io.dcloud.H59AF9586
/data/data/io.dcloud.H59AF9586/mix.dex 4650 io.dcloud.H59AF9586
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

io.dcloud.H59AF9586

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.dcloud.H59AF9586
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

io.dcloud.H59AF9586

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.dcloud.H59AF9586
Checks the presence of a debugger
evasion
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

io.dcloud.H59AF9586

description ioc process

Framework API call javax.crypto.Cipher.doFinal io.dcloud.H59AF9586

ioc	process
/system/app/Superuser.apk	io.dcloud.H59AF9586

description	ioc	process
File opened for read	/proc/meminfo	io.dcloud.H59AF9586

ioc	pid	process
/data/data/io.dcloud.H59AF9586/mix.dex	4650	io.dcloud.H59AF9586
/data/data/io.dcloud.H59AF9586/mix.dex	4650	io.dcloud.H59AF9586

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.H59AF9586

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.H59AF9586

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.H59AF9586

io.dcloud.H59AF9586
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4650

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.H59AF9586/mix.dex
Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/user/0/io.dcloud.H59AF9586/app_bugly/rqd_record.eup
Filesize
360B

MD5
b546c1e68a4b3f33a7192d92ac585078

SHA1
59b7bec046df43010415aec4ef422f938adf8128

SHA256
96432ff6b9e8b8f0c872288f096b36ba13d00bf0a4938db10a45102c4b49857c

SHA512
946aaac707a2bcbb99908aa83be765cb76299459affb085b9cd8248400429d7df9d02b9054cb30ad8fcedc2b69e825355da72de11e15e319025486921b765aad

Download Submit
/data/user/0/io.dcloud.H59AF9586/app_bugly/rqd_record.eup
Filesize
1KB

MD5
6c8d82f0b0b080756b72e44616ed94a4

SHA1
63294528bf7c1fb54ec8b1e8908f3716cfcd963f

SHA256
ee39912e1ffc9a85caad41b38dca15d3cf6af30979e1a62778a84ebb990a2f34

SHA512
290c55cece7cd12c481661e86741f5fbbf1d4bbfb1ecff0bd72132ac3442955534da35bf1fc276aa5aa32fa471fde06165d35cfa17546fbba84add7a2a4624a8

Download Submit
/data/user/0/io.dcloud.H59AF9586/app_bugly/tomb_1716557412754.txt
Filesize
23KB

MD5
5fbb81337b41fa789d0ef9d1dae8a185

SHA1
e283ec6949a4c05246859806c56eb1845675d2fb

SHA256
e2bc2c6e18e2feafd47d7901c3bd21a755baead1b5365b28f5bdf2f8e2a9ae48

SHA512
64e5217eac4fe97a9409520e1f87c519a71af04358433c721fd55ad810116915b3c000fcc17f2c3c070efcce48e2e322a45b7e671f441879268d7fef931c3c5d

Download Submit
/data/user/0/io.dcloud.H59AF9586/databases/bugly_db_legu
Filesize
116KB

MD5
f788100cba86b05dcd650a5413048047

SHA1
ac230b0cf3f1e661cda221392b2bac56acec5b81

SHA256
b16b2d5b6c2d5d5043476b6c299fd61d267a6187df9d82dc08334c249d03f957

SHA512
3e055b68d6fea6eb593762b52ae03f4b8e0718f8c5a79cd5145005bfc99c5fd34d34f5422d840af5283bcc2a2a6b27ddf3eb9afe80c26f2da5346266d31fe3d7

Download Submit
/data/user/0/io.dcloud.H59AF9586/databases/bugly_db_legu-journal
Filesize
12KB

MD5
9b84e7ab2d77fe322b00417424d0ba96

SHA1
234c6c39424354c59b9f2cda456c58d684f57349

SHA256
5fb4b8285274353adb7b72a9f115a6115f789bd305029a347a1844a5d69d040b

SHA512
a957da21362fd418520eae287595e20db66aa7ce7af6ec456377e1cf543d7c6e98ee71ccee586545d022e7751ff088463afdc199a61b19fbe3690de9f3dbcc77

Download Submit
/data/user/0/io.dcloud.H59AF9586/databases/bugly_db_legu-journal
Filesize
512B

MD5
5e65231d9247d8c80628ea97b96ae179

SHA1
ff3fdac8331996418634e0f5ffc26ae82a103383

SHA256
ca41bc121d5f8a6106329431bb84a657121660888f86682f2295ef323ec2f0c3

SHA512
9cd4bafecb2c67d5ad4ded57b8a885f909a0b794c6d745e2867707d1a65c8f181bc0457360b2db180ab4782e2116c3619869402cabe2cde3fb58d56b213624d9

Download Submit
/data/user/0/io.dcloud.H59AF9586/databases/bugly_db_legu-journal
Filesize
8KB

MD5
4e64365927f883dff3b1a133de3c8be3

SHA1
2b3deea06e6c740e4ec8ab26441766b301516963

SHA256
130dad547e05e94e7c25b9e7f36685acbfe560fa1706044db542989ff3ee96e8

SHA512
14952bc4a1a26df3a1c8ebd5fa3a21594242a52d53e8bc3af47b3f5361b28671648f7cfa1baade186a978816a882b67b2d77fc0b5c06d41e5834d45a76734fff

Download Submit
/data/user/0/io.dcloud.H59AF9586/databases/bugly_db_legu-journal
Filesize
8KB

MD5
fcab853106e0443878bd455cf99dd803

SHA1
dd4b02f75b7e2fbfdd203c1dc1d3108a2a825891

SHA256
d49867343037e02c701ab5befe003a8411e703f45032d4f09d74150f42f15b6f

SHA512
bca9ac7f3549ecc2a9cad5f0f4466ed77304c937349eb87bc96c3e96edda07671a91956fb5ca60bd04400dc42b2681907325ec7d0b1f8e0ac639a1a911a830d1

Download Submit
/data/user/0/io.dcloud.H59AF9586/databases/bugly_db_legu-journal
Filesize
8KB

MD5
afe7739bc51f84d78761d8507b3cbb5f

SHA1
310db9fed5f2e4c95031931aa8aa099c089ed828

SHA256
fd4e3aeac865cd24ccf6d3522d5a953527c508a583201263aaf3c565d64ed41b

SHA512
efe43e878f27e088939189c44bf5dd2733dcefdba2c9867db5a67c49827b34a7047fee55c025f0cd1dd1f8349133e0480f1db77e5f26ee2b8032977777798191

Download Submit
/data/user/0/io.dcloud.H59AF9586/databases/bugly_db_legu-journal
Filesize
12KB

MD5
7df66b9c652fbeabc2437a615201cc98

SHA1
3258a16b3773bfdc2c91c752eec6abfca093b0e4

SHA256
bd0ab978570cf6656c1e290a98e772bf76d9ee1df393ff9a01f29fe3e45144ac

SHA512
47f3ae4c2e93f2501b31fe43e9d714a228473ee077fa67ca917beafb62ba0a964081c276301dd51490b3ef62250801507597d1dbe5cb64df6dfcda8c3c409a36

Download Submit