a63fd16f656f9b0e7a11ecb7fcf8af91313bf1b9711066f8eb6f46c5f2e25eac

Analysis

max time kernel
179s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6edbaad67fb55f4dee35205776e7c4c6_JaffaCakes118.apk
Size

31.8MB
MD5

6edbaad67fb55f4dee35205776e7c4c6
SHA1

2ed0ea18f844997f725da4c076b70ad59b57a313
SHA256

a63fd16f656f9b0e7a11ecb7fcf8af91313bf1b9711066f8eb6f46c5f2e25eac
SHA512

42aa80b8ff10514ec823b002c7f8140ca8e6a2f9e7b0bb3450003234f783dc0f94b8507c74cee57ae063262239cab74521372cf9afe4b5b2d657ee5b451e82b9
SSDEEP

786432:jVDCJe0Y0PrpYgAoZzGCZKGV8mTLjpklKgLvObv9bn:5uJex01YghZRZKGV8mPjMPLCv9D

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

jp.co.mozukuapp.penguin.pj

description ioc process

File opened for read /proc/cpuinfo jp.co.mozukuapp.penguin.pj
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

jp.co.mozukuapp.penguin.pj

description ioc process

File opened for read /proc/meminfo jp.co.mozukuapp.penguin.pj

description	ioc	process
File opened for read	/proc/cpuinfo	jp.co.mozukuapp.penguin.pj

description	ioc	process
File opened for read	/proc/meminfo	jp.co.mozukuapp.penguin.pj

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip --output-vdex-fd=60 --oat-fd=63 --oat-location=/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&jp.co.mozukuapp.penguin.pj

ioc	pid	process
/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip	4428	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip --output-vdex-fd=60 --oat-fd=63 --oat-location=/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip	4302	jp.co.mozukuapp.penguin.pj

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

jp.co.mozukuapp.penguin.pj

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo jp.co.mozukuapp.penguin.pj
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

jp.co.mozukuapp.penguin.pj

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone jp.co.mozukuapp.penguin.pj
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

jp.co.mozukuapp.penguin.pj

description ioc process

Framework service call android.app.IActivityManager.registerReceiver jp.co.mozukuapp.penguin.pj
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

jp.co.mozukuapp.penguin.pj

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo jp.co.mozukuapp.penguin.pj
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

22 alog.umeng.com
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

jp.co.mozukuapp.penguin.pj

description ioc process

Framework API call javax.crypto.Cipher.doFinal jp.co.mozukuapp.penguin.pj

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	jp.co.mozukuapp.penguin.pj

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	jp.co.mozukuapp.penguin.pj

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	jp.co.mozukuapp.penguin.pj

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	jp.co.mozukuapp.penguin.pj

flow	ioc
22	alog.umeng.com

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	jp.co.mozukuapp.penguin.pj

jp.co.mozukuapp.penguin.pj
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4302

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip --output-vdex-fd=60 --oat-fd=63 --oat-location=/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip
Filesize
255KB

MD5
11307be22eda7459ecc3f37e519df627

SHA1
cdaa06f28e228eef7f9495e17528a4f0b5f8f081

SHA256
c7a7aa7af0bbaec66c906f829818e7d84703820bc88b6c7e9951926886a325ff

SHA512
8215b0b5ea93205b6f41ef22bfd28a8593d60e3b645f347963ff8d3aee5412f4bb9ece4ac0b295395c8e3d8d9129366739e0a06c781b4696b6520a7afbe820c1

Download Submit
/data/data/jp.co.mozukuapp.penguin.pj/app_bbb_data/oat/classes.zip.cur.prof
Filesize
595B

MD5
9573de61be0e2e48267538abcae86c19

SHA1
8b81d540d360787c2da400ec5b43274e9c14cf1a

SHA256
3272e4a5bad76af3e3b107adf9c27b664867bac8ba194008180be0063692f712

SHA512
3dea36c8908fdf04f3261b129d74fcf788add9e71a67068f04173b2a6c815ae48c6eff8775d85e2d4b9f449b8c21c7c2c33bb2e203e5502fc8fa3f02db374696

Download Submit
/data/data/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-journal
Filesize
512B

MD5
0d8f471b9ec5812c4df205435260c88b

SHA1
e09cf51d048e018b87d31e5300997396671291d4

SHA256
768b3fec8df83455c6202d0ccb87867eba40085957ec9f2de817dc8696b7379b

SHA512
3ef374b06e10d4911c127dbbcae7e4eec9f4b104fe3d30f6015d830a3f05644acdfd264ec3cb74bbd2877e21d858eeea722b444a8d06b54e77df674244467003

Download Submit
/data/data/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-wal
Filesize
209KB

MD5
6a75dbcafd9b0809a237c2d065e25cb0

SHA1
07975b33804abd0fbe90bb55fe1e122873d3aaef

SHA256
204b8e5cbb68315a4efe9295b72b9f1adde541576539d633b2fc703152d6df55

SHA512
239cea02f15cac111829857575f1579601c9341a9da13cd7925fc489f62e0bd4f16a50bfc65058319aa2b5196ef2d09f5ebd21cc81b78b4170335c3d0e7771f4

Download Submit
/data/data/jp.co.mozukuapp.penguin.pj/files/.um/um_cache_1716561588024.env
Filesize
614B

MD5
73fb00d01e19fa20a6c934662899c255

SHA1
a4374ad0642f4f8066598123cb56da90fd2b8e75

SHA256
684c99302b968ef6f728cf54ff6eaf0e838f19c49ddc46fa4fe860ccda2e81a0

SHA512
ea79fb06fe5ca6778bffb8460b98e5845f0cdd798e4e12390f260fa0aa232063f89e5d82ab03bbb01884d89beeb92a5b06cf756af016ef436296c4839295afb2

Download Submit
/data/data/jp.co.mozukuapp.penguin.pj/files/umeng_it.cache
Filesize
310B

MD5
faba0457b1a645d099482d4ccff768f5

SHA1
e834c6e260a880a30c5a88013c1be8414cad8113

SHA256
9926186ea73ca8b0d9f48c4e24ab5505090d9d2ac2d1eb6d7111be8b5f4513bd

SHA512
e685616b7720b69512a20b8d45df816172919847bd114f91a9fa89d3346e1f43d33f6bbbf9254eb6b6d73b6df87430a8874625ac350c2e3ec1f8a179e2594f64

Download Submit
/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip
Filesize
686KB

MD5
e79d34c5ff3135f8cd44ccfb34080b05

SHA1
8816504c24655d70cd4d8d9b392144f9ce7d6814

SHA256
044c5866ab5fca8e6f868274b201abfc0fc7dd24dad57729302e3b389efe1096

SHA512
13f66c039f256d435ee157858f3b226f95b5ca3e946c8250cf848e1fab62a7de1ef1662183503f08e1af9fa1e22f8a2ec8e85b094ae3a18ba8d5256eb3a31128

Download Submit
/data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip
Filesize
686KB

MD5
032fcd4c7d5c02f9d2c5c6e651c266bb

SHA1
502736d7352fa98036294c16554ca5280a21638f

SHA256
53ab47c839e234f00c542e7a05e3302868558fcd9b06bf702041c5057fa2873d

SHA512
de2714bcac1fd75fc125d0120bd3b54ba8f8a4881972a9389d196e469625727b765fe4fdbbf29155b81667ab0a03d927e16dbe3b45ddec05c729e04c0f6527bb

Download Submit