Overview

overview

8

Static

static

6

6edbaad67f...18.apk

android-9-x86

8

6edbaad67f...18.apk

android-11-x64

8

pujia_c.apk

android-9-x86

pujia_c.apk

android-10-x64

pujia_c.apk

android-11-x64

Analysis

  • max time kernel
    77s
  • max time network
    133s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    24-05-2024 14:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6edbaad67fb55f4dee35205776e7c4c6_JaffaCakes118.apk

  • Size

    31.8MB

  • MD5

    6edbaad67fb55f4dee35205776e7c4c6

  • SHA1

    2ed0ea18f844997f725da4c076b70ad59b57a313

  • SHA256

    a63fd16f656f9b0e7a11ecb7fcf8af91313bf1b9711066f8eb6f46c5f2e25eac

  • SHA512

    42aa80b8ff10514ec823b002c7f8140ca8e6a2f9e7b0bb3450003234f783dc0f94b8507c74cee57ae063262239cab74521372cf9afe4b5b2d657ee5b451e82b9

  • SSDEEP

    786432:jVDCJe0Y0PrpYgAoZzGCZKGV8mTLjpklKgLvObv9bn:5uJex01YghZRZKGV8mPjMPLCv9D

Score
8/10
bankercollectioncredential_accessdiscoveryevasionimpact

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • jp.co.mozukuapp.penguin.pj
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip
    Filesize

    255KB

    MD5

    11307be22eda7459ecc3f37e519df627

    SHA1

    cdaa06f28e228eef7f9495e17528a4f0b5f8f081

    SHA256

    c7a7aa7af0bbaec66c906f829818e7d84703820bc88b6c7e9951926886a325ff

    SHA512

    8215b0b5ea93205b6f41ef22bfd28a8593d60e3b645f347963ff8d3aee5412f4bb9ece4ac0b295395c8e3d8d9129366739e0a06c781b4696b6520a7afbe820c1

    Download Submit
  • /data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/classes.zip
    Filesize

    686KB

    MD5

    032fcd4c7d5c02f9d2c5c6e651c266bb

    SHA1

    502736d7352fa98036294c16554ca5280a21638f

    SHA256

    53ab47c839e234f00c542e7a05e3302868558fcd9b06bf702041c5057fa2873d

    SHA512

    de2714bcac1fd75fc125d0120bd3b54ba8f8a4881972a9389d196e469625727b765fe4fdbbf29155b81667ab0a03d927e16dbe3b45ddec05c729e04c0f6527bb

    Download Submit
  • /data/user/0/jp.co.mozukuapp.penguin.pj/app_bbb_data/oat/classes.zip.cur.prof
    Filesize

    640B

    MD5

    c775ff13815471bb2b81f8bc0e419460

    SHA1

    d5e3b29a5588b66354ef5efcee4c2922c0d3e32e

    SHA256

    953510d0093c9da3702f481146e892744c210758c0469509e8ed0f0bdadc1df2

    SHA512

    8c3c580796f7ce1af744e2979ce5a906d2bbacdeb3219683fae74f4ca1305b0b898984539e09ecaf6d3d0179af5a7d8a4b997162e8b858737b86bdf52f4af287

    Download Submit
  • /data/user/0/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db
    Filesize

    180KB

    MD5

    ce4d1ed58caed833226ad50a86d13eab

    SHA1

    e0a65b7ddcb9df1f561811e4c0f3a90ad60834fa

    SHA256

    2ece14469b68182f579ca3e076922f47b34a548239db8d6406a51fdce8ae4cc5

    SHA512

    5f3dd1a8cc0544e334a2bac3971b2fe61551f4e4263faec42ddd4fa35f122c038df198ab33a3594c955c4879b7758bedc7ec9906ba34a4e29c747af52587fa0d

    Download Submit
  • /data/user/0/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-journal
    Filesize

    512B

    MD5

    7a6c6ace5469673688fff83e3d89655a

    SHA1

    bf4fa069070c8ddbf194c117c7d8588fbcb0f524

    SHA256

    89dd1b6cf240c0bd38eccd1d63b1a7a63bd4d68d82ebe2107ab3de4241202496

    SHA512

    ec7d9b1a203fec20de30e1f7ffa92d7a943626708de847e2ae6d6d2bde416b6f2c326dcd4cb8d8edc82b4fe2538fab45532c2b56bf0fb73c16c8c21fa3c3e3e1

    Download Submit
  • /data/user/0/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-journal
    Filesize

    8KB

    MD5

    25cc6d1d45f6ddf91842c5b9eaa6b87d

    SHA1

    dbbc4234fa2f7359a1c0e3311a0eecbc7551f93e

    SHA256

    22080198bd7f61dc9e9f9e5c1a8d3da780068dcbed3699f50d08dbb7ef459557

    SHA512

    1debe0367b07f0604d8c43594b022bc475ae7cad22277d896aac596290cc11b8620538a7acd3a42cfd46232631f85f63868b224f903e8e2c0e69896bfa1f3277

    Download Submit
  • /data/user/0/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-journal
    Filesize

    8KB

    MD5

    bb4f3d7235a4b2e39163502399df7f2f

    SHA1

    0bd4afa9f905c1deb66eaf3216af74d48a7b3574

    SHA256

    f9f69b9cc68810332ba412185c229884f1c32d4557afba6faa7dcbf9903a97d3

    SHA512

    07421b1d65fc8ecd79c58e76c407391ef805d12c8e4f4380ef695053d93a59d79113258a94d649730266da9ee96fde3483dc5322657316d70ab64f29553cde64

    Download Submit
  • /data/user/0/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-journal
    Filesize

    16KB

    MD5

    8b4a9be42c98afcb9769d5f94cc23454

    SHA1

    725e23b1090abfcdefbaa0c90629a5d4c0e88e59

    SHA256

    82c9fa67a7aea2c25f787c887ac59031d1c13311c2f4400ae9b105310dcff9fe

    SHA512

    f4e30bc5ac4b84b4545e7cc0afb205c3cd8d6d5790a2062dc28116156c1ae84e8a59e9d10a5ba3ae2a8a822bea1ed155f3d7e3dfa89320b658c907ee5ef0a6e9

    Download Submit
  • /data/user/0/jp.co.mozukuapp.penguin.pj/databases/bbb_a-db-journal
    Filesize

    12KB

    MD5

    b8b111189fdc17f0bc6441958b3620ff

    SHA1

    db6f9281fe64ec3907d02a7000491cf1884aaade

    SHA256

    f98ff470ba86b114fa8a4bbb8d6d06c9fba72f8cc8f3a7414552ce2c49870868

    SHA512

    ab2fd6a9b2d698911a2faaefe70513cbe168282db71c4931f5b8a88d047bd2c394ca2daeff3a49d6d63d743f0fe5763dc8c8de3edbc6fb7ca1c7f821b9ce691d

    Download Submit
  • /data/user/0/jp.co.mozukuapp.penguin.pj/files/.um/um_cache_1716561583758.env
    Filesize

    598B

    MD5

    bcdd1db0707489b59b8c123dafe79893

    SHA1

    5735918af911c94f792162682d19d98707295a03

    SHA256

    96ab91034b3355c841856218e43912f3d7fc3f05b68c9967d864da214b5eb1dd

    SHA512

    6937cf26c89b40229b904289a3de189a84e1170967e55b73be6d11c22c819ee62fddd32442e50feefa42a70d40c782de1f334ee1cdfd11d089f61432def0faed

    Download Submit
  • /data/user/0/jp.co.mozukuapp.penguin.pj/files/umeng_it.cache
    Filesize

    245B

    MD5

    d3b1791675cfc17be5b46ecc687932ab

    SHA1

    d1bf9772aba7df18f27045ef0c24708b9caea8f6

    SHA256

    d98fa8d6da1b9002c136a3e29799c7aaf505a1eca879e36db294209b000bb736

    SHA512

    6459043784613f1ad0b4985062269449d0c937428dc4414a3406040ac464e21fd060d312df7e8482351c4da120f40ca4841a11e248f1a1af921ae34aacb7c088

    Download Submit