56502fb0bac196235620fe2a2ee21c033677662629d88e69b0ca29143e037007

Analysis

max time kernel
155s
max time network
140s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ee851472e376cfc4ed1d3710da2af3a_JaffaCakes118.apk
Size

21.4MB
MD5

6ee851472e376cfc4ed1d3710da2af3a
SHA1

ef6ed39f617502d8b366a7dc96fdc304bf3b1e6d
SHA256

56502fb0bac196235620fe2a2ee21c033677662629d88e69b0ca29143e037007
SHA512

87b501cf9c9c1675ec9e8f72f18ff4e3c176ed69a4ea70d0cd5fed514f0bb38158991062208f81f7822b84152c814a3a6571d9d9a810d72052a2af539b5d45bf
SSDEEP

393216:rk0RItYRgTnPL7XFFN3pGUfjeoEuGrFTihFErcHLpcWLYijNEYCglsdyZGB5J9:bCSwDTNfjvEtBYcshns8oB5r

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.kascend.chushou

description ioc process

File opened for read /proc/cpuinfo com.kascend.chushou
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.kascend.chushou

description ioc process

File opened for read /proc/meminfo com.kascend.chushou
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.kascend.chushou

ioc pid process

/data/data/com.kascend.chushou/ini/patch.apk 4268 com.kascend.chushou
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.kascend.chushou

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.kascend.chushou
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.kascend.chushou

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kascend.chushou
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.kascend.chushou

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.kascend.chushou
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.kascend.chushou

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kascend.chushou
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.kascend.chushou

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.kascend.chushou
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.kascend.chushou

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.kascend.chushou

description	ioc	process
File opened for read	/proc/cpuinfo	com.kascend.chushou

description	ioc	process
File opened for read	/proc/meminfo	com.kascend.chushou

ioc	pid	process
/data/data/com.kascend.chushou/ini/patch.apk	4268	com.kascend.chushou

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kascend.chushou

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kascend.chushou

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.kascend.chushou

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kascend.chushou

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.kascend.chushou

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.kascend.chushou

com.kascend.chushou
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kascend.chushou/databases/bugly_db_-journal
Filesize
512B

MD5
e4e88ddcd24952e8ae9be43d94f185e5

SHA1
efc5a6197176f95a82ce948961dcdd2f854eac20

SHA256
7606cd06812a729c6c31fb905e10b018ba7e43e70101edd0b2559279e8cd4b67

SHA512
6fb2ddba6e94e954a605019ee328051e335651e4f295a7c60b910bf57c10f748d18cbf9de9bc5640c07080e5db6008366b37b6a0d0b11ffe2e85fbf940c17406

Download Submit
/data/data/com.kascend.chushou/databases/bugly_db_-wal
Filesize
80KB

MD5
9ddfeec047a9a21713aac5e252017f06

SHA1
8c238f7ae30bfa639660f984ca74b9a840b3990f

SHA256
dc7f546cb33009e089b431174a3c14f2e906b354bb038b37fe8763f29a81d1a8

SHA512
50e73087ae04ef65c4f60e7d9a1186a8a20d666afbb8fda7a53d4fa6a9ce713c7cced16b8e9050b86164f00bfc875715b8fd5e003825274f9e01640006b8d614

Download Submit
/data/data/com.kascend.chushou/databases/chushoudownload.db
Filesize
20KB

MD5
938c7b406dacf13770d8a9dd60253214

SHA1
bb0f50024f2894b9a4c5bd079691a22ed43a0077

SHA256
07e4e630bad094f4df2fa9358997406f20539fccf9a05b471ac61b1495664841

SHA512
b12bc390df5e326d98ebae498f7b1949cfbbf10c4640c1711efcfa99fc2480406f043ff448a119a0285c2bbf6bf5d4c196a885b42c58e2c978b355261b1debca

Download Submit
/data/data/com.kascend.chushou/databases/chushoudownload.db-journal
Filesize
512B

MD5
f4e5d270654a1023bdc24b869892fe6a

SHA1
6c6cbe1501f747611e1e07140ae9a3ac3c8a551d

SHA256
4066795231e9fff43fb8dd7c7c502d054fbd2a08bca219e2221a9dd7b3d9eb04

SHA512
ad215e42019898c60db79fa6e8601ef800e1aa0806dfda2e592af14290e4ff0c6680e980b392cf861cae92748cb0c03ad66a55793ea57560998977e888bf0fc5

Download Submit
/data/data/com.kascend.chushou/databases/chushoudownload.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kascend.chushou/databases/chushoudownload.db-wal
Filesize
32KB

MD5
fda03b89ee93ae67f7ac00f583dece0e

SHA1
4ed4964819c84cf71faa4032a4046dc8a31bc183

SHA256
e6616f97a8b57d136ebb551ebd2fe002bfb1198ce858006723aeeacf46d72898

SHA512
98029b6c37737edf3251bebecdc2638b0f0867a666f8a6da79c7c719097ecbccfeda6998eb918630484d367686183903636d403960c965add85fd014181d25b6

Download Submit
/data/data/com.kascend.chushou/databases/mpush_app.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kascend.chushou/databases/mpush_app.db-journal
Filesize
512B

MD5
2f62384100f6023e9d405de36d722d6f

SHA1
b8f449b5d4c55a21ac4eaafce957265b208e9200

SHA256
3789815482d39af3a035a314e2e148cade2160f5beed6d7b4fdd04af939d0380

SHA512
24cc3e1bccc03e5fe768403a33f6152b30fe8e72194d83e394d985acf6bc5eb5369e015f144e10d24f22c9a65a0f871df3ee809e172115cfd2158d5c7dc1b4e3

Download Submit
/data/data/com.kascend.chushou/databases/mpush_app.db-wal
Filesize
48KB

MD5
9eb9cf05a0fa5e6fe4bdb4b1c7843052

SHA1
f23ba9dacb8d08b2e166a70f16b9a40805771519

SHA256
fc07b6de628362a2d5094139e2fe678aeca6ab4d23d0253563f9e09d5dcc1860

SHA512
7cb4cbde2c96554307e05c58faa24979d924fd3c06a22fcfcf52d098aacd3c2899b4dec9886c515a8284e6ac80fa92dfb5a4c9de229a8d1633b1ad4e3596f0ee

Download Submit
/data/data/com.kascend.chushou/files/TDtcagent.db
Filesize
20KB

MD5
d0189a8c4dd10ae30102f5fe059e887e

SHA1
3bae06c7b737528785896d0ceed67790eea5e333

SHA256
eeb4bc99689cbda3c3888ecdb2c27e2f6129b9ee15e32ad7c63cf9aa7990f492

SHA512
90dfbfcf82a02d780b862059d123b98f1736c130406392727fe6b31d029df0ff3ab6c9c374c063e30381544d3620ddd94035efce701cac87da41ebc2301eb57b

Download Submit
/data/data/com.kascend.chushou/files/TDtcagent.db
Filesize
24KB

MD5
264d6c2926b2af6a73f0742b6c37fc4c

SHA1
3a7caaa1beb5d785d8aca5ea0e9007c08fe7b3e5

SHA256
c80e8fd957af84cdb74485af4422c6ea700d516108d79e03fbebe52ddd4bbc18

SHA512
14d01417e95ede9c47dea57c888b4d62b7d745591b391cf76d3b793611c4e03211d089eb71b5abba72b84b91e6ac5bfefca1ded2c3f1593d422f132d26cb9b1a

Download Submit
/data/data/com.kascend.chushou/files/TDtcagent.db
Filesize
28KB

MD5
c62e66448427c7d0f8ad792077b4101a

SHA1
a224b0cb3556334e0f5f74aca242db205b73f924

SHA256
00282174075216d5cb1a33e4e9620925e22c5d6aa05db256a4a63fce114017b5

SHA512
cb6e5c57ea5063da67ce34055b63ed2d406e1b302d3075a77fb72988e6f688be21b7701be11b98d543a81d7fc9965874905c3356f6b9021d691ff12233c487c6

Download Submit
/data/data/com.kascend.chushou/files/TDtcagent.db
Filesize
32KB

MD5
a64ed0db240d3914f2690223fd92d8ad

SHA1
05611a85274356de18c74747de7f30df7f286ba1

SHA256
a0a6b263087fa8fb9d8d85ace11c0391b7cf399da8b4471c62c8b05cab975813

SHA512
2ea50db3f02da45df15f983b0edc5ff060468f250293d09bd1bd9cb5ea37cf282a57cb69cbb6638dfbf5a161dcb002438895449364b636fa7849e5cfc883da13

Download Submit
/data/data/com.kascend.chushou/files/TDtcagent.db-journal
Filesize
512B

MD5
4bf00b24e68858fa943d407d8496490d

SHA1
5a5d6cfa100eee7a5b3d280a93acb2245c5ca342

SHA256
b4d67996c018ffb7f985dbcc437d7bd7e91a977ddd25ed63d70b78be0c36a6c5

SHA512
7f2a6e9c4a7b681622bdac8c1f122b28442bad7e61eecf2b5d77f3c59bd2ff45fd824d36b405bdddbddb7ee2e6793bae3d2c8aff8c0f70020a0a3d82254ce4b0

Download Submit
/data/data/com.kascend.chushou/files/TDtcagent.db-wal
Filesize
72KB

MD5
519575d10c60013aa45fa52ad48a12a7

SHA1
94c2b79ffc318738a56e6fc6cdfaf155dbb30bb3

SHA256
f998173692f17fc72eb8146b9bb754e1a6afd25c47fdb48358e011a8df4cd595

SHA512
6a9078c9f0dfc9325444379d0fa991b74442af4ac7e9f8746a43080b89746c9effc86bd0cbe60abd14e89ae043182934f3b411d4d6b298874663c9e2996533d0

Download Submit
/data/data/com.kascend.chushou/files/TDtcagent.db-wal
Filesize
8KB

MD5
d7a4fff95cd37987db55b949f5da38f2

SHA1
d88a643cbdfe43878ed970260420fb4322200a31

SHA256
28e6a1c4ffff908e8bdc368a0f47d2c8c13006cb38e151fceb9202b71818dab6

SHA512
c6513ab028ae5cfc490e5e03377f82e8dded995de557a62f3bab38fbe093eff462923e5899db0b2b9f39278ef686dc314a64fbb9f8336c370d3f28aa62bb73fa

Download Submit
/data/data/com.kascend.chushou/files/TDtcagent.db-wal
Filesize
8KB

MD5
5e0992f38d385af9f6257050e74b0774

SHA1
8cbd4acec16a20e24479291e2f8a9e1aab4fef62

SHA256
881e1426cbb4b2b44c9d596e02a73d706f3cda6014601a071a9136b757f292cc

SHA512
aca2bc65efcc88795c0329d2b8ced49449924faec2d1e889dc76508d28f4b154dec6379adb3113227c3163272eda08751a97a0765af4605a90bbcca5612a5489

Download Submit
/data/data/com.kascend.chushou/files/TDtcagent.db-wal
Filesize
8KB

MD5
59b21ebe785ef58e331ed47620fa6373

SHA1
1896ad8e72ee7ea7e49d552da62f4eefe2687690

SHA256
8a4d7fc6cd4f5b2a1ac18c301272fee4671d8d1cef8575362727132e436113f6

SHA512
483c4738069862e099b4c7e579ecc1602f41334f8197f178e4f270b37613556a1649a58f3bb85b3a7ae81a9fafb723c1b3901211085a068c036a0c0b3ce90818

Download Submit
/data/data/com.kascend.chushou/files/mpush_gateway_preferences_file
Filesize
18B

MD5
5b783a723321f384ea8a021d20ba4280

SHA1
8a53b72a13e69184d8d0ae99568e7d3b95fed07c

SHA256
f79b6c0ba6379e405153ae0536b49ce9ab8a64e8585cbcc4b7ee10a357b723a9

SHA512
bbce3c6ae766581622fcf53a41cfc47aedaa2050caa3fcefad2e5238470067d5e3b1a7f586d57318d74e0c3725bf0970fa9a1c02a3d0139e1f8444f2310c56a1

Download Submit
/data/data/com.kascend.chushou/files/mpush_version_preferences_file
Filesize
2B

MD5
4e732ced3463d06de0ca9a15b6153677

SHA1
887309d048beef83ad3eabf2a79a64a389ab1c9f

SHA256
5f9c4ab08cac7457e9111a30e4664920607ea2c115a1433d7be98e97e64244ca

SHA512
e053886e1b797bc5a80f932302f0201265a599d82e2502d41941d6e652614ef88fa058e009094d26655f880200df12c2100f690254fd1e5bae75d7441763cd33

Download Submit
/data/data/com.kascend.chushou/ini/libcsfun.so
Filesize
13KB

MD5
a398cc51f6d7a2a347a1358573886f26

SHA1
b0e175085c3635dd021ad6e075db6c2c056a0ebc

SHA256
57a9356563e005c2a6276729a1fc6e24c4afed2e73419392dd3852968c0a899e

SHA512
2babdf5db664ffa5bce4195a5929f5de84e19267eb227b425bf2e8cd363ea79862cab5fa2e73c1bf53032d0de9ee69effbc7a048cf2f86cad0d18452d37b72e4

Download Submit
/data/data/com.kascend.chushou/ini/patch.apk
Filesize
14KB

MD5
ddfd25a04d139dd2d6221a0d3a22a1a6

SHA1
b1d65132010f3a0aa8834716b79d265eeda883d3

SHA256
97611a4a69dd8f5728509eea59afe20e2c4e8781188590b6b484d8afb69c5960

SHA512
ab32c37edbbbfb71f34b8f623e6083968f65d53e5d45991638e667a45245d0332e83a5ec795c66682784dbe4a3018cf185b53657ab0fee38c538628d1ad9e7fe

Download Submit
/data/data/com.kascend.chushou/ini/patch.apk
Filesize
24KB

MD5
c34678b3d0a2c187c02f9317fdcf3dbd

SHA1
1ae56664beb517c60693f039499337217319e3a9

SHA256
d7f1cd8f45e24ec75d55cc80af77465d3a2d8539c5f0b5e3294768ebb076e2dc

SHA512
a4069e59bf9f60a3c63d5ae34b83a627b80a9f721db75503662488d5a4068b50f3a5991584b39b31bdd66d694627159a2021ffd269035260955fa00a75789b51

Download Submit
/storage/emulated/0/.tcookieid
Filesize
33B

MD5
affb2bcc30947d9212a8241c7ebfee39

SHA1
2d8666182f2d873e9ff49e51cb122cbbaa5517d5

SHA256
583ae525d0102a61ab258d8fdc973656efae8167f9ed7fa01b6059793de256e2

SHA512
9b95c5d9b4b0f434a882b6a86e57b2977853d78c9aa704cf57dc88438cf4b2c5f8da8a7c0f59f1346e0cb41be12e29126a32a1b876dab6803174a70add52d45b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads