7604fbb1930226c8b2d41568d48534834c906a22d72a42dd48f1421b015936e7

Analysis

max time kernel
109s
max time network
186s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
28/05/2024, 20:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7e4a365d51ecd9701c6d12c55227390a_JaffaCakes118.apk
Size

11.9MB
MD5

7e4a365d51ecd9701c6d12c55227390a
SHA1

3f79fdd6fadfb60aac279bf23b1cdda316d06043
SHA256

7604fbb1930226c8b2d41568d48534834c906a22d72a42dd48f1421b015936e7
SHA512

cdcd78d48a53500df83b97f59f4fbab0f1fd565d1e21bea922a127893a6fa45d53dfba231d98327b5e7f1b4472f2e277b8993e671dd763af32783ba4b5bc4afe
SSDEEP

196608:yoNpufqsce7+TAyesQV1t0jo6dAQrrDJMyyzNbCFQ7XBOKphdJzbFGQYkrLH2TAG:D3ScEYnQVMjZrrDfyZbCFQ7XhnRFGQr6

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.bj.eduparentstea

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.bj.eduparentstea

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.bj.eduparentstea/mix.dex	5095	com.bj.eduparentstea
/data/data/com.bj.eduparentstea/mix.dex	5095	com.bj.eduparentstea

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.bj.eduparentstea

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.bj.eduparentstea

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.bj.eduparentstea

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bj.eduparentstea

com.bj.eduparentstea
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5095

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bj.eduparentstea/app_bugly/rqd_record.eup

Filesize
351B

MD5
2018d8b0b8f641a7215d0e403d49eac9

SHA1
5300a8c8fa3c3d7ae528951d2a57e3a300d87ea8

SHA256
4585236dc9860f2432200986cdbc258e8b57f237f49e667a1c2b6383ef1a64b8

SHA512
32692ffee2315ae1d5667657f2c27c973641ca75debc22ede8cba3b2c531d5d2303862c53824fbd46c97d35330d2ea5457836bd22c93748cfdafd765e1c86e0b

Download Submit
/data/data/com.bj.eduparentstea/app_bugly/rqd_record.eup

Filesize
1KB

MD5
0e0b39b4d85d1ddf1295976246e736b9

SHA1
214a171eac1b6a1b01e20cf84ea20edc16cbfa4e

SHA256
f51747da51d0971f8310122d57be356b608142e3fb3f79193571a54b9c25a76c

SHA512
c91736aadb2b87e120856d849386b784b88aa3bd098268bb6c7a79eb4232abf6131ec09e9fa860be02f2a9cdf97e41eaad8a62ece9bad23c05443564381b895e

Download Submit
/data/data/com.bj.eduparentstea/app_bugly/tomb_1716928024634.txt

Filesize
56B

MD5
bd0f8f8f3ad93fa07623422ec6e72003

SHA1
c3589295e7a4ddcf35bcd7a2c13bfd381783821a

SHA256
7fe875398dea7537a57a77c5275cbc8647aaf63ab6fd9148443b65df2e1d0647

SHA512
2ec3e073321262b667afbf98fe4e9f51e4c0c58baaad506b120239031f10699d699b94470bef13007bd6199df3d3b03f1eaf147c0cba5178aee7e267072b1c0b

Download Submit
/data/data/com.bj.eduparentstea/databases/bugly_db_legu

Filesize
60KB

MD5
e8fead0112ba47fed080f663c61abdfd

SHA1
24bb336b23e0e0da82eef696637d1fe21e953ff9

SHA256
a115e9931a8654be34c5f833474540d90ef2c89f4ef25b2c143f4e4f15dc61e7

SHA512
ff90665ca8f58f4e4b74c0461332e233831103f371439b196d35a3563a9ebda050b1b1cc7a98f169591e1539abe459e16aeeae894990b1f034500e7dfaf0680c

Download Submit
/data/data/com.bj.eduparentstea/databases/bugly_db_legu-journal

Filesize
12KB

MD5
9b86c173872d5cb805bfd5ee17d73f69

SHA1
c9596947e6ae567c28a5746335acab62dc2c59be

SHA256
a5129b067e8c4f19e49b6bfdac0e3fcb4fcb0ac0b9429408f37b31adbefa756d

SHA512
d9e1d922f178e649e7f0c240d128255df4c3b14a1a510f24bac14edf1abe7a430936e59f920579435850d15414cdd05b700ba8007935d5a39fdb5bfb08fc74c7

Download Submit
/data/data/com.bj.eduparentstea/databases/bugly_db_legu-journal

Filesize
512B

MD5
21551dbedfbc809c5dd9e31eb317b06b

SHA1
32c8cae121e4359a876153bea564ad8a7720965c

SHA256
3ccf51ca63cf9523cfd8bd1d0dac0e13fefea1aaab8a7dca2acbe638a10418a2

SHA512
79a42d3bcd3b3da9f1d49a6c5bcf37e61bfad6cbd228ec54586032c5fa61269e2bfd6f14b3b0b24da99b6553180097088fee719a575c646a0c467cb6e11af1d4

Download Submit
/data/data/com.bj.eduparentstea/databases/bugly_db_legu-journal

Filesize
8KB

MD5
113ff32a1c32e882e895e83b3dd534c1

SHA1
f2568c9f8d939057144d2745be4fb3e70d9dd69c

SHA256
996fbf76f382283bda472d2c7440d55e25e13a2bf621cd9bcabcea71c8976a82

SHA512
d5f9c37c25dd8242fe6595717121a95a242495c8d53d4e9b2aa27bc96357da746570e53ee6400d7f0f2a96974a7df9fb82b39e012634943ef37bde5f10b86789

Download Submit
/data/data/com.bj.eduparentstea/databases/bugly_db_legu-journal

Filesize
8KB

MD5
f98af07cae0daccabf422af743217d38

SHA1
24724f736782242874f4a11f61025f089e4bdef7

SHA256
bb0cf8f5a2c4bce2a60a38afe740d8848c2d4208efac219d1d8d7b64e8322ffb

SHA512
18bf8b8262171cf7df80c6612af5adbd774010cda0b5b3024ba2cc56624cf957e644c64606160ab564103ddadaccf2ab296915a9fc3c561510c5451735d68894

Download Submit
/data/data/com.bj.eduparentstea/databases/bugly_db_legu-journal

Filesize
8KB

MD5
c4ba3fd93e9f73967768f69d152a030a

SHA1
a74f5693e9a683b56cc134260dae8bbec69ae349

SHA256
bb73ddc78d3ac5d6bace565051bbde46a41519246fe26ea12f7c13ae90248c01

SHA512
e4ee79f4aff560e94e7c002c7dde10f455041a4c69508a1098dce9c0e13bcb44cda39dfeaf8e762c91f7e7d138e0b3139bafbb77d4dda46697f8468efcdcfad7

Download Submit
/data/data/com.bj.eduparentstea/databases/bugly_db_legu-journal

Filesize
12KB

MD5
6ec9dc381f1ef571e95be34cb0f46648

SHA1
1951e99b033dbe635095bff14ead815b43d4fa2d

SHA256
c10b2902bd279e4e5bbea6ab589d06abecaf4e559e9b5fce5e9afab6662c43c7

SHA512
27691c7d6a97aa36adfc6b0eb5f435644a4bd60779ecdbc9be189cd3ec7f220871ab0490273f5a36aa1b45d88e66ef83a970c1ef99f10949ec54c7ea0507f200

Download Submit
/data/data/com.bj.eduparentstea/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads