93231950c66df7eeab89dfb3d06dd5ef8c732130cb1eca2413b121aa7f6fb1df

Analysis

max time kernel
104s
max time network
181s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
28/05/2024, 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e6f045ec14f2488425e29986375ab75_JaffaCakes118.apk
Size

18.0MB
MD5

7e6f045ec14f2488425e29986375ab75
SHA1

b2960a2124b58203ea55b008c3d48ccc940b89df
SHA256

93231950c66df7eeab89dfb3d06dd5ef8c732130cb1eca2413b121aa7f6fb1df
SHA512

7805c539abf2b9cf519476d0ef155e72a8d3494c53970cbfee6f300ff5cb7035b0b31ff9e0c6e87c3a476b56e3d2720e016472a4986604271f6dd1782dc0677e
SSDEEP

393216:+5xy7ylh983v095X9e4ecsRzXpEHUR+Yvjd63S80BxDWCm6/L1CgY3W0YNRUoJkh:+aS/83v0z9e4ecsQHUEYrd6PODg+1/N6

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.gaofy.mgmgrammar

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.gaofy.mgmgrammar

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.gaofy.mgmgrammar/mix.dex	4674	com.gaofy.mgmgrammar
/data/data/com.gaofy.mgmgrammar/mix.dex	4674	com.gaofy.mgmgrammar

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.gaofy.mgmgrammar

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gaofy.mgmgrammar

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.gaofy.mgmgrammar

com.gaofy.mgmgrammar
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4674

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gaofy.mgmgrammar/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/user/0/com.gaofy.mgmgrammar/app_bugly/rqd_record.eup

Filesize
362B

MD5
c5e1e9c764fb9139b18d30822f9aa060

SHA1
8bb2185e4b0e7944d315f1182762601e39c9820f

SHA256
b9cc46b8ed607d0de5dbdcc73804dcfbaea75a1137c9ed9229f7c52988889ccc

SHA512
15dcb1819271c58e309c007bef7b96338ec69ead20d4829bc1d7c359ac9483598674fb13be43932d9dfea0520d759c8dc0ec755629da2983e9ab2a940db6cefa

Download Submit
/data/user/0/com.gaofy.mgmgrammar/app_bugly/rqd_record.eup

Filesize
1KB

MD5
7d29ed4d78efbc94d4ca7a4e6b0bfdbb

SHA1
fd342fcc346d786eec9f5d84c6f235e16ff0f66c

SHA256
0551766e1665212048fbd1678dcff77e76ef434e4b52e473bfa87f9c8819aa22

SHA512
97bf75ed9fab77dd64cea95d47110069c48b72c0cf4d303afffb9cdaaa6117ddbe671d51377508fb4d0d1766ac86afbf1016a5b26ca6bf32f16f062815369047

Download Submit
/data/user/0/com.gaofy.mgmgrammar/app_bugly/tomb_1716930975226.txt

Filesize
23KB

MD5
321df9157108369cca81bba982ffac26

SHA1
a8d833e6a42a2b4ad6c7e76d93ec69c71977364f

SHA256
38ec978c9772275e1f04bcd4686d2a3d3580a685dd54a4621ca1a551a1962c7a

SHA512
31dcf77844ce0f7c645f4822f2365b222f2e32d4489214d938633f575c6ae6c43654bcd94b274ed30b1876b32180e0f1e1ffd6cc44db936337948a1fe503a5ed

Download Submit
/data/user/0/com.gaofy.mgmgrammar/databases/bugly_db_legu

Filesize
116KB

MD5
be1e82118ec8718054ce9744ba4af4f2

SHA1
7f2a04a4e03ae800735e5cc43dda7d72e2ff00c7

SHA256
4472dc505fee1a39a7c7e2f95d286af34f2512565c89c6816184b19594c2011d

SHA512
2774543036311f6d2bc3c59d03b03553b2167dbe5a40eabfa03ebcc79c468b6b93416b370bc5eb76663674ced4c9215823a93a9813ce415e0c61a7fe0f82eacc

Download Submit
/data/user/0/com.gaofy.mgmgrammar/databases/bugly_db_legu-journal

Filesize
12KB

MD5
23a67c93eb9f340d7db74371e35795d2

SHA1
a81f38ce858b4ccf2109c11adeb3169a63cc7de2

SHA256
3209f06e0e79c418b7485a082e3281f41bae6bc7918b6909a59bfb9aa9cf4c2a

SHA512
e84eabbd5049fbe55d20b899dde60ffe473ed958401954d06eff53556bb0ec4fcf47761f290cfab77a16f43347c398fcedcd7b59cac7a9e83faefb3baf8f16d8

Download Submit
/data/user/0/com.gaofy.mgmgrammar/databases/bugly_db_legu-journal

Filesize
512B

MD5
0f7bf362882d309ac76780e5980ce605

SHA1
cbde1c4c9a4316ee0c7850806c78f005f5df7b5d

SHA256
635d94d5f2590d5d87d53aaaae5b246e17ea88e1945a63f3f3379508ebff23e4

SHA512
c631b8856bee85abed24ae6d3642739613e22a3f67e2f68767efe29e9c0478fac9646b227ae20e0da035484ac6a3d6160d841f7e36c6c9ddeb640af96215ddf3

Download Submit
/data/user/0/com.gaofy.mgmgrammar/databases/bugly_db_legu-journal

Filesize
8KB

MD5
dc54a335d6da30c89208e8c3cb61f0c0

SHA1
f738e6b4dc180c8844eafd037e14322143406dcb

SHA256
05d5cbb8922fa82acc87d24d5b7dcd1b6e43c5d706ae4db27601bef2ba2e14a8

SHA512
1e90ece816b667ea52ead536a30bc1727fa6a284d603cebdf8c1464db8a7af416f05136296d075fb7d21e7cb8cd91f1fb33bcef6a854abcb7023f89b997433fd

Download Submit
/data/user/0/com.gaofy.mgmgrammar/databases/bugly_db_legu-journal

Filesize
8KB

MD5
c00b49217a8b10c0becdf687ea83093e

SHA1
6489725da49da7781ebebfbca9e51bd7d8d4e818

SHA256
7da27e107cd66c2fd769c3700076e1b3b5c3052008a8a9dbe457a6b19543e6bc

SHA512
c19834cb1da2121afbd391f3edb2a6aba330df774dcaecc466d0f728a2fe84ae73ee56a592ff96f9b34d3259b087f8d4d410f1634e4ea39ea7ee44fc1f49e5eb

Download Submit
/data/user/0/com.gaofy.mgmgrammar/databases/bugly_db_legu-journal

Filesize
8KB

MD5
07de93cce6186f1a45ed36025716dc64

SHA1
b057799e2717c606e4693f3286b9dd4987ece506

SHA256
f4b7aa8fc4211849426c1e1fac8ae82a75aafc2062759528c11b811be63df1cf

SHA512
e66af5817875e3c8e7495128661f949a63a5d7a10cba81bc8dbb3c7db4028a8d048af544f70229fe4c8c8b8bdfba42867045fc71d5226fdd606b9eeb9bfe9fcb

Download Submit
/data/user/0/com.gaofy.mgmgrammar/databases/bugly_db_legu-journal

Filesize
12KB

MD5
a17bf1ab36c4eee6891e6333255ba3bb

SHA1
dc6f6847cd99b52c1e8bea56352364e492861bae

SHA256
aaadebab31d239e69d2634711093acd00dc1d0a04d7c702b8b6f0e565d4d3f5e

SHA512
10706baa1f240b7c12b71f998849ae75cc11b920854e6328868996f07a8fa56d185d005c92cebd6dfbf88e7ad1c6b0da92e056d4a202ff614be2690049bd4400

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads