061e65c1e8cd4ae5bb17f880ddfdf0932b2fa2a4ff3f2b4ae0b7802ff3357ec3

Analysis

max time kernel
104s
max time network
188s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
29/05/2024, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

821fbbf68d1ca8a1a1f8d47fadf7f2c8_JaffaCakes118.apk
Size

10.2MB
MD5

821fbbf68d1ca8a1a1f8d47fadf7f2c8
SHA1

e67e84ebcdfeefc3778c168ce673324b4021a75f
SHA256

061e65c1e8cd4ae5bb17f880ddfdf0932b2fa2a4ff3f2b4ae0b7802ff3357ec3
SHA512

f6f5b278a28a13f47dfdd7b3a728d886479e1d0951484262fa32512d68eba03d7577bca7ad93c316537b92cef62392503eb899e931719633880844defd4651ad
SSDEEP

196608:vv96vV5o9vjzbfdwd/IOEc+Q1w3O7AkJ0gknMq4LZ7ESrebuw95vr+wG4:v16N5oZzwgONv1mO7AkAl0FreCw95y74

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.aihuizhongyi.doctor

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.aihuizhongyi.doctor

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.aihuizhongyi.doctor/mix.dex	4571	com.aihuizhongyi.doctor
/data/data/com.aihuizhongyi.doctor/mix.dex	4571	com.aihuizhongyi.doctor

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.aihuizhongyi.doctor

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.aihuizhongyi.doctor

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.aihuizhongyi.doctor

com.aihuizhongyi.doctor
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4571

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.aihuizhongyi.doctor/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/user/0/com.aihuizhongyi.doctor/app_bugly/rqd_record.eup

Filesize
357B

MD5
40b60c4c80ead448645ed56e78b18c42

SHA1
c2a48b9fdb7efddb7b8d014d45b49adf6ffe4bc7

SHA256
be8a1d14b5867bb9a4b1ea7a31ef83d045f6a1149eca26c82f488e93f39eb81e

SHA512
46a2abbbff9a5648fddb356fb4f9a5f8495b9a02451b9cf17f70f019470ed7102a2a6292bc8b5c26ad172d7300772ff336c64857b40c0c32880747e471fe0cd8

Download Submit
/data/user/0/com.aihuizhongyi.doctor/app_bugly/rqd_record.eup

Filesize
1KB

MD5
05a6868d98c93ea3624839d0c664dd16

SHA1
a36db1ae2530fbad20b4f4503dacc3d8a14c0dab

SHA256
dbeef31c2eef416cb4ff37e68f4c708255010c7ab4eb2513290432b027cc0573

SHA512
9bc8f7dba49631b93254d953e03062ec2cb24a1f986c0a0fa99d7ac0deaba9cd938fe4d03584d3a7bd870436bc8ce9f781db9aa24d9ba09017beec811d0f7d91

Download Submit
/data/user/0/com.aihuizhongyi.doctor/app_bugly/tomb_1717020904638.txt

Filesize
56B

MD5
bd0f8f8f3ad93fa07623422ec6e72003

SHA1
c3589295e7a4ddcf35bcd7a2c13bfd381783821a

SHA256
7fe875398dea7537a57a77c5275cbc8647aaf63ab6fd9148443b65df2e1d0647

SHA512
2ec3e073321262b667afbf98fe4e9f51e4c0c58baaad506b120239031f10699d699b94470bef13007bd6199df3d3b03f1eaf147c0cba5178aee7e267072b1c0b

Download Submit
/data/user/0/com.aihuizhongyi.doctor/databases/bugly_db_legu

Filesize
116KB

MD5
c05c06db583a5de98c6db481a5c204a2

SHA1
d628b09764d79a2866300a486bf62375c6171712

SHA256
cdfdd68cd1f86730793242ae95b40d8e9fc06d0b29990162e41869568db3039f

SHA512
6b608f2964912d53bba08bd5df97ff831d7381721eec8c0ce3f91adf0022c811ee0930f888ffbd7a0dc056f135d885c4dd9b34a23742a18f316eed6db58dcb4c

Download Submit
/data/user/0/com.aihuizhongyi.doctor/databases/bugly_db_legu-journal

Filesize
12KB

MD5
716060da735e59fd0bf84e47f8920dcd

SHA1
eade95db8f3230148690fa7d696dc25bc284261b

SHA256
8442e7638d2511ede7327b25e8eff37528b07b8135d9249708dbbd4ddaa2c70a

SHA512
8b916abfbeae4183330c23975573d94e0251924f7ab542e0129edb5d158cb80e4dc2b4d75873d8c0a48f20bd57ecf0e92c8609d67e0a58ba38bba2b641b5267d

Download Submit
/data/user/0/com.aihuizhongyi.doctor/databases/bugly_db_legu-journal

Filesize
512B

MD5
2e07b8ea19a685e779ff22e94e51c580

SHA1
239d55267573d8510898d42c45c3700b3915a65b

SHA256
9ff96ff57376b1436489957c7088b37435d87de2a1672b0574e007334b4938f4

SHA512
0a69cd42559c402f745c33dde7e5a358b82dd457ebecf62c327e19fedcc0b64f76780e83a065a046db3d997f260fdd2beab97cc5989d81a58028dae7d0816e8f

Download Submit
/data/user/0/com.aihuizhongyi.doctor/databases/bugly_db_legu-journal

Filesize
8KB

MD5
64b8f62a831456851fdb0073131763a3

SHA1
b13259995b9001822918c696ac832373df4dfeb1

SHA256
b069da02239e3169e142b538fa45f270411ceb601971dd23aa1951f2a004c6e2

SHA512
89761b32f462ee3c8c0317bb4bc05cdf08ac07f987ed88c8dfcd8910c605b74ffde5f040d2ba5c2cf5fc81508dd91095454ffa63bed7b920e655d63fd3c5611b

Download Submit
/data/user/0/com.aihuizhongyi.doctor/databases/bugly_db_legu-journal

Filesize
8KB

MD5
4cd852e332e100a91faa546773b294a2

SHA1
e26768634696d2850fdc7fbc01f0846a810407d2

SHA256
3a95698007161a2f040aafa7a2710ded9d6cecca343855d169a6f9413ceedc7a

SHA512
9dad457f5d1217256ed4422b8ce2af83c3977bc3e916ef7772ea60b896417e12f10d00f4c2c27b85c33dab5f0dab347846fc78176c1de6c1af18f0a8fcfa20c9

Download Submit
/data/user/0/com.aihuizhongyi.doctor/databases/bugly_db_legu-journal

Filesize
8KB

MD5
fdf0f9c2bf59e7f7b0f1a5d198142a1d

SHA1
a525f5ce642a369b5c4ef27973d45f150a53d948

SHA256
1b7235a485864651b7c9da23f7cf762cb5cb578594a55d7f901c07d4e29fc6ee

SHA512
496c7f10ea3618eeb22f36e29dd56c3b38b98c5e9473f8025a74f750a867509ec61d75975e6564ab2ef6e820f9ed061ccb511096d4bef1da9962f8074db53a15

Download Submit
/data/user/0/com.aihuizhongyi.doctor/databases/bugly_db_legu-journal

Filesize
12KB

MD5
9ba217c3eb93cba50fe1b724877a9db1

SHA1
8c70771a1d9a357df7487d2acc054376ed2ae9d1

SHA256
7247be7222edeb75980b8b375d64cbb54c9b96189cd36d3d22b8fce072daa6f7

SHA512
dd129fb7154ef26ad327bdd6ab27305d8c853cd796458d405836e04115667312aece588dce009e32cdadb4c283d12469a278dd2c19444bf7a30d684330885819

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads