d946f817611be9e18b09eb1d153e54800059fc76409cde34fbd2f45448648f52

Analysis

max time kernel
156s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
29/05/2024, 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81ea6b47b44b3145976d7c77c64e5a17_JaffaCakes118.apk
Size

5.3MB
MD5

81ea6b47b44b3145976d7c77c64e5a17
SHA1

7312b2815c39e6521fffcb3050f4e1f574368bc4
SHA256

d946f817611be9e18b09eb1d153e54800059fc76409cde34fbd2f45448648f52
SHA512

69e5448c79aedfe374dda797f32588d56675c44ea85e607147c7c541f4f41f1f5259607ee64cc2ca35eaaf4836432b3a2c07ef236c768a531c00121bfbab4f1a
SSDEEP

98304:5vyJfJ/6WG0xm/G6+cekTUNM4OlezOleWdBveGaLydaMwafNH2AGSf0k:5vyJR/yu8GurTOOlwOleWdamdSUdoSsk

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.kjyyr.xw

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.kjyyr.xw

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kjyyr.xw

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.kjyyr.xw

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.kjyyr.xw

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kjyyr.xw

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.kjyyr.xw

com.kjyyr.xw
1⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4262

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kjyyr.xw/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.kjyyr.xw/app_crashrecord/1004

Filesize
221B

MD5
303c386768921b91e7eb5146e69f5961

SHA1
b67de764b2242c237412b900109b79a0d8510c2c

SHA256
c7b62aafd220796f54d601722e790d890fba27e5fe04264d88c3771f91389256

SHA512
274bbc5afc0b94c9bc699e383d023c67aaaf4c7e948055c05c5d9b6fff80ad0268cdf51ef20faf1bda2a07c9ce026f7036f010dc903a4d982409226b1ccb4cd0

Download Submit
/data/data/com.kjyyr.xw/app_tbs/core_private/debug.conf

Filesize
101B

MD5
956e8897963983cf540aff0a63a48dbb

SHA1
3700f978778e3172ea67f908043babd7980d16cc

SHA256
58585f5ef1e68de393a469ff47407e0d6335a1c2506391f62df3ba965963c17b

SHA512
7873a8bd2d3b7175b57fd8f4dd20aae1361b9f89d1bc886e8db253847ec3d5af43995cf111cfd4766230303fe7779583e9f76183a6b4b919865dc26324313c6f

Download Submit
/data/data/com.kjyyr.xw/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kjyyr.xw/databases/bugly_db_-journal

Filesize
512B

MD5
559ae91be63d2f41aa91bde1c5e47467

SHA1
d373ca518614d9143ef7d1eb72ba3f9a5d4e59f4

SHA256
9f33846143c8b2a7c770e35c68c5f613bb251a03ccff710aa7805d81566bdeae

SHA512
973d8593ae0259ea47cdd4be7c608e1aeb95774f655f412a44096040948690fa0de56919cf71908b40785f0203afa653ea938ebd189f726415927a5700591398

Download Submit
/data/data/com.kjyyr.xw/databases/bugly_db_-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kjyyr.xw/databases/bugly_db_-wal

Filesize
72KB

MD5
2e06db10ae7eec09ed8ab828cafbf3e0

SHA1
4277c9ccd9c11b04815821937b8b84f7d4637c02

SHA256
6e82c6bfc7a929eda291914c840c73b08c970f81005542193f670965d8d8cdd5

SHA512
dc4cb9e5fcb2a28ebbfeb006a78374b66c0c40258d0b0da92d36f4041d52fe2b721664c3b54f208b3e2a102f8ac92983229a67229b496a45c3c39e0e3adfabde

Download Submit
/storage/emulated/0/Android/data/com.kjyyr.xw/files/tbslog/tbslog.txt

Filesize
5KB

MD5
1bc515f1e44f2344d22fd5b50e851df1

SHA1
5c5e25359f460112631d4418229dd38fc7125907

SHA256
6d9b1e5a2b54a8ae1931e6e8e2bb33ce681d593402304c1c1ff0bf8f93099d2d

SHA512
79dc6c3850710c1275802838db2a7584ec5ae16d1a91d2afafa801af4f91eb5fd2eac6a2ab927d6ee7572cfd36db6d9ba82b489d242afb7cf7945a381e59f98a

Download Submit
/storage/emulated/0/UcQkDir/qk.dvid.txt

Filesize
65B

MD5
15f109eddbd70dd486a3c6453b4ec59d

SHA1
21a5174188b4b8182a62b6b59f7d064e6019d194

SHA256
34a0d6ac6dce53f31d3f33a72c503b5ec7d7bcda8097bd7eccc13192de12f2db

SHA512
963380899a13dcdc8cd1cd5e2c3a75240656b5120fec0851d3635a8dc022769c331baf6ccabb8b6b4d660de6de2bbabee29eb43b0608c2943ea3a3fc318a0eda

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads