Overview

overview

8

Static

static

6

82f6e45a41...18.apk

android-9-x86

8

82f6e45a41...18.apk

android-10-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    185s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    30-05-2024 03:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82f6e45a4193ea93c8c7d0fbe82d57bd_JaffaCakes118.apk

  • Size

    30.8MB

  • MD5

    82f6e45a4193ea93c8c7d0fbe82d57bd

  • SHA1

    c1b51c7498ce74944f619357f216c7bdabe69cb0

  • SHA256

    e580ca75cff186b37402383f0d46e2c5123672bdbae08cd422d98289de3377ed

  • SHA512

    bee80c7c0c5aa9e693158350370fab71d9692aedd05977a17d51eb4b1f2722c45142f0dd4b638fc6020160663785644f5527361f7726146751cdc8b3fff8994f

  • SSDEEP

    393216:F67NDGrXPikc2b7DzUMpsjZjF457aLlFTUblaF/tVaQgaDOJ2pfMK6PE/slfEGIV:Fg8/6A7GlFTUb4QU8Tw/sat1+T9+2ho

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
    evasion
  • Requests cell location 2 TTPs 4 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks memory information 2 TTPs 2 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 3 IoCs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
    impact

Processes

  • com.ynxhs.dznews
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks memory information
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4310
  • com.ynxhs.dznews:pushservice
    1⤵
    • Requests cell location
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4386
  • com.ynxhs.dznews:remote
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4471
    • /system/bin/sh -c getprop
      2⤵
        PID:4576
      • getprop
        2⤵
          PID:4576
        • /system/bin/sh -c type su
          2⤵
          • Checks if the Android device is rooted.
          PID:4636

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.ynxhs.dznews/app_crashrecord/1004
        Filesize

        225B

        MD5

        f8eb9a704afe083756c8aae053767053

        SHA1

        6d08e20a62f5018bb4760743bc7f9096ca27c60d

        SHA256

        dddf61a9d1e216a9dae71e8108555d8e915040e5c3ccd7c4a99b0c6569e18a0b

        SHA512

        21743a9c7c9d14e1e994773607f23704b76d527970819435aeba4eca8e00d9b272db477f7ea733a7a48b8e222eff83c5dc272cfebcb9c9df6c2d1005fa085e28

        Download Submit

      • /data/data/com.ynxhs.dznews/app_crashrecord/1004
        Filesize

        92KB

        MD5

        4ba953f277efe94aa1bca5ca8730e452

        SHA1

        eab3e0f2cea8de4c93fe971a4c4f95e2ea5bdb93

        SHA256

        748b06b5ca4f2d793bd627c5606bf93d05fbcab7d67abb053e50499f8f0726f4

        SHA512

        d4d2371b61e63c8464593102f1d223c3e70131b1f60fdc736851899cb161d6501b897749e41ccfc285c52527b89069bb646ca7d52b8c0792770aa3c344c082c1

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/bugly_db_
        Filesize

        72KB

        MD5

        9ca15592e52127f3022e6c145b12bd1a

        SHA1

        f85f1da407b64c32e3567d864d60528c0eaf7e95

        SHA256

        b8d83edab6c573a5d2d05733f6b8d1532dcc803a059d80f7eaeca2e32bec047c

        SHA512

        216695ac72147817b8c47da19aa7e01ee380700b56a31fe17f8bc78f4d24c60f0cb090d63d19b3e9d9f3205725198fc311f72a01c934e109675b8d330a08296f

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/bugly_db_-journal
        Filesize

        512B

        MD5

        4ff9feea07afa1dc503b081c2412bc67

        SHA1

        545d7b874500416cc7e7e705bbdb0881efc4780d

        SHA256

        62dff12a5d06ae611e66a6c54c046f754916d49a5fbcf8245592486e420a895c

        SHA512

        ac38fb0fef05f687c0d060de718034c9566cba35b130d62fa910d518f9eff9fc4060b10a93e0719b6ad2e2f0c9c58a5a5a2f4460b4c6db8f5c1e50861fcb32ce

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/bugly_db_-shm
        Filesize

        32KB

        MD5

        4e8994d4beda752e9d28c1d44f678185

        SHA1

        c358a00bc95882ef1d86ae8eceb90cc81a69ebae

        SHA256

        b8930c6adcfbcb867f6b5217c15eaa296c8f685e4273919b87994cc42a016611

        SHA512

        e19af09d8031e1a224e6da57bac1105a3987c59e06d9c81f8d6a1a18311b083fe525426cb96dc2f87632c8cbe3d18cd46e239bc7d548ada5126aeb0008ea0263

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/bugly_db_-wal
        Filesize

        84KB

        MD5

        de37da43b457be621af848413e26ec8d

        SHA1

        c147981759ab8c63b6e9553cb66eec7e2d5ccbc4

        SHA256

        915d398a9c677a55e93a2f85ba645eff96f512b23380e3c81e68921bd95c53f1

        SHA512

        3996dfed98864dd9d74525d97532b930ff04f82fe029c6337a9e229d5b8a635659ce6dd0caa194ee527b85f63690ddd1ff5011ec48f121491455060031ccb287

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db
        Filesize

        20KB

        MD5

        286584d93da9b53e35509dd8e5f60024

        SHA1

        c6ea44049842a8f7e39986d4bd0d44d6eb7c9ca8

        SHA256

        1c840eebab1069590940afaa979576116e61fe89630d0445a62b65e621fd3107

        SHA512

        c4f087ee129d84673f422e75603bfd865e0feb6e52437901e4cb4cc436561d2ca12ee2166a1862704640c97d1bb2622b0aca574a7e4d4c7c93a3ab2162e94c50

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db
        Filesize

        24KB

        MD5

        b876092ff49038dfd83e6d77f9d322cd

        SHA1

        13e920aa7b019a46c0378211770b46c96d008109

        SHA256

        33b1de0981153cffed59ce474a8a16d51decff027e7ad851f737dbcfe2dc0f52

        SHA512

        dc431b0d7c8d5f786b632cd305b70f9e8575f22e224ca927385bd2451cf319ac2567add1fee6bf8707259a1ba96b24b5a0c1933e18d2f9dbbb04c90ac61da937

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db
        Filesize

        36KB

        MD5

        82aba2d427f63af05eb3c3c0682a7f8b

        SHA1

        a9307781219f84687bc4578037ad3b11f12f3132

        SHA256

        e15dda3058f439a41bbe7ac89b8018d3b40933fa760bc3e6c20ea2294bf4ccba

        SHA512

        f2f0de4df31446b0a656967c5bda350772532ac4dc318be9b384258763e467798207949a4d8db16d47a0c2297c9a2f650c413dc73fd1aee05e3cda7165a4f850

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db
        Filesize

        40KB

        MD5

        9092f116349504a93bf24ad216956a8c

        SHA1

        9b8d0b8356d72425ce55eb430bdc9c9d97f67824

        SHA256

        bb717dd6ae8bc2e722b06efd9a72fcb4c202fc9291febd20fe65558120058487

        SHA512

        0737e5b359d5181fa666dec030bca71c087f602232be79126d9d405957d43bc40c35ab34882164fea924a9d07909ef226a79b399e155ad06c00cb646220ef351

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db
        Filesize

        48KB

        MD5

        ea04d3f4c66f4f554cb961591826518a

        SHA1

        5b7ace9ebb17d1f0044e19b1d6d25377c08cbb84

        SHA256

        b2eddf9d02c61bf9fb4a4741b462f1ba3332c84f16c7e2d10fbb440135fa79a7

        SHA512

        4e51a02cd46090894ddfbd6efa526c65a0059e752f1a1c5b536ee1eed91d73ee9fc672b1077648cdc96a3bcfc0daacbbb71ab72be341170bcd77bde42c27833f

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db
        Filesize

        16KB

        MD5

        cc8e8492f11f0a819d10c8b6cdde61cb

        SHA1

        33b1d9e74ceaaf1c2f5a8688a9597b6025685b3e

        SHA256

        dda1e726758fff0e1bea01edac76c7dd1653e2bf39ff927c3c367a0745bf39d8

        SHA512

        78de491640970efe9abee0eb707b0155cee125841f1e93c0d79cbac5c1f65ce7f7222b591d60466bc1289d76a83e88e4d258d64bdee0530cae9e1ccee22b0628

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db-journal
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db-shm
        Filesize

        185KB

        MD5

        7ed49608315224ee5d5bba6612cb906d

        SHA1

        361f6d7d6099149b24ea8e1ac84b0e2c9898360e

        SHA256

        a0df642b4d0913f35eea712858d1a04a05bc6c9807782e75a655a8a438cbde62

        SHA512

        f9d05703bae1dc400fb69738dc03ee75aee8161097b99838cc00c1fbe1caa8bc71edbd03495c81539fc4f545e98f5d7f8010a1c6e61a4acbd82367eb11571878

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db-wal
        Filesize

        32KB

        MD5

        7a4f1c01fa32348272ba1dcd7cf60ec2

        SHA1

        b8233088f6021608cd7d2277b86cef7a7a868e21

        SHA256

        373eb841a0f2559aedb1f312e0113fa3b1c9c09b17157bb567123b2be2ae72bd

        SHA512

        273473627f638768e64420b98f4758932dc87543b4afa5625f7a5de41b6f6de421df9ef4abf9799844831ab66ba8e2bbc1430e8f08c27d6bacaab50e5ca01ad9

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db-wal
        Filesize

        12KB

        MD5

        f1e6a8b3001a62ee87dee25d4a63c244

        SHA1

        b8b55168b96c652f18caca656ca09740ed40d7fd

        SHA256

        25b30476713d756cbb3e2fac2e141260fb6ceffd8a3d9cdcf67f5d393051a16c

        SHA512

        0926f40e508d6bb5505b1f4e2c982c4e307f22c21a53bf68663d6c376778bd2e11d3ee96d8d01094f690ee52c15d73a1357bf1a2ee26ff059ebb75dab83e4a02

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db-wal
        Filesize

        20KB

        MD5

        3877b46d0b7418968f947b62df76193a

        SHA1

        641795c6d9ccb9f8a0fb49a617aee991131af1a4

        SHA256

        83e4953ec3c03230af6e9659755210fd1ea67135b756971cb598880e51c0f10b

        SHA512

        a24697699de81f4576e041b4ff5ea9fdb22514cb04005b622d3130d7dde2826ad97504024c8e31a46985a9a139c043a9f767fa471543fa3308e1352d0ccc8687

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db-wal
        Filesize

        20KB

        MD5

        0e54d9eaf2b486c65e8fa308183663b9

        SHA1

        4dfadce4f8341179d37a589db5bf70ac81fa55df

        SHA256

        2f9e689bdecdce0cbfce56492c7320cadd5108aa8ea1a0ae1ffd78fd498ffc8d

        SHA512

        4d1d40db9ef79b981f26566a6b59e0d025c08140c30b6bd0016c5ecf3ca66c71d36e812b837fec875e8736feb3366ea07791d0ae7198b6e2c0bb38114f2e45ae

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db-wal
        Filesize

        20KB

        MD5

        c208fc5e7b249345693ca06e60a89df2

        SHA1

        6116387ded7fbbb4b6fae06609ff4547887b9f79

        SHA256

        8ec07b6bbf921ae099692bfb57ce67bab81d30cdf2e6961e88d5b53432f82a6b

        SHA512

        9533746af6c6fcfa7db399d2af81c5bad98085b289f17d433f6f61895e621988d08f68971e891573fbf2b7126d2c494dda300e04606ecb4856778fb0e813fcff

        Download Submit

      • /data/data/com.ynxhs.dznews/databases/dznews2.db-wal
        Filesize

        32KB

        MD5

        99eb15291f857749ad3f070377e75f60

        SHA1

        f3b21598cff559fe37bc63c2a3437a3cf2e1e394

        SHA256

        f6851116f9106ebd31640666c809c0c6552a8a560469487ebc999a703f7ce9d1

        SHA512

        76c39653cc7157a4eefa01b1c85316ef88605de1390ddf8c7b45066d1b7e36d2f3530b6448e6bf2d47c8f56681607a90cfdf91f2dad117bdc7863cf1ed4ac435

        Download Submit

      • /data/data/com.ynxhs.dznews/files/lldt/firll.dat
        Filesize

        16B

        MD5

        3a52430c1055a9a40047df7745fa9848

        SHA1

        ac34a834a87a4ec220a3d554f6ca15e8889a1b21

        SHA256

        d2789abd2d0acafca5666b3d1b7edd37d5ab25fe9f06fd6bb60c9541907089f3

        SHA512

        235cf41552b1e88f872e39e00b8a8b9391a15c0d37e1902b3fc01f6998de95c8bd70256a296ed746fa9e055e185471d6f260e57f279e3b98dae6f18065fb62db

        Download Submit