5cc39e093a6f8dd79092cddd642fcbb3ddc39c7eefe9838c4ea7bb28c9ce6e73

Analysis

max time kernel
126s
max time network
152s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
30/05/2024, 05:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8328607544cb293b9042246c82071813_JaffaCakes118.apk
Size

6.3MB
MD5

8328607544cb293b9042246c82071813
SHA1

8eabb1f27168b0a4a5c17546139dc3897929e9ef
SHA256

5cc39e093a6f8dd79092cddd642fcbb3ddc39c7eefe9838c4ea7bb28c9ce6e73
SHA512

cbcb07bf71ddfbd87faf330042e3a5f85e9cc87b909ef5b49e171369eb9ead2e926b37173a49507dae804e6ab6bc9b69027552de73c3942a44b85063dc86f958
SSDEEP

196608:G1H5B+0k5ci0h/oH6k7RircIKvPeAgvYE2UEtMw:0A0kt0h/oH57XXMwE2ztMw

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ezjoynetwork.birdblast

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ezjoynetwork.birdblast

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.ezjoynetwork.birdblast/cache/ads9096572400719225048.jar	5146	com.ezjoynetwork.birdblast

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.ezjoynetwork.birdblast

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ezjoynetwork.birdblast

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ezjoynetwork.birdblast

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ezjoynetwork.birdblast

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ezjoynetwork.birdblast

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ezjoynetwork.birdblast

com.ezjoynetwork.birdblast
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5146

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ezjoynetwork.birdblast/cache/ads9096572400719225048.jar

Filesize
2KB

MD5
d80f6d032778b02d10a9c9a2f1a24714

SHA1
e34d4ea9618b1b499b65032723ea029ab3998500

SHA256
ee2de01a238f9e1834f9f9934dd1f5b267bdf9747965641d2fd636d740041f9b

SHA512
34fa52d41831142f86999ac407aafeb2b69bb4cd45ada9f739be84c80deb0414d11d6784f385eec287e4f6b5bdf29ba1c9a6a77c07707d66a73c60eb389136e1

Download Submit
/data/data/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Coin

Filesize
20KB

MD5
fedc01873678590d0ec93f6a26ce2fcd

SHA1
cd9788248fe44a60798167f7a6151a0581db8aec

SHA256
de5a568057a3796743e1601359fabe3b2b73d12ad5476bee3093fce61212c78a

SHA512
e3b598f0adb06932ed3a624c73b8894e43cc3fd2aeb6480784a6d45a0f68ad026675afd25019e4f51b5c92747923d0acc398b80de0ba136ec4e4fa7764c3fd04

Download Submit
/data/data/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Coin-journal

Filesize
512B

MD5
e0a61b1c9c90e744b40b4478b4c968d6

SHA1
8c3b3442c6093c16d2f9e8fd414ec09c5eb22e69

SHA256
888235fe960bf09881cac3f92dbfbd5207cd61de9fd67557b7a74b2d99b065b0

SHA512
d7f4058a5e715eebc0185436c3cda279d42c447f0d4d173e17bfa690b9d7c823be8078969bc8f49f1f38b3f739d18436161acfa4fa3d8766d3c0ba6703352198

Download Submit
/data/data/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Coin-journal

Filesize
8KB

MD5
008d022b7c92a1d08733c304bac6e8a2

SHA1
bedcbef87343992facec3d0e47abb5514bc14114

SHA256
8220ddcc49ac2ec66c6fe4dd1c0d8505fc8c975581b012c77dd9e1b86c59f43d

SHA512
a7fe9af940ba4c34f6ef0e81a9b7d0bf6ba1a7ebbe6552e9d0ea9370e134f86fee10f41d4ebf3834fd826c546c69964ba5496d9a40218139f133a75bbb51993f

Download Submit
/data/data/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Coin-journal

Filesize
8KB

MD5
faddf3f90b769d03dfe916eb76403e33

SHA1
f6ea20e586a7308268933792dbfd8f3125c82c36

SHA256
6fe04c431239f3ce2831514f362851a6b4600390834a316c297fd77a96dc41bb

SHA512
bd1d1a202f6a787a0576c8bb7989c466dbdae61b9412ae3d32ed8655c97cb57a8eb9f55f50372ebdb8b9ac57403d0c995b1d732e05c29f2d2ee2d6e660d4b4f5

Download Submit
/data/data/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Data

Filesize
20KB

MD5
1509b6ada0e9fea35b847776d7ee5b87

SHA1
bb3b0814627c807a73220f1a9edd020698bd1dfe

SHA256
946cc9daa8d1537b5796139f4bb59821dbf9dbdd070e534320f49f44be591c41

SHA512
115d83518fef28253a4ab98fa69f6513666d26664aa37b40fb16de1fc31597dc4eb1c2414cf83dca652fba9ac369fa6c32c583695013b36a5fa0768d6c87de33

Download Submit
/data/data/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Data-journal

Filesize
512B

MD5
4a8c9c9503fd9394bf487225115aae28

SHA1
c8463de50db6319222e4d86c666563680f0ca257

SHA256
e761fa900c0be1dea4a04ef769233bee89035f2f4424050a88cc2b7b46bc95fd

SHA512
eaae0a8ef5b359075e7a16645561471c4cbb2a60e573f1d7a1f11ba8599592984cc12ae4407ddf7047a1257ddf0742cae9805966ed0b8a5c49bde8196275bb53

Download Submit
/data/data/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Data-journal

Filesize
8KB

MD5
cc83c295c433229169d03fea810f469e

SHA1
2077251067c9fe29a816f22e4f223b53eb7d398c

SHA256
57f290782dc96d37160fb21b91bc4ea9f87bf3df8e7ab2564be6f7bd9ca9235f

SHA512
a0f76252c79ee815fda59aae798f408579756c24e7196fa3ded679188cbe17e2a98c0340966de2a3f40680305824ce84bdb806d8c57346939ab9ca9255e3ea3d

Download Submit
/data/data/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Data-journal

Filesize
8KB

MD5
7fcaade7c0f108c4457ad47221bbb68f

SHA1
68406ccdaf9034032222828988f7d081066472aa

SHA256
918cf4cd73602f800b634bda972e425275519c4b7be23acfe83b5e23bf467d88

SHA512
c48f5921afb6e911e29ec02291986b84ceeccce5f07482bec78d2afe947b3109e1a9731c13b1a61092c0f8451f01b55e4a9ca59b13688ec45184209fcbf85dae

Download Submit
/data/data/com.ezjoynetwork.birdblast/databases/purchase.db

Filesize
20KB

MD5
77417afc450310509b32be77fe85e198

SHA1
919c3df65acb837aeac069b533258dd0c6706ffb

SHA256
4b39f9e323ee36c61e90bb73f0e8afc54098fb160f163607244924fb2863a23d

SHA512
3a4ccd58c5f923c9eac03d28fbcc6c9701169fd2e30a9a9974803bb98b98426a32a02b9b23ffbff8e97ea08f4a6e32f808a8b55f77efbffadb57819744551d07

Download Submit
/data/data/com.ezjoynetwork.birdblast/databases/purchase.db-journal

Filesize
512B

MD5
85ef4aa74d769419c51f88d22e52759a

SHA1
0b46e24492573e94a99d53d2269b220ad013c20e

SHA256
77b8e91912e9e36f8866a81d680b990da422a3c073627338988f7e430f332275

SHA512
01bbc2382e50e08a8ce90484ef9926dc69a30ba1791934a966c4d902f9afc90b572515dc5670eaa46836d803474e9d28d617d45dc4c53d83e7018b76246f6d48

Download Submit
/data/data/com.ezjoynetwork.birdblast/databases/purchase.db-journal

Filesize
8KB

MD5
29ffea54e7cd6367cea3e080289086a1

SHA1
52cdbf5dc9f42f24af531b7beb877b4fda00ef24

SHA256
9264ed7b58a6bc51755abf2bdd6abf618adf61d4fa7c73bfbb88192682b6d3c0

SHA512
41378e4a2f8c1d02a3291465dd9d450177422d6ce0194b1680a30a575bb0b991b323f8c359d428844f9446dfb6f452c3c82b4f26e33951671df74fe24e75361f

Download Submit
/data/data/com.ezjoynetwork.birdblast/databases/purchase.db-journal

Filesize
8KB

MD5
1d6d9a0d84983e4d5a948a1249739cb4

SHA1
655c91e92c8d658ab8d9154ee47cff6d0404b086

SHA256
08839108106975f7f12e241db481435bc7668aae0576f73e4a60a194d67dc285

SHA512
094c9b8c83298b95e4848cdf2c59cb11f80f3e0ef7a6806debc8e77384cac8403f98202d1d522be52ffff4241d045541bc67f2bd5d8e327a5f77c9706c765e7e

Download Submit
/data/data/com.ezjoynetwork.birdblast/files/mobclick_agent_cached_com.ezjoynetwork.birdblast

Filesize
105B

MD5
ad54e5fa20a84ec21affb4a121d6ce37

SHA1
c0d278d3656bda52990a9a252bb4ae76a663c2ce

SHA256
376e77c8a9cca9275328bc778dd77f79f821911960e32c7b2225f867c20d39c0

SHA512
4672365307c208e6d2dc5930cb72da19be83bae3359babaa8b8d586383c3a7d4ba1053db016bab20beb68e6669a28aa3ebdf5d844ab406ca7eefd7b79571c569

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/cache/ads9096572400719225048.jar

Filesize
4KB

MD5
12670a32ad1380c9021a9e74aa5f2281

SHA1
7e8caf0c7a4d78452efb90958e8ce1aae5148e44

SHA256
f3c142f78cadcb57d7da3d8e4dc5f8c7b05377417c639059910696c844afc1f9

SHA512
1277dde373cab02d5df62732834adb79f8dbf1d1a9ac56b5b348e354317fadc24fe20b5ebdd1ecc28f8fc98dcdff807d2839bef75ef7d871e976e68a95851b06

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads