5cc39e093a6f8dd79092cddd642fcbb3ddc39c7eefe9838c4ea7bb28c9ce6e73

Analysis

max time kernel
149s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
30-05-2024 05:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8328607544cb293b9042246c82071813_JaffaCakes118.apk
Size

6.3MB
MD5

8328607544cb293b9042246c82071813
SHA1

8eabb1f27168b0a4a5c17546139dc3897929e9ef
SHA256

5cc39e093a6f8dd79092cddd642fcbb3ddc39c7eefe9838c4ea7bb28c9ce6e73
SHA512

cbcb07bf71ddfbd87faf330042e3a5f85e9cc87b909ef5b49e171369eb9ead2e926b37173a49507dae804e6ab6bc9b69027552de73c3942a44b85063dc86f958
SSDEEP

196608:G1H5B+0k5ci0h/oH6k7RircIKvPeAgvYE2UEtMw:0A0kt0h/oH57XXMwE2ztMw

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ezjoynetwork.birdblast

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ezjoynetwork.birdblast

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.ezjoynetwork.birdblast/cache/ads5372293967832168173.jar	4537	com.ezjoynetwork.birdblast

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.ezjoynetwork.birdblast

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ezjoynetwork.birdblast

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ezjoynetwork.birdblast

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ezjoynetwork.birdblast

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ezjoynetwork.birdblast

com.ezjoynetwork.birdblast
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4537

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ezjoynetwork.birdblast/cache/ads5372293967832168173.jar

Filesize
2KB

MD5
d80f6d032778b02d10a9c9a2f1a24714

SHA1
e34d4ea9618b1b499b65032723ea029ab3998500

SHA256
ee2de01a238f9e1834f9f9934dd1f5b267bdf9747965641d2fd636d740041f9b

SHA512
34fa52d41831142f86999ac407aafeb2b69bb4cd45ada9f739be84c80deb0414d11d6784f385eec287e4f6b5bdf29ba1c9a6a77c07707d66a73c60eb389136e1

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/cache/ads5372293967832168173.jar

Filesize
4KB

MD5
12670a32ad1380c9021a9e74aa5f2281

SHA1
7e8caf0c7a4d78452efb90958e8ce1aae5148e44

SHA256
f3c142f78cadcb57d7da3d8e4dc5f8c7b05377417c639059910696c844afc1f9

SHA512
1277dde373cab02d5df62732834adb79f8dbf1d1a9ac56b5b348e354317fadc24fe20b5ebdd1ecc28f8fc98dcdff807d2839bef75ef7d871e976e68a95851b06

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Coin

Filesize
20KB

MD5
c2132c4386847a82a506194f0ec90e2c

SHA1
bdf79ff294a563b816c1aad2965c627c3783216c

SHA256
014bfb9eeb89831bd665a0bae6e232a951b7dd5f672925543205a3099c6cf9d6

SHA512
c9d4e4dd79e53dcc31dbb081f739d83c30b9686e83e441e602fa883a467aaf7f1a4f4fb2a4443262536d931956404b0871eeb5909b77e012a15b842fd62768ee

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Coin-journal

Filesize
512B

MD5
c3f3cf0210cb62cc7bffd41e00c9ba3a

SHA1
d573dd4b2362d4117165a4a8b37344fa34ef88ca

SHA256
8418d54409b4c29c091995e4cbfec310e6c139f031ed1beb73c65668c1f22b2c

SHA512
066847183ea7a38d91d49ec148f1b959da126a34482bd42a7142ee7e4e2a5c4b3bb7f93c831f05834cff1662ed664f04fe805f46afdecedb43e3f8227c7fd130

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Coin-journal

Filesize
8KB

MD5
30326d60fa6dad2c939aef7537787bcc

SHA1
6fffd27f8ab0eaaf8d87f18a13a00a91980a5184

SHA256
df5578fdbdb4e1761e0499954a035494a29e5bacb29c21a5118b75c543927305

SHA512
bc50423d7a8547f50be2bbf636acffea49fe21b2f337160f3169cd461485fcf0b3365d1ea1824e1629a844a96c27754f55cc32cf2225b1221261972b167ecf56

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Coin-journal

Filesize
8KB

MD5
9adc516729b4b1808e179179a3cb5834

SHA1
e3dc309d4c6f6bf6978cdb8552114f89fdbef09a

SHA256
e029fcc4b166f22c7e81662e72b34280072ece11f217638dab115b62f72cf1d3

SHA512
8bd943249dbd1cb469171f6d1c506e367c38043221e2db0b1beaa2e662ec0d626a9094812d82a32279a3b316ca6af19704bca297c4a9034abe041e0d22abddf4

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Data

Filesize
20KB

MD5
51068ac321fdd8085146fddfb09d390c

SHA1
274fcd554a1ece35624f0a7d581c3cb5278df7c0

SHA256
5f808d0c620573e3f6c958d89caf4e4d9da2cda2837c049179bfec7028899219

SHA512
dcb9f04cfeb6e0a565ee826784ac798622d00b35c265fc0f093180678629ddd5f58332eaba8b5bd5c015e2355807d90e7d9325cc40583a526d65b2d7a714d40c

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Data-journal

Filesize
512B

MD5
156e0751edca75de542e5de483385072

SHA1
9aaf9b9d634f27e6696d75c127a308e99e915c44

SHA256
745da64c9d4afcc22947a3d8c9b846e517e3e7fe60b41dfc3b10d60acae09d92

SHA512
d358b468eb6656b731ad02871f3c919e7e5bcbd5f57bf818d8e9a5fc9c5b03a66a0c8f8f49b831122d53e5f0aaeae0da872880c34f8d2993c8bfb18a639fb40d

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Data-journal

Filesize
8KB

MD5
7f6ef148e1edf106552804cb1fecf499

SHA1
bf16fad1cb6c3b5ed7cec0728947f1f43c64fbfe

SHA256
32acbac4c55c91dee69f211a62ce45afcfad726956addca9fe0fa32cdf150d4f

SHA512
6e3210d0067b1f107ee1da0600f0e6a6cdb9026effcf789f10c80cd9d433ebd31ee15d23d37bf0586f2929d13a51efaecc96ac00701dca8ce882020b49eff2eb

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/databases/Ezjoy-JewelsLink-Data-journal

Filesize
8KB

MD5
0dfaef27772855c1ac32149dc0c67d09

SHA1
fe81318411a5d91e693cb0f02dc9ed6b0b594da5

SHA256
7c9bdecf6a870480ed242e2fce1935561f6ab285db46dc1cb629832eed269f7b

SHA512
fa3eada1d53d5786fb87f808f532fde226a4dc45b872810cf9e0fe148c1bcb54dd601151768440aa98996c8509386a01f6b7b6adb7ec6bab49e4fcb0ee44891b

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/databases/purchase.db

Filesize
20KB

MD5
9ebf25f631ca75b3248c2f0c4a8d95af

SHA1
95d17df1f83fb8e1567d764b767f5248f3018ac3

SHA256
8656c7544cf6b77e5e2460c2ad6ae7f1f61d0a1b934e32dfe33f7a863f2ed34b

SHA512
4b86d404a6319fdc91f9b277d76dc0f87e25b6613438c624ebb17c604a5b918deaea7894c05b9371c96ef97efa47f6d58e58bdccf9405b6743dfd47d01750168

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/databases/purchase.db-journal

Filesize
512B

MD5
4c47d73b49da51bf3f0bf9bb1e151858

SHA1
3e384925a27b771e5ec12ebd159c279942e7e743

SHA256
c9860fa7aac9b08b04b3ddb3f0eac07eab1c0e48820f6ae72e93076da2a7d7a9

SHA512
9351935db884705b62f544fe042c07c96771f369e7ef9cc5ba6117c6068b7baa4f4be9d50948f69e78b669d10797c426ded10c389197c12fc7c32e9d0ae610e7

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/databases/purchase.db-journal

Filesize
8KB

MD5
5bbad51699d8e4cd769ebed8e62a5a18

SHA1
b65f6b58c7190783292144c76cc471dec59a156a

SHA256
1486478d6f7713d19b4804791583b70011c976015eaddcf458f2ab7065e3ef7a

SHA512
9f6c6b6182f52b893ab7c8ec89f23cb3ed819e3e7ab762cdce8879678cd3e18a2bdbe79d052f2c8e4a31fc8189a39a9ba9c6aa3ee6a97293fa737b91a931202c

Download Submit
/data/user/0/com.ezjoynetwork.birdblast/databases/purchase.db-journal

Filesize
8KB

MD5
0b9122c69350f3d6d985ff3363bc2b7e

SHA1
0dbcea36417557f7bfe4e17d44960c8cc881eee9

SHA256
7be6a6fcc18f5c334a07be3a2bbf4377182d5d875925b5d9ee7435836150e469

SHA512
751ae84239797134e83f6459cd0dbab329c1be0e694d684dd2595b7959f3497a3d7ef1f5e352df15ac99369b77ff862ed6bb843ff8e58f6fff857102f7e06beb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads