023cf3be545b48b93a74e399bc9914c6eb31df7da91c670bc1f88c625fd83e40

Analysis

max time kernel
126s
max time network
179s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
02/06/2024, 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f3cb5c00dd1edb0a9d78d1dc4da85bf_JaffaCakes118.apk
Size

31.8MB
MD5

8f3cb5c00dd1edb0a9d78d1dc4da85bf
SHA1

aa0be636f767b85a8e7c7228fde3575e0191aa77
SHA256

023cf3be545b48b93a74e399bc9914c6eb31df7da91c670bc1f88c625fd83e40
SHA512

e2ecdbeea421a0cb631f0c6e62e7be864ae65c904ef1c48bdf1f242ba35bb82c70b6f888b32f215dcfe61b294803bddc70b5660a2cf4950be87349a25b81873c
SSDEEP

786432:BZnw3OPTigAfZJ4oT6mm7bZx0gjsOL9sCLGHP45rkBYO:rtOgqvJpm79ugjs8zLGH4rk9

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.chy.mahjong.gzh
/sbin/su	/system/bin/sh -c type su

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.chy.mahjong.gzh

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.chy.mahjong.gzh

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/storage/emulated/0/im_sdk/jar/yayavoice_for_assets_20160825.jar	4401	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/im_sdk/jar/yayavoice_for_assets_20160825.jar --output-vdex-fd=63 --oat-fd=66 --oat-location=/storage/emulated/0/im_sdk/jar/oat/x86/yayavoice_for_assets_20160825.odex --compiler-filter=quicken --class-loader-context=&
/storage/emulated/0/im_sdk/jar/yayavoice_for_assets_20160825.jar	4283	com.chy.mahjong.gzh

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.chy.mahjong.gzh

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.chy.mahjong.gzh

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.chy.mahjong.gzh

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.chy.mahjong.gzh

com.chy.mahjong.gzh
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4283
- /system/bin/sh -c getprop
  2⤵
  PID:4323
- getprop
  2⤵
  PID:4323
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4357
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/im_sdk/jar/yayavoice_for_assets_20160825.jar --output-vdex-fd=63 --oat-fd=66 --oat-location=/storage/emulated/0/im_sdk/jar/oat/x86/yayavoice_for_assets_20160825.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4401
- sh -c rm -r "/data/user/0/com.chy.mahjong.gzh/files/src/"
  2⤵
  PID:4466
- - rm -r /data/user/0/com.chy.mahjong.gzh/files/src/
    3⤵
    PID:4483
- sh -c rm -r "/data/user/0/com.chy.mahjong.gzh/files/js/"
  2⤵
  PID:4503
- - rm -r /data/user/0/com.chy.mahjong.gzh/files/js/
    3⤵
    PID:4520
- sh -c rm -r "/data/user/0/com.chy.mahjong.gzh/files/res/"
  2⤵
  PID:4541
- - rm -r /data/user/0/com.chy.mahjong.gzh/files/res/
    3⤵
    PID:4558
- sh -c rm -r "/data/user/0/com.chy.mahjong.gzh/files/js_data/"
  2⤵
  PID:4580
- - rm -r /data/user/0/com.chy.mahjong.gzh/files/js_data/
    3⤵
    PID:4600
- sh -c rm -r "/data/user/0/com.chy.mahjong.gzh/files/jsres/"
  2⤵
  PID:4621
- - rm -r /data/user/0/com.chy.mahjong.gzh/files/jsres/
    3⤵
    PID:4637
- sh -c rm -r "/data/user/0/com.chy.mahjong.gzh/files/lib/"
  2⤵
  PID:4657
- - rm -r /data/user/0/com.chy.mahjong.gzh/files/lib/
    3⤵
    PID:4675
- sh -c rm -r "/data/user/0/com.chy.mahjong.gzh/files/script/"
  2⤵
  PID:4695
- - rm -r /data/user/0/com.chy.mahjong.gzh/files/script/
    3⤵
    PID:4711

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.chy.mahjong.gzh/app_crashrecord/1004

Filesize
235B

MD5
9c14d44f677bc4e66170efd5a593c60d

SHA1
121fac2153822c724c451b00990979bd64ef9b93

SHA256
86a9262bbd09515b24146b155b02dd0d27574d5e18593959831ba1e2eeda87fa

SHA512
a69586152c323b2b4e6692aabaede260af4cfb424d9103ff3d2386fce0926ebc2fa5558cc8b7c2cc7955025d22784914c97b90dab65a9aa2c41c7fb31c2bcb67

Download Submit
/data/data/com.chy.mahjong.gzh/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.chy.mahjong.gzh/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.chy.mahjong.gzh/databases/bugly_db_-journal

Filesize
512B

MD5
5cb3e485b472c8fd1d07e2fc2156e219

SHA1
1c4bca66c8ecff195f32832f0a72258f4d5d956a

SHA256
fb232c3cdc2e60f392b99281b021af87e89d69dbfd8d5fbcf04d27a807f5050a

SHA512
df9f3606fb503331735f2ca5d9ac11464068ffd2ed58d276aaaa0800c337888a034c6d0f04d14c87d47eebf927339791a8f7b15daae07c4187e3728214b8869b

Download Submit
/data/data/com.chy.mahjong.gzh/databases/bugly_db_-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.chy.mahjong.gzh/databases/bugly_db_-wal

Filesize
76KB

MD5
e10e628ebba364956864201bfa5b4c58

SHA1
ff6f7abdb2fa2ae7e739993bad85423764aeaba3

SHA256
1dbfd058661acc3a9c521a14a486b59171d91c05fb7f52804fc194e16416a3d5

SHA512
7fc8f791b1fe92889c131bfcf5649fa684d1451eaaf5fd8411e9a80d88bd8a353038f44bfa84643d997cfb68db5c425b080d647685d51d560e86d777d2887d3a

Download Submit
/data/data/com.chy.mahjong.gzh/databases/jsb.sqlite-journal

Filesize
512B

MD5
6cc26a48b66c2cffc254441783543e5b

SHA1
7164403e9fe1190eae769ead26256f89a767cf17

SHA256
ebcddd933ff696bfb47a3aeeac5e17afb5dd254486e17dc05cab4d4f44d68cf6

SHA512
2b491c229e5b153597d9e8cefd0d39733e38bb88e4048434ab6d291cc6e80f55a2806e95e05bc2354538513e62b737322fde7c74c330034a980949d2ac166614

Download Submit
/data/data/com.chy.mahjong.gzh/databases/jsb.sqlite-wal

Filesize
40KB

MD5
3474d96b62be1707a0562605685691b1

SHA1
af3783e3b757c55be0a44e104c1900ee0c2adeed

SHA256
399a3feeb31eef4d67d318dc43c041de6a2b2b757fb3e9795f06dbceb29a218a

SHA512
1493b457cad904e2cd354bb9b8aa9732907ec2e01c3bb108968c243e7d9cf5b55e2a0f1846300e55c37ac934e4ada8774679bfe54bd2420fb2a6f50e0cf5ac37

Download Submit
/data/data/com.chy.mahjong.gzh/databases/pushsdk.db-journal

Filesize
512B

MD5
f28d33ecb149789ebae0c1a8ee3a0d79

SHA1
c89dfa75a93e72342c6d2cd0fa7be95fb9e736af

SHA256
9b1ee3acebf2158a52f335677236b0d08349c6a57d6cb8270ed92f69cc779c2b

SHA512
e40e967cf6e96414cf8f7953ed5db91e621536b82ddd1a5a28aca7d2c4177bf9edaa364e1f14ce4c1d92c5dcd44704a32199b3174aa4dc72e89097f07d75d814

Download Submit
/data/data/com.chy.mahjong.gzh/databases/pushsdk.db-wal

Filesize
36KB

MD5
79f68a5318d82a12a4a532fddc45c443

SHA1
8ad5d4f8b8193442e46131c569eb08aafda51609

SHA256
a9d22fbc76127eb6633a3fa0ec40c3c40f0e36a9f7bf447131d6f4ee65b514df

SHA512
b0a6a8262c085d64faa837a6eb1bf02cab5386a82a106a39797d55b1b247c5fe14a2ab7196aa63bc678cb64796b328feeb0f19cf3bc3779afa5ae60690973c0f

Download Submit
/storage/emulated/0/.SystemService/331E0FA536AEAE0DB2F9FDC65898BB15/uid

Filesize
34B

MD5
9271895893dbdadd1f054640b625ae37

SHA1
f0263a846f1f17cdb8efa6fe1e43c43a6c90c539

SHA256
95985bf9f84e7e59f7fa0ada1b6e53f87cbd42349f2a2ff8aa1f6f294bd83eab

SHA512
d10e039d9089dad3a4f5a694584b677ef8d84dfe6898597cf3e24b32b6e62c9f99dab18a1f4b5fab59f7ba8e8ee03be3bbcb2c0d642ae6d8e3c67e74e7388975

Download Submit
/storage/emulated/0/im_sdk/jar/yayavoice_for_assets_20160825.jar

Filesize
242KB

MD5
b96f2d133202d831047eca7246e1bed2

SHA1
67a61e3926321c5d2a4dcfbc9eac4aff5569f745

SHA256
b8717b6d562f26809550bf37a2c497617fb839b6907e8f588c58140bea8a7b2e

SHA512
8a46350f90ea9b133b5547b0a4653b18ebda2fbfdafc6ffa9a6e04fa4afce948496d653b4570dbc83ee57d4f88c1f35dbd60d808162f0be4dce5987d29c1a320

Download Submit
/storage/emulated/0/im_sdk/jar/yayavoice_for_assets_20160825.jar

Filesize
561KB

MD5
2aadb51d89cfe5ae3cbef01a4225979c

SHA1
5b24dc3018dd293dcf305063bb7f22fade02de22

SHA256
b7155ec6a3f5719c0b056e18f39ed17fe1a6f4080e28340bc7105f32a15f7c63

SHA512
339c2a453d9b7534da02d17ee967b34ddc1ecbdd893d1b84d918228bd1d760c5f464bc6a2625b795b47ed16ea04387ad7b865e6eba867362505610876079bae2

Download Submit
/storage/emulated/0/im_sdk/jar/yayavoice_for_assets_20160825.jar

Filesize
561KB

MD5
4adde363b319e9a07df58c7572b09ae0

SHA1
38bf8750f294785277d1edd0d99db92438ce2608

SHA256
34548d475e685b1b8520735f6bf0c9421620007c3e1705963c04ee65a62684c4

SHA512
3dc165d3dc61194749e3aaf51d68d3f91365e2285e51564c107659cb8ea0c10d285ab4b362fa68d0a6ba69bc9991fb2eec56fb8f6399e778e60658e62d9ce653

Download Submit
/storage/emulated/0/yaya_im_sdk/uuinfo/phone_uuid.tmp

Filesize
32B

MD5
02f9ab7ebc7505dd9f6399c86cdb01f0

SHA1
87482ca4d52c1a83846abb20727ae1126c7c80f6

SHA256
cb28cd07d36fbb8acc1a6d2527ad807839b5d79586a4d83e8b5891490fca0428

SHA512
53bfeae0658ada7640ba0caa3a2daddfb966a279fcc406bc7dc12b08351467163e6c5f1fc548f8281dba068deb5fcc462872c18c5c4c7b465da0c082083272da

Download Submit
/storage/emulated/0/yunva_sdk_lite/voice/sql/users.db

Filesize
2KB

MD5
cc4ee1a5488c413d3bf1f9c28f0d0117

SHA1
a8139eb27c3399a81762ae7cc433ae51a2118e57

SHA256
8c040714f599ad07937dc335290d2e56186e7153960153375f7630ba3ffd7d2c

SHA512
3c86a5fdb7ddb64768e793ac9c56e84b5c64516feabc48554a6835d69f0b979428c408891267817b28d0780c5b6a3c2e325e4f829b5ab984f6724fc5689a3eb4

Download Submit
/storage/emulated/0/yunva_sdk_lite/voice/sql/users.db-journal

Filesize
512B

MD5
07fbb118f4e53e11f90888bc68af4f22

SHA1
317057784d5ca3f50dbae34e56bee8e3f79d13ab

SHA256
d04300d39a9a1c2aeee871ffbe8125a5bc78a0af6f416aca2facaed6c9773a22

SHA512
d5a9e03ee0bc9ba33dd8451b7139f585aec252459b528ceed6827b3a7041f9ff68400a2452b8f27282632bfe95cfc02a54200cfba05c76ea03dc9a5b5fcfaac0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads