caa1447387f14558a31a669182dd9a8d779b5e69c466b5c8f9b71d511a1fc3a0

General

Target

99e57351d25a205de078973320ac23f5_JaffaCakes118.apk
Size

5.5MB
MD5

99e57351d25a205de078973320ac23f5
SHA1

f4ce9c27b9008015940d5c664243b899d1f8e0bc
SHA256

caa1447387f14558a31a669182dd9a8d779b5e69c466b5c8f9b71d511a1fc3a0
SHA512

aeb9dcf08a1c396594028cf89804473ea423d92ed6f3bf76659db400bb8f666098d399789988fc2d74ae213392a5046e6ece10f2124a28d30397780a4a5156eb
SSDEEP

98304:cvXxaZ6Am7OwcYdQ/8dQ/sRyw5TVXiztJ6vJdtHu7+eXZEdmTwDM6z2Ry+eCMl:cvXAZnm7OwcYBvTJYtJ6vJdhq+eOXMs3

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.shouyou.hstx.guopan/guopan/sdk/plugin/dex/classes.dex	4236	com.shouyou.hstx.guopan

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.shouyou.hstx.guopan

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.shouyou.hstx.guopan

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.shouyou.hstx.guopan

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.shouyou.hstx.guopan

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.shouyou.hstx.guopan

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.shouyou.hstx.guopan

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.shouyou.hstx.guopan

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.shouyou.hstx.guopan

com.shouyou.hstx.guopan
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4236

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1

T1407

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Discovery

Process Discovery

1

T1424

System Information Discovery

2

T1426

System Network Configuration Discovery

3

T1422

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shouyou.hstx.guopan/guopan/sdk/gp_sdk_plugin_config.json

Filesize
816B

MD5
67e9644af22c48ea609a98103eca4ff5

SHA1
d35536c78658427d9fca3407625a4e2d246d841c

SHA256
edf54af35d3a5004cc84c05783ccc88d0b3f41e0ec9f907bb144718593d92b4b

SHA512
0bf72771ae8e752cbe081fb3cada8a265dfc7b8a74f25fde4370fb3d68f13cd8fe09f0ebaa40fb7a9803832c309d150e766c0a1f47fb7affcaaf2c899820c711

Download Submit
/data/data/com.shouyou.hstx.guopan/guopan/sdk/plugin/dex/classes.dex

Filesize
3.1MB

MD5
95f034cff01db1fc68c386e32eb06a7f

SHA1
90300080c93e3e5616f7f4d1a83630a394ec07cd

SHA256
e687af74b0e0775cfc275d38868212d0fb877b0ad75385c8d575bb8faf43cea1

SHA512
962fa648c05a66f48d50245de04f90ae83c48670785b0588d4e8c1e6d8ab09b6b8a7c8a51236fa47727d060f07456c8baa011fc448422ef3e132222e933caf05

Download Submit
/data/data/com.shouyou.hstx.guopan/guopan/sdk/plugin/dex/classes2.dex

Filesize
1.7MB

MD5
ef2be12c4e1a1874636a3c4795882dc3

SHA1
cd12cb2890d77553b221bdb6f4103e551e1b7e5d

SHA256
6a887c2e654dcd46c3d602cf3fadab554ba38820adea47c5520b17b291e5851f

SHA512
5ca09acddc8e0ad30d204b5529e43bfc349c21981da6e90249d0a3feca1140556f85f4ffe2c0827ec118d19fefd5047d763111eba9c238746ef53a4b1f5857f6

Download Submit
/data/data/com.shouyou.hstx.guopan/guopan/sdk/plugin/dex/classes3.dex

Filesize
1.4MB

MD5
14463df390168269f982456bf5948ca3

SHA1
ae3aad30b31d8ff611afee8c02336ae450ce981d

SHA256
2864260e4249aaaf9e2d6d38ab32e9305f3cecc6233395209e05cc632227e1ba

SHA512
bc7a41e377cbadbcfef27ea1e4ad920439b2746a8b5cf831b0f04f9ed3c334f2a4a3c046404b43e3dbdd4bc604047cbbaf31b60bf5aef2619e028fb2cfe17d5e

Download Submit
/data/data/com.shouyou.hstx.guopan/guopan/sdk/plugin/dex/classes4.dex

Filesize
65KB

MD5
9a497ae4e3c021eadf67992cfbdd5ecf

SHA1
c88fff749cd1fd7a0016f929b53e07e5c5c32a7e

SHA256
94e68e911929b87edbe05445e6d3900a84fa1d4894baa12f0e98a8b1743836d0

SHA512
fdfbc14441003661e02f4b5b59700cf08778a5fe35a605f86ab01501b14641e59edfe4cc14b4cc5742e98b1d2d49c202cede0fd0b2af1e86b5cf552b8d7d6913

Download Submit
/data/data/com.shouyou.hstx.guopan/guopan/sdk/plugin/gp_sdk_plugin.apk.temp

Filesize
3.4MB

MD5
2ede52fe18bb7e30e2a2552d5f22c4d1

SHA1
8f10f5e587707d7b3d24cb21bb6dbbb3a158fcb3

SHA256
f2cd0a8683e2785d2716dc7aecb08adba2aecee740e0ea88c5949cf6549ebac2

SHA512
3bc05fd192f98bfc392221bb77691820f389770ffb71b06a3e283cd57e882712c5cdeaa35f2be55e518a82c8ed5db1fa901aa623371ef0882d2b935f89a0b10a

Download Submit
/storage/emulated/0/UcQkDir/qk.dvid.txt

Filesize
65B

MD5
e8ecc66c8deb1ce98ab4ad273a82bbfa

SHA1
e34b5979381df240fedfc0bd23cfaf5e137fb9c1

SHA256
00af873f622e88160c5b6d5645d0fa03f5a732e9c428ac5632dbace3f13d65ff

SHA512
ddee35e877125d3e62df262dbcef0f88bb3cc00e5995b7b4c9961b526899ebad6753c18c38eaaffdf96da9321b6152306609c985a677fc8713e201c13dd698d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads