50417d60ff040ab006bcf2fa348636d378cf8227d368a27a4a4bbca35d4216f3

Analysis

max time kernel
21s
max time network
138s
platform
android_x64
resource
android-x64-arm64-20240611-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611-enlocale:en-usos:android-11-x64system
submitted
11-06-2024 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f2351cb382520270c1ab5bf495ebc6b_JaffaCakes118.apk
Size

5.3MB
MD5

9f2351cb382520270c1ab5bf495ebc6b
SHA1

4e4f40273dfc96fe7071249069cae1e620acde8f
SHA256

50417d60ff040ab006bcf2fa348636d378cf8227d368a27a4a4bbca35d4216f3
SHA512

99c570d41ecda38cc21e90e7b1663fb58da91317e80f65cd798cb2a9f5980006459af07acb0842c8dd9e18f166f69c419e2d66b2c43399b0e6fcc0ba564db4de
SSDEEP

98304:gv0WnBXfbssPpxHpehyr7gIfoUt2IRab3e+9czMiGtXo1NjaexIg63sZQuwD5:CBXfbssPpPyyozU8IRab3TcBGG1NOkIN

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.linkai.cpu

ioc process

/system/app/Superuser.apk com.linkai.cpu
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.linkai.cpu

ioc pid process

/data/data/com.linkai.cpu/mix.dex 4520 com.linkai.cpu
/data/data/com.linkai.cpu/mix.dex 4520 com.linkai.cpu
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.linkai.cpu

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.linkai.cpu
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.linkai.cpu

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.linkai.cpu
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.linkai.cpu

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.linkai.cpu
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.linkai.cpu

description ioc process

File opened for read /proc/meminfo com.linkai.cpu

ioc	process
/system/app/Superuser.apk	com.linkai.cpu

ioc	pid	process
/data/data/com.linkai.cpu/mix.dex	4520	com.linkai.cpu
/data/data/com.linkai.cpu/mix.dex	4520	com.linkai.cpu

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.linkai.cpu

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.linkai.cpu

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.linkai.cpu

description	ioc	process
File opened for read	/proc/meminfo	com.linkai.cpu

com.linkai.cpu
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4520

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.linkai.cpu/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/data/user/0/com.linkai.cpu/app_bugly/rqd_record.eup

Filesize
350B

MD5
570d1739d1de1139512a95b5f52cbc15

SHA1
00156a936d0b9d7fca6ea28ffac0652ebf949cb3

SHA256
ea0c4c73c50db8a54a29b6f0b674c1e12b378c5763d276e8471dd0d0eb12c194

SHA512
c6b41c25bcf0f1fab1b81589848e3b4c85d605ee559661f7b3343b7634a1b1429f4d39b747cb66feeb664bbe2453504a7699605ffa9187828bdabee85b4da8da

Download Submit
/data/user/0/com.linkai.cpu/app_bugly/rqd_record.eup

Filesize
1KB

MD5
fec0c9fc2cda1a3e1178a01faeeaf5da

SHA1
1ab793b1e71cea0dbbc41d09dfc989a8cb7a3c00

SHA256
1dd4db25317b5e7d44543dde48d8e9f66c8425d5d4e38efa18d270b0db55d2df

SHA512
e4195fa4b4ef996a66f4146ba1fe3b61b8f9c844b9f9a19615c814e6a505fe25ea62e1ee49bb6e16df6ae0e907b29b235d7fcf3ed3a438bbf4339d43ddf9d442

Download Submit
/data/user/0/com.linkai.cpu/app_bugly/tomb_1718130452682.txt

Filesize
23KB

MD5
215b5a26cd6137e9c010e0aeab55eb94

SHA1
e87c37c2f2cc49d674a385a775e81e41fbeb579b

SHA256
39ba745c4da3887be31b2a1aa289ce0956f3d69c640000dc6800e2a1baa95f8f

SHA512
7404faad617cfcd67b70cbd8e90ed4e56b1846b2e4f0e07b62f06ab80b94700ad5c53fea74bb35ba74aa0bab29713a9ab47a784f068950a689c5182f80e71ccc

Download Submit
/data/user/0/com.linkai.cpu/cache/tomb.zip

Filesize
4KB

MD5
475aef37d402cbdb0a339d0aaa43198f

SHA1
64c94d999adb59af7c046babdd15c263779551a5

SHA256
816fd50a35284d8a41c511171ea71f56d357fd43d98069453ca7224d9ad94b40

SHA512
54bf00b6eda78d7f0034150194b5e81ef5863e269953f62163d25cc2e815f5b127dc097042a47b22ffb22ff2c6ef1982bed6228a64c72a18923a49833f8de7f6

Download Submit
/data/user/0/com.linkai.cpu/databases/bugly_db_legu

Filesize
144KB

MD5
ff520db6c91ac8881a2a19d26cf75ee5

SHA1
209093c8b259a97fd9fd71d1c879a50f6d79b0a5

SHA256
e5ef5c11a9dddfa04937a71fbae6d4995a82ce407d46614f4c996922f3e89281

SHA512
60e841af62ae016355beccd0d632a1077dad212ba0863b977dc1b5e5ac17c4b7637d869349a3bea5ff0e3e51303466fdc47b8c61f042a8646c948c1a6a5a8341

Download Submit
/data/user/0/com.linkai.cpu/databases/bugly_db_legu-journal

Filesize
12KB

MD5
66b731383c795b353f98ce36eaff2498

SHA1
3c636cd77b4a5be82f9638580df7ca64fde64060

SHA256
898ed38611ef159fac5b15e17e3e6eeb095bf8f2745433084b4ac8ebb5519c32

SHA512
cc19b71e70f59d38e9babbdcfb9c0af9645ea51d473afafe3b6ba91c50b847615824ee7aff5d846191c05c8c1d6d148a7aae35f020815caaae4d2e186f05acaa

Download Submit
/data/user/0/com.linkai.cpu/databases/bugly_db_legu-journal

Filesize
512B

MD5
5c25bbab9f3e829d0035ee00a81eebb1

SHA1
c318b1a36b82999c279b50d65d3160856603678b

SHA256
97486d0927147464c01e67e30181a957142c74b6907bd824d78c829615d96040

SHA512
c67513dfe390c022142ed6ba1d0948d8a3c3d51c47b63c44ca4031269b58112fa8ffcf1f6410ca3be9aeffec2d0f37ebcf0ed7ceb2ae121cb25d21d9189ce6e8

Download Submit
/data/user/0/com.linkai.cpu/databases/bugly_db_legu-journal

Filesize
8KB

MD5
39c40ff4a2c28b114f3a5ece19fea00d

SHA1
91d0bc09f762e5b01f342b0adc9f33e0bb34591b

SHA256
bde779b3f829f5a26dae5389b91f4173dc944ec87cb9f58cb797e1d3b612c62e

SHA512
cfa2966a326d2e1d3a8053a606a84e815e2e07ff321ed26d4dd311b42640633fecebefa37b1e3199afa7ea8aa83ca4e094539e4ba36f1e308678388103865e9f

Download Submit
/data/user/0/com.linkai.cpu/databases/bugly_db_legu-journal

Filesize
8KB

MD5
9a63546a84b250053915730a2d664172

SHA1
dbd93352f5e5455e052e918014c6d2be58e7606c

SHA256
e588a1eef58fd629ed50f1c1084b3958954d8f4cccf6886a717f550db27bba39

SHA512
dc8a8c2cc7d3f93c08acb4fc493fc85da5160d0031c55c3735b5c210fe7607471c4741798038e835187279491db15df78a5e1d6d06a65296a512c103e2988599

Download Submit
/data/user/0/com.linkai.cpu/databases/bugly_db_legu-journal

Filesize
8KB

MD5
ca4f5b4d860b55bf795127581e3b3bf4

SHA1
a1afc5932b1a8f29aa4a360b3bed5ce1d51da9e7

SHA256
252026041a81e532d6924113c11534587e6e8212c85866c9e4a838138ebed3ee

SHA512
83c5210e0ba73bcb86ec71be43c9b7fef1209302bdc5d28c4ca765ddc4efd3c956958d515cb3d56ab4054d813801a0b46cdf766c783c1785d8af61fa41923dd4

Download Submit
/data/user/0/com.linkai.cpu/databases/bugly_db_legu-journal

Filesize
12KB

MD5
a1ca34ea9b433df0494f37e4b6cee0f7

SHA1
a04fed6443a6e6b4b83b84e57eec01bd6e363df7

SHA256
cbb932f5c8809c275434a49f4ca2088dd89c141b3715a8d09db38a0f4dff72c3

SHA512
4ca5ed2d95af59e5e62df729cc4b56ce1ca3825dd54c34342f5910bbc55e28a5f5dd508570a11307be37538b99f2e81e14e761476a457d3942b2883c15464cd0

Download Submit