01e969c77c50ca30f2274d1cc2e707c3ae525ba7458edc2fb642d78851c03e4f

Analysis

max time kernel
128s
max time network
169s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13-06-2024 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3ce87d2cf83c2fe9c55f27d8ac98bfc_JaffaCakes118.apk
Size

10.1MB
MD5

a3ce87d2cf83c2fe9c55f27d8ac98bfc
SHA1

d6df4e41ed4b4bdc8c5cc609b854345fb3f0305b
SHA256

01e969c77c50ca30f2274d1cc2e707c3ae525ba7458edc2fb642d78851c03e4f
SHA512

1f88319381df6dd8d89fb3372521ac4e7ca7c3df1b407ec17dc39690271917b04e233da67ce6cf78f7798f0cf781e741fb5ef6ac0a5b65c218cb0ed6dc08c9e1
SSDEEP

196608:SkHMGcjaBzoYkSbJneJw78ws6zn3zpGUHN/4M+6a/ji5vFaJv1aGmiWyBb8K+:qBs0YXbJeJwows6zn3zZHZ4BMcHpWMy

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.carlffree.recognizer

ioc process

/system/bin/su com.carlffree.recognizer
/system/xbin/su com.carlffree.recognizer

ioc	process
/system/bin/su	com.carlffree.recognizer
/system/xbin/su	com.carlffree.recognizer

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.carlffree.recognizer

ioc	pid	process
/data/data/com.carlffree.recognizer/.jiagu/classes.dex	4200	com.carlffree.recognizer
/data/data/com.carlffree.recognizer/.jiagu/classes.dex!classes2.dex	4200	com.carlffree.recognizer
/data/data/com.carlffree.recognizer/.jiagu/tmp.dex	4200	com.carlffree.recognizer
/data/data/com.carlffree.recognizer/.jiagu/tmp.dex	4200	com.carlffree.recognizer

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.carlffree.recognizer

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.carlffree.recognizer
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.carlffree.recognizer

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.carlffree.recognizer
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.carlffree.recognizer

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.carlffree.recognizer
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.carlffree.recognizer

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.carlffree.recognizer
Reads information about phone network operator. 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.carlffree.recognizer

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.carlffree.recognizer
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.carlffree.recognizer

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.carlffree.recognizer
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.carlffree.recognizer

description ioc process

File opened for read /proc/cpuinfo com.carlffree.recognizer
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.carlffree.recognizer

description ioc process

File opened for read /proc/meminfo com.carlffree.recognizer

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.carlffree.recognizer

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.carlffree.recognizer

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.carlffree.recognizer

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.carlffree.recognizer

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.carlffree.recognizer

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.carlffree.recognizer

description	ioc	process
File opened for read	/proc/cpuinfo	com.carlffree.recognizer

description	ioc	process
File opened for read	/proc/meminfo	com.carlffree.recognizer

com.carlffree.recognizer
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4200

sh -c ps -ef
2⤵
PID:4349

ps -ef
2⤵
PID:4349

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.carlffree.recognizer/.jiagu/classes.dex
Filesize
5.7MB

MD5
36d5984fbcf0cbb0956700aaf3bfc360

SHA1
34d3df6870a08526255acf2af24ae8b8ba504184

SHA256
26cc18b01ae7e96e0b159297d0298e6a77198b66da50a66776098fc726cf54f2

SHA512
ac06739c898f153c739eba2aad698e5c9dba35be62eab14e599e9d237b516ca0805997c2cbd2c9977e38ee7bec9d29ce33044c536192bf5509d54f206f83e59e

Download Submit
/data/data/com.carlffree.recognizer/.jiagu/classes.dex!classes2.dex
Filesize
1.9MB

MD5
614e73c6b4be1aaba8782df6da2c32c0

SHA1
6c435932b39ec2c35ed2c28673c7885d44032e14

SHA256
102060522ffd1959b867355816294bab595be8d9d0d95a4cd65c0ba076a40323

SHA512
25e31319d7ec90a9725b0c3e55416cf5cb3ad6de57f7a0c4631f8eb9530d50774548657e5e306dad9810627aa18ee952ce9b7a96c20876e6027b73683ab91abe

Download Submit
/data/data/com.carlffree.recognizer/.jiagu/libjiagu.so
Filesize
487KB

MD5
610a895c4a71bbeeaea16eddb1422bbf

SHA1
9f919de42ed1e80bfadfef48f8202b202166f869

SHA256
baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217

SHA512
ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

Download Submit
/data/data/com.carlffree.recognizer/.jiagu/tmp.dex
Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.carlffree.recognizer/databases/bmob_provider.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.carlffree.recognizer/databases/bmob_provider.db-journal
Filesize
512B

MD5
f113b97ae636c02a57d0e23877d9d3cb

SHA1
7cef7ad3c72bb8eb7ed178168b0211f98e8e7503

SHA256
5b09abb852a396089c01e3847099979d010c7e1d7b85ffbb092d1c90ca21b679

SHA512
6fb0b9b31d98e09c51a4db163ee2fb6b8fe728c0af1eb29a9f4381dfa192cec85426d4b4e3edee78e635cb1b79e0785279612cb260f0a22561c17effe054d668

Download Submit
/data/data/com.carlffree.recognizer/databases/bmob_provider.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.carlffree.recognizer/databases/bmob_provider.db-wal
Filesize
28KB

MD5
d50a6f340f2a9c3617d41eb74a6dfc8d

SHA1
5c67d0e0fcf681eaa86fb52deab854fc87df4ef5

SHA256
312290a42a4c4ab550779ce2d28bca5e08f77300a5133e6f7d7052d8cecb8523

SHA512
7a6c344e4ffb7fa808bfc4821e1ff1ea91117c2f49a0f5a6b59bdc4583d8d6ad5c6e25b0b14932856544e15f9aa51814d79961bcb37601ba54b88f17b8a1bc6d

Download Submit
/data/data/com.carlffree.recognizer/databases/carRecognizer.db-journal
Filesize
512B

MD5
1a5a063fb1de3912169f38fb3b31ac27

SHA1
48a0d178f7ddd1d2213b0984bf39bf6d0e5dda24

SHA256
0775c69564aa3b8066c5de0c7b4f7fcc3d0680773ee0aa6e3646e6c06dfcbc44

SHA512
fc740e25a84582849db63254ad4c67dd812ba0e73bbfcef8d2c3083f9a52f4503da29ab4bab5799f23f548e280b83036a21361c50d30efddf2596d73993a0f7b

Download Submit
/data/data/com.carlffree.recognizer/databases/carRecognizer.db-wal
Filesize
20KB

MD5
34ccb24efa8036c05435d8a6fd87a5ed

SHA1
3279fc6cefa5100ee3db5e995976e5f3796f94bb

SHA256
6c744463f315de8381e4b51de07dfcf7f796aafe800671ffa40c8587116bc6e1

SHA512
b2cda30ab8b2766e5be0487f8b0af31c79a5aa1223ab9dbba1f5050f13c7fa01d3fd03cc2235c0c7e25f9716d1de1c1e04dc720971e85b4bd5745d04189587f1

Download Submit
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.ac
Filesize
40B

MD5
5f979de5aa2504a13a8d8c0be815f5bb

SHA1
6d628ed96dc1974aa251197f7777215f7573191b

SHA256
16cd8e8ff84347a62867712c6883d2ad38b2c6c5ce610ced6a6f36a374cceeab

SHA512
9cb94ab65a5ba732a969b28208534f7e435746af37c0be5826d87abac9a296f5acdfd2769826b5fd75f31de18d286679b47d42bad29acb6fa985e86bd7ca3b23

Download Submit
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.ic
Filesize
32B

MD5
217654c46822ff14d6aad91309ef8ec9

SHA1
2082b28a7252d21c6c706a6aab62b73599a7b1e1

SHA256
ee5b697650edc6d1ee32b59cee913a9ebfff59f27d6cb66619320057ffb9be1f

SHA512
1f882da7e91321ae4bd30e52519b355b350cc432bb5013284f0ecef5d5a60eb4fabb00afc488e3b1fe516bc138df1c01e72aab449ea1cb0cdabba79149f98191

Download Submit
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.pk
Filesize
32B

MD5
2a968534612b07bd38cc9e6d4aa72941

SHA1
735b82aa4caf66a5310da732b6c306b3eb2be9d6

SHA256
b0986d44b96eb0c95518d65cad6c1d294e8e81e3ff2cda6372e3165370123f94

SHA512
265ca1339ca57a221a5a44336585727f70a0cdaafcfb621e94d35022a348c0c085a901603dc9d583f808e5e5fbbab7dce0fc7a5fbfcb1f8af21a18ea5f3301ce

Download Submit
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.pk.h
Filesize
64B

MD5
d05f407e008a954bb6a44c9515a545db

SHA1
3f5a9876bf144b9ebe582589d31e02beff4a31c8

SHA256
4490cdd02be25db18e5e8a53a2a824988fff32922f07f8520997dab5be19d3f7

SHA512
e5a213d15442be9b2f4d77e67928022cad8bb5d995934c9d987e6d540c536e3c32f762331ebc78a49356a92303f006af8dcdcab8fda860646c8990f6f759e1c2

Download Submit
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.rd
Filesize
73B

MD5
55a3a350ecfd0ca15082d91ee19f3093

SHA1
cea5368685fc0542f523a360c404a77ad69f53c1

SHA256
6fcb91841b20729a41e668a5b4c96ed98ab37c31c8220e708c641b47b1d47034

SHA512
95e147c5dc505ee534fb93d5adfb009a107e64d5abb2988b5d102b8c80166a96c2250a9ca502d6776260d24ab231576a39787d50dcfc4f34077854eab7f650ab

Download Submit
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.ri
Filesize
314B

MD5
a2a7d4ec83735fa862ea90cd682d08bc

SHA1
f35cc137ff7d928a8b3327cd5536a0cad45b8350

SHA256
aaf58e9c4e0186ce53fd7c8f2223ab085ec893c073d5d9ceaf2acae4e2b93dd2

SHA512
462240667ff37cc0c4c28a42258638272b5f1cf662345e26229b9e94bde9219f525dd4fa6d2a52a01f985a2a73bbe7bd356aa0d6408432bcd92f48385693dfe2

Download Submit
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.ri
Filesize
307B

MD5
622e6d8e9d8405764ca1f8dd883c0ab6

SHA1
8a948d4942516e985767df5475ced9f39becd95c

SHA256
4b89f891bd739b3f2f525a9836db20c6680ac9df04c9b4cbd385a177e2db73a5

SHA512
308e1024e8b32eb08aeeb8badbf3d68e60f546f185ddd3716742f058f5c670b5a298fd321690948f6c7cf9c74942449ebfaa95b1b82d1cf28d7e35ed81d4c907

Download Submit
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.store.report_cf
Filesize
54B

MD5
88db5cf7ab1d85bc2bf6142e1dc57a6b

SHA1
4d1dc2d2592f7565b5137ae483e1dfcf4d7915f0

SHA256
a566a7c7b7c65941d1c66591d526dfc6c3ba00929a274d9a28f9b15975a958b3

SHA512
05f4a534d96e327443d9adadf068c928d6ed1e265548f3f00fe66c1c29ec54fd3046198736f2b2ac83d209b262edd3abf27912a3d2c4f640602fa42a222cf616

Download Submit
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.store.report_cf
Filesize
32B

MD5
b3c01655fd5d26f6631e5e409f3cfe97

SHA1
a6168f715231ad8f2c37a4096015cb0c51dff86a

SHA256
61484153631edd25e38e41c356579ba2120c74f63b6cecbe4b3ecc82ef847e2f

SHA512
a86de1f866fc340a2fc0cc9683509b9cda984574b7b4cf7eb49461364fec385041c5df1f60a6f3a04c6f142c2650c2fb70b169e89fd3555012dd59355b571e5c

Download Submit
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.store.report_pid
Filesize
54B

MD5
086d00a69d947aa62536357f96e763bb

SHA1
c08f665783cb51bd67badfd22f873de3a4ad11e0

SHA256
509bf8479ba4523fcfa939423370a29c842079d5c7cd740b70ff7c75d17ec60a

SHA512
846861022121ca95c7ff4569d3d72abe7422c9251c7b0230a00b9d5b3f5f886710e9f2c5b050551e99638ed57cf0e760fe5c4a31cc57b62357a8c25da23542d9

Download Submit
/data/data/com.carlffree.recognizer/files/.jglogs/.jg.store.report_pid
Filesize
32B

MD5
75947f4841e42b7102c61e7b58471440

SHA1
6c879237d17e53cc104fb6c11c8dd0d09cf0f94b

SHA256
7ff8178cf1b9fb270dd4966fc5aef23a1cc119a5fbfe05eb448f6862b366b834

SHA512
7893630edae494e686148ac5f207f261f9dc83e6487e2a22418f15a6326780a36cd6bf56c7bd56e0a6cf5916bce5b68915e0a48fd77303d8510b6d5c4c7e514b

Download Submit
/data/data/com.carlffree.recognizer/files/.jiagu.lock
Filesize
27B

MD5
8c14cdc592a506a8efb340ee5fd704aa

SHA1
29895ed0a14ab2188e96888213219716ae757e82

SHA256
c2d7b94c2bf9dc56e85c4aa121ca14724bdf224c314ee9535f37bd31b977ad50

SHA512
9d5d29d31734f0c3db7966ab80ce78e4889e1cf03b5587906602fab08a421c9567611c6a5f9796a45394701d795f704cf17bda71f337783c313d25e109968d99

Download Submit
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db
Filesize
6.2MB

MD5
18d7bea804c64968545e1104fbb1a8b0

SHA1
c2a3414e95ff536f49a2f43b2d4cb710b60ae8c2

SHA256
f4fcac80ff65dcd7a3042f1b1527015654f9a8fb7be11b9e44b8d658c762b89c

SHA512
69f70d687b704405be0db87394216985466ee72c6c1fe26c9b47d7a718bf2f8e47d7da55c34bf74c6016029ea4d4ccb0fc5237073c4df1eb6566b6af867e75fe

Download Submit
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db
Filesize
4KB

MD5
6e55a6d0134635580ee5bcf5f1f81d30

SHA1
4b5477530ca166ec2fc309886693da3dd52990b7

SHA256
bbf4ab15bdfb3f68d71451c487796173a39241a42d1465ccbc43b43a72ea4470

SHA512
e59816ce9804c7aaa9a2cc151ced8689a48f2ebd27dfc3e4961b9c4c5c78a9d10c63a2abdb4e23f8f333cd7fe3f0e35769ed375715071bdd54b9631fc4ca78dd

Download Submit
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-journal
Filesize
4KB

MD5
c85028947470196303866004d0869a4b

SHA1
d2b237a0dc4229879b8c16327e38caf42795f8c0

SHA256
04ecf7b0341d9f48371936213968cadebf2156ccb67568f38b70462aa5f1c9bb

SHA512
479f6b2ba372f43b0e015d513067b7adf789d8142bfdb734e3bebde51f523958654d9fc827cccb0a7eb38088adbc2f5e3c69113842fc1e29c03538685df2f5cf

Download Submit
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-wal
Filesize
24KB

MD5
27b42f5640d3a56d14b72ee6738840d0

SHA1
be6e0c08970203479ee84b21ca6f9b446827e42d

SHA256
ac21c5852a78543eaf652784a209521568bc36d8efed63e34fd6aeafa1a8dce5

SHA512
a0779bd935a32b03df6401ac662ad50a58fa2f8dce4eb913e39f8750c1d4c83dd81dc6c5d9b64de48a0bc28aa16c97521ef89c4c5a51d5316e9cdf27f5587f7c

Download Submit