01e969c77c50ca30f2274d1cc2e707c3ae525ba7458edc2fb642d78851c03e4f

Analysis

max time kernel
60s
max time network
179s
platform
android_x64
resource
android-33-x64-arm64-20240611.1-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240611.1-enlocale:en-usos:android-13-x64system
submitted
13-06-2024 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3ce87d2cf83c2fe9c55f27d8ac98bfc_JaffaCakes118.apk
Size

10.1MB
MD5

a3ce87d2cf83c2fe9c55f27d8ac98bfc
SHA1

d6df4e41ed4b4bdc8c5cc609b854345fb3f0305b
SHA256

01e969c77c50ca30f2274d1cc2e707c3ae525ba7458edc2fb642d78851c03e4f
SHA512

1f88319381df6dd8d89fb3372521ac4e7ca7c3df1b407ec17dc39690271917b04e233da67ce6cf78f7798f0cf781e741fb5ef6ac0a5b65c218cb0ed6dc08c9e1
SSDEEP

196608:SkHMGcjaBzoYkSbJneJw78ws6zn3zpGUHN/4M+6a/ji5vFaJv1aGmiWyBb8K+:qBs0YXbJeJwows6zn3zZHZ4BMcHpWMy

Score

8^/10

banker collection discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.carlffree.recognizer

ioc process

/system/bin/su com.carlffree.recognizer

ioc	process
/system/bin/su	com.carlffree.recognizer

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.carlffree.recognizer

ioc	pid	process
/data/user/0/com.carlffree.recognizer/.jiagu/classes.dex	4266	com.carlffree.recognizer
/data/user/0/com.carlffree.recognizer/.jiagu/classes.dex!classes2.dex	4266	com.carlffree.recognizer

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.carlffree.recognizer

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.carlffree.recognizer
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.carlffree.recognizer

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.carlffree.recognizer
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.carlffree.recognizer

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.carlffree.recognizer

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.carlffree.recognizer

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.carlffree.recognizer

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.carlffree.recognizer

com.carlffree.recognizer
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Requests cell location
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4266

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.carlffree.recognizer/.jiagu/classes.dex
Filesize
5.7MB

MD5
36d5984fbcf0cbb0956700aaf3bfc360

SHA1
34d3df6870a08526255acf2af24ae8b8ba504184

SHA256
26cc18b01ae7e96e0b159297d0298e6a77198b66da50a66776098fc726cf54f2

SHA512
ac06739c898f153c739eba2aad698e5c9dba35be62eab14e599e9d237b516ca0805997c2cbd2c9977e38ee7bec9d29ce33044c536192bf5509d54f206f83e59e

Download Submit
/data/user/0/com.carlffree.recognizer/.jiagu/classes.dex!classes2.dex
Filesize
1.9MB

MD5
614e73c6b4be1aaba8782df6da2c32c0

SHA1
6c435932b39ec2c35ed2c28673c7885d44032e14

SHA256
102060522ffd1959b867355816294bab595be8d9d0d95a4cd65c0ba076a40323

SHA512
25e31319d7ec90a9725b0c3e55416cf5cb3ad6de57f7a0c4631f8eb9530d50774548657e5e306dad9810627aa18ee952ce9b7a96c20876e6027b73683ab91abe

Download Submit
/data/user/0/com.carlffree.recognizer/.jiagu/libjiagu.so
Filesize
487KB

MD5
610a895c4a71bbeeaea16eddb1422bbf

SHA1
9f919de42ed1e80bfadfef48f8202b202166f869

SHA256
baa349e9b5a47be21b6ea00ef2e0c0c5dc203c0e4c391dac46df07ca9d333217

SHA512
ef4173ba32309ef1257b75bcff28fd44ab14398577b4fb3b6b95323035c964201ed39546cda3b7115ba5025781f3b9c018443e7932edd50a25b1be60359f80f2

Download Submit
/data/user/0/com.carlffree.recognizer/.jiagu/libjiagu_64.so
Filesize
525KB

MD5
198e8f0e9b0d80997fde430f9973c1a1

SHA1
dec0b84b06072ad07d44b445d7e23587c0bc7f02

SHA256
dc9d0faf8652513f0a1eed698b9559e0bbfaefe12c203d239f551ff557abbe5a

SHA512
2868fc26e0bbc32e6f7c7d6e56ed6e9517d0ea4a7d8021a5f50af5945d6ac27fe87f500e32eed5143f37d484ba95fef481c9d5c11b652bac2a26d267358252ea

Download Submit
/data/user/0/com.carlffree.recognizer/databases/bmob_provider.db
Filesize
16KB

MD5
de0071e36e0e648b248b0f788e67c853

SHA1
46ecad625ed01b7d23babbfd30faab8627c16e59

SHA256
7565898f3375002d2dd4d8924d097400c4f3ece5f018ad5b7c21a33f5563444c

SHA512
2a283404d0b90e07f0ed120343c68475f0c63362109a0f27556f9ddbfa6a8bc186612964abdff2301ad53aa9f274679e4e9c0f88a9cb7708f5f72c1e749389d1

Download Submit
/data/user/0/com.carlffree.recognizer/databases/bmob_provider.db-journal
Filesize
512B

MD5
bc4e44067409d9af18c69057bdbc3787

SHA1
3ebc78007d2b46d746c86775cd09808a1086fcb8

SHA256
cf7b78903ccd23fff5cf928526ba78f3679a8d596aae16e14feaec0f01583534

SHA512
21b8eb9deed7b48f82f978be2e3b8573b712d3162931a0c44dd8d70cc6ac862c88a9477a80b3b11822a2026d5838092a85f9b8346c7e6d0faa8699557783ff04

Download Submit
/data/user/0/com.carlffree.recognizer/databases/bmob_provider.db-journal
Filesize
8KB

MD5
b449e068ed0e3f01efc0b589ae26f438

SHA1
e4451b4c80b9a0c3c562edbaf56ef049d08da2d7

SHA256
52e41533dc7e6435d6535e23f95647e9c7e4dadff6a02d382749a5324fbced2b

SHA512
a228d750b9f8f16e3def41b49427fee8fe836e4b55346282a6ebc7f89f550e1e13c1d79d22ac11b7389bb0c359a7a8e270f779c5a7e046d67df23a40402d89e9

Download Submit
/data/user/0/com.carlffree.recognizer/databases/bmob_provider.db-journal
Filesize
8KB

MD5
057d9f464ff6b2733f8ca4e6cdd4a67a

SHA1
caf97ef03386dbc8ca8d471209ec367e7c2d1f93

SHA256
93edfe3d95d8bfdc3d924bcb0015bafc8cb0b9611caa1ce40de0ec4a549d80d5

SHA512
ee91cb8df2b813937f13f8e30bd0ae5e78070d02a809b1072d10271125301bfcbcc496254fd5b15c6e879666b38c5bf4d95aa01cb45da216c7de89046e0865f8

Download Submit
/data/user/0/com.carlffree.recognizer/databases/carRecognizer.db
Filesize
12KB

MD5
6d527da87c4c692e2091d953eacc7523

SHA1
1ff367e91ec7428668218c1bdc0dcb49541f40b8

SHA256
b78ed93c9a3f339ca2eeb511aa6d79e594931a0279815b239f7065dcb5f810fe

SHA512
5402292ce8d85214e91e24be0c314b41a9846e9dee8ad6ea405553bb04c2597084829a99cad810e6ca327f6fcb80bc99bd42c95f2f6a247d681eb19444d362b0

Download Submit
/data/user/0/com.carlffree.recognizer/databases/carRecognizer.db-journal
Filesize
512B

MD5
2d09a9ef0c4eca484be25a956a2332be

SHA1
204e94f51f301ce2409877fa4cef04eb547989a1

SHA256
89040dfebf8b1a9b210c7f6799ad1dcf797edac1128bc49c0ce41587ea71e1be

SHA512
da9a3185dd34ecec96f786391dd6ae9b93f956b9bc48353d2826aa32b2a5ecba6f437ffd4d4d0fdd1b51ab45dd2eb3e5c3102f73b2557755013297382d112dc0

Download Submit
/data/user/0/com.carlffree.recognizer/databases/carRecognizer.db-journal
Filesize
8KB

MD5
4493085c8a91adc7d573624eff512b45

SHA1
8ed75bf471d046fa8911f9e5d684d4a2a1d6388e

SHA256
c866c870a323ab8fe7cbd2625e7b695ed4a4541febbb84b41850f7ee8a25c8f1

SHA512
56e3914a29be2e27eb07413aeff0cc2a32ec1505d323d9d1c180a88c8c97e6a92b8e24154a75e1a1a3fa50865eaa5009d136da3312283094380297810fed5a5f

Download Submit
/data/user/0/com.carlffree.recognizer/databases/carRecognizer.db-journal
Filesize
4KB

MD5
15dbf2e22adc3b54b9fddc6429785fea

SHA1
9e211ac3b952ae935c44697753e6bf0ef723d7f5

SHA256
91d7d605636a7bfc4f65537c29ecf17aadd108c1a5d33e0727ae99bee4e24a20

SHA512
0f33032ef57dfd0d3c13b772ae8cb3e9ec2d13af25df051f51c14f544c1b28c8e19d3720d5ce54eb8688f8fda3dd844dec2bb1f6906a172b74aaa88895e4114a

Download Submit
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.ac
Filesize
40B

MD5
5f979de5aa2504a13a8d8c0be815f5bb

SHA1
6d628ed96dc1974aa251197f7777215f7573191b

SHA256
16cd8e8ff84347a62867712c6883d2ad38b2c6c5ce610ced6a6f36a374cceeab

SHA512
9cb94ab65a5ba732a969b28208534f7e435746af37c0be5826d87abac9a296f5acdfd2769826b5fd75f31de18d286679b47d42bad29acb6fa985e86bd7ca3b23

Download Submit
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.ic
Filesize
32B

MD5
217654c46822ff14d6aad91309ef8ec9

SHA1
2082b28a7252d21c6c706a6aab62b73599a7b1e1

SHA256
ee5b697650edc6d1ee32b59cee913a9ebfff59f27d6cb66619320057ffb9be1f

SHA512
1f882da7e91321ae4bd30e52519b355b350cc432bb5013284f0ecef5d5a60eb4fabb00afc488e3b1fe516bc138df1c01e72aab449ea1cb0cdabba79149f98191

Download Submit
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.rd
Filesize
32B

MD5
e494143f0730bafa7f9482b32a8cf190

SHA1
fb4802f8c430af325284684240f09d89fa7292e6

SHA256
2d4f0e849e98f1df8559d67b5d1b07ee5e5047e72c8d4ce1275be3e7a7923a80

SHA512
b9110851d3e152982f6bb66f4fa20955eb6ae9d9632a7366d2c922c1518cf662fbed4e229907b73aa6d24c6f2d80a3e67f5c64934c57a41c1c5ab8a436e67758

Download Submit
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.ri
Filesize
314B

MD5
84d09b53a42860dc3cf47661effb47a3

SHA1
896be5a5b76136b4f4a86a8e271e8369346bf153

SHA256
f1676fab24e1734be0a003021c55ede30c2628b6aa602feb9ae70583a08b53c8

SHA512
bee24e34a8adf2bf0dd2174688fdd4cd7719983994189a0b236e8b28f05fd419e0e3d840da9b0fb699d56151d3f6847e1b1407698cc41a2b704d77cdb76f67f6

Download Submit
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.ri
Filesize
307B

MD5
5eaa4fc0ee4a43a1b51e3dd62caae6a1

SHA1
9d43722ef6584e7c82d3693bc14aafdd7fcef108

SHA256
0c6e96936945a4559a37bad6d5fa3b008946db57d02e26faf894cd1da52626a5

SHA512
d00b0afeaf611bbdbe34ba515dba241d92f922c0d237bfc2354f603a192fe4ca99dfca3b95216e6f919359c604234a86dd6c48c3808831bbdd7ab6eb14291520

Download Submit
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.store.report_cf
Filesize
54B

MD5
88db5cf7ab1d85bc2bf6142e1dc57a6b

SHA1
4d1dc2d2592f7565b5137ae483e1dfcf4d7915f0

SHA256
a566a7c7b7c65941d1c66591d526dfc6c3ba00929a274d9a28f9b15975a958b3

SHA512
05f4a534d96e327443d9adadf068c928d6ed1e265548f3f00fe66c1c29ec54fd3046198736f2b2ac83d209b262edd3abf27912a3d2c4f640602fa42a222cf616

Download Submit
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.store.report_cf
Filesize
32B

MD5
b3c01655fd5d26f6631e5e409f3cfe97

SHA1
a6168f715231ad8f2c37a4096015cb0c51dff86a

SHA256
61484153631edd25e38e41c356579ba2120c74f63b6cecbe4b3ecc82ef847e2f

SHA512
a86de1f866fc340a2fc0cc9683509b9cda984574b7b4cf7eb49461364fec385041c5df1f60a6f3a04c6f142c2650c2fb70b169e89fd3555012dd59355b571e5c

Download Submit
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.store.report_pid
Filesize
54B

MD5
086d00a69d947aa62536357f96e763bb

SHA1
c08f665783cb51bd67badfd22f873de3a4ad11e0

SHA256
509bf8479ba4523fcfa939423370a29c842079d5c7cd740b70ff7c75d17ec60a

SHA512
846861022121ca95c7ff4569d3d72abe7422c9251c7b0230a00b9d5b3f5f886710e9f2c5b050551e99638ed57cf0e760fe5c4a31cc57b62357a8c25da23542d9

Download Submit
/data/user/0/com.carlffree.recognizer/files/.jglogs/.jg.store.report_pid
Filesize
32B

MD5
75947f4841e42b7102c61e7b58471440

SHA1
6c879237d17e53cc104fb6c11c8dd0d09cf0f94b

SHA256
7ff8178cf1b9fb270dd4966fc5aef23a1cc119a5fbfe05eb448f6862b366b834

SHA512
7893630edae494e686148ac5f207f261f9dc83e6487e2a22418f15a6326780a36cd6bf56c7bd56e0a6cf5916bce5b68915e0a48fd77303d8510b6d5c4c7e514b

Download Submit
/data/user/0/com.carlffree.recognizer/files/.jiagu.lock
Filesize
27B

MD5
15e883453dc3d14daa052cbe6c0314cc

SHA1
41dbfb3929ea2705199f7ac1640c39132eaa72dd

SHA256
242b4bfcb96a5db44b0e3b8657cbbad23a706265400c7d68349b46593c04fee2

SHA512
ac066cced4cbd2b31e4b1d3de7f6aaddf4f32356f965c8418f25144c6c50be0d13b40f397dee72c84b9b0a5b1d52fa1746c8ec3f40de097d340c678cfe2b53d8

Download Submit
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db (deleted)
Filesize
6.2MB

MD5
18d7bea804c64968545e1104fbb1a8b0

SHA1
c2a3414e95ff536f49a2f43b2d4cb710b60ae8c2

SHA256
f4fcac80ff65dcd7a3042f1b1527015654f9a8fb7be11b9e44b8d658c762b89c

SHA512
69f70d687b704405be0db87394216985466ee72c6c1fe26c9b47d7a718bf2f8e47d7da55c34bf74c6016029ea4d4ccb0fc5237073c4df1eb6566b6af867e75fe

Download Submit
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-journal
Filesize
8KB

MD5
d17694c786d3539d6f2adebd62c50807

SHA1
67b21bc501ec55d83a4e2ee9dab5abfbb36f5785

SHA256
8969a1c1f0aa7a9606fa0474137860561d2482ab544fae913d95cf14d16a7d77

SHA512
18eb5308d9c6e1089a89cb1ba20337302c66a55bac15e69fc69537421d922c42c3cf7ecc223a1edd33098be5d7bbfefc6c38fdeddf8da6e6f18bb21cd07f7bc1

Download Submit
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-journal
Filesize
12KB

MD5
58afb8d6faae3080d7aa65ac2c5013aa

SHA1
5588c60598f75a58bf164640e2304e497141f810

SHA256
0a93bacfef22d1a1bd14c8c96a489325a8a4a6ba1cfdde62c1a34fb853ecd950

SHA512
ec5cb5692390b35bd6ad1d5a0126e39c3f500fcf552f673843345d85ef9a31d0e3557850d3f7dc67783d5627b00e2fea1d690a1f47c66dcc8abf463746caa8b8

Download Submit
/storage/emulated/0/Android/data/com.carlffree.recognizer/cache/carRecognizer.db-journal (deleted)
Filesize
8KB

MD5
cb82aecb8a61f7a83b044bfaa57e4181

SHA1
1b2bca07db839cf147d8c79e11efc333b0382b56

SHA256
0e0704b3c8f3136095045b1569ca42ae1cb134f37b9bde1da66c94105affc97f

SHA512
01a43dbc5f376b060772de17e193814096f332c3a5e4238d70bd4b560e7f377c88bdce22251600c29af8ce51f1a1cf515014c28ae6fe897c9998cde63edd23f6

Download Submit