507b111f1f7dc024dc8c9f7b8877395208e47ff7bba9a7a4e619d2a0270ac699

Analysis

max time kernel
179s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a74cdb89cdf6dea6b1743dd41adc70c7_JaffaCakes118.apk
Size

31.0MB
MD5

a74cdb89cdf6dea6b1743dd41adc70c7
SHA1

00b5a1f452ec9956b4929dbba5d673a2849abd92
SHA256

507b111f1f7dc024dc8c9f7b8877395208e47ff7bba9a7a4e619d2a0270ac699
SHA512

2fb326573fb604d4b4b7dd1638130122067a6524bd8774d567de07104cb883cab83bdb7b6a5a5f0f830d7a6277e4894c54a33e3398eefe81e706d705e46b378d
SSDEEP

786432:1d/aF9p4IY2MNUlu9VhXZQN4KytltrnX5NrDuBXCxEKIVMBqfoRCiRc:1d/a95qNuUX+N4KStrnX5NH6XC9IW5wf

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

liulan.com.zdl.tmlliulan.com.zdl.tml:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	liulan.com.zdl.tml
Framework service call	android.app.IActivityManager.getRunningAppProcesses	liulan.com.zdl.tml:pushcore

Queries information about active data network 1 TTPs 2 IoCs

discovery

T1421

Processes:

liulan.com.zdl.tmlliulan.com.zdl.tml:pushcore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	liulan.com.zdl.tml
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	liulan.com.zdl.tml:pushcore

Reads information about phone network operator. 1 TTPs
discovery

T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

liulan.com.zdl.tmlliulan.com.zdl.tml:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	liulan.com.zdl.tml
Framework service call	android.app.IActivityManager.registerReceiver	liulan.com.zdl.tml:pushcore

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

liulan.com.zdl.tml:pushcore

description ioc process

Framework API call javax.crypto.Cipher.doFinal liulan.com.zdl.tml:pushcore

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	liulan.com.zdl.tml:pushcore

liulan.com.zdl.tml
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4275

liulan.com.zdl.tml:pushcore
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4307

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/liulan.com.zdl.tml/cache/picasso-cache/journal.tmp
Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/liulan.com.zdl.tml/files/com.tencent.open.config.json.1107463732
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/data/data/liulan.com.zdl.tml/files/jpush_stat_cache.json
Filesize
119B

MD5
4f804ceb43aa64d767acd7ea9eb03736

SHA1
8fff7acc52245e999a868dfdc0af3f1ab8ecbf96

SHA256
9a736a4fc18cc1b990727848c27362a80b997001e29b3238ca018cb42efc8f20

SHA512
8c0d1f8b024c70f696c13a0deaec1c26f3da2ed482d25e5588389a386ad870d86fff168961039a52bf5bbdcb116185cf5873e2b07da73622f9a74a500733912f

Download Submit
/data/data/liulan.com.zdl.tml/files/jpush_stat_history/active_user/nowrap/f4a7f255-2b5a-4793-9e5e-19f6bcfe1eab
Filesize
202B

MD5
54f7c0ddeb8ab4043101a6839a7b7b40

SHA1
fde05b8d50438ac394178fc162518a96232d7aea

SHA256
8c370a064c41055fe90efe9be5e3fe965ffe788d80d0e1a1e87aeaa262ca94ce

SHA512
8e2dbe1121be1b64bd8a98d4fdd685fc890c27c03fb333d813086f6e0f1dd7fc9fbbc88c39a9810f19f7f26446157a75313b66430d6410a572ca19179a11b964

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
99f3f9647a005567eeb08d3c5ba8dc72

SHA1
8e7553a178cee4df7e6f060ec76daa4ae132a8f8

SHA256
72521729a33720e90a128bcfd30e46b90a1249a1b836c8bb24328e09365a17ed

SHA512
b6dc4561150995fdb43e333d3d2f819b12a0f033d977b402e81c1515773fb64f6c688478e34eaab64c0812255ecadc3fe6804759fd6bbe20a7a552857a5ccbff

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
32B

MD5
2dd67af4a017d5a19b1bf9d46db4be1a

SHA1
5b3960bf7b69bbe0d42e7347b0cbf9a77b788c54

SHA256
c23804c0582da3b7dc0b2ad72d54171b4a7633bd6910f5bd274d07bd45547d38

SHA512
6dcbba0a60c6886246a8179231c9d6002c9f1304c3c5c03499b01f32a2971d023a719315ac8188ebe403552faea5a1c68fe823eff9f8065f59ced606897a41a2

Download Submit