507b111f1f7dc024dc8c9f7b8877395208e47ff7bba9a7a4e619d2a0270ac699

Analysis

max time kernel
177s
max time network
188s
platform
android_x64
resource
android-33-x64-arm64-20240611.1-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240611.1-enlocale:en-usos:android-13-x64system
submitted
14-06-2024 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a74cdb89cdf6dea6b1743dd41adc70c7_JaffaCakes118.apk
Size

31.0MB
MD5

a74cdb89cdf6dea6b1743dd41adc70c7
SHA1

00b5a1f452ec9956b4929dbba5d673a2849abd92
SHA256

507b111f1f7dc024dc8c9f7b8877395208e47ff7bba9a7a4e619d2a0270ac699
SHA512

2fb326573fb604d4b4b7dd1638130122067a6524bd8774d567de07104cb883cab83bdb7b6a5a5f0f830d7a6277e4894c54a33e3398eefe81e706d705e46b378d
SSDEEP

786432:1d/aF9p4IY2MNUlu9VhXZQN4KytltrnX5NrDuBXCxEKIVMBqfoRCiRc:1d/a95qNuUX+N4KStrnX5NH6XC9IW5wf

Score

7^/10

discovery impact

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

liulan.com.zdl.tml:pushcoreliulan.com.zdl.tml

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	liulan.com.zdl.tml:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	liulan.com.zdl.tml

Queries information about active data network 1 TTPs 2 IoCs

discovery

T1421

Processes:

liulan.com.zdl.tmlliulan.com.zdl.tml:pushcore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	liulan.com.zdl.tml
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	liulan.com.zdl.tml:pushcore

Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

liulan.com.zdl.tml:pushcore

description ioc process

Framework API call javax.crypto.Cipher.doFinal liulan.com.zdl.tml:pushcore

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	liulan.com.zdl.tml:pushcore

liulan.com.zdl.tml
1⤵
- Queries information about running processes on the device
- Queries information about active data network
PID:4273

liulan.com.zdl.tml:pushcore
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4314

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/liulan.com.zdl.tml/cache/picasso-cache/journal.tmp
Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/user/0/liulan.com.zdl.tml/files/jpush_stat_cache.json
Filesize
119B

MD5
39522aaf349b850e02af8b952f3b8d08

SHA1
a1a0f173eb1b876ac3d450b957c6d4e995c49bd4

SHA256
04de5f9214b6d8525437615f408590662a25b8a2442696a994ccfcd66aea035b

SHA512
5bf130bd6190244b1772573b5389b37c9da80bea191dfd876f89b26b6689a6881d4a759bbbfa4fa0e7503bb50fbd8853ffc865d955ad9925d7814e2fa8cbc8a7

Download Submit
/data/user/0/liulan.com.zdl.tml/files/jpush_stat_history_pushcore/normal/nowrap/3ceac616-3652-449d-a80e-b90da4d93c65
Filesize
187B

MD5
771c4c6b6971b31f2f9f9ef9b5737b28

SHA1
c92567d4024f2e43bada49772f270dbd734308aa

SHA256
16d9caae7d3c4d1039e65771fbeaafbd97b8093d9d861235f1ec27b8399cc9ad

SHA512
4ef309f950b65439815de450c4e4b1a5401734a0cea30b416f54874f4ff1e6e76b2c97c294c97751ddb462ee4528403f19c6690518b5469a9177e2e542f7b9b6

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
159B

MD5
dcfacc956876633168273fa8076a822a

SHA1
cdbc874070bb1e4ef9e370750afb48186e700612

SHA256
06849af704597888d4544a2124059986666e0e7a58601264b690799cfa23ffba

SHA512
b61cb814bc3feccb4656b83dd12e996ec939fb4a23c9131c4b358d781948fdb9a166caf19304f7c3532fed316e3806fed974b6978641b33d1e099664af5f28b8

Download Submit
/storage/emulated/0/data/.push_deviceid
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit