9923d55c77e0b4a877fc4c7a173c5ab0d18123a359eea1045d9336e493d575d4

Analysis

max time kernel
109s
max time network
183s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
14-06-2024 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7934dee69bb5118280fc64d90141071_JaffaCakes118.apk
Size

9.2MB
MD5

a7934dee69bb5118280fc64d90141071
SHA1

b8b6e8956d0d1efbfc29d34f9f045e5fbeeecc5d
SHA256

9923d55c77e0b4a877fc4c7a173c5ab0d18123a359eea1045d9336e493d575d4
SHA512

3a6060b6995608a9f6836000f706233140ad199abe9463b8088055b5e57ba44e4014aa500014db89d28744309fd103fb04e815f931142985608b999a6102c450
SSDEEP

196608:5UDEb6S0C7UwtbNff4eolLdIxEmaEx0FugTUSOfJK7OT0XsYwvCEhmw+7VG:qI6S041rfrEmzmFugCKqZSvM

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.xiandong.buyer

ioc process

/system/app/Superuser.apk com.xiandong.buyer
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.xiandong.buyer

ioc pid process

/data/data/com.xiandong.buyer/mix.dex 5177 com.xiandong.buyer
/data/data/com.xiandong.buyer/mix.dex 5177 com.xiandong.buyer
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.xiandong.buyer

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xiandong.buyer
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.xiandong.buyer

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xiandong.buyer
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.xiandong.buyer

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.xiandong.buyer
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.xiandong.buyer

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xiandong.buyer
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.xiandong.buyer

description ioc process

File opened for read /proc/meminfo com.xiandong.buyer

ioc	process
/system/app/Superuser.apk	com.xiandong.buyer

ioc	pid	process
/data/data/com.xiandong.buyer/mix.dex	5177	com.xiandong.buyer
/data/data/com.xiandong.buyer/mix.dex	5177	com.xiandong.buyer

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xiandong.buyer

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xiandong.buyer

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.xiandong.buyer

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xiandong.buyer

description	ioc	process
File opened for read	/proc/meminfo	com.xiandong.buyer

com.xiandong.buyer
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:5177

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xiandong.buyer/app_bugly/rqd_record.eup
Filesize
347B

MD5
1abd0c3e899595a4fae03864ea8bd6b6

SHA1
69bdb9a005f2384b0a0d96df2d9b6602360aeaad

SHA256
026d43869b7983a1c74043195290f2542e3588b246b2b3b77d7700067a2159fb

SHA512
d766ebd419f2bb46322dfe4d3df818c02e7d9e80161eaeabeb6471fa02d9ef702cda031297d1083eefcead80a11e4c6d0216b0749865f39406a416395c9f6623

Download Submit
/data/data/com.xiandong.buyer/app_bugly/rqd_record.eup
Filesize
1KB

MD5
d3df066757b2878b6ee5f9c6fbdc4a34

SHA1
4b9db881e74d10024e56ce58c4bc0fae31dfe48b

SHA256
bfc0b767cf98e93fd0140b38b8ea26af9f80806e48e5f09c7459a089cb784fca

SHA512
f6466e77a979162a81ce894c4dc21acb19736bf73f7d1aa4629fcfd7054f92c1bb23751b030012c92a6ecdef23780b967752d776f8a7b370114bbeb4e255d3a0

Download Submit
/data/data/com.xiandong.buyer/app_bugly/tomb_1718329203937.txt
Filesize
56B

MD5
bd0f8f8f3ad93fa07623422ec6e72003

SHA1
c3589295e7a4ddcf35bcd7a2c13bfd381783821a

SHA256
7fe875398dea7537a57a77c5275cbc8647aaf63ab6fd9148443b65df2e1d0647

SHA512
2ec3e073321262b667afbf98fe4e9f51e4c0c58baaad506b120239031f10699d699b94470bef13007bd6199df3d3b03f1eaf147c0cba5178aee7e267072b1c0b

Download Submit
/data/data/com.xiandong.buyer/databases/bugly_db_legu
Filesize
60KB

MD5
a99bcfb3ff0ddd7012e6e769208d5be1

SHA1
c5a225e06d249cff7e66e13de84f55457cf0ec37

SHA256
33dccf6d26811e254949cf47fc33ca7c3d8b86daa509eff4a8b66259dd075f1f

SHA512
025a46eb1521a0e271a91d1f97c0fcf747aee20554efcacc36a31cfb24a12a242ea9c54f194c8610ff64d2d5db085a81ba93214ecb1bb84e95622ca8fc3fc7f8

Download Submit
/data/data/com.xiandong.buyer/databases/bugly_db_legu-journal
Filesize
12KB

MD5
a9061d685a1db55ef06bf51adedddbcd

SHA1
3b7edba576fe04149e5d581bfe386336adf7c6e6

SHA256
fafd00e24ee5a20126fa3873e7a180d90600e6a6654d6c13dcb39d3243c13697

SHA512
8397cad8cf62d8956e40480b763b0222ddccf6473195ab3f699b2f96293b348ceea9fbafc8afd10fbf31a3f9710086840ae5e5348307fcad1d3dee2e379f6fbb

Download Submit
/data/data/com.xiandong.buyer/databases/bugly_db_legu-journal
Filesize
512B

MD5
05730240bd220344fa1d5feeee52303c

SHA1
2acf68f715aa516131cca2740bf6b56ac28806ad

SHA256
ac017b5266c577cb106bd3112c44205fb40e02ffc0abe6cf1b725e934e713338

SHA512
df2a7d4a1b1a5fc5468928dbff24c92daefcbca9111020c3163048dfbba5991eb8799685ef65f39257d6e98e3784bbed47c98caa1c66bb561320917e603f86df

Download Submit
/data/data/com.xiandong.buyer/databases/bugly_db_legu-journal
Filesize
8KB

MD5
46284e0d893526e739f40bcd32214356

SHA1
dff5abaa53d5cff8ba86e9a7684a454d5c08ea4b

SHA256
9b19b20e18c048365a98ada37b37f849b5f25eb21a08371df13c94c575005441

SHA512
1f92f6b12be6b9e36d6680d0802114097dd5711f0de8bdeda164a6355933bd02d50f5ba93ad40ddf8dd9bea936999e63c179075efbcdbe5429d44ff9f5b955e2

Download Submit
/data/data/com.xiandong.buyer/databases/bugly_db_legu-journal
Filesize
8KB

MD5
246294128df4827acff108d3e559a965

SHA1
b6422df1ce34b6b65b1c110d1a7056d7ce5a8946

SHA256
4dc40eff8cd5105ea738de40485e8ae2bc5b2beea94e12de29c592e3dabe007e

SHA512
e7fc939bf2fb2c9d5cc2179285fb09cf2d77c6f175eb479dce39a75fef0e1bad1ea0283733ac1a9d311262a74ac56d36c8a62d30810c31885cd981b4fad61284

Download Submit
/data/data/com.xiandong.buyer/databases/bugly_db_legu-journal
Filesize
8KB

MD5
5896626b92aa5ff761e1923ab757eff5

SHA1
9ea23792c975c13cddfde2c93d030171189945b8

SHA256
b358dbeb10fcd29148e9ffcac704d4eb74cdd38164f99541098dce6ce09d0e87

SHA512
1b0042182308f22738805edc3095509db5d98d69f54b095760e806bb80e8d28a5ee5fc5b606a6dc3c6f3375732e63e0f19f707077f7e160d5e3d16c11d898618

Download Submit
/data/data/com.xiandong.buyer/databases/bugly_db_legu-journal
Filesize
12KB

MD5
e0b3f4d81df0ca44f477b22934590e3a

SHA1
71dc70dadb2a0ebcabdaa904a2c5582c2bdab371

SHA256
a7c5ec61db3087e922c8678b18b368bf252c04e738f663dfd8dd026397a3d6f3

SHA512
fb287e9868ae35563c742e3a648b20594c884c97a318be1f42ff5c65cce7f1af0feb3eeb8fe6e42c74325360d97c9c49de1ec0c137369d0129fed7ddfeae6f7b

Download Submit
/data/data/com.xiandong.buyer/mix.dex
Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads