Malware Analysis Report

2024-09-09 17:41

Sample ID 240614-bl4hyatajl
Target a77c62c7c74a47943bb6a60eb725ab98_JaffaCakes118
SHA256 a42047238b06296d7cee6bb2a8a2c81ef76ed83f4e7af3e9564eadd56f3bce19
Tags
evasion discovery execution impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a42047238b06296d7cee6bb2a8a2c81ef76ed83f4e7af3e9564eadd56f3bce19

Threat Level: Shows suspicious behavior

The file a77c62c7c74a47943bb6a60eb725ab98_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion discovery execution impact persistence

Queries information about running processes on the device

Queries information about the current nearby Wi-Fi networks

Loads dropped Dex/Jar

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Reads information about phone network operator.

Queries information about the current Wi-Fi connection

Queries information about active data network

Checks the presence of a debugger

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:14

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:14

Reported

2024-06-14 01:18

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

3s

Max time network

179s

Command Line

org.vv.homemade.tang

Signatures

Checks the presence of a debugger

evasion

Processes

org.vv.homemade.tang

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp
BE 142.251.168.188:5228 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 udp
GB 216.58.204.74:443 udp
GB 142.250.180.10:443 tcp
GB 216.58.212.227:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 udp
US 34.104.35.123:80 tcp
GB 172.217.169.68:443 udp
GB 142.250.179.228:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 01:14

Reported

2024-06-14 01:15

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 01:14

Reported

2024-06-14 01:15

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-14 01:14

Reported

2024-06-14 01:15

Platform

android-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:14

Reported

2024-06-14 01:18

Platform

android-x86-arm-20240611.1-en

Max time kernel

142s

Max time network

178s

Command Line

org.vv.homemade.tang

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/data/org.vv.homemade.tang/.1/classes.jar N/A N/A
N/A /data/data/org.vv.homemade.tang/.1/classes.jar N/A N/A
N/A /data/data/org.vv.homemade.tang/.2/classes.jar N/A N/A
N/A /data/data/org.vv.homemade.tang/.2/classes.jar N/A N/A
N/A /data/user/0/org.vv.homemade.tang/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A
N/A /data/user/0/org.vv.homemade.tang/app_e_qq_com_plugin/gdt_plugin.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

org.vv.homemade.tang

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --zip-fd=46 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/org.vv.homemade.tang/.1/oat/x86/classes.odex --compiler-filter=verify-none --class-loader-context=& --zip-location=/data/data/org.vv.homemade.tang/.1/classes.jar

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --zip-fd=48 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/org.vv.homemade.tang/.2/oat/x86/classes.odex --compiler-filter=verify-none --class-loader-context=& --zip-location=/data/data/org.vv.homemade.tang/.2/classes.jar

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/org.vv.homemade.tang/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=54 --oat-fd=55 --oat-location=/data/user/0/org.vv.homemade.tang/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 xshield.baidu.com udp
CN 106.12.1.64:443 xshield.baidu.com tcp
CN 106.12.1.64:443 xshield.baidu.com tcp
US 1.1.1.1:53 sdk.e.qq.com udp
US 1.1.1.1:53 mi.gdt.qq.com udp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
CN 113.108.27.88:80 sdk.e.qq.com tcp
US 1.1.1.1:53 qzonestyle.gtimg.cn udp
HK 203.205.136.80:80 qzonestyle.gtimg.cn tcp
HK 203.205.136.80:80 qzonestyle.gtimg.cn tcp
HK 203.205.136.80:80 qzonestyle.gtimg.cn tcp
HK 203.205.136.80:80 qzonestyle.gtimg.cn tcp
HK 203.205.136.80:80 qzonestyle.gtimg.cn tcp
HK 203.205.136.80:80 qzonestyle.gtimg.cn tcp
HK 203.205.136.80:80 qzonestyle.gtimg.cn tcp
CN 43.141.43.110:80 mi.gdt.qq.com tcp
CN 113.108.27.88:80 sdk.e.qq.com tcp
CN 113.108.27.88:80 sdk.e.qq.com tcp
CN 106.12.1.64:443 xshield.baidu.com tcp
CN 106.12.1.64:443 xshield.baidu.com tcp

Files

/data/data/org.vv.homemade.tang/.x86lib/libbaiduprotect_x86.so

MD5 dc0a07f5f30b244af1195bd064c12542
SHA1 77ff4db99866b13092e40e1bcc7a95097a66eca7
SHA256 348d8af1aa9cfd2f76ab58323a5afb28a5e02d89d81a107fedd4df72ee5be659
SHA512 03ce79bb10edbf30ec3152496820430e830ca826f1ede2b1a7c350555f2bd6984cab6b725dd54d020b55153f0e8cc0044d3844df1c53db10791e4e6c2172c7f0

/data/data/org.vv.homemade.tang/.1/classes.jar

MD5 63033848437fb00ae65419d8a25e5827
SHA1 aa444c485ca5e95cc15ad635dd52d678dbb98b85
SHA256 be5750f154e0e52ecdd6cb201d73daeff2178c6e524e4e9c2a50aa0d46a83e65
SHA512 981634a916f1527fe57fd840360aaf3ad9a4a26399085f889187c9af3c33672c100900ea750bf3c063cf504a66b3f3dc62b76297e6e311afda92d945612bacef

/data/data/org.vv.homemade.tang/.1/.config

MD5 53ae7967a3196d632caf532696685ae7
SHA1 cf85eb87a9a348a8973469048301b165f1e116fe
SHA256 e2b83ec87d436f1d7d52e0f530d8bb2678ef996199cfe919d3ae5a1c7b08a9a0
SHA512 86ea6d149b2d6238a068c7f4d0ec603af06cfc491968439b1a8662113da4ef17b6a7e28eb4cc5e0b689dc552c2a7ed059a78466edae2c0f152affec74628e649

/data/data/org.vv.homemade.tang/.1/1.jar

MD5 a79bd7cf250e163855e2cf7168f12243
SHA1 e7b4be187ba8546f87b9a3587dfec70134ffb6e7
SHA256 cf37f6ecb79fb320ad8b6964fe8e0f40d016947fd5017eda518323fe71524309
SHA512 f7f9b7c92393f197ee1234a0b26fbad5b13eeefab190b375a8742fb80fae8a62708a1bd43a3fedd79a2879bec224451ac17f7d62de5e5b3fe00fa469a5998831

/data/data/org.vv.homemade.tang/.2/1.jar

MD5 6773503fe18e9c5d1a8eae8c9a7b0495
SHA1 cb025d884f1a27e1456441b30f7515e1170ee6df
SHA256 7a47d97c52c1d03a540e96e482b05841b2cf2896b0cb2e628763f450e1e84445
SHA512 427e3f97a8fae9d9211c14d7a3852ab4791cbd95799360179f960b2e191f687fdb0d22c982bd0cf7566be76ca08571a40d68e1fc64081d8e9e3416dc3acef0f9

/data/data/org.vv.homemade.tang/.1/1.jar

MD5 50e16858f7a0cbb1e0c6eabc5aa82fc6
SHA1 792599403633ff419d129a2500ba438fcbb64fde
SHA256 eb2035a612446de0225b400c61cc7ffa02406119ca3f4f67e331de296e3ff7f4
SHA512 60778bfb3aee3dafe4e299812e5075ac265b0c0eb4f06668a16ff78a961a7d4e265d137ba2398255b1afd4c6bc8b95c21cdbc7e2f02b79294758e0bab3ed4bb3

/data/data/org.vv.homemade.tang/.1/classes.jar

MD5 474c47ce323aac717be67d302c539f82
SHA1 584551e1f93b3f2032b83bfc0aaedf004cacf71e
SHA256 ebd9ee9613a036a7a57f37c8177c64e0e14f04e3bd3d060a5b3deaa5c24db197
SHA512 79083fb18b4a7cfe38725f9623071bba77ef6d9e3884b91d67b6e5ba211a95c000831881230bf3fc2618f54ae90a0ca43751faf5e3e934925df8b87059667291

/data/data/org.vv.homemade.tang/.2/1.jar

MD5 ed358896791c2e50a9464869a441003b
SHA1 854641a531cb97951b05753fc4bf44ce22524201
SHA256 7316f5dc9745c8864e2227f797c874eff004a291033903018a958d83cd485ee8
SHA512 eac2a719244ec5ab3551e6ef2dd004b4c3196d671d7c6403b5e6a0a164253338736a3066ec0dc2361b6b0adabad96e7d8371c0cde7cc8dd245123e0f7efc7fb9

/data/data/org.vv.homemade.tang/.2/classes.jar

MD5 c44ecde7b26ad68dc8e1ca7bfe81df80
SHA1 50a985625ba45af16d3431f859a746f59e18f51f
SHA256 89260271621b671cb58500c714a1fd88b36fae5c1976d83eb36f82f9b88b4fe1
SHA512 a8f3ec9535bbbe1b9af4bc753e84b8572c165bddf9ac2d32daafbe9a87022f47de4066bd5f49692ddc9f9a2648c5ffa436d0e3c33606150d4f1fb149a8d1181e

/data/data/org.vv.homemade.tang/databases/bxshieldh.db-journal

MD5 c92622df2251f261a9639240490a832b
SHA1 6f410eb4f5723c95c8b5bb14800b14c7b0346079
SHA256 78f4993dea07d93292c5a7ec6926f65cce86048bdff16ddaba2a4b1b477f9810
SHA512 31319f23baa4458fadae4e60a2a7e9d6af8a2d907e6cc4c0ad29556a0f09a895a3d28d5e15e4bbc7ffd3c3c15edfc9f5fa6f1edd20ed26e756d32dc50f522df0

/data/data/org.vv.homemade.tang/databases/bxshieldh.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/org.vv.homemade.tang/databases/bxshieldh.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/org.vv.homemade.tang/databases/bxshieldh.db-wal

MD5 e07a15f7c8f92df2a446d6654f41b49a
SHA1 ee694627de1c9d7118a4f7cac49e2d9cffbabde7
SHA256 604a5fd6ae01d11a959edbaf412ce8c06362b5ab9a253fd51931d573a93c02a4
SHA512 22c822440f079b9d37986b86448d9a89b5661e3f376f5aab84b25872e929da63a430abd41f7821a30b948222bfde5ed61b7f3cf1484349c1abd03794e378aa61

/data/data/org.vv.homemade.tang/app_e_qq_com_plugin/update_lc

MD5 dce7c4174ce9323904a934a486c41288
SHA1 e117797422d35ce52f036963c7e9603e9955b5c7
SHA256 0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f
SHA512 d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

/data/data/org.vv.homemade.tang/app_e_qq_com_plugin/update_lc

MD5 0bcef9c45bd8a48eda1b26eb0c61c869
SHA1 4345cb1fa27885a8fbfe7c0c830a592cc76a552b
SHA256 bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec
SHA512 91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

/data/data/org.vv.homemade.tang/app_e_qq_com_plugin/gdt_plugin.jar.sig

MD5 c279dbbd54a414557a4e016e9859de13
SHA1 ff2c921090de406118ea776056241922b67e1af6
SHA256 78bd558fd3a6a9d297b839aad6b3b9e9ce2e4b94a24f6b92c765b8141c07b42d
SHA512 d1f23fd2ff7dfec8d31527003e797bfaba07d5577dbe11db80241ef48655577e11509f9a41c948d3c7993856558f4acca394147fac5dab13769fc075d17ac9ae

/data/data/org.vv.homemade.tang/app_e_qq_com_plugin/gdt_plugin.jar

MD5 fe50e038470eb25f973224e6ca586b06
SHA1 49f78513677212a23c550ed63c411877f8ae559a
SHA256 adce8b6675d87b74a231bdd317bb98cef24e536c48683a30ddbaed7ae6d7b207
SHA512 0865e3894fa253b835c322f75930af5d831a055561600555c5042783f6e1a9227d8b6a3263ae9ef67c4a1310e2979bddcf4a1ac1be1370e8a4e56e26b0010fc0

/data/user/0/org.vv.homemade.tang/app_e_qq_com_plugin/gdt_plugin.jar

MD5 39497151382b5ea3c871783702d30804
SHA1 b9ddc58a20909b4047e705c37a1517ad85cd51c2
SHA256 05e4aece3b01a98e87c9257a25dfa485c886d80a85d4051ec719a73398d2f944
SHA512 9774e83f62ff39fa38c3ca47441ab1708513bcbd3dace3e460461dddc8fae948c467a5b765848706492b3fc9450731ece409905a583100778b851511ec4f1a4c

/data/user/0/org.vv.homemade.tang/app_e_qq_com_plugin/gdt_plugin.jar

MD5 a279ccc3cfc946ebb41a0df2bb4de3f4
SHA1 916892603c1713ad2d6be270fd7c6bfafca0b96e
SHA256 388977dc0405f850a697773f311919eb9716bb9b5c6582ce2f851ca6ba884394
SHA512 0e0f40213d7cd68deb82eeb9eb25e5a16a5904da3a7f6fa8b4897ac088a6d6c749c9c8b34e131807e18b66d5feda1f7a33dc2fef6c1f86cd833dd83bf751cfe9

/data/data/org.vv.homemade.tang/databases/GDTSDK.db-journal

MD5 7609130da0fe60b60429b6926eb32c1a
SHA1 b601fa8ef022a38840f66a1daae23832666ef38d
SHA256 a0aeac3fd9af7216f48126587bae089cf5e2c9b5eb6924f14d2e91780baa7b12
SHA512 fa6a0c62ee6304c70c68801d0682292f5f66cbcfa8895d294c45541ab1e7a776477ac5425f0fe92190c05b064728a7c816c6557b15b046645d239f4e89ffa925

/data/data/org.vv.homemade.tang/databases/GDTSDK.db

MD5 755d1d1b0599d7be973031b5a9ed3373
SHA1 3b13cffb97005729fc20cd9b9a8547e0fa32632d
SHA256 90bc14445f887f7dbff548bdcc44145362d7fd20cc8ad8568b4d5c9372ee9b46
SHA512 afbd3a1c76a41015b2d4523d1c08dc14a3a75dfea3a5082b5e0552d750a498fd316bc98055b9f0ad2992f28b820ef15254461fb5df4cd6c21573a96f17b24ae2

/data/data/org.vv.homemade.tang/databases/GDTSDK.db-wal

MD5 60d7d7dce54af75c0b366cccd5e63472
SHA1 fcca821afa9c16770dba477ebefcea02054ce93e
SHA256 ef62f950192116503875dc75a1c86eeeb598477ea20f0bafdf40d1e63ed7e1f3
SHA512 cecdb4a9ca36a161d5d1e6c9043b00d7e131e4363094acf4cc4856a0bba525ad32abac794c8af151bcd93511323866b002589992c971e3f9641aef423510a336

/data/data/org.vv.homemade.tang/app_e_qq_com_plugin/oat/gdt_plugin.jar.cur.prof

MD5 9e9d6c5f3ce459b50fa118885b7d7f3e
SHA1 e8c398f70b3b68ee178153895b39125173039313
SHA256 30c4b884f25553dd57241f25a4e32b47048b99824b320b3d87f537ab6034cc84
SHA512 089f0bf364af865f45c55068788e98b02f83304a61987c7b486b33f4fc604bafef910679d3519d056187b8f78bcb37dca0c09a52c90143ff06109aad7a8c5418

/data/data/org.vv.homemade.tang/databases/xshield_d.db-journal

MD5 579909bb72af271841e81dae345e5319
SHA1 75ad026f300cf6ed2a91951dd79fecc83fc6b515
SHA256 92e4f6a53af1dde0f8392653295269e3b5a6ce9b2b6481a02093fa78f7e21a1c
SHA512 1ac34b986f282f56f6d0ffd0e698b08a845440ab516b4e3eea87b15f9d97009297e12ec11b74c0aa0fa0dbfb1a32cf9fd352119b91db146cc5c52fe297bc3713

/data/data/org.vv.homemade.tang/databases/xshield_d.db-wal

MD5 3f35d5043ef1bac1e7492cc30bbe823f
SHA1 004aa6805f3fc0b1ae9ac08d8f21c890487b3cef
SHA256 c60cd84c814d3019efb68a7b4687c16601344a1292193679a7ba823c1dca80e8
SHA512 584b5a00639a5b9dc0d9e9523f92379f020b919c3cb38340b57738b3b35b70563a19159d31ba8a65af1e0be165cd568ae60f3ec1523e066373110f26ac6d11f6