Overview

overview

8

Static

static

6

a7a4b99b40...18.apk

android-9-x86

8

a7a4b99b40...18.apk

android-13-x64

Analysis

  • max time kernel
    167s
  • max time network
    179s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 01:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7a4b99b40d527f9e62e6f9c4532a8d7_JaffaCakes118.apk

  • Size

    9.4MB

  • MD5

    a7a4b99b40d527f9e62e6f9c4532a8d7

  • SHA1

    cc3c8cc812d54db6b4e40c3a2571115344d9fc65

  • SHA256

    15bf04f4eac4f43692090618fe281f7a1234f7c7972e1a950b55f7350f4416cd

  • SHA512

    99228d1a236219f2a4178f38292bc48efab4d9374889fc3862d40c4a08e655f356d448d292e45e60aa06abbeb6640138fd44c6c2c04c663eee1f5fd6fefaa4a6

  • SSDEEP

    196608:UmGbYmWOnVAgxRd2GM4gQ31b0fy4BUxgaKIlCiIru2RbjQyEk:JsYmWTgxnxM23LuaKIlv0Adk

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.oil.jycjt
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4171
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
      2⤵
        PID:4254
      • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
        2⤵
          PID:4276

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.oil.jycjt/cache/image_manager_disk_cache/journal.tmp
        Filesize

        31B

        MD5

        8c92de9ce46d41a22f3b20f77404cc1d

        SHA1

        8671a6dca00edb72be47363a7071be65cf270373

        SHA256

        68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

        SHA512

        30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

        Download Submit
      • /data/data/com.oil.jycjt/databases/ua.db
        Filesize

        40KB

        MD5

        a2c8ea957c4597e5db4c0a0d8e0c5ed9

        SHA1

        60e20b2855a3cf0725332849c7717c6d98875e1e

        SHA256

        c821fbe5f760f9087a3e1618936eab77433afb71558cffc0624ba2999bb33866

        SHA512

        780de46a7729ff1aad53afb51388c1cea55a8bb2f8a9de6e76c979c4bae0f9d58c83e772c443a2cb8b8e507a9aa399f0ad1400bcdcdb916d17f6c73061172b36

        Download Submit
      • /data/data/com.oil.jycjt/databases/ua.db
        Filesize

        24KB

        MD5

        f5319e073d829898604028f491d52f7a

        SHA1

        84de8545e7201a0cf2bbba6aff3c4879c3e8edb8

        SHA256

        860f0f913ae8606d2be43dca47b9c9d97138d3c46de61c8d4946f6ab0bb8bdd7

        SHA512

        14cee6f878f15e9c7f891ceb1e4feacd0878ce45ae558bafad6893f35e41d5b6f0ff60ef0db504b9139a906f06ec8f2bb0c8371e90777f95bd7bf84906362ae3

        Download Submit
      • /data/data/com.oil.jycjt/databases/ua.db
        Filesize

        32KB

        MD5

        64a725c07fa6290e5d974c9cbcd1b5cd

        SHA1

        c61b1ca2a90f835c87d99f4189adf857fff8af56

        SHA256

        fa4f21e441919c156c918e4e79a56700452a7c9f045b97633b20207512cfce63

        SHA512

        9e966c92c1f80bffa45a5619cbc48c52504e63fde668f05c4d2ab79250a0997fbf7bf909c4e4a30ab50899bf05d73851706f485d525857abbc27b1694f8e44b2

        Download Submit
      • /data/data/com.oil.jycjt/databases/ua.db
        Filesize

        32KB

        MD5

        78b0e343412dfb6528e68da87f124af1

        SHA1

        01de4d49b9cca4bd0a2c0772d3107d0c0d72cf6e

        SHA256

        aef1bebfa4b35659e96d79ea512977e9a88c93cd98cc0a490abd19d43022c5d3

        SHA512

        69e7a85fe7ca69198baf6a286362703ee7ad6a3f8cf16c3f6ce6682d32ca262241141a80801d4054569e8d5d5948088f543e453ad9aedf896ba8d1c87c162b8c

        Download Submit
      • /data/data/com.oil.jycjt/databases/ua.db
        Filesize

        16KB

        MD5

        651587f83d5d307a9b31fbb793cf376d

        SHA1

        4dba50580b358b576e2d1a1d9e55b8d3fe6987b3

        SHA256

        7c122d800e720a191d0fb7e3d2066b65e54147bcabcee588e64355078961e128

        SHA512

        59690bcd538ab25db455cd73ed98494686b11a51e298a436bcd2fae497ff53d16c8f5417fee68155c58047167e47dae908ec14ad0f076046110c8f8fa99e7592

        Download Submit
      • /data/data/com.oil.jycjt/databases/ua.db-journal
        Filesize

        512B

        MD5

        2ab1d972a70282fee22ba2e6bcbc1664

        SHA1

        dee27cfd58752752a7475c358176161e3b52f33f

        SHA256

        94f15add2dd6b6e7fc7d111bb6a6fd5b569de9df1cf5f62ea8daf818b1d30930

        SHA512

        67a7e06ab1e1197067837bb0390883e1d52898044783799a514c815b1aa0403412a71180ad317a95e7039f4b2940c00d766b448e77867f69b74fddcb8fa881ab

        Download Submit
      • /data/data/com.oil.jycjt/databases/ua.db-shm
        Filesize

        32KB

        MD5

        bb7df04e1b0a2570657527a7e108ae23

        SHA1

        5188431849b4613152fd7bdba6a3ff0a4fd6424b

        SHA256

        c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

        SHA512

        768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        Download Submit
      • /data/data/com.oil.jycjt/databases/ua.db-wal
        Filesize

        52KB

        MD5

        da4a0f5cf9df0370f0b795ba252e3cd3

        SHA1

        593078328126823194e0ddec376abb89fb51ff3c

        SHA256

        eef424195efb651ab2dd624a9fb64f88d4b9ac358ce1900fdab6104eba81b557

        SHA512

        b9aeda334fd566afa4dfbcb93f3906f49f37ecc9fc233fd42e457daab1099b2beb2a8a1f5d51dd0b864842287064f8499d272a94394966978906c41e17245e57

        Download Submit
      • /data/data/com.oil.jycjt/databases/ua.db-wal
        Filesize

        12KB

        MD5

        55bc1cf045750669a0b1b686a359c2eb

        SHA1

        91daa2cad170676b2a95e315189294ea1dd2e4c6

        SHA256

        9494dc3202418f3b12e1f5b48c6a2522b4a3def17879686fe087e277f14475cb

        SHA512

        ffa4341b593c90436020624fec9cb20b4a44e5f0da4adabc086585468ca916bdde7f9c6ae7ddae7796d3d5f960365ec8f9a63cb617f192465a66b04c8bb59311

        Download Submit
      • /data/data/com.oil.jycjt/databases/ua.db-wal
        Filesize

        12KB

        MD5

        8ec25d93ee7a65c00c8203c44f908138

        SHA1

        d48b0274c9a8e9aaca44b9d966929bf3c91e736f

        SHA256

        075589ef55f7aedee9a90387d15a139f6930720fc2cf660c5aa0d3ede1ae368d

        SHA512

        a34a34b301cd3c88a0f0cc8c90ce64ea0e737a85bf02a6b482ee9148e11d32c275944c443120eaac052b64c6af32341aa47bfb4377da67fa01c60bd76680de08

        Download Submit
      • /data/data/com.oil.jycjt/databases/ua.db-wal
        Filesize

        8KB

        MD5

        fd908af9c522688d781d58b92d987af2

        SHA1

        40ead80c38fcf907e45503abfc76e079a8fa3b7f

        SHA256

        509979287cdce09e79521bcad1022cae697e73aff850a11ceacfb9e5cbfc1fc6

        SHA512

        7fc6d138943abf513bca697cf1778a6f69db09e27596be047499892a47d01d552f2a4bc87606ba20505d0c69afe9d1dc8fa550b56ea5d551b260708bea499aa7

        Download Submit
      • /data/data/com.oil.jycjt/databases/ua.db-wal
        Filesize

        4KB

        MD5

        b392b0b27b059a6ab3683ffbb43da2b6

        SHA1

        0c24245d9a87915e235d3c448c3d164984bfe068

        SHA256

        a0be497aeb1c2f4bc7de30d40af40dcd928ab23b362f05c16125dd4f1da9a131

        SHA512

        95c12e161ff6c501483d608f08f5da21695c84f7b2f89fe3dfe9a8ce58dfef36788975dbfe7a823327925dd682fcbfb6e9fa50b39cd4c048ce00f6d45695393a

        Download Submit
      • /data/data/com.oil.jycjt/files/.envelope/i==1.2.0&&1.1.0_1718330187423_envelope.log
        Filesize

        2KB

        MD5

        d3d802a8397885e74f0f58bc84071ebc

        SHA1

        ef48bcc1e70f3c0319955e6dba132d18ccd11cc5

        SHA256

        a307eba5513bdbd70f0b4f9090ec694d74c8528a4fff31efe8272247693027c9

        SHA512

        601482ad3309ba3be5aabeaeb0885a93af88971dd63dc3f778e5b21059caf14f12f8923822b114a7c6338b27e837960e797d9849c06002f483565ca79bba4597

        Download Submit
      • /data/data/com.oil.jycjt/files/.envelope/t==8.0.0&&1.1.0_1718330189150_envelope.log
        Filesize

        1KB

        MD5

        fc505ce5f93c0e7ed31277a618750e1f

        SHA1

        5308ecefab9911d35573ce3195f3ea7a15fab5dd

        SHA256

        f5094a9397a30218d30285ab0c9f5b2868fc5595eaa358c942381859178295ec

        SHA512

        b2f7be53d429e9c27aaf80349bd6ecaf021c85371736e371d78a57e5e7ae374e4b92f20bd8b3008ad51b4b274e4db64a0256704e76044824600cc27aaec9e831

        Download Submit
      • /data/data/com.oil.jycjt/files/.imprint
        Filesize

        560B

        MD5

        40a5c0b91a5a024dcc92b6e58db6061a

        SHA1

        5247dfeb8a77d14a16430970910d787ccc278dd8

        SHA256

        7ff583579305f29862b4bdbf3d5f2263ad7f2a8ca97bcc756a048329348d0836

        SHA512

        98f8bfc8f0c1da16c09eafc33821ceee98b156fe66eacc868ebd11770df90d2d14e8da1ce57f707b7ce120480770cd190c111afb0027932b203ff024aa1eae79

        Download Submit
      • /data/data/com.oil.jycjt/files/.umeng/exchangeIdentity.json
        Filesize

        162B

        MD5

        b462e948314c80a58a17d67074ad54d1

        SHA1

        d6f1bd998d8fb30549c99e90e040b16863b3c1e6

        SHA256

        bcac3c96a2636495ffc5147ec77a8f4d2e287add876e325c92f91759a95caa10

        SHA512

        a11ff8ef28056ac4977a716c6b16f860226cb2f9810e06984747bb8163e4af1b098c651a16487334952c8b70b807607cff710576568d6d7f17b0ae75576648d9

        Download Submit
      • /data/data/com.oil.jycjt/files/exid.dat
        Filesize

        73B

        MD5

        20b1839392aee6c28561a52199e2f420

        SHA1

        4574b365deb4a579ec97644dd095817dff203852

        SHA256

        8ad309a88fcfb0b364745db3c16039092305322821a5a916993249eea313e204

        SHA512

        0f9d01ea9427ef14d4ad214749015a4eb02fb1f195f315f9fd5b1870931bd28ca3e2b2bb875fa98917e68b90282e0c8bd006525131a96311d626f80b11e4c421

        Download Submit
      • /data/data/com.oil.jycjt/files/libcuid.so
        Filesize

        129B

        MD5

        806267a0f49f093b2bf13ad189022197

        SHA1

        51e118befa475272e17235573cfcba406f16367e

        SHA256

        f02e2c2e7fe2f17879b28e090398347c628ef2799258d165dd13d1a7058ae1a1

        SHA512

        4cc4d83c09953bb2693a135c8b89884b1ce35f4bd4ea083051bd3a997a4dbf5ae8f81e9f08911fbc8a4aaacbe71cf12a471a7fcf79a308f6a745a359c661b794

        Download Submit
      • /data/data/com.oil.jycjt/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzMwMTg2NzQ0
        Filesize

        1KB

        MD5

        640071bffdf71efec73007ce973ab62d

        SHA1

        e2823b1b9ba73e5ea25a3c4dc7cc6faad2fa0d81

        SHA256

        7ea5ad7906c7978ac2a7d832073acc3aae10619cc5b106afcaa5f2bc8c4f5d0c

        SHA512

        342e48952c4441c057e73982acd69ac8e86c96007e0adef04ec9391afefe494549cc4eb21d69a2822e9aea9861f85f771cc10e3f69ade4e58058cfd7a9ab7ebc

        Download Submit
      • /data/data/com.oil.jycjt/files/umeng_it.cache
        Filesize

        211B

        MD5

        ca3529c796426f7040f1e0c99fb3e5b9

        SHA1

        4835b93b5915dbf6c670f2e9d66916ee4b350b2f

        SHA256

        d2ce4713ca4a13f6968463debda75b58695eb6ccce5b0803605b05f07f2ab2e7

        SHA512

        95dc5105a1a3ce7e6923f234d4d84d9608dbb1e32a47d82db3b21fa1ec35735903524fee07894a64e5932221a2b2748190ad14543b3d57236bf6b3165568aa8a

        Download Submit
      • /data/data/com.oil.jycjt/files/umeng_it.cache
        Filesize

        415B

        MD5

        721c131ab10633d930e328f1a00675fb

        SHA1

        29ceeca443a0a38e0be8098f7a3732225c5f85db

        SHA256

        eaa88dadb59174f7da5d7bf627fc63811a3c908fe18dffef4c907e2eb0f3b1e2

        SHA512

        f91427aaeedc87948303fd68a7d073b3ad6044a30152b43c5a5a0ffa5c87724a76d571f15ff9af0bacd6062ee93232205cecd7d5051953b5d29853319e5d23db

        Download Submit