Analysis
-
max time kernel
179s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 08:42
Static task
static1
Behavioral task
behavioral1
Sample
a8c920c1274e23d3e3b7f86ae178e289_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a8c920c1274e23d3e3b7f86ae178e289_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240611.1-en
General
-
Target
a8c920c1274e23d3e3b7f86ae178e289_JaffaCakes118.apk
-
Size
30.8MB
-
MD5
a8c920c1274e23d3e3b7f86ae178e289
-
SHA1
24e3b2b130535df83a444016da23ca98d91f4e5d
-
SHA256
30fb8863fe9ab35917deb1041000ca54d37b24dc9e6b9969a78ec587b1aba9df
-
SHA512
efb8c46e0047e2fc6a4bdfe505ec44026492eb702d1e5d34f6fa925149939ef713962e6132f0c176349501949219a5f7d65c3dc80a37f6453c5c47a1c6b73e65
-
SSDEEP
786432:2Z1UsthU6A7GlFTUb4QU8Tw/sat1+T9+2ZI:2Z+eFTQU8Sz+p+V
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
Processes:
com.ynxhs.dznews.yuxi.tonghai:remote/system/bin/sh -c type sucom.ynxhs.dznews.yuxi.tonghaicom.ynxhs.dznews.yuxi.tonghai:pushserviceioc process /system/app/Superuser.apk com.ynxhs.dznews.yuxi.tonghai:remote /sbin/su /system/bin/sh -c type su /system/app/Superuser.apk com.ynxhs.dznews.yuxi.tonghai /system/app/Superuser.apk com.ynxhs.dznews.yuxi.tonghai:pushservice -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ynxhs.dznews.yuxi.tonghai:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ynxhs.dznews.yuxi.tonghai:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.ynxhs.dznews.yuxi.tonghai:pushservicecom.ynxhs.dznews.yuxi.tonghaicom.ynxhs.dznews.yuxi.tonghai:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.ynxhs.dznews.yuxi.tonghai:pushservice Framework service call android.net.wifi.IWifiManager.getScanResults com.ynxhs.dznews.yuxi.tonghai Framework service call android.net.wifi.IWifiManager.getScanResults com.ynxhs.dznews.yuxi.tonghai:remote -
Requests cell location 2 TTPs 4 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.ynxhs.dznews.yuxi.tonghai:pushservicecom.ynxhs.dznews.yuxi.tonghaicom.ynxhs.dznews.yuxi.tonghai:remotedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ynxhs.dznews.yuxi.tonghai:pushservice Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ynxhs.dznews.yuxi.tonghai Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ynxhs.dznews.yuxi.tonghai:remote Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.ynxhs.dznews.yuxi.tonghai:remote -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.ynxhs.dznews.yuxi.tonghai:pushservicecom.ynxhs.dznews.yuxi.tonghaicom.ynxhs.dznews.yuxi.tonghai:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ynxhs.dznews.yuxi.tonghai:pushservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ynxhs.dznews.yuxi.tonghai Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ynxhs.dznews.yuxi.tonghai:remote -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.ynxhs.dznews.yuxi.tonghaicom.ynxhs.dznews.yuxi.tonghai:pushservicecom.ynxhs.dznews.yuxi.tonghai:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ynxhs.dznews.yuxi.tonghai Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ynxhs.dznews.yuxi.tonghai:pushservice Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ynxhs.dznews.yuxi.tonghai:remote -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.ynxhs.dznews.yuxi.tonghai:remotedescription ioc process Framework API call android.hardware.SensorManager.registerListener com.ynxhs.dznews.yuxi.tonghai:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
Processes:
com.ynxhs.dznews.yuxi.tonghaicom.ynxhs.dznews.yuxi.tonghai:pushservicecom.ynxhs.dznews.yuxi.tonghai:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ynxhs.dznews.yuxi.tonghai Framework service call android.app.IActivityManager.registerReceiver com.ynxhs.dznews.yuxi.tonghai:pushservice Framework service call android.app.IActivityManager.registerReceiver com.ynxhs.dznews.yuxi.tonghai:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
Processes:
com.ynxhs.dznews.yuxi.tonghai:pushservicecom.ynxhs.dznews.yuxi.tonghaicom.ynxhs.dznews.yuxi.tonghai:remotedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.ynxhs.dznews.yuxi.tonghai:pushservice Framework API call javax.crypto.Cipher.doFinal com.ynxhs.dznews.yuxi.tonghai Framework API call javax.crypto.Cipher.doFinal com.ynxhs.dznews.yuxi.tonghai:remote -
Checks memory information 2 TTPs 3 IoCs
Processes:
com.ynxhs.dznews.yuxi.tonghaicom.ynxhs.dznews.yuxi.tonghai:pushservicecom.ynxhs.dznews.yuxi.tonghai:remotedescription ioc process File opened for read /proc/meminfo com.ynxhs.dznews.yuxi.tonghai File opened for read /proc/meminfo com.ynxhs.dznews.yuxi.tonghai:pushservice File opened for read /proc/meminfo com.ynxhs.dznews.yuxi.tonghai:remote
Processes
-
com.ynxhs.dznews.yuxi.tonghai1⤵
- Checks if the Android device is rooted.
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
/system/bin/sh -c getprop2⤵
-
getprop2⤵
-
com.ynxhs.dznews.yuxi.tonghai:pushservice1⤵
- Checks if the Android device is rooted.
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
/system/bin/sh -c getprop2⤵
-
getprop2⤵
-
com.ynxhs.dznews.yuxi.tonghai:remote1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
/system/bin/sh -c getprop2⤵
-
getprop2⤵
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/app_crashrecord/1004Filesize
238B
MD56f0e28a2f99e5005398eec0ea6e11299
SHA12bf6d79003d4255be27066d694443dbccbb37cbc
SHA256e4becc7729121ffeb4d95ac273ef5ce50f7a1519186cf3400effb3e809369fe1
SHA512aea8870462ff0971cc87289c04c93555fbb3fc852b622c46e79e81bee7dc733dd7886ee187fea28ae6935152850ca211c545b1eac7d6207eee88b51727238558
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_Filesize
100KB
MD505c9edc48ebae0942e3309d6a4106d92
SHA1408fca0187936e58c84cdfad3ef643aee35794fd
SHA2569bef24a8a288037124c6f7cbaf6cd859d66246c8b32d5bb8cf4de39b7df90d4d
SHA512484e0d01340f2092141234c028b2dba03c59d262326b7566049e04b6f72de5ef97e40025bcb2669837ce0213a7db8ace1e99062a3e01bb094edd8fb6059a010a
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journalFilesize
512B
MD50fab1817aeb6122d5798ce57fa1626f1
SHA10114e1292a4312f56b6d84041a9f5dd867f1f544
SHA256ea4d1f6ab37fd41e7ec0145d941b0bbc5e78164475f9da9429c07829927c5dfd
SHA512a67da4c899a403b5752b568b322d68ba13eb239f715077bb79c304be95a0cd1718c50db09c2512e3beeb7a83f121db4a00286ab76e47ef785863baf12a720d50
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-shmFilesize
32KB
MD54c126487d8842995f2921e023311364a
SHA1458694bc8d4ada4cd88a5215b2f695eb662bca5a
SHA256959353e946aecd9ff366bf4b8d57e04da937961386012c66e9560f79dd42058a
SHA512bee5635ae8530981898cdf0f994be5b64296cc333eaa91e57b2b4f90cc5e0d081fa69af94726920ce4341391b1d1b4b1bf1a098ec4b333d0f004cd329f960ea4
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-walFilesize
92KB
MD5cc2478672c53da7ae5b65dbfee2195e9
SHA11b92e98cedd257709c89070c0f7d436e016808c6
SHA25645c1a725eb1c1ae6d2d0377394e3df181606d2826f4a7166395d9e2d5cab7efe
SHA512491329d31927dd528d2e32b6d105eecf3b24bece996b3d8f14d7e730699242c5c5d4c530758bf5ccf670e868e7923190549f9131bb410dc90faf893cb0bc3246
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.dbFilesize
32KB
MD599e9a62a1835202247c787a646782ec4
SHA16879005aeef3095ec255442165ebd1bf676af662
SHA2560d3309f481f7ab003b8bf93e4d347b09321b468e41b366908b253e53023ac773
SHA5121c35e5682203a517c1758f6074c6a22444ccda6e7726ef20f7a5d2e396a9a486440ee12af9001ab5a3c7d1909997b120166b1a17f921019e4a2c77da8b996639
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.dbFilesize
24KB
MD5b876092ff49038dfd83e6d77f9d322cd
SHA113e920aa7b019a46c0378211770b46c96d008109
SHA25633b1de0981153cffed59ce474a8a16d51decff027e7ad851f737dbcfe2dc0f52
SHA512dc431b0d7c8d5f786b632cd305b70f9e8575f22e224ca927385bd2451cf319ac2567add1fee6bf8707259a1ba96b24b5a0c1933e18d2f9dbbb04c90ac61da937
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.dbFilesize
36KB
MD582aba2d427f63af05eb3c3c0682a7f8b
SHA1a9307781219f84687bc4578037ad3b11f12f3132
SHA256e15dda3058f439a41bbe7ac89b8018d3b40933fa760bc3e6c20ea2294bf4ccba
SHA512f2f0de4df31446b0a656967c5bda350772532ac4dc318be9b384258763e467798207949a4d8db16d47a0c2297c9a2f650c413dc73fd1aee05e3cda7165a4f850
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.dbFilesize
40KB
MD59092f116349504a93bf24ad216956a8c
SHA19b8d0b8356d72425ce55eb430bdc9c9d97f67824
SHA256bb717dd6ae8bc2e722b06efd9a72fcb4c202fc9291febd20fe65558120058487
SHA5120737e5b359d5181fa666dec030bca71c087f602232be79126d9d405957d43bc40c35ab34882164fea924a9d07909ef226a79b399e155ad06c00cb646220ef351
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.dbFilesize
48KB
MD5ea04d3f4c66f4f554cb961591826518a
SHA15b7ace9ebb17d1f0044e19b1d6d25377c08cbb84
SHA256b2eddf9d02c61bf9fb4a4741b462f1ba3332c84f16c7e2d10fbb440135fa79a7
SHA5124e51a02cd46090894ddfbd6efa526c65a0059e752f1a1c5b536ee1eed91d73ee9fc672b1077648cdc96a3bcfc0daacbbb71ab72be341170bcd77bde42c27833f
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.dbFilesize
16KB
MD5a6215828de4f6363118596ff463e0bfb
SHA119b83ade551b015b8ccc7b25ab2ecd5274fd27d9
SHA256e89bea04361e43b9ed37bd5e25418e6412c366a8f54ed6f03b6223a2c0b2c756
SHA512461636e17fe3e38c5b62ce066a282386dd7071291c3185de2c6b4c296df19247addf79493b4f455fbdf54928741d44864701659ac2aa0a2bc64b03bc796969c6
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journalFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-shmFilesize
32KB
MD53724eb4070b68db936b7b50fa7c0efcf
SHA139026fcc4ca9ee670adf8e9ef7eb5e4bdc5490dc
SHA256810856e6a32131a59f547676ce70292778fbc7fd15236ebc51d960ac7940aced
SHA512a440c1fecd39a1bda348a730a181275e33ed1a4e49c6f73d0d0bb5d2a4f1092e731ae019e41ba1ca7d87116850ea2293dd3f9a46cb822ed6828571444eff2877
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-walFilesize
185KB
MD5972725fb7349476caeceec0661c9201e
SHA13c44801fa73c30536158ccceddb968d1015e1e0b
SHA256f61dfcb7040e5fd23773c788e9ac79a6e3ea73689242b41af2781eb0bbbc4378
SHA512b1925c1f93d36d3a88b0172e065c4fe91dbb0221932d35c0e0160a0417a14e706c2779046cd39dcc4280278e1b3a47b7b4effbe00a0df633b34c87afd164c826
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-walFilesize
12KB
MD5fd53de3b7931da8e30f5db7c088dc924
SHA1346cb8898a6fe92d22edbadcee615684d1d01642
SHA2569e61716440fc0e6cc0857004b91595b554c8013ce3a4ebc42aedc072c2cb17c8
SHA5124557c1f1f836ca3a4b5a1bb97f492944db698dfde154aebf56ef5658270957db9b35077170fccdaeb0c342a3b6f3360f96f97abd38ea6a079ca3168c6635a5d8
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-walFilesize
20KB
MD537afbbd1e1c34065c814447d5c6a1425
SHA1de13339706d4eff802cc761251f987f5c434e452
SHA256255bfbba3d5fe8562fbae42cdb3c08cc8d3d206cd9763742e1bd840560f36e88
SHA5126feb200844cf63e9eee07f278c945cfd1ea1827dbd31ede22a68a84dff29ac67ee6e8c583ec27353570ebe00c9ee4a230bf1e6afc57906023cfc018996b0f1e3
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-walFilesize
20KB
MD5f6ef3c14460a54eb46fcdece105b53ee
SHA18dcf8aeed27e534d92922a642c1f3627c3590897
SHA256d1714b5270f8d0f2f2c9f7ad98268d282c52cb1f420cc150568b8effb3f21c2b
SHA5128a1c5cae2f2921915f21b60d036e511596a7934eb71e411e4c66aac2ee82780ac08bab980defc743e2cd16acd3ade58f3f59a682ea8636a19a25a119d602dcf6
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-walFilesize
20KB
MD55b6de45f86ea96d74dcffaf15f50bf43
SHA1bd77e6b57046278def0aa7f7f66ef795d86810ff
SHA25629c1da68eec6d5e7202946ce28a2467fa28fa2d9f19e7cd09b356be5c6431d10
SHA512ee35c8ea3a02d70996dbab4c32a94e677a711ef77dbd02acaa0cc8872d608c036f6593c322d029fbf787148e4c363b7251aeabcf498f27e0c0ec2132b4a2748f
-
/data/data/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-walFilesize
32KB
MD5a89091c153d6f69d5310983dc0c7c118
SHA106841e4d51a76090a88269853e9f2531b182482e
SHA256a9bc352874448bdb59151361859903cb37ae51d098d7c189338a9e97b4c7c76d
SHA512945eb6e69bd97aaeb5c477dd7a7b3eb73b0323541ef38b5f62a5c0f6378efb0f7251d1fab397df6a476446e0b102f91eeb6ae9d4eebcac9813e079019debe553