Analysis
-
max time kernel
179s -
max time network
186s -
platform
android_x64 -
resource
android-33-x64-arm64-20240611.1-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240611.1-enlocale:en-usos:android-13-x64system -
submitted
14-06-2024 08:42
Static task
static1
Behavioral task
behavioral1
Sample
a8c920c1274e23d3e3b7f86ae178e289_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a8c920c1274e23d3e3b7f86ae178e289_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240611.1-en
General
-
Target
a8c920c1274e23d3e3b7f86ae178e289_JaffaCakes118.apk
-
Size
30.8MB
-
MD5
a8c920c1274e23d3e3b7f86ae178e289
-
SHA1
24e3b2b130535df83a444016da23ca98d91f4e5d
-
SHA256
30fb8863fe9ab35917deb1041000ca54d37b24dc9e6b9969a78ec587b1aba9df
-
SHA512
efb8c46e0047e2fc6a4bdfe505ec44026492eb702d1e5d34f6fa925149939ef713962e6132f0c176349501949219a5f7d65c3dc80a37f6453c5c47a1c6b73e65
-
SSDEEP
786432:2Z1UsthU6A7GlFTUb4QU8Tw/sat1+T9+2ZI:2Z+eFTQU8Sz+p+V
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.ynxhs.dznews.yuxi.tonghai:remotecom.ynxhs.dznews.yuxi.tonghaiioc process /system/app/Superuser.apk com.ynxhs.dznews.yuxi.tonghai:remote /system/app/Superuser.apk com.ynxhs.dznews.yuxi.tonghai -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ynxhs.dznews.yuxi.tonghai:remotecom.ynxhs.dznews.yuxi.tonghai:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ynxhs.dznews.yuxi.tonghai:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.ynxhs.dznews.yuxi.tonghai:remote -
Requests cell location 1 TTPs 4 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.ynxhs.dznews.yuxi.tonghai:remotecom.ynxhs.dznews.yuxi.tonghaicom.ynxhs.dznews.yuxi.tonghai:pushservicedescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.ynxhs.dznews.yuxi.tonghai:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ynxhs.dznews.yuxi.tonghai Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ynxhs.dznews.yuxi.tonghai:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ynxhs.dznews.yuxi.tonghai:pushservice -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.ynxhs.dznews.yuxi.tonghaicom.ynxhs.dznews.yuxi.tonghai:remotecom.ynxhs.dznews.yuxi.tonghai:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ynxhs.dznews.yuxi.tonghai Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ynxhs.dznews.yuxi.tonghai:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ynxhs.dznews.yuxi.tonghai:pushservice -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.ynxhs.dznews.yuxi.tonghai:remotedescription ioc process Framework API call android.hardware.SensorManager.registerListener com.ynxhs.dznews.yuxi.tonghai:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
Processes:
com.ynxhs.dznews.yuxi.tonghai:remotecom.ynxhs.dznews.yuxi.tonghai:pushservicecom.ynxhs.dznews.yuxi.tonghaidescription ioc process Framework API call javax.crypto.Cipher.doFinal com.ynxhs.dznews.yuxi.tonghai:remote Framework API call javax.crypto.Cipher.doFinal com.ynxhs.dznews.yuxi.tonghai:pushservice Framework API call javax.crypto.Cipher.doFinal com.ynxhs.dznews.yuxi.tonghai -
Checks memory information 2 TTPs 2 IoCs
Processes
-
com.ynxhs.dznews.yuxi.tonghai1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
com.ynxhs.dznews.yuxi.tonghai:pushservice1⤵
-
com.ynxhs.dznews.yuxi.tonghai:remote1⤵
- Queries information about running processes on the device
-
com.ynxhs.dznews.yuxi.tonghai:remote1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
com.ynxhs.dznews.yuxi.tonghai:pushservice1⤵
- Requests cell location
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/app_crashrecord/1004Filesize
238B
MD532006ebc5b2f6219b46b6b320642023a
SHA1c0106d98c88c9f8d10fe819dfaf9f1cbf6fc7730
SHA256f8588f94c8bb74d07c4e26427bc7df60aff38556344ff0eecf72d0a15cc9de8f
SHA512abff6a62c21b6ac1ffbe3a3b98ed3c18f43910beab55d021c54209af9ba4dd32a3dd90f09cb635b1dc3b4d14dfec6dc6631064577613753f36289778a84b29a6
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/app_crashrecord/1004Filesize
8KB
MD5f53f1867384a126a5409a7977b174a54
SHA1dd4b44105ff893ec081fb920dfebcf09d77a5957
SHA2561fb371a6a0941738e674b7d915169febe90fbdccd528a6493943863eecb8f25e
SHA51251835934655475e738c285748ccc90d87f6d7bd51abf025a4c93dca3d79318c6b44fc74f90334af8ed99bbb5e4cad712a75f84738e2bcfac51e0bf17fadb8cd0
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_Filesize
52KB
MD53aab4c5a851d4c3d87c8f369eba78dd9
SHA106ec8244201c349dd0c13a82434c76171413715f
SHA2563d15057455640464a24c877f753002a46ec7e52c0be892116233ef4bc12d66a9
SHA5128c26676b33e9c482ca30873105f5c464af028a9067226f9e514b3a78ab74b31a80453b000e79d672617691c9ae2f12a94ce8cd4fd1f2ea4d13b2020e3343e520
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journalFilesize
8KB
MD5ce1ff63645b8bf52ea758e549fa3a859
SHA1314d871447bdbe3f7586f663339020bbf7667f83
SHA256f049091970fb353a36a75ad6806549c3492dac203e0a698785d40c972494214d
SHA5125213f8ca03e7bc6a690c858a3fda3e722b0d0d0ece53ec324ef586c9ce9a2ea9906202a53689b6122a0b46a1c55289ce629df6c07e37075414a022e5c9efc177
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journalFilesize
16KB
MD54d4dd2a63e159fd52275797c03654ce8
SHA1a64346241960c333dd301bae2ed3c07999a910cf
SHA256af98f2d4f1d13bfd5176c756fe56428c528ea34b2dde09a5aebfe33115134105
SHA512a72fbdc3256064a88276bae1cc11f4b598099826fbec66988833221f8993a8990143b937bd56e81dc13325e37cc79866838bcd4f9e0fd1900bc693338d684099
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journalFilesize
8KB
MD52afc75e40189cd18153a25efe81af843
SHA17a4807e7e959a18386b80bd0fe368d5ead56c793
SHA2567b414feda502ecda7362a1456f448a5d254cf9cbb6d9a5b1d469f481dc2a3e84
SHA512256fec58510bc363cbf41779693c2f98992c9d2f774043257788e1a604ccf0e435991f73900cc0a38920ae7c64ca2b24dfdc3e2267223df937195643f97506b4
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journalFilesize
8KB
MD5395d4484b4d03380d69524daac5dd839
SHA1fd66bd95ef00a2dd87f8fe56142ff6cf66a9e3d0
SHA256e2f6c8373760a2b8063cb437646051e82244d76bc4f45ae1b20013f3353ef66d
SHA5125848f380f6d2015d61fd63707e4de37d7896ea2d0240ed11d9d266fd10cff013d34a465ff3b64afdff2751fd1e57910ee088bae17baa3039a7fac73aaa0f0bed
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/bugly_db_-journalFilesize
48KB
MD5ef4cee190e0404f79555ff41e159bf19
SHA1d9f0297383afb2efb4ea47b988a97fadf5bd1896
SHA2565e0a9b37b926c11e51e256a600859272b2e3db3cbd4a046da918c3b86b8c2d5d
SHA512c98f35c1c8f9383e39862cb3c254ea17a1fe1a90df35738475dbadbda579f65cfdeae5ecf0c562849e0863b58947f4d6ba25b7f64a5793aa1ab29626f709bf55
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.dbFilesize
20KB
MD589f24c55c5d0c357908fd2dd2033f074
SHA198afc3573d80278fa9c28c35cac5358e67ca069e
SHA2567b054b6fbdefdc1ded6c728ae7d191fcb8bb3d4ee04d1aec6444bd777e5cec27
SHA51231aa44a2bc76a12f86e246ac02aea15a2acb5dcd2510624e068cbaf47680495f13f745eb40b8eae71e39aed55c3deb282b75fe3698ebfcf8e1848cbf6806c1c9
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.dbFilesize
24KB
MD59748af263ce3fdf1269b13810a05f2f7
SHA16883ec2d90d7bb6e94b417b7032c2385f82fb22a
SHA2568acc4931421a2200da3bb4f6df2adb77f2bbc538cfa79d4c2c3ab75ffc59eac5
SHA512de7d510da823e91d4d1f4d4180b3e42da8c87b0fec1e3ec18676dd10f07cc9cd1910e310b1e0f9953a7cbc38186aecb1bd41d8356d046f1218cad236b7521139
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.dbFilesize
36KB
MD5f5f7184e089cebf426f4604c6d990a72
SHA1d90aed3a15beedd60087d8ecdb884cc1e8f65fa8
SHA25649f12ab90931f044a86bdf260d7ae66622b1d65be863d5550dce60722730e590
SHA51254ad678b5e72501835796bef108fd5c1ffa9d17a95b3ad130edbe5135d150b8b63ac0fcf90c9ded9f6c0d764bf98cdb010da2e7cc2cd4260bbe8fc33082f791c
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.dbFilesize
40KB
MD5f264a6f36d854fe97978ecd49f1cbd79
SHA1c59dd21a7ed257ed90b113e8af466fc874284355
SHA2568dc7fc06bab9d86974e12753c1f820739583a88055ed94b61ee89e62c6665094
SHA5121c28e1bc1e87137aabeeba3d7e2eefea62fdfdd43d581fdbe9136f6b23d381c25239d901990b84d2c5b611fe68b659e41e27351a4d1d1cd363f244725da1581d
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.dbFilesize
48KB
MD544b98c0d0ab33f8df1253e26e8e6117b
SHA1d0fdfcfee51782a0c62add8e1bc4e2b05ade5c18
SHA2564b03e9dcfac93f0716b985fb1e3e48ee94c66e880d8edd488062adb80bb8c0c6
SHA51291f8a4f2a4da3fd9b19f9faa386d7201c585237f1f32e1cb73d7cf74e67691a8c2ee573c31657e1c217d328d9ad809e3dc005c8cbcd858ef3188d686ee9daa59
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.dbFilesize
16KB
MD51e0c2603f2736c8a497460a0403dbc6a
SHA198e7bfa807d7f5152c263186d3896ac73d9e5430
SHA256b0102c148d5d854546e553cef5c719786d164df71c34c854191b13491e29aef7
SHA512a84a91ce69c524fd8b4c230ffeb4b2f59cee1a6d11dced9ad7b1ed5cc022c364a247c4838492f4b32ff475045b1f94792dd623153ec8bd36235adac75594f17b
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journalFilesize
8KB
MD5c93218b2f3292104e20305d49b68ad7b
SHA14928d56782536f10619bcc40fc9d63097775e936
SHA25665fc651bfe913c9018ecb96cf06e549ecf58f8457e60cc84eac7c9d552a0c2c5
SHA51292753e6a6a1420dd1a10700aa0285c2c71f8320daf2833b3e9163f94e9d04a3639247690d387585189e7a9f82174d3857b6504f5ecb7303d062fda9ff5c4732c
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journalFilesize
4KB
MD5dca0ada8afbe381079e39e82bf0968db
SHA1a3438c2585e0d2df7f8047d69ad603b9651ea908
SHA25642a59e9f3764b66cf83fb2b5127a7591447a1306270ca64ef04de6df5544c82b
SHA512b1300590740ad5e767d76a14eebe1d3d58cdace35db1921cf60ed825e24e33498a289a1a145bd417f3181200f8dbb991848995ab2e8faf13ee77a7c68682b055
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journalFilesize
8KB
MD558c9ba18e5387b15676f75f122362a36
SHA1fbf380a304ac8e3cd46e92500acdeabab5304ba0
SHA256e2ab3d741b10464438c06eaca6f1a8291f0c5d83ad73fb1ab08a422514d26df1
SHA512c3fa4d82f9f41cfbb89589c501c04caf279723fbecef22a3b8b1cc4c528b1bd512c9890592af07d61b0c6d9f78a0401a3d61ed1df6795dc9a7353018909d1e1d
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journalFilesize
8KB
MD5ef2f1a85a1f1556183ab769e2104cdbb
SHA1a259f1bc4bd7b15012505fd744094c271f534204
SHA2561f879554ef2469ad5c51c74bdbfe2b8be062759453304bee316822b25f1af667
SHA5124bc4828f0301bd59ecf553e3a93ec9feb7107949d304dba079c2b391af1fa8f46b0c4320fb419e04e8de0b351f4b3ede5c295410dc6ff31a57139f1c5b52f768
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journalFilesize
16KB
MD5b03ab7696ed42e23784ba00bce20a23b
SHA152e3d1156a2443f863ad3ea14eb3d371c0e17d21
SHA25643082671b8b30eb5eeb3863db7145cc7784788ff312aadc53a0e73205c77a008
SHA512bd568f36e685ab8de642543f39c67beec8d02be2c8182717d6018a57a1f306eef99c4c78cff4533861633b653e2ad3f9532e727ab68212a2feb56f3728eeebd4
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/databases/dznews2_yuxi_tonghai.db-journalFilesize
8KB
MD5707e58354ddf9a0bc131d9aefd47aae0
SHA1a41f71186ac27887231cc2c52aa118ef707c1ada
SHA256129baa86766dc2ae75571e2cbb73e321d38a79e78af9632744356e2ae53147da
SHA5128f5f7d08b8f179553dc32391b55868e062ff7f8e7781b8c344c1d425ca827f991b45619a91fa23990f4a3fb0aa7a80f16b118bf0cc89d40e0376403945269d1e
-
/data/user/0/com.ynxhs.dznews.yuxi.tonghai/files/libcuid.soFilesize
109B
MD56a2dbaeb0e2b94e2527cff7eaefd7f86
SHA187ff5f0a611a9b5c4db2066eea9f9de4592703ea
SHA256ad65bb158a59642195b8fbc219932a42aa566121d3104907baf53749f6c2acb3
SHA51222ec4b2e3a1eccc492baaed207e7fe0e3ffc0946debffee2b7397d37dc4cbc5feefca9e277b74d63d167fee915125071c71a45e3bb660c33c50daa168a9de6da