1db2bd0d80674f8e85f3deea261dfcca65ed3f37ad5e8cda9da21b522ad28b43

Analysis

max time kernel
143s
max time network
165s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
10-08-2024 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86e270048f1002629f25310a6928451e_JaffaCakes118.apk
Size

10.9MB
MD5

86e270048f1002629f25310a6928451e
SHA1

0f3e0ca9f47ae3564c5ec66c9c54510a911ec237
SHA256

1db2bd0d80674f8e85f3deea261dfcca65ed3f37ad5e8cda9da21b522ad28b43
SHA512

43c8aa6f36620a84196ab4111fe4480e320aafcea8beeae5b2218b400bbe780c7bb3a28e087f282c0f41c6172d28348a7e104b01945b5bda9b0accb5ccb9ccdc
SSDEEP

196608:PjPPtdbTOC9YAPX7+6LZYYqRYRsqWoSVIqpu/Hoe9nlKBJ4miL4y44mPPkyVL:DtdfB7+6LZt8iAJe9nlKBFkiHVL

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.ansrfuture.choice

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/gdt_plugin.jar	4293	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/gdt_plugin.jar	4261	com.ansrfuture.choice

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ansrfuture.choice

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
5	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ansrfuture.choice

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.ansrfuture.choice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ansrfuture.choice

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ansrfuture.choice

com.ansrfuture.choice
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4261
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/gdt_plugin.jar --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/oat/x86/gdt_plugin.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4293

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ansrfuture.choice/app_e_qq_com_plugin/4261.yaqcookie

Filesize
8B

MD5
7fa6d4eb28052fd6bc9e4dc702776349

SHA1
ea6841096242be1a8250b0233ead1eb49aa05ce7

SHA256
36dc7d7a1f9649d5997a815714138e574e035e3db4569e0fae1415918205bf09

SHA512
e30df350ed9eeb666650b14317ba60f4b8e23094ed7bbccf265982508cb84d3760dcb0db30278de84342b8653b388696d607b994d3db2621974fc2c1c66a703a

Download Submit
/data/data/com.ansrfuture.choice/app_e_qq_com_plugin/dexMethod.56647468.dat

Filesize
15KB

MD5
ecb44fcfca6e1e20d0818f0642854342

SHA1
b4792c18a47c45506fcd1b44255140d694d2a4c1

SHA256
c6f860451d6e7bb8b677bbc5ab33d34c9de33656e1995846ba872f6ad0c5adfb

SHA512
a454dc8339fd48e10975ba46dc8287db19079965af0e22c7e98df8ce0cf409cf609e395fad104d86ea2aafabd358a9a7b3a25ed7cb5e2600e6dcab46f86d2b2b

Download Submit
/data/data/com.ansrfuture.choice/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
393KB

MD5
0d546943943234cbe0a8b132c4d65bca

SHA1
11c36b9ad64cd3925c449e9a794a3613abf33c4a

SHA256
9597de7943e30d0ed1d6a128b18111585ce0dd36af66502638d57b470fbbb6f3

SHA512
096f35cc60239a9412651f9b0607e30ef57c3fa0628904b5a450b08c71534323cc66b8d506c19da8fef9d19dd8f0888b19b7efce66463becfaca5fbef1ddc4b1

Download Submit
/data/data/com.ansrfuture.choice/app_e_qq_com_plugin/gdt_plugin.jar.sig

Filesize
180B

MD5
72a35623a7ec98c621abb05ef1ed45c7

SHA1
90d548ed43b4acebfec22fc7e8c86ec6c47ab046

SHA256
9bb6aa039d8d357c21d7357782f47bf9871619c77fa8e524a93be24e3051ada9

SHA512
f8aa202e2d0008282f224165aa6825204e9516121fbdf607d79c56860485a2d1f2598792b35c98e29e873262170ca772f91ffe5c7ba65b288d3550918a3d3e16

Download Submit
/data/data/com.ansrfuture.choice/app_e_qq_com_plugin/libyaqbasic.56647468.so

Filesize
63KB

MD5
4630e09cf197c8d925a48f7736a74c21

SHA1
850be2c3299df980e768399ff96c0be2ad54b8d1

SHA256
edbd346af04e9232177722213321821bc948135c0a9572e8c92b2fda54eb3c14

SHA512
209365224923a72756a3c9474f28f94ca9c52becc415913c77234482a2ef4619a86dffab6cfc0e2c7b85df050d5e75cc3b909bd189a9990862b5065b8b55d395

Download Submit
/data/data/com.ansrfuture.choice/app_e_qq_com_plugin/libyaqpro.56647468.so

Filesize
53KB

MD5
eb044d4f1a9c5bd759baeb4316331478

SHA1
88f314ba678ca894f88c5e6f822f5623d7ca09c3

SHA256
f0ba39e8ebc0b161015db167f6e74017557273647da740cd8b46be7d1d9a59fe

SHA512
e88734831ade103b3bcfa391e3b9705df442502f44355ebb057bcee5bd3d5a963fc65f26774d3d3d31cf6a7a7459eabc81cb70dc14d7267e267e1ac53264052a

Download Submit
/data/data/com.ansrfuture.choice/app_e_qq_com_plugin/update_lc

Filesize
4B

MD5
dce7c4174ce9323904a934a486c41288

SHA1
e117797422d35ce52f036963c7e9603e9955b5c7

SHA256
0c030586945fe504b604ecc2e875c38ede400cd5cd73da9730302162e6b02c6f

SHA512
d570ab6a8f4a7b54d426b0481219074b5277ace37d88438d87ab97eb387938eca1cf7b09fa42d596c56ada860710d2a7385d2a96e1cedff58ad6ed8900f1b143

Download Submit
/data/data/com.ansrfuture.choice/app_e_qq_com_plugin/update_lc

Filesize
1B

MD5
0bcef9c45bd8a48eda1b26eb0c61c869

SHA1
4345cb1fa27885a8fbfe7c0c830a592cc76a552b

SHA256
bbf3f11cb5b43e700273a78d12de55e4a7eab741ed2abf13787a4d2dc832b8ec

SHA512
91972aa34055bca20ddb643b9f817a547e5d4ad49b7ff16a7f828a8d72c4cb4a5679cff4da00f9fb6b2833de7eb3480b3b4a7c7c7b85a39028de55acaf2d8812

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db-journal

Filesize
512B

MD5
899322cb3ee24fbeaaf822eff33ff335

SHA1
cd1b1d66b7eb69fe1415fa4adb207ba42bd62b5e

SHA256
00f5f82e0f8efe98048018c719cfb9db5fb65cc6048ff75f7484021acfde81f5

SHA512
20949e84b86da1c2e9d36e64c27b4ddfa68d4fa2f9ffa342e5f6b51dde254ad36d43e4d3c8db7f1d98b42767494148a3161641f73e1315749e94a1eab5a9f443

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db-wal

Filesize
48KB

MD5
5cae80c7be4cdeeaaa333c68a9e38fd0

SHA1
bc7bf9393c78a7de310b671a97ff0ce9082d1d73

SHA256
7827ccf743727db60e67220b92849584739b28211bb11ff77052c96860106983

SHA512
d1dfc3512bf1c8cb55774eaf8051367d9cc43bd6ecd514589f61d4b08efbff1879aafb0842dd4d9b044a5d6749fac33232c12ac180aa34f34ffe7d9e675a48e6

Download Submit
/data/data/com.ansrfuture.choice/databases/cc/cc.db-wal

Filesize
16KB

MD5
3991bf3934ab46964413acf959885b42

SHA1
3b2a70d9034450bb18b1dd1a73a7eda9af98c46c

SHA256
7bdc91e3568132d2cab10f94a9b784d727fb0c7487d8fc9b705f19b3ebc83f49

SHA512
5f09c529f1ef0953e5eda937a2fbf943a46ae9cfe2ff1b219e12ec10870d7a3d3de16e64e280b7f1c369b2c9ab4ce2585cbd9cc93a48d591882f9f2fe843c237

Download Submit
/data/data/com.ansrfuture.choice/databases/ua.db

Filesize
32KB

MD5
b6459b4d980d86c9176c710e6c47eb95

SHA1
cdc4b8f16a7fe8a8cf4220afa7dbd841371262b9

SHA256
47a6d085a6c96f09d541121447dd9e8681ec443ab28959fbd8544eda14c35b17

SHA512
17c62b81c759888914a2fa21fe0c3dd6a3d6c7d2bb5638540df83d11b08b0a908126885760bd0b9627d76343bb04fd59974de7ec706d072a3e16ab416106660d

Download Submit
/data/data/com.ansrfuture.choice/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.ansrfuture.choice/databases/ua.db-journal

Filesize
512B

MD5
367db026c184a2ab94a2e69fb99bb295

SHA1
daf51f482c038647a8e8a866d929390db84010c3

SHA256
7b5026033b7f82a508b8a5643195de8b400cc2365f887ca9e6b21afa19981092

SHA512
45d3a6bfd424638166fb2c993a653e8b4fa90eb02e4cf2adb392bd350b375376a71b7363b479e377189d0739b4ebb3247c02fa9896d7a1db66c8b3ae83223471

Download Submit
/data/data/com.ansrfuture.choice/databases/ua.db-wal

Filesize
56KB

MD5
ff93eeda7bbc26b176e3f2894f4caa7b

SHA1
2deefde3f8c71aff01266eb0fd6eed55b4fc22e9

SHA256
bd32fe83e199aa84e5199f8139a4e80c545e58f5f4af2bc6228cbe83b9b93101

SHA512
4f6b9b1c8986d6c9f0b189c1c1aebc97eda352805979021d971e97c0068453d84517bc82674b78836cfffaaaee27e11aa1f3759675123a68b42ec948f3a24a9c

Download Submit
/data/data/com.ansrfuture.choice/databases/ua.db-wal

Filesize
8KB

MD5
14474160fde56e6a12d3d1afab24b7c9

SHA1
cee91dc886d2caf645e77c9cb9e349c4da1b3e60

SHA256
81b7e1855edcb21433a13d0ce39b0425302e50006fc293a4ba9b2a2be5da7a46

SHA512
62108a2e303f1b77d3548d8736d98c7bc74ad64721c1d102cbc646508a7294b9d8f76f0c6158fb4b65995f656423976813c41b192b0850ca295c25f5a478c727

Download Submit
/data/data/com.ansrfuture.choice/files/.um/um_cache_1723308986542.env

Filesize
1KB

MD5
f89ded0e1879659d81c81c8a0e841d16

SHA1
7cf5d6750df26d54256769cb48846151737a99f8

SHA256
8b1818c28847c2a6c07931aab65ace85d160a7f8b5b97c8ac2957b2648ab6bd4

SHA512
310ef699373eadb9a9e1549d9147d112ce130fb7326893e5df6ed6518854f2dd34f0b0422b949eda9700b4284da767f014e97ee8fa59486b1732bef7e72d2963

Download Submit
/data/data/com.ansrfuture.choice/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
97e10ce53aa7c58c843a6489030cdf38

SHA1
5a7bb28a74d6329ba5cf8b1f7fc6ea9900789528

SHA256
fd0734eee56154dda4415dc04eb5075522b7f5b369933e6e557fc7100d99cfdf

SHA512
ad86d2cf47e33ca5ecc1610563b68650a1d48f8d1b184d0f1821f3086db24cb6c4307b54a2b39227a5893ad054c86a19205a9820994b61cd89b63c80d9b080cf

Download Submit
/data/data/com.ansrfuture.choice/files/exid.dat

Filesize
56B

MD5
06278a4a5eab1d45cc2256837c81a74c

SHA1
f95ca5501153087293f512fd1466d2370e513efd

SHA256
1898268db707b1e3eeb295d9d0b912b994c8db3f936a7f6615362804a58570ab

SHA512
83f5ca3fc6111143a3a124220d49d83119b991587228bb612344847b9955e0a6afd12b22f8ba80e0bead7a934ef3bdad71da79f78ca6083524b3073fd60d5bbc

Download Submit
/data/data/com.ansrfuture.choice/files/session-CrasheyeSavedData-1-1723308865889.json

Filesize
512B

MD5
58020ff272cef3b12d36fba2e8d7adba

SHA1
7f6a6a589285af72a350e5ac2e70c5575dc63e38

SHA256
a96834e861149524926b667d951d0aa8d8ef9b3e9f450628ae453f0da111281b

SHA512
6ece801cbebd9619125eea881d1ea7060044ce241734b692f394512012e5bcd5445d0118ecb362b39f3035f58afd7e60dd62c7b99f1a59b5d471909be61b7e37

Download Submit
/data/data/com.ansrfuture.choice/files/umeng_it.cache

Filesize
415B

MD5
e8e4cbabc2eb001f6a1c46c024c6f346

SHA1
7305c52bee8c753bb481a14cb76b2f8f306df66e

SHA256
32c9e1aae9c4f59b44e514ab86a5e0167300ebd26ddf3145481f85effba63e45

SHA512
848239f7fa15b0c510bd3ad8f26741459a0495bff029b0e6ca4f24fa827e0595285c7027d527cf22dc4ef27b83735ed7e4bbd5201583ae0fb142d8d5c93391ae

Download Submit
/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
668KB

MD5
b0756094c56890cd3c54924b25fc0627

SHA1
3de2dee93e80bfff180fbc13e218cf9b5daa35bf

SHA256
5d5ec981b293d24a5838ddf8ca40e2b0c4e2a13aef5f17f7c8ee27aa6e6534a0

SHA512
9de8b9911ede31c072d62ef5f7587c56dc3789f9530bce3bff346a51ee9c0f9dd2be8388e3d3125b59086cb41ea1761a0e8b44f320daab45178b5f7d9c3013d4

Download Submit
/data/user/0/com.ansrfuture.choice/app_e_qq_com_plugin/gdt_plugin.jar

Filesize
668KB

MD5
a6844e579b8045545bff5734f4d5efb9

SHA1
107d7370e50965edcea0dc76a18295725b8753bd

SHA256
63f00b1eb4717724421886628e1e1d86256d4d1a4f0384c1aa7e8c9074bd78f6

SHA512
adb3dd66588423d90fc4d997d5b30c220527f5a68507c416345672ee8ec230943dac8a5d95f37fff523f2e930691c6f689a5e10ee7e4a2f7c750645cefcbf846

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads