546777d0488bb8a8a001b9cc0d7fc2169fc5c8c30fcdc3d4183d6c23ce88c9ed

Analysis

max time kernel
179s
max time network
151s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
11-08-2024 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88762a667afe69f9e14108b529702f5d_JaffaCakes118.apk
Size

1.5MB
MD5

88762a667afe69f9e14108b529702f5d
SHA1

05374ae36834c3736843d56eb02b4edac04a52e5
SHA256

546777d0488bb8a8a001b9cc0d7fc2169fc5c8c30fcdc3d4183d6c23ce88c9ed
SHA512

3559034edc5b28174d6cfddd86ce66b88ed0f0725355980d343f60cccf915658f8db14ae46fe39760431be92252b9cd52a051248f197806080c4cc928810fcf4
SSDEEP

49152:lAd3Q1NDKHZDNmJGXLYJYCz3cMOZ5ZXjtx5bcID2odr0:l8SDKHZDNmJGbYJYCz3cr5ZXjtx5bcIc

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.zhangshanghuaban.oku/files/v.jar	4293	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --compiler-filter=quicken --dex-file=/data/user/0/com.zhangshanghuaban.oku/files/v.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.zhangshanghuaban.oku/files/oat/x86/v.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.zhangshanghuaban.oku/files/v.jar	4265	com.zhangshanghuaban.oku
/data/user/0/com.zhangshanghuaban.oku/app_60371e16-762c-4269-9113-0d3ba3329747/71a0ec78-9a7d-4b95-9ae5-aa2ffff25dc8.jar	4265	com.zhangshanghuaban.oku

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhangshanghuaban.oku

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhangshanghuaban.oku

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zhangshanghuaban.oku

com.zhangshanghuaban.oku
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4265
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --compiler-filter=quicken --dex-file=/data/user/0/com.zhangshanghuaban.oku/files/v.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.zhangshanghuaban.oku/files/oat/x86/v.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4293

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zhangshanghuaban.oku/app_60371e16-762c-4269-9113-0d3ba3329747/71a0ec78-9a7d-4b95-9ae5-aa2ffff25dc8.jar

Filesize
22KB

MD5
d73ac1e8603c9212c8d7bd0efd555ecd

SHA1
0d3a248ce2541ca4952e7bfc3f1a7d46ef1c384e

SHA256
560d25284546e0bde690b859b5d9bbe1e1b8ec924524b929674305935c80a107

SHA512
acd304c4237efe3537af363caabc17f135e78f12801094e62df1e3dc260549acf7fccf51eedfb5c57d12c1b2f503244007c222411792d3b4a3e5c2f72d771949

Download Submit
/data/data/com.zhangshanghuaban.oku/app_60371e16-762c-4269-9113-0d3ba3329747/c37ed208-1e7e-4142-b020-c7087833be89

Filesize
71KB

MD5
146a650dd469a6b6391f560eeabdeb0e

SHA1
25e20b3bfe93d7c16c6bb21e65942a58e6ce6bf2

SHA256
6756084a60a3b21dc9ad595ab336ef3b2b6f5c0039f7de1463f61f8a58de4de4

SHA512
d72dfc7aeefb2d77e46e0b5323c77bedd3a75c2cd670ce382c6a0dd894105aa42d9056909abb94dde007424f1a877478e96f8e5a5831aa48a21b5057c1e7193b

Download Submit
/data/data/com.zhangshanghuaban.oku/databases/dwer.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.zhangshanghuaban.oku/databases/dwer.db-journal

Filesize
512B

MD5
14be4bc9347add398a8e2d1cbfc7a2ff

SHA1
09ee8fe1a44e70014bd18acfc66333d4abcd171d

SHA256
a64114d96f295e9232f6118b70369fe6d8ea0229689f66de427774190defc352

SHA512
6c435b383256f177e3e0f2e925f6450f5ddfb437a890a6b2e29ae161f61701ecc175788318db795ba79b0a04c61053c32ea747ec166e2226be737e2f26ca535e

Download Submit
/data/data/com.zhangshanghuaban.oku/databases/dwer.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.zhangshanghuaban.oku/databases/dwer.db-wal

Filesize
68KB

MD5
b5eba62e06f05ebb541cfb56a301412f

SHA1
f6f67c47e15a4b22adeed398d96057c7cfec13a6

SHA256
33951fead8503b54784279b816b3653cc67d6e4758b30b7c554ba48660d69f24

SHA512
17b0ea062d5d45cedd893348bc7168f6ec4d2d08a923a8006c4310fd084cbf7023f5098999acecf6077582d5517c72cdf1df775b470499f822af50faea08e0f5

Download Submit
/data/data/com.zhangshanghuaban.oku/files/SUBOXLOG_

Filesize
1KB

MD5
78ddb266cdc8c7582f65d90a67eafd99

SHA1
48efead7e31c97cf645fc4acb425a86ce535d949

SHA256
3cd4ad0a973b0e09b3fdf36cafc12d8ba714bfa949180f0494ef95e13f56bbe0

SHA512
f6ae51a33816c20e03a54dfd69ee935f48234048ea05e36ce4955c3a1fc298db3d9644e160237569183b70b36b73749a16543f14856e73e6df1d1369b683d945

Download Submit
/data/data/com.zhangshanghuaban.oku/files/SUBOXLOG_

Filesize
1011B

MD5
a52e5ff214ce88cea6aa5097b9853933

SHA1
750a9d43cabc258ea8459c8061cd5451ca3a211f

SHA256
42877dc2de4baf560acf2943cb797af78655811cd0cfb6b297b527dddf994948

SHA512
454b724aaae953d14bdd642edfdfd379d4e27a03d23ffa8c1c2f882b4c3f000dcc54f4ac58aff8cff2409c5e8c146c060d6dd7b931655f63131050f249686f90

Download Submit
/data/data/com.zhangshanghuaban.oku/files/v.jar

Filesize
216KB

MD5
fe71b6c9a4117f12b923af8caa5477cd

SHA1
d6fbb703874344fff8a7f2ddaa4c108b7053bb56

SHA256
17e7f434df38c948be4e534bea8083eb63748190b8fd4c2f760428a8b563e1a7

SHA512
f44e02d5d19c6e488b268ad4c90a00df3e33569f5398a68e472151da49bcbddd3568f392f4b119cd833a4e32357f39f4a4cfd4470dd7150362f03708aa3e67a6

Download Submit
/data/user/0/com.zhangshanghuaban.oku/app_60371e16-762c-4269-9113-0d3ba3329747/71a0ec78-9a7d-4b95-9ae5-aa2ffff25dc8.jar

Filesize
59KB

MD5
aabcab5764a2c245f66f05275409d9ac

SHA1
70025f9a50f5741874e7ba414065d839050b55de

SHA256
8c8323abb7822bc8faddd358956746fb66451b64f7add56a124e78fc614561b1

SHA512
fff399b665c673d83f25ec7ff16bb3f07a7395d45dd106fe1857fb8f1920e9a98c6b60ba90d1f95d76b3d671e27349cdb3abc6a1b1f3b7b46a4f1c0020e22071

Download Submit
/data/user/0/com.zhangshanghuaban.oku/files/v.jar

Filesize
387KB

MD5
1245033872890b8f19e19962a2b24946

SHA1
8b011191a8a60c6dba6f1fc81b831a6e04a469ec

SHA256
e6a1789d2b6156134d800698d36fb04ec59ff65a7184e9e9ee66dc5acbe8ae7c

SHA512
b59d9f8aec6e8454adb06d7608d20fed2c5da8962739118eab6275f119f8939e7dd6980cddb36160033681091ddc9d898d92d5bd8abfa4393d2a69fa55c7aaf0

Download Submit
/data/user/0/com.zhangshanghuaban.oku/files/v.jar

Filesize
387KB

MD5
38e927343d1622adfa93aa7ce49df149

SHA1
b56f701e5f2adbc65c017782cffd4c0f85c7ce2b

SHA256
7a056f8a0049af54c7b6938a8552c2591a836648a8b1966a6e8341982bcb7c99

SHA512
1977f7e8796c7e9ea79dff9bd57fef0502757569b43f38198d9fb2768c0c2b45a0841a9ecd2361d972349caa34c1f6bde2d7b2fd439af0fcdca28d68f578fc6f

Download Submit