546777d0488bb8a8a001b9cc0d7fc2169fc5c8c30fcdc3d4183d6c23ce88c9ed

Analysis

max time kernel
179s
max time network
150s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
11-08-2024 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88762a667afe69f9e14108b529702f5d_JaffaCakes118.apk
Size

1.5MB
MD5

88762a667afe69f9e14108b529702f5d
SHA1

05374ae36834c3736843d56eb02b4edac04a52e5
SHA256

546777d0488bb8a8a001b9cc0d7fc2169fc5c8c30fcdc3d4183d6c23ce88c9ed
SHA512

3559034edc5b28174d6cfddd86ce66b88ed0f0725355980d343f60cccf915658f8db14ae46fe39760431be92252b9cd52a051248f197806080c4cc928810fcf4
SSDEEP

49152:lAd3Q1NDKHZDNmJGXLYJYCz3cMOZ5ZXjtx5bcID2odr0:l8SDKHZDNmJGbYJYCz3cr5ZXjtx5bcIc

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.zhangshanghuaban.oku/files/v.jar	5052	com.zhangshanghuaban.oku
/data/user/0/com.zhangshanghuaban.oku/app_5321f0ed-9061-4b21-a711-8a11e6069d57/3ecb5b1f-662f-4f3f-83c3-61eda6ea8f24.jar	5052	com.zhangshanghuaban.oku

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhangshanghuaban.oku

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhangshanghuaban.oku

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zhangshanghuaban.oku

com.zhangshanghuaban.oku
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5052

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zhangshanghuaban.oku/app_5321f0ed-9061-4b21-a711-8a11e6069d57/3ecb5b1f-662f-4f3f-83c3-61eda6ea8f24.jar

Filesize
22KB

MD5
d73ac1e8603c9212c8d7bd0efd555ecd

SHA1
0d3a248ce2541ca4952e7bfc3f1a7d46ef1c384e

SHA256
560d25284546e0bde690b859b5d9bbe1e1b8ec924524b929674305935c80a107

SHA512
acd304c4237efe3537af363caabc17f135e78f12801094e62df1e3dc260549acf7fccf51eedfb5c57d12c1b2f503244007c222411792d3b4a3e5c2f72d771949

Download Submit
/data/data/com.zhangshanghuaban.oku/app_5321f0ed-9061-4b21-a711-8a11e6069d57/f787ac62-53a2-4291-bcd0-3e636d60aca2

Filesize
71KB

MD5
146a650dd469a6b6391f560eeabdeb0e

SHA1
25e20b3bfe93d7c16c6bb21e65942a58e6ce6bf2

SHA256
6756084a60a3b21dc9ad595ab336ef3b2b6f5c0039f7de1463f61f8a58de4de4

SHA512
d72dfc7aeefb2d77e46e0b5323c77bedd3a75c2cd670ce382c6a0dd894105aa42d9056909abb94dde007424f1a877478e96f8e5a5831aa48a21b5057c1e7193b

Download Submit
/data/data/com.zhangshanghuaban.oku/databases/dwer.db

Filesize
32KB

MD5
c47fae71be4beaf76f500779208f51a6

SHA1
4d7d531960d96d68db94ea9e129f9241ed27f262

SHA256
70471f1c74ea522c3d867c3afaf4f348e6ec4e492b718b1ca4fc4f05f0195e90

SHA512
1b481502d740cb09a8fbca89fb54f8c27bfede993401a37daa0abe79d08b13b8908ce312316cf59b5578b9fedcbf61628c7d5f07f8386299b7bcd588899314f3

Download Submit
/data/data/com.zhangshanghuaban.oku/databases/dwer.db-journal

Filesize
8KB

MD5
b9156bc3861e318ec339bba2d84d7430

SHA1
f1d9124f616871c5a8af7c738b6d0d8f5ecdeaaf

SHA256
53e5d3838207d3770d2fb8702c035c607b75bf1df44eeaedbfd9619ecf299b64

SHA512
0e11d8aa8d1d27eccfb4b0f38e038ad8b166b2c42788beb5d3dc97231082ba7baeae992c6b3cffd2b6070eb16a5cf953d9356668c78b8b88a908bd618f127e14

Download Submit
/data/data/com.zhangshanghuaban.oku/databases/dwer.db-journal

Filesize
8KB

MD5
8ab03f0797214474b549beb6f2cd5fe9

SHA1
129697bfd3f40f69e7fa0787b1a0b0fd75006cd9

SHA256
1a18a02d69fd27df65e4b089f6559a5bcd5483601a2e0fbc4eddb811d6dca32e

SHA512
2d623ff8aa4a3f56ff093d74f76084b404225f5fc1071fcce60c68c7f70dfcfce6db658b5e970eb6d387b08a413c79058a5da0499bc64df7e08697161e8030a7

Download Submit
/data/data/com.zhangshanghuaban.oku/databases/dwer.db-journal

Filesize
8KB

MD5
5e97c5414b4683f9d37edd3f746bb664

SHA1
366b1ea47de55865bc46489081e4607ce2c4dbde

SHA256
bb9c2d3b9cdfa2ebc5b740b31f8cabebd001bf63edb19ba2787ee59a79fb36b1

SHA512
6e3d6f4de32d52a3bb4c6985d7c2050526500f4dfdd56930e05d933f260421ad5db09ab4327bd55143b1ead7b3af857f045283e0aabe4dc4667aca0e96f1b5fc

Download Submit
/data/data/com.zhangshanghuaban.oku/databases/dwer.db-journal

Filesize
512B

MD5
356e289970038e9379711077459aedd6

SHA1
ae4f63a422ab8f727cf8768ed02ec2010fc60b9d

SHA256
44539f0559c3732a36c19768500180a08a97f76dfc4f0fee16e7a2491ed0abdf

SHA512
e283b2492ae52bc9359c7b81b8f39a230cd9aadb648b190400eab1bb138e7a9ccd888e9437a7be7853640c236b8f12d4d4298dbd4b49f79dac46aa8146d213ce

Download Submit
/data/data/com.zhangshanghuaban.oku/databases/dwer.db-journal

Filesize
8KB

MD5
825ac0737d91fab15fd081f54b402a8f

SHA1
faa639480970938cc33bc1a442c2f77291b5473c

SHA256
b0d04aedf42769311b429304d2a79fce91b83178f05fe2642aeceb45fc31ab8c

SHA512
8cab29d899edebb9be48da6b7937a983350dc8f0119664cdef1da9abb8f8b8d8ca12002711946693f80e04bf33c4e94e0fc907ab128a41c38d8f6ebf607ecb47

Download Submit
/data/data/com.zhangshanghuaban.oku/databases/dwer.db-journal

Filesize
8KB

MD5
8d2c6eeef57e754165dc12cdd88e7a9c

SHA1
371e1a29580dad847ed621b412407c7ca1abe78e

SHA256
8adb4c922e1a82e129373ae27cfcb0eaac7d08c34c12c86bb0727ecacb609138

SHA512
b8f48d424d0f3d7360d35752f0c5d5817681969c3a93d8a1d807cec6def97a1bf5d28dc64f30ed89499d318b2a3b12cfbd0eff7aa3b526950aea5c6ecabaa813

Download Submit
/data/data/com.zhangshanghuaban.oku/files/SUBOXLOG_

Filesize
1KB

MD5
c6ffe3cf9f9e05b9d00209893829c674

SHA1
f971cd75c81ec088edbeedfc27e56be80b03ac66

SHA256
8a9f626a2aa3434b9de6dd9ad669bc5dd1f07fd0ad7e81478495ea1fcf1af1a8

SHA512
8cf9eba1ab944c027a3062e9f6acc91874eccde0825a361d85f254c997ede04cfe18bd0a952a2f49e40fcbbb589a4cac5147ace39a3a70be8107e569a5e8b552

Download Submit
/data/data/com.zhangshanghuaban.oku/files/SUBOXLOG_

Filesize
1011B

MD5
a52e5ff214ce88cea6aa5097b9853933

SHA1
750a9d43cabc258ea8459c8061cd5451ca3a211f

SHA256
42877dc2de4baf560acf2943cb797af78655811cd0cfb6b297b527dddf994948

SHA512
454b724aaae953d14bdd642edfdfd379d4e27a03d23ffa8c1c2f882b4c3f000dcc54f4ac58aff8cff2409c5e8c146c060d6dd7b931655f63131050f249686f90

Download Submit
/data/data/com.zhangshanghuaban.oku/files/v.jar

Filesize
216KB

MD5
fe71b6c9a4117f12b923af8caa5477cd

SHA1
d6fbb703874344fff8a7f2ddaa4c108b7053bb56

SHA256
17e7f434df38c948be4e534bea8083eb63748190b8fd4c2f760428a8b563e1a7

SHA512
f44e02d5d19c6e488b268ad4c90a00df3e33569f5398a68e472151da49bcbddd3568f392f4b119cd833a4e32357f39f4a4cfd4470dd7150362f03708aa3e67a6

Download Submit
/data/user/0/com.zhangshanghuaban.oku/app_5321f0ed-9061-4b21-a711-8a11e6069d57/3ecb5b1f-662f-4f3f-83c3-61eda6ea8f24.jar

Filesize
59KB

MD5
aabcab5764a2c245f66f05275409d9ac

SHA1
70025f9a50f5741874e7ba414065d839050b55de

SHA256
8c8323abb7822bc8faddd358956746fb66451b64f7add56a124e78fc614561b1

SHA512
fff399b665c673d83f25ec7ff16bb3f07a7395d45dd106fe1857fb8f1920e9a98c6b60ba90d1f95d76b3d671e27349cdb3abc6a1b1f3b7b46a4f1c0020e22071

Download Submit
/data/user/0/com.zhangshanghuaban.oku/files/v.jar

Filesize
387KB

MD5
38e927343d1622adfa93aa7ce49df149

SHA1
b56f701e5f2adbc65c017782cffd4c0f85c7ce2b

SHA256
7a056f8a0049af54c7b6938a8552c2591a836648a8b1966a6e8341982bcb7c99

SHA512
1977f7e8796c7e9ea79dff9bd57fef0502757569b43f38198d9fb2768c0c2b45a0841a9ecd2361d972349caa34c1f6bde2d7b2fd439af0fcdca28d68f578fc6f

Download Submit