546777d0488bb8a8a001b9cc0d7fc2169fc5c8c30fcdc3d4183d6c23ce88c9ed

Analysis

max time kernel
179s
max time network
151s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
11-08-2024 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88762a667afe69f9e14108b529702f5d_JaffaCakes118.apk
Size

1.5MB
MD5

88762a667afe69f9e14108b529702f5d
SHA1

05374ae36834c3736843d56eb02b4edac04a52e5
SHA256

546777d0488bb8a8a001b9cc0d7fc2169fc5c8c30fcdc3d4183d6c23ce88c9ed
SHA512

3559034edc5b28174d6cfddd86ce66b88ed0f0725355980d343f60cccf915658f8db14ae46fe39760431be92252b9cd52a051248f197806080c4cc928810fcf4
SSDEEP

49152:lAd3Q1NDKHZDNmJGXLYJYCz3cMOZ5ZXjtx5bcID2odr0:l8SDKHZDNmJGbYJYCz3cr5ZXjtx5bcIc

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.zhangshanghuaban.oku/files/v.jar	4621	com.zhangshanghuaban.oku
/data/user/0/com.zhangshanghuaban.oku/app_f978c574-b2a4-4c1e-8eb8-3ef73b5679fd/dfbac23b-9cdc-479c-b10e-f1b476a1079f.jar	4621	com.zhangshanghuaban.oku

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zhangshanghuaban.oku

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zhangshanghuaban.oku

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.zhangshanghuaban.oku
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
PID:4621

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zhangshanghuaban.oku/app_f978c574-b2a4-4c1e-8eb8-3ef73b5679fd/c543aa57-e58c-4c45-94c5-ee1c079e0bc0

Filesize
71KB

MD5
146a650dd469a6b6391f560eeabdeb0e

SHA1
25e20b3bfe93d7c16c6bb21e65942a58e6ce6bf2

SHA256
6756084a60a3b21dc9ad595ab336ef3b2b6f5c0039f7de1463f61f8a58de4de4

SHA512
d72dfc7aeefb2d77e46e0b5323c77bedd3a75c2cd670ce382c6a0dd894105aa42d9056909abb94dde007424f1a877478e96f8e5a5831aa48a21b5057c1e7193b

Download Submit
/data/user/0/com.zhangshanghuaban.oku/app_f978c574-b2a4-4c1e-8eb8-3ef73b5679fd/dfbac23b-9cdc-479c-b10e-f1b476a1079f.jar

Filesize
22KB

MD5
d73ac1e8603c9212c8d7bd0efd555ecd

SHA1
0d3a248ce2541ca4952e7bfc3f1a7d46ef1c384e

SHA256
560d25284546e0bde690b859b5d9bbe1e1b8ec924524b929674305935c80a107

SHA512
acd304c4237efe3537af363caabc17f135e78f12801094e62df1e3dc260549acf7fccf51eedfb5c57d12c1b2f503244007c222411792d3b4a3e5c2f72d771949

Download Submit
/data/user/0/com.zhangshanghuaban.oku/app_f978c574-b2a4-4c1e-8eb8-3ef73b5679fd/dfbac23b-9cdc-479c-b10e-f1b476a1079f.jar

Filesize
59KB

MD5
aabcab5764a2c245f66f05275409d9ac

SHA1
70025f9a50f5741874e7ba414065d839050b55de

SHA256
8c8323abb7822bc8faddd358956746fb66451b64f7add56a124e78fc614561b1

SHA512
fff399b665c673d83f25ec7ff16bb3f07a7395d45dd106fe1857fb8f1920e9a98c6b60ba90d1f95d76b3d671e27349cdb3abc6a1b1f3b7b46a4f1c0020e22071

Download Submit
/data/user/0/com.zhangshanghuaban.oku/databases/dwer.db

Filesize
32KB

MD5
4fb7b05f2aa15bd406a8c9a83d73d58e

SHA1
9d40629801edadb82153e6499446a126f875e3c4

SHA256
6a289ab63a942bdf16d55bc564dae49eeacad9aebf7715926c191cb8f02e3f16

SHA512
d693d89515076cd781d25cdb1c1fa94423ba7fbf935678455123e142cf48d39e54fe5f92d99d226ac6b4720a9a969f65d1b7431fa212900e408ac06cbeb0eb45

Download Submit
/data/user/0/com.zhangshanghuaban.oku/databases/dwer.db-journal

Filesize
8KB

MD5
62cba4120ec9335fc452396e57498b87

SHA1
93bd7f961a578b62bed09a5a5151d85ea3c70098

SHA256
2e740888a81d14d1fa351db7fd969d704374cb4bc3854bc02f12ab82faa6b17b

SHA512
43a34edac272febfb25b69d6175e3dd8d01f2f6bdc390b15751dab931690ae723543458d9250d4ab13ff5070c95cb61ab97eae5d7a21ac7161537d3f5c978620

Download Submit
/data/user/0/com.zhangshanghuaban.oku/databases/dwer.db-journal

Filesize
512B

MD5
75963ce608a5e82177f9de529c1475b6

SHA1
d70aff6be891b762d8811dac464cc0441f2a0e99

SHA256
a667536ac8af571f94819c6e57b88bb397f7f1dca06066e140f43e642a4e790a

SHA512
5ef1cde377d0c32ee3ed8b464c8f68f8aab54a9ec25612a57052aedfaff05734d3f59904560e4e5947db628970be7cdd7c0844378dfe97bc0c03b6e33428cd12

Download Submit
/data/user/0/com.zhangshanghuaban.oku/databases/dwer.db-journal

Filesize
8KB

MD5
706aba0be7aa04afafc35000010e0926

SHA1
f19e6525609016c96746e61c5656ff7e3de19812

SHA256
e1c1a48bf229761f6339854efea23d45fe96f6ff1219f3e62a2d53d6a5482f45

SHA512
6ebb336be2407f47c24d69d030b304b9d91e6d7fd5f9a14797bb616f69ac848a9f98bf1978d5cc9d8f71b4a955a94db0449ce0732dd311e109168028594350b3

Download Submit
/data/user/0/com.zhangshanghuaban.oku/databases/dwer.db-journal

Filesize
8KB

MD5
9693eb03be707d2664ca63934db795f9

SHA1
d87b5892529c8c4fd3c1e4dc0527334958e8d05e

SHA256
8a7e6bb94002af7bf556ead3f76adc9713d1a9c8e51b395a91351d04107b6890

SHA512
ae04f4205fd46872d59ecc8de5ae55b86bb2540b15a11e1a72cf96016ed05ee58c8eb1997357f0eb311851ce457413f000a85af6e042d16d7d32d254cc2b50d6

Download Submit
/data/user/0/com.zhangshanghuaban.oku/files/SUBOXLOG_

Filesize
1KB

MD5
71399bf3b48367c8140ba285e19782b5

SHA1
bef556013bc3de41be48e83430501c3deb996ff7

SHA256
0a9bf7622fbe00c43c26e230ee9871a425c04311108e64c773e2be7b6cfbf2e9

SHA512
e56a2befc2edb2495b964c6cef7e3510b0faa05335370d1c8180f28926d40a15bd763337952235b22607416252306264f03f9d9b37d4a3eafc319d1e5fdf1024

Download Submit
/data/user/0/com.zhangshanghuaban.oku/files/SUBOXLOG_

Filesize
1011B

MD5
a52e5ff214ce88cea6aa5097b9853933

SHA1
750a9d43cabc258ea8459c8061cd5451ca3a211f

SHA256
42877dc2de4baf560acf2943cb797af78655811cd0cfb6b297b527dddf994948

SHA512
454b724aaae953d14bdd642edfdfd379d4e27a03d23ffa8c1c2f882b4c3f000dcc54f4ac58aff8cff2409c5e8c146c060d6dd7b931655f63131050f249686f90

Download Submit
/data/user/0/com.zhangshanghuaban.oku/files/v.jar

Filesize
216KB

MD5
fe71b6c9a4117f12b923af8caa5477cd

SHA1
d6fbb703874344fff8a7f2ddaa4c108b7053bb56

SHA256
17e7f434df38c948be4e534bea8083eb63748190b8fd4c2f760428a8b563e1a7

SHA512
f44e02d5d19c6e488b268ad4c90a00df3e33569f5398a68e472151da49bcbddd3568f392f4b119cd833a4e32357f39f4a4cfd4470dd7150362f03708aa3e67a6

Download Submit
/data/user/0/com.zhangshanghuaban.oku/files/v.jar

Filesize
387KB

MD5
38e927343d1622adfa93aa7ce49df149

SHA1
b56f701e5f2adbc65c017782cffd4c0f85c7ce2b

SHA256
7a056f8a0049af54c7b6938a8552c2591a836648a8b1966a6e8341982bcb7c99

SHA512
1977f7e8796c7e9ea79dff9bd57fef0502757569b43f38198d9fb2768c0c2b45a0841a9ecd2361d972349caa34c1f6bde2d7b2fd439af0fcdca28d68f578fc6f

Download Submit