e834a71797445972828164e006a0be3ed38ceac3b01c1bcdb8743569f1bb57ac

Analysis

max time kernel
178s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
24-08-2024 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bec7a06e1bea43083f6c1d8e6f727039_JaffaCakes118.apk
Size

27.6MB
MD5

bec7a06e1bea43083f6c1d8e6f727039
SHA1

3450cfd19490be73045a3924f8605eca0f396756
SHA256

e834a71797445972828164e006a0be3ed38ceac3b01c1bcdb8743569f1bb57ac
SHA512

b28feaa9b49d3e1844d8db2be2a1977bf5d3d2bc4c282e2db79658b422936890dc3fe4c269b48f131cfa0aecd0d11203648058bdddf3dfd6e28623d0fad4679e
SSDEEP

786432:QYPNyyVto5fo4rCQrrONuePXKV7qMoV1Un5S:QY1yyrAvr+NjCo1UA

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.taquan.shopping
/system/xbin/su	com.taquan.shopping

Checks known Qemu files. 1 TTPs 2 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/sys/qemu_trace	com.taquan.shopping
/sys/qemu_trace	com.taquan.shopping:pushcore

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/qemu_pipe	com.taquan.shopping
/dev/qemu_pipe	com.taquan.shopping:pushcore

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.taquan.shopping/app_SGLib/libsgmain_312768000000.zip	4256	com.taquan.shopping
/data/user/0/com.taquan.shopping/app_SGLib/libsgmain_312768000000.zip	4453	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.taquan.shopping/app_SGLib/libsgmain_312768000000.zip --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.taquan.shopping/app_SGLib/oat/x86/libsgmain_312768000000.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.taquan.shopping/app_SGLib/libsgmain_312768000000.zip	4289	com.taquan.shopping:pushcore

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.taquan.shopping
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.taquan.shopping:pushcore

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.taquan.shopping
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.taquan.shopping:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.taquan.shopping:pushcore
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.taquan.shopping

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.taquan.shopping

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.taquan.shopping
Framework service call	android.app.IActivityManager.registerReceiver	com.taquan.shopping:pushcore

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.taquan.shopping
Framework API call	javax.crypto.Cipher.doFinal	com.taquan.shopping:pushcore

Checks CPU information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.taquan.shopping
File opened for read	/proc/cpuinfo	com.taquan.shopping:pushcore

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.taquan.shopping

com.taquan.shopping
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4256

com.taquan.shopping:pushcore
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4289
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.taquan.shopping/app_SGLib/libsgmain_312768000000.zip --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.taquan.shopping/app_SGLib/oat/x86/libsgmain_312768000000.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4453

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.taquan.shopping/app_SGLib/libsgmainso-5.1.81.so.tmp

Filesize
591KB

MD5
c85e8919765cc22095d1b8e40601e34d

SHA1
22d48933b9f30a028cf4c9d993f59c767f9e8e35

SHA256
f4ab50b1188cc9913c106f1f661162cb7db90aa288a90fa6bb41c5938b6afa8e

SHA512
6715ed9290b868a5733f6c6001e9de1375a381b5f61552fc0adfd825c72977cbd34a347f7fecad8cbc798af7b5ef59f4a23bbe6fedb714e4dda65a1e5921c08e

Download Submit
/data/data/com.taquan.shopping/databases/ut.db

Filesize
28KB

MD5
80c88195363eb083c4423b068252c10f

SHA1
fa69e73ebc37bd5e3ac07f59bb309815ce57c4a0

SHA256
2ec17e4b1e0341069d8816b70bf03b455e242601459100e5f6cf6619d047894d

SHA512
75e833177a123d79c9958984da0f11ed29661c9ed4faffe74e5b792faef06ce03376f71b09141359b121ca361d02bd2f30658530b271ad7a97101583cbeb978c

Download Submit
/data/data/com.taquan.shopping/databases/ut.db

Filesize
20KB

MD5
38616785cca0600a03205f84fe330b4b

SHA1
6ac41a6bdcae297d56dac5fdde70be5faccf0832

SHA256
b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8

SHA512
7ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08

Download Submit
/data/data/com.taquan.shopping/databases/ut.db

Filesize
28KB

MD5
8577640a9a630a638bf111307439958a

SHA1
a0580a33fd984df3885d75f2036db65c2241eaa8

SHA256
cdc7e7c767a6fb828434e241edfb435a84d267f7efddb124a3673fd7c17b4710

SHA512
34620903e3cf0cc56a8013bdac75499563f94fbf87d25a12c271d4bc3e8820c1159d597053ecf8f9c0a5d7ea9794d3a5a3d386b746442c02b500b18be2d401a8

Download Submit
/data/data/com.taquan.shopping/databases/ut.db-journal

Filesize
512B

MD5
9f8e1da885ebfbe98439ecd5586e5bf2

SHA1
bbd210446f9092c263066c4d2662f1724e993e91

SHA256
e5e2805bfeb177ecefb52d23184bcd9c73800e32caeabefa522eb041c5e7b3ab

SHA512
b8eb8e0fc5718f570aef8cbec16219a2df25edfa95ac78011a9a41f6fd48962d0b9053fca7f2252f8ab8824c6d8c6410f3bdee318846b8a1d44944edbd5937f3

Download Submit
/data/data/com.taquan.shopping/databases/ut.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.taquan.shopping/databases/ut.db-wal

Filesize
8KB

MD5
92535dfef01c34d8c08f7f87d399f16a

SHA1
a5420386eb519693bfad898a222ce8b1f675b4cb

SHA256
f670fb1a2e3601fdea4a41b42221e32289af192f951e19c7c28e2bd41d53bcbd

SHA512
55b4af9b8a2b554f2a86fc2c06e04a1530a7956a2688d73c5ea7bdc2b13942a16f8a8ad5f262dbce50a06883637c03a25c59f608b076f42719f65b6f4e5e4b5a

Download Submit
/data/data/com.taquan.shopping/databases/ut.db-wal

Filesize
32KB

MD5
19cfd6ae79379274439b65f9250d81fb

SHA1
37d207ce69bd335afc4a2a8cf3e70713daacd782

SHA256
3c305c2dc21b13b32e5b1a2fa36760fed19010a17bc988020f36500a785959ac

SHA512
f3d1c75a67098fc12b7cfca266dacb2f0bed3167076cf92644aec4658c1b6dff2446aaeea953a412f23d59647254eee7c0bc3bf6383d4b2f9aa8aaaffbcbe911

Download Submit
/data/data/com.taquan.shopping/databases/ut.db-wal

Filesize
24KB

MD5
28d69f666bc7f2ff0768dda1e8ccd060

SHA1
a2953ce2d3cca636911b3f70ffdaa02bd7156a70

SHA256
e23e10b1705da27d6c07367c7e5afee1d0e2c905815d03169e51985702b793d3

SHA512
dac2b6e977f841c806bbb4bb188e92d15d784744aa976b02505b6d9bb5eb340377cc21e29d598481c99720637b123c570d81e8359684313d10c46a41b3d1d22b

Download Submit
/data/data/com.taquan.shopping/files/0a231bd8575dcf72.txt

Filesize
40B

MD5
644b2b150c27dd9879b16910d1e4a4a1

SHA1
05bffd78ee7fef71ad97b0060bb32030c8656329

SHA256
8a12895777c1b59806282687d5788a1b79045e6dc632cc7c8feaf1f199be2fd3

SHA512
25cf752ae539a4322981835734afea466ca4063a0a5c09f20a9fd10b193599079889b5bff0ebe964d2bc43a128752548a100ee348dadd93c0892c52255e98ee4

Download Submit
/data/data/com.taquan.shopping/files/21c22f492aba3de8.lock

Filesize
16B

MD5
b9317729078c5dfba7c6ca41c81a8d87

SHA1
ac756e6958c30bd05b3fd4915781b4e61710aee4

SHA256
7e6b3fe1c975fce23359d13931ea7aae03dddcdd91af717a084c167541e937ed

SHA512
64adbe546c018e976d8c4dc513799281116006aee9d970ba9da1743e1bbca3d3dc4ca3b61773732238f28ff5a15d5ffaa605f0230bdeb6da361b14ff05491007

Download Submit
/data/data/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
72B

MD5
f58f13d0fc991322df1eec4c68481464

SHA1
fac54fd6dfb4fa6e0b0f548eb024573dca8cd259

SHA256
1d3ba112a38305e67ffb1aa4a0e0e70b3a22809904675efecec0c949d0b76396

SHA512
e1ef5bbe84095b5ed02d1d9b23bc7e034b67715b3535473553a2d797b86ddbb81028e0cd5ccc457be1828893413eb368e04f29b7c3a2878f933a025153cca535

Download Submit
/data/data/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
143B

MD5
e226bf9446849dc009baa24a537ac74c

SHA1
b6b4de6d0febe5a29c94656ddbf85823f20d6204

SHA256
f4748057d8d507d1ff277a03fdef8184f0e215e4be2de5315b48c647fb0d8a19

SHA512
0acf633e9b926ee1c43ba5f11357a9f31524a62e7487fe95b70feee27740197a4cf725c3a0aaeadb2fdc441ce4af69e0800ae23bb7a64c7525e7044ed49c6541

Download Submit
/data/data/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
189B

MD5
6a8863dd4be7802445180fb86132a879

SHA1
318b6be6ca08b4edd3c0e949f0c4ee34b1b1b768

SHA256
003384a9be52ac8b293ce45c557533b3e72efebf1165f128bc9dcaee5b414e08

SHA512
21c52dbe0c216efc38950433e9601102dbb0abfc1bcf844e24da21e047cface75f0fabacb07bc38042bd46638611dbd6b7cc7a41e25c824725ec8112f0094780

Download Submit
/data/data/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
262B

MD5
0438489e26550304ace8e365664531ae

SHA1
cb4e150d8a2f36dcffb61bf28f01f2c6313f30e4

SHA256
a179e2d846f440a85be5d1837704df7092888784914b38b61067568308ec76bb

SHA512
6e0782109933287e1fc72b2da6db675e4ec1b0d3cd17e95e2769fe362b4a880664d2159c5521f7b15d7287cf2671d8e73a93b570d16888cc4280a90c38072dd4

Download Submit
/data/data/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
334B

MD5
fa50b901681b560424b3a3bb84dff1dc

SHA1
6fb6501a0cc20b57965526a4db8306dd32b210b3

SHA256
79d9c24d2ec63f014e6f73d090dfd9d2f3310bb49fb66af460f44135d92c88f0

SHA512
6b725d57b5f458e9bf8736fa8b9431a784fefd157f9f1033fd4f2c6aa0764e4b0a5f4461805754ee41e1543a4b49bb505ef28421bb37d8642b0481b8710dcec6

Download Submit
/data/data/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
978B

MD5
3e23db4f499b6d7d4a3a8c8248ee6a20

SHA1
fba152516cde54bece61ab35c7189e6ec7ae6932

SHA256
823fc30bf0a6c381abe27de48bf653a6761791722a4133cd0f1c52545a9feb35

SHA512
01e4e2e13c78e9ec73023f65b2b079e65bc2db6a0a8def7a294637458c6b8d74657a2bc409a6cc200a2d2c880858b7a65c73fea282b3cbf4932f8c401aa9cc98

Download Submit
/data/user/0/com.taquan.shopping/app_SGLib/libsgmain_312768000000.zip

Filesize
65KB

MD5
522947eaa37b029a247e3973f3be3621

SHA1
31c88e0d7c9b51904c0f598e80245bba41b1c7d9

SHA256
d06601f9eb8d8c991f00426ad30bada9d2bb7886a6de21d78cd0ccb7b7e62156

SHA512
f5eaa9ccf08096bf0df8f004fbfc1b893ae08fed3e6722e0adea1fdea2719a45876314b765134905841f440c27216c897876e3ac6c8903fc44b697854eb02c0c

Download Submit
/data/user/0/com.taquan.shopping/app_SGLib/libsgmain_312768000000.zip

Filesize
65KB

MD5
0c2f2989749ff3910446998637c28286

SHA1
054aba5cdeb4e66a4473b0a81680bc50f6a0cfc3

SHA256
f3c52a07c3cb0a749aa880b5819ce43a5b76065396037f5f50c4577ae522d49d

SHA512
72acb607e89f7dd62c21e9449ceba58c8917afcf4dc32c789f515d6a866e6549b2fd53e90cffbdfb7a62d577534bd9eec052d1ec9a912321f9bf25e7f719a70f

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
096ca114007f7e35a3011216813fbcf2

SHA1
660df7d276e01f337ea9d15fea14cedbe3d73675

SHA256
270673e0cf136431569aa42b3fcad0e30f9add0cf9a5727fc27b20b3f0589102

SHA512
a27a78621a89fe8756b603cc00a857737f806bb6db308715b390d3e0df97498dade04910e108fa8dbdf14cb50f0f8cffe7b41a61da7d656e807c1e9c5d41e054

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
aeee5116ce6023c43f6b338359066728

SHA1
96aa1077ea7286212d9241148750ba6fb85d2e51

SHA256
7b178ce73541941676281b82d05c80afc8d9b21aaa71f496b214573ad8c39e6e

SHA512
94734b1f97035d984e35d9bc746c03353df51816c949e0cb9f48ac277d3a40c134d4748ab8c763d502661f25ec8e8b1b6d40a151319b12333886bbf81a183f42

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
213B

MD5
2c8c0813ef78cae0b73536884e5eedbe

SHA1
fc13a565ed8785cf6cba6091720ebb12e6b69094

SHA256
bb796c8bc0bd345facbafc97acf1b9be429a4f2a350a3c097092e299eae314c7

SHA512
0d08bb0bcf1771e7c768f9d312236cb6c6db94fadc087f3727a716306e771d4535b0b98908030118a253bbaceacb46b38713eb8bd0912cf0acc09fb1298fcda1

Download Submit
/storage/emulated/0/.com.taobao.dp/dd7893586a493dc3

Filesize
512B

MD5
1d66d07db61c9f90e6307bbe7c79e311

SHA1
112116a323258155e47a7973ed13969812e14fb3

SHA256
767a6044896a11e4a560100530020052a471e9158820f266a2ae2129a0cf51ac

SHA512
5b93a14f7ec83c8be60baa2fb6a6765b8cffef5fe5eb04ab09042bfc1cdee9a1253d882791c6ef52eb4dabd40372cc2d9286528ea2c0ab8fba3495c88edbe9d5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads