e834a71797445972828164e006a0be3ed38ceac3b01c1bcdb8743569f1bb57ac

Analysis

max time kernel
176s
max time network
188s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
24/08/2024, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bec7a06e1bea43083f6c1d8e6f727039_JaffaCakes118.apk
Size

27.6MB
MD5

bec7a06e1bea43083f6c1d8e6f727039
SHA1

3450cfd19490be73045a3924f8605eca0f396756
SHA256

e834a71797445972828164e006a0be3ed38ceac3b01c1bcdb8743569f1bb57ac
SHA512

b28feaa9b49d3e1844d8db2be2a1977bf5d3d2bc4c282e2db79658b422936890dc3fe4c269b48f131cfa0aecd0d11203648058bdddf3dfd6e28623d0fad4679e
SSDEEP

786432:QYPNyyVto5fo4rCQrrONuePXKV7qMoV1Un5S:QY1yyrAvr+NjCo1UA

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.taquan.shopping:pushcore
/system/xbin/su	com.taquan.shopping:pushcore

Checks known Qemu files. 1 TTPs 2 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/sys/qemu_trace	com.taquan.shopping:pushcore
/sys/qemu_trace	com.taquan.shopping

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/qemu_pipe	com.taquan.shopping:pushcore
/dev/qemu_pipe	com.taquan.shopping

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.taquan.shopping/app_SGLib/libsgmain_312768000000.zip	4367	com.taquan.shopping:pushcore
/data/user/0/com.taquan.shopping/app_SGLib/libsgmain_312768000000.zip	4323	com.taquan.shopping

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.taquan.shopping

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.taquan.shopping:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.taquan.shopping

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.taquan.shopping:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.taquan.shopping

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.taquan.shopping
Framework API call	javax.crypto.Cipher.doFinal	com.taquan.shopping:pushcore

Checks CPU information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.taquan.shopping:pushcore
File opened for read	/proc/cpuinfo	com.taquan.shopping

Checks memory information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.taquan.shopping
File opened for read	/proc/meminfo	com.taquan.shopping:pushcore

com.taquan.shopping
1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4323

com.taquan.shopping:pushcore
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4367

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.taquan.shopping/app_SGLib/libsgmain_312768000000.zip

Filesize
65KB

MD5
522947eaa37b029a247e3973f3be3621

SHA1
31c88e0d7c9b51904c0f598e80245bba41b1c7d9

SHA256
d06601f9eb8d8c991f00426ad30bada9d2bb7886a6de21d78cd0ccb7b7e62156

SHA512
f5eaa9ccf08096bf0df8f004fbfc1b893ae08fed3e6722e0adea1fdea2719a45876314b765134905841f440c27216c897876e3ac6c8903fc44b697854eb02c0c

Download Submit
/data/user/0/com.taquan.shopping/databases/ut.db

Filesize
20KB

MD5
b6bdf1d2af13cc93c53ceb49006a8789

SHA1
0f0605c78e09ada17c6eb127792ef847d52e0f45

SHA256
bb25848f56eb166519451b5c50e2b84a35f8f93c807225f16f38b5ff4a711fae

SHA512
68337131e267f13d29b1d5ab8cf16a4667b9529a0e1e8afe304565a5c0e9401b8650f5707acaa94803fe2f23622253ef58d7b2c88e7b7cb347b05e878370f15a

Download Submit
/data/user/0/com.taquan.shopping/databases/ut.db

Filesize
28KB

MD5
b00a3071a658dfea243b58befe48ddfc

SHA1
9f366e9347960c164753bece14e2d3a701a370e3

SHA256
d9270afd93d32c04c0e2e1fcb586edab98a23993b0bfffe5d861d940d7d3213b

SHA512
59840cfe8ea9e7cdd2009ce0eb87597b83b596f0a235fd9b863aa58a9abcf01c40251abe1219a5f4ecbdcb54fbda0fe5fae7be31f29010ff4e75afa84ee3883b

Download Submit
/data/user/0/com.taquan.shopping/databases/ut.db

Filesize
20KB

MD5
b640a8d11a993bfff51e27c13293063b

SHA1
7b5786a83dd3c5bbc454fcf22a026b894ef9cc4d

SHA256
88b80777f494b6364e1d11ee2c440221afceb4a374ad3dc1b4067a573e16a83e

SHA512
a42a7c9988138df9bbd343b0a59e85d4d91a3c9c3633c3e3ab3bbd74bdb06932c8b6fa56a1f7d227eab6a3513991bc15bdf31d32bdacf9aa57806190796fe2ba

Download Submit
/data/user/0/com.taquan.shopping/databases/ut.db-journal

Filesize
512B

MD5
fb56be0e4ad32743553a807e3bfff527

SHA1
cb5af1e5eef1d554710e260307fc7255742c5476

SHA256
79afda6204531cfcbf8f425183b5626cd79b7ce75411aa444b6dda3cdb4230c4

SHA512
b2cb74cc5ba5a5185f271e320762e81fb9bbea2b681e2dcbb0f8fd91810b897c469b1448c5281f8d85cbb0c00dfdc22e5f807a5a10e45fc1beead2fd2be5769f

Download Submit
/data/user/0/com.taquan.shopping/databases/ut.db-journal

Filesize
8KB

MD5
cc4580875a6d416ae70ab1396018d89e

SHA1
08967b6654ec34dbcb4c6759c32d2853e1fbe918

SHA256
456c2261917e53386af05e171fd8ea304304a49485de4f3e4f12e8f8c5f06dc1

SHA512
bd7448cc55645e539dabf9e7238e1dbee05157aea619b5b051c46e516fdb583d6a2086f4581cdd32da5523e6244b1085bf5a259f1c423207c0257af542a80543

Download Submit
/data/user/0/com.taquan.shopping/databases/ut.db-journal

Filesize
16KB

MD5
bac03ded7760b128b779ee0217202242

SHA1
47f8403d036a85d19477c3c18fa85f3cdbecd344

SHA256
391ae808ecbbfa155bc8170f901d2ca33a412f7ee71a03041aa511f22478de33

SHA512
3fdb0eb11cdb3f89d8170b8ee62fd4e1deeb0e5186e6c55ea2e0230a3e96be7db577a300f9b3d4c286123936a9a0283e9b53630349ec4903371c753873b8609e

Download Submit
/data/user/0/com.taquan.shopping/databases/ut.db-journal

Filesize
12KB

MD5
79229031c55d509922e42f9f9e1aa571

SHA1
e02c5490e673c072ec7e8512cb493bc62e5c4d22

SHA256
55585dc9d2627b5e369a78a7ed233cb9e21aae0a95de138817f711789782743b

SHA512
d90fdf40055a7a6eff1dcbcd78c617cbb035086689c135334c50f7adb4e88405afd5ebb3513d25dc2bfaff243b9bb7d94b784081e14622227a000bf3140d6e92

Download Submit
/data/user/0/com.taquan.shopping/files/0a231bd8575dcf72.txt

Filesize
40B

MD5
44fa137e5aed6d3dbb5373cef350cb46

SHA1
234b68487bf9ea3c7e9246c6a7ce424f3d0be6a1

SHA256
487630775df8ff730113e5a0a0100b51abf1c68348328b26c759006dc7b4f120

SHA512
f20e8bf4cf96a88156f0da00fc2cd731dca93141a029b5b75612346f0b1c82cef9239f72def29957b090a39f0a31837e13596c1d88d0b4af7bfb2f7bc84868f9

Download Submit
/data/user/0/com.taquan.shopping/files/21c22f492aba3de8.lock

Filesize
16B

MD5
8246bb7907fe649d048d487fc1e46c9d

SHA1
58253d8fed40937f2b58b6299a602e87218d63ec

SHA256
28b012a64201b49ade1b4c07463a0344a461d6222ad8cb1932538509ae011c0d

SHA512
00c6c370f593170e36944db501fe41f7ba828a5ac68f08f3809a94ae5030d3cf77d7e5be94c9d406496f2c06f5877b7438d8e3e997645dbc6eb0b9e2280a64e2

Download Submit
/data/user/0/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
47B

MD5
0899aa05b9d8a59e8d1027476b536d2d

SHA1
25a22757375484e5cb0bbec77753c7aac2f9c736

SHA256
0570ba037e75ccb90dcf22df752c08ef57c0d0a140dedc80d17c0b9ef872c554

SHA512
11ca565da39743a1acc2ad177097bb0cd1a1ddaef350cfaab2ed78639689564e30511eac83acd6ab48ea339017fbb669fb83e7dc8140c711a1103c94dd53f237

Download Submit
/data/user/0/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
120B

MD5
cf5ff2d59747c5e4fdd61b6ccb8f732d

SHA1
8f40083c560ba62856820e20335274a008302e10

SHA256
f6e198375799555b7ebcc7128a0d864c29fb11577ddc748e5babbcff4eb18309

SHA512
d67a10de5a31d83c14a3e9068696ef239b499b97cf6078fae8abefe7da97a49ef1e2251bf5d7734c6bc8066a0817689152fa4052a97c7f435f8526abbd884b53

Download Submit
/data/user/0/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
192B

MD5
52245d825a8163dc76258f370f1e4b60

SHA1
2fd1e70c9b8bb9932ec375b3541aed1f404e6671

SHA256
3aa27d936a8ff9dfec8341d275708c38b857f250955d6ede5987ebd3df4258e0

SHA512
03fe6fdbec3965ff9289c5ab04b44ffb355862dbd8d5ec4be8e82ec1fc33699e92a68fa74f862bc79d2e73b5aac3120eeaca826f265102ac98895d6349d6658f

Download Submit
/data/user/0/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
272B

MD5
bc8006bc83f91dcd095b63f71bd78d3a

SHA1
336f09235d62d8ebe84111035d5005873763cfd1

SHA256
e5dc7cf0a4b7adcdf5cf408c1b12e5d476437cf52fa5f52637b759e8f059be3d

SHA512
713802d75ea7cd3cae61ea2ae8ce3106bf5abf785a362cf2bcb762bc5f2aa2f8b06414a34342d2156c076c82bcd3a519b3d918d07d3c034351ff1aa07c32fa82

Download Submit
/data/user/0/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
389B

MD5
812f9fcbdc469b779cbfa1ad1b317863

SHA1
a96cbcfb5aed6b631c0d6b0412157c0470b88f88

SHA256
f8bd18034b227a25fc736458f32e4acf519b0a95632966d4bebb31c78b08c8cc

SHA512
4ed7d83ad61cf34699af840e56f80610d91c1d87fc2d4ae6c549bf39ffcb8c2836d62745ee554ca9c6355c9ad561afe4d45c65783f5111640c4047fd1751d060

Download Submit
/data/user/0/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
436B

MD5
a44b13774865250a73ea5df00bd7196d

SHA1
b9e775395757ac85523a15db4e3a63f091752271

SHA256
ee529dc81f3fb59bb3be41f83b75b4b0afa5e520a3c91de85476c7dad4147a1a

SHA512
89e0df4f59fa7248d372119e5330fa92331a07232f6bdd330e763ded868a2554b1c3f30af6680885dadd7c25a9dbb43dedcbffd65cef689700c38a84977a0c54

Download Submit
/data/user/0/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
467B

MD5
fc4c344c704066cae258da5c95e83677

SHA1
268f116af0192c12147fe4f01c995198b823a295

SHA256
e760e63f1696fd47d954b7a47643c49ac6144a94f8e002185a9af004728d1775

SHA512
3e86a62028ddc4323d3e76bc3bb1a8e223b53eed9ecc457a3953eae8307b1993b2c187994baa5a42d40aff0f862292c24fe0e8642125cadd6e19b0f85c45092f

Download Submit
/data/user/0/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
530B

MD5
7415754a5c41487d6c757d7e9e462140

SHA1
db464f7c9d934b09000eba8078684a69e8728164

SHA256
4dcd071b394e93c675ba457ffeabaee71d8081a98992a5c0468713a49a34f0e6

SHA512
739fdaa76be77d5118c69956f11b92e949282d3af1ae18f24aa68ac2543b2880d0a623e0df45f3b5a66d3cf5529e45215238c32129cc6a604ae5897680f2e0e7

Download Submit
/data/user/0/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
726B

MD5
50bda54e97af1b25e1e06e095310c114

SHA1
5ddd254786a58699bf10cf4447f5281a8a3576b8

SHA256
f714fcf0a01e91c1e602733f5f9f9bb11c029a60dbc59198a6cf49bd418b8eb9

SHA512
fcedfda10193e3b1f5a314a5b3eaabd3d502cbff4a78797172e4db486a646313171d04b5fb2b596d28ef608f8da97b465469386592e67b631c870ebf135f202c

Download Submit
/data/user/0/com.taquan.shopping/files/SGMANAGER_DATA2.tmp

Filesize
795B

MD5
af4e8e61c12b0d1a991f708f165ca425

SHA1
d32f6edd16c04e6747b538564b34ee45c37d9723

SHA256
35586be0852faf00bf22ccc3c58044eccbda65b9e805b20e92765ea7a306978d

SHA512
2af88d8dd7c33dc6c32439d062753ef883252727f8c876266c42725da53e4f682b3b8a769dd7547f597ed94debe1e08d2b502c22c33613d7f85831ac815c1e45

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
66277d7d642e6851ef50b8014c851bdf

SHA1
988e8ce75504429bd4a68a22155d1071faa2f93b

SHA256
aefe6b76d77bac20e4692b5eee2eb32ecd16354614172769096cf31eb1dfd813

SHA512
d1d047fa6bda05f2c60521dcb34d740cb97263030653c363a8f77f27ade7560ee09279ebb0914742fe3a00cee9e2a7b05657c82b046370c54fac4e2e13fe3518

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
8bc7466d36b81400d007bc52487e3f7b

SHA1
195716bac1acce7042c4c91bbda852b055da8a55

SHA256
ae211ec6a715b1ebd76b8983c7d240e1ba7ea0aca209cb77ac76bb0cf395cad0

SHA512
e2897d5d4fad6ef499f15be0455907667fd39f1e7b4e0aa4742e9ac14e980c0600b53c5230cbb3ff8949d1d6444e9186af8ba5d1609acb4c76fbb883dac47cce

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
85fe5f7db74f79db4ff5fe8191aac975

SHA1
72eb2f68655c89c454828a5eb94acb52c2c3cb92

SHA256
fd32a079cc4e73b616b0df092a80b5511b0e157ab88a2579b145349910cdf042

SHA512
58685cf3d8f09d8317a071796a06bed26711eacc5fb5319027ab71b9b7c9a21439302e47ac88504a75578cd17f43e2408bcb5b755b4e42eb984639654049a354

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
576KB

MD5
cf7988110ae39ed28e1466a5a2238330

SHA1
3ea6838d5f2fb0e8925889483b2cd5313af6eb83

SHA256
defbecf65a7b91b076f4e8c0b6c33727c3f9fe281530157b81b25dda21aae7e6

SHA512
4f4ee887f4657ac504d54b215fa36eb6890641c54c21e7d54f1d19ea0a3698c2f7f6612bd25c73f700243cd02d0023db096ad0018c75d4d2ce5759431798e2c0

Download Submit
/storage/emulated/0/.com.taobao.dp/dd7893586a493dc3

Filesize
512B

MD5
9459284d4972f6518051be6c5cf5844f

SHA1
bf903e91e0af23db4c0fe671e998bb92f25e0849

SHA256
a73fd1f62d7c245b4c91062a907bbd0ad547c230dc994389396c6da51084f4f2

SHA512
26cfc899fadfa284b37a1c7fcf2a15c511c3c225b4380eec9d96593347225702a3797731ec704f7e564c7135d865ddea63d8be9f9802d5e9383c64d597f7b1bb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads