Overview

overview

8

Static

static

6

c76066057e...18.apk

android-9-x86

8

c76066057e...18.apk

android-13-x64

Analysis

  • max time kernel
    11s
  • max time network
    137s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    28/08/2024, 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c76066057ed6967b87a64ecf8bcf24a3_JaffaCakes118.apk

  • Size

    18.8MB

  • MD5

    c76066057ed6967b87a64ecf8bcf24a3

  • SHA1

    f498f649e7abdb9f4e66a5277f6e1d3f94dd1750

  • SHA256

    e72f0e9baa5af494db8cc3c60a7f238fa6235539ece6d40d806674e7d62aeb47

  • SHA512

    e86d0b60b215ad7378a41658e21a074f90f811964e3d122ee67f94c4e97c5446f4f190950142e5769af6c821e78a2ddb681b0efb94bcd5bbc36e6f0b8b0849e5

  • SSDEEP

    393216:0+hzhBiypxiyjVgjnsFRrb2IW2UTyanHAGnbe805CW7qL8+w65hZvQ1:Zzvi6xJgsvPk2UTlngGnba5/X+wY/Q1

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell information.

    collectiondiscovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.juzifenqi.app
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Requests cell location
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4266
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.juzifenqi.app/cache/td_fm.jar --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.juzifenqi.app/cache/oat/x86/td_fm.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4304
    • ls -l /sbin/su
      2⤵
      • Checks if the Android device is rooted.
      PID:4342

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.juzifenqi.app/.cache/classes.dve
    Filesize

    24B

    MD5

    97c60f103cfa7969574ab444dbdcf829

    SHA1

    b9b71dcacc6e0466225c4c5857ca869bad4707c3

    SHA256

    93d4674c5560287521be057bf2631e1084dcea23e4792934d126a8a002f6fad4

    SHA512

    c9f50422cb18e246626584dec67a6fc8579ceb4490ef4103fccbf0e771786af2d9a773f3bed1b144117204b4f3d7d65901c4185984b0537f4c97c75ad0ab468d

    Download Submit

  • /data/data/com.juzifenqi.app/.cache/classes.jar
    Filesize

    3.4MB

    MD5

    aac01bac927f32da77090bafdab0c173

    SHA1

    fd5fa1394de57ceff970794c4d7d8003ecc60854

    SHA256

    5c28bdfe93d656e399d62fabd449323f030ebaf2ed80f16c3bc47fb4facb367c

    SHA512

    6414af16afc12db1780566c325f81f029f16642d692849c4e989e856556868a45996ec3a4bc52c12ccc70d4985f6ed22bed45c944c9ffd1653cdf6072ab73cf5

    Download Submit

  • /data/data/com.juzifenqi.app/.cache/classes2.jar
    Filesize

    1.9MB

    MD5

    e850e0ab5f9dc1e9a7ddfe91a8db7883

    SHA1

    56d5a85184f8e5a8e474a5aaecad7763a3a38323

    SHA256

    04ba85e65bdfd19fae090c6e39e25994f2a2d0375c52b92ec536b6d9f7956fe9

    SHA512

    6eddcdc09809ed787037b5f3603b0178c5a68f8b9251343a41a3e39d9ff89f6db43c7ee92b3a5520477b6ac8ce40f5aabb44c315168d3122da107538e221648c

    Download Submit

  • /data/data/com.juzifenqi.app/.edata
    Filesize

    19B

    MD5

    394e2e24574279b4eee31e0c811edc23

    SHA1

    a49c65901f98b2536d1179c22caed5e63f405d2d

    SHA256

    586667bc5fbcaa11251885f1703f49be7b903bfc2cc7ebe2f7d2813db8ca2121

    SHA512

    d22b070fb9059fc32ed664205f9312c8e5b5953e04f09163fdabb0477c87257f7d7443d8a56d5e798e0d3eda675a6ab97a5b6856dc6565cca291f77fa151cd41

    Download Submit

  • /data/data/com.juzifenqi.app/cache/td_fm.jar
    Filesize

    37KB

    MD5

    59a240f9a50b682069179656ca0fcb81

    SHA1

    9bcd5ae769a8fd99af5c4b01f1b09f3a36054aa9

    SHA256

    939dca355c8c6a8a114ccdbd619a79f229d22d3615e4bcf5ff2177915f307412

    SHA512

    23fca85588494b1effedc748cb8d1e4f35e2bc7ed4054128d5115493f63e7e33143da05c52ddb9f5d2c940adc04738cf2b5b9215f9253ad54e9d92adc2131b39

    Download Submit

  • /data/data/com.juzifenqi.app/databases/bugly_db_
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.juzifenqi.app/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    879e70bd9dabc852a8c0ce665ef61f80

    SHA1

    08a05b950f4dacd2b14ed58163e6f01d60ea0249

    SHA256

    dc412cad129ffbbb492524514572825f355b20c87fbebb9a56b41be2a29ff2e0

    SHA512

    014d80c6d6a39e1399a66d0934c492a0ace51e4c690619855330a84fc8fea5f3a46b618ee45542a53a562853d6a3e1917f5903f0039d40187d5f573b48820d40

    Download Submit

  • /data/data/com.juzifenqi.app/databases/bugly_db_-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/com.juzifenqi.app/databases/bugly_db_-wal
    Filesize

    48KB

    MD5

    f44240d0cfd45b812b6ab6a5aeae2457

    SHA1

    35933d0e372c91e7fcb39e4f921984e8533da8d1

    SHA256

    d98ccbb774c1136a897269a94fd40eba6c6e10497ba2fd4074c6cee6b4ff0959

    SHA512

    0305625f65c04e2466dd0f692f9dc7eae47f4fc4b245df6c52d8a4ab59f963ba68965a03e30b46f90ed960de73422b8a6d4458ea51aed991241abda5243ac08f

    Download Submit

  • /data/user/0/com.juzifenqi.app/cache/td_fm.jar
    Filesize

    84KB

    MD5

    52c2ffa309fd8aa40784aaf86a7dbccb

    SHA1

    a1b56087977d6b40cd17c564e7b6156956def42c

    SHA256

    b98c73b8c6bb86e29be5611eb016bcd8b2ed5b61b222915a890a7404c4a2d205

    SHA512

    ebb4ce4f3c2a8aaf826cafc536fc4ca5edb8d654e21613bfc9b45e26101bc7e64d7186c90c877012c9817a9b2f81faf9e4e6cf25352fdedb5012f566ce3063ca

    Download Submit

  • /data/user/0/com.juzifenqi.app/cache/td_fm.jar
    Filesize

    84KB

    MD5

    b94b2179695252d2d9220e97d14e2557

    SHA1

    3a0278afd368d25a40670745171a1248590e92a5

    SHA256

    a165fd6c0ae33cc8162e164a63b5e5abfafea84a4ef69b3a2845dec716046448

    SHA512

    0ca17f898c9fe03cbd1cefd19a021b351a7f7432a8520f7527900b9b553dadc305ec2e8ae51ac6eba6deacaa1472ccbb01bafae98646158234ba29213da1c1e5

    Download Submit

  • Anonymous-DexFile@0xd166c000-0xd1d359a8
    Filesize

    6.8MB

    MD5

    6cdf039996c439295155bafdd8eb8799

    SHA1

    55db688933a83dbcd5f3477d8728eccd97e3f009

    SHA256

    e060267de5f23c2ea57bcb15512d176b5160922a258ffc8e50b35245fff1ea59

    SHA512

    87f26e51cde75539d60974fb89b6cd29a192b56cf3f5df011c0a27db1f1bb33f98b1e114534ca65c48214105d8d610339140b987023dafdea82f6287e2f2b1f1

    Download Submit

  • Anonymous-DexFile@0xd363a000-0xd40dc9bc
    Filesize

    10.6MB

    MD5

    8991bdc75bdd2eedb4aa3f30d429bb36

    SHA1

    118d269cfff1729b6d3ef3952856d96549b54bf1

    SHA256

    223a09a1671a76bea951c42a095991ea808b26a9eff1126acb3f64d076329d98

    SHA512

    b72b91127ddc09fb59df0e9bfb14d13deb92b0945acdbf854bd4e8e6d8bd8f1b08dd9b4d56e0e00cc1f2363054202853d89fc69220d0b6f25a9be044ed296b2e

    Download Submit