628d3cc5fc7aec71aa1c72ceb270ba24f48f9b18d281bbe770b934a61c5dfaf0

General

Target

c9265b23fbeec5b26800ef7895465f6b_JaffaCakes118.apk
Size

3.3MB
MD5

c9265b23fbeec5b26800ef7895465f6b
SHA1

19b7a573718a6046df2210ec8bd94c6e05b84f06
SHA256

628d3cc5fc7aec71aa1c72ceb270ba24f48f9b18d281bbe770b934a61c5dfaf0
SHA512

cbf78b44868abb2fca7822cfe098a935239a19997914e586a36b28c927d65bb77d1f7f7597cbdc4f43f313ec58dfe429e8554122b42057b0c33cab89e35032f2
SSDEEP

49152:gxXwt2nAgg8hGCn37m9hTttmpLijtY51xqAopWZWdWw0aSAT3HHjvY8+Wo:gxa2nAv8YCnrm9hhwZiOFro8Yc7uHj/o

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jiuyao.game.ztj

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.jiuyao.game.ztj

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jiuyao.game.ztj

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.jiuyao.game.ztj

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.jiuyao.game.ztj

com.jiuyao.game.ztj
1⤵
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4252

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Discovery

System Information Discovery

2

T1426

System Network Configuration Discovery

1

T1422

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jiuyao.game.ztj/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.jiuyao.game.ztj/app_crashrecord/1004

Filesize
228B

MD5
3a6b038c201727b963982d77ff6ea454

SHA1
e1e59c8955df6f439675156c69e202032552cbae

SHA256
6bdcd48125d6f313eabaa126dad23e11f56389d723da73e61a369c22ef7b4f61

SHA512
e180f8453f092b46d3724e7325dd90e0fa88fe22b971da15e42887bbeffd1c1ed21e6d61edd052d352ce648eab2b28db8150936fd578501bbb51d4c162767b33

Download Submit
/data/data/com.jiuyao.game.ztj/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.jiuyao.game.ztj/databases/bugly_db_-journal

Filesize
512B

MD5
6a23ab8c611751f399a767431c884a89

SHA1
5f1bee22fffb2e279cc5a8ad2949614c12558769

SHA256
67ae231a259ce73466ffd40ae669ef90a8ad01e57dfbedab65dc359c805e5a22

SHA512
6d909ce99085ca4cadbb8182390e922f121de7afc99688371a55032f56111f774168d1a1a42b7fb865ec9265ba972baaed18a16e37e61326bddcca9ce88aedf0

Download Submit
/data/data/com.jiuyao.game.ztj/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.jiuyao.game.ztj/databases/bugly_db_-wal

Filesize
68KB

MD5
65052c53495374453f5b8e24cc44587a

SHA1
62a8aa69f8269e6a8559f4b51fbe57c45a564bdc

SHA256
6afc2302f9526587f1874d2edc1854a7a97bc6d96f640534a7b91b5c06995301

SHA512
91a2edfd564b1aa65bfe85ef2b99815222dc3a050ac17b514e4ce32c10a36957cdc6cdf537d7298c1e6398dd376f3fa3c319fa6c3459b900187906a9eb636f4b

Download Submit
/storage/emulated/0/Android/data/com.jiuyao.game.ztj/files/tbslog/tbslog.txt

Filesize
1KB

MD5
82f2426741ce1312779f002e0886aaa3

SHA1
53ffd3fc264b72ad61d7c5409dad58b14e351ae5

SHA256
ed1647df15772adab84d8c2853521015a09db7cf640a6c4f22c7830cd591d092

SHA512
bd106e347e85a61aba3be64d77158b6727f784f9c2e1f3de6664c6f11fcc7d4991f1101e67adf5ebe92a4b24db43d30df2a429fd8a64156669f4dd99ce50fd26

Download Submit
/storage/emulated/0/UcQkDir/qk.dvid.txt

Filesize
65B

MD5
f9c5516d934c5b2d9daabd8cd71f72dd

SHA1
0ef7016a1a4ec3921f38170b42949dc70f4f5e5a

SHA256
f4d3bcf79fa0c26e152294d849677d091d0093c838c214d2a51d6c78d205922e

SHA512
456919e409288faadc99c3edfddba24727ab0d8de7b10b72c8f3562e7d5b86752201799ee7fbda6e85dd047bf572ab6fa5656e755aa50f44393d29742e078575

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads