Overview

overview

8

Static

static

6

d3ba7b145d...18.apk

android-9-x86

8

kkk_sdk_v4...ge.apk

android-9-x86

1

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    08/09/2024, 06:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d3ba7b145d2aec4eeb8a9cbf8dfe17fe_JaffaCakes118.apk

  • Size

    29.6MB

  • MD5

    d3ba7b145d2aec4eeb8a9cbf8dfe17fe

  • SHA1

    529bd85b931a70465cb9e1fc9a12c76ef66d71cb

  • SHA256

    3c6e4a3434bf0d11a778213981376a60bbe79a06cb8208aac4725eb60fb1ee54

  • SHA512

    2ec27f98fd9671140f3bdc790c30b72807a7bf4f91c68f0f5f4ff9c1b066e7d8c40738c458629db2649125dbc6f887d539faa737dfa6995c5bfe297438b89b40

  • SSDEEP

    786432:K7qBl3F19u38COsb91h7pFsDatGH/ZMXECKOPXLkvms:K7qBrG8Cf7NztGqNKOfAV

Score
8/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Checks known Qemu files. 1 TTPs 3 IoCs

    Checks for known Qemu files that exist on Android virtual device images.

    evasion
  • Checks known Qemu pipes. 1 TTPs 2 IoCs

    Checks for known pipes used by the Android emulator to communicate with the host.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.android.hjsanguoruanyou
    1⤵
    • Checks if the Android device is rooted.
    • Checks known Qemu files.
    • Checks known Qemu pipes.
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4331
    • /system/bin/sh -c getprop
      2⤵
        PID:4372
      • getprop ro.product.cpu.abi
        2⤵
          PID:4392
        • getprop
          2⤵
            PID:4372
          • /system/bin/which su
            2⤵
            • Checks if the Android device is rooted.
            PID:4464

        Network

              MITRE ATT&CK Mobile v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /data/data/com.android.hjsanguoruanyou/app_crashrecord/1004
                Filesize

                238B

                MD5

                e322e5141d8ba705131b92f761f2f73f

                SHA1

                7bd7a9366d9d776145408d03c31e21cb8903d20c

                SHA256

                1c27a836ff4c99f694cca3b4bf34cf3090e8759d491259c77c0e1a65a38fb42a

                SHA512

                d674ab4e12d9adda8133ed679c15e695079f1cbf1eac3dd6bd9673f03fbe059a3029d1981481f9d1c1a34bb00d48aeed0b1799463f4c95b1885749971d3d4bc4

                Download Submit

              • /data/data/com.android.hjsanguoruanyou/app_crashrecord/1004
                Filesize

                58B

                MD5

                0d210bfb2a0e1f1b4c082a6a0f79de07

                SHA1

                bb8ed9e364db79d1d9f2fcde3f15091893222faa

                SHA256

                988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

                SHA512

                536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

                Download Submit

              • /data/data/com.android.hjsanguoruanyou/databases/bugly_db_
                Filesize

                4KB

                MD5

                f2b4b0190b9f384ca885f0c8c9b14700

                SHA1

                934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                SHA256

                0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                SHA512

                ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                Download Submit

              • /data/data/com.android.hjsanguoruanyou/databases/bugly_db_-journal
                Filesize

                512B

                MD5

                2f24c2444a157a2906f96ff6eac0a30c

                SHA1

                f8ed0986ca1c9c11c540cb7124e9951899c93200

                SHA256

                c9ce42a345318b473e925aa2ed0901d1bf7f486fad121929bf889effa7b05206

                SHA512

                17a7be1497651868e2b315d1000f64fbeae7c685edc3a0ab954dea4fa1909af4c1746d4f583277c9bf251d57ee0db3c5e587bac28f5eb69231150d4fac0bc403

                Download Submit

              • /data/data/com.android.hjsanguoruanyou/databases/bugly_db_-shm
                Filesize

                32KB

                MD5

                bb7df04e1b0a2570657527a7e108ae23

                SHA1

                5188431849b4613152fd7bdba6a3ff0a4fd6424b

                SHA256

                c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                SHA512

                768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                Download Submit

              • /data/data/com.android.hjsanguoruanyou/databases/bugly_db_-wal
                Filesize

                72KB

                MD5

                1f25dd2544d6b7893099df8b2927a9f5

                SHA1

                f30de1fcc9ade973f65147386956537e18ad5349

                SHA256

                228f10284c99ebd211a72f08ee3b83ae9caf87b15840ff76499dbd85e4682ee3

                SHA512

                1cde2462af35e888cc97298f4c5eb0f43c55e7c79910f4b6d01abf84f2a6bdd0983685adbf13511d63fced4bbc7b78d005a55d570b65b234e92a968477e0814b

                Download Submit

              • /storage/emulated/0/Android/data/3kwan/UTMA.DAT
                Filesize

                96B

                MD5

                29159849a98b38b489c4f6b31ecb970c

                SHA1

                fc086bfd1f16e7dc0f06ab83e0bff065ca8fcd4c

                SHA256

                9181c27ee2ce888f50d2a586b3c755d55e44645d83611b87ef7d867a76ef813f

                SHA512

                ea536326dd7711e570b2a55f81d81a6baa25e35afc6ad7111e2338297d25946ed788f1d864f1194ae275ddd07ffbfda245533c880d671b9b651b50add55e72cd

                Download Submit

              • /storage/emulated/0/Android/data/3kwan/UTMA_C.DAT
                Filesize

                96B

                MD5

                60397698812a1438978b3855274d74ed

                SHA1

                508d4d44fc1e81fbf1943edda5681d901a524e3d

                SHA256

                cebcfa71095ca7a015e9626f7727688b9e5a590f8a8ff126dbdf7cbb3e5be3d9

                SHA512

                875d9cd80b924f3e366ec94417ac494f7e3858330ac934d7b4020903fa8e3a5d75d8cacdd4fecd0a5ca572ffaa241c107ca4e2b21df4e90558a11d51aaffa481

                Download Submit

              • /storage/emulated/0/Android/data/com.android.hjsanguoruanyou/files/tbslog/tbslog.txt
                Filesize

                7KB

                MD5

                4963ba0769ac3a8f7687a3af07e6c4db

                SHA1

                c62b01f49a5d7cebaa2cbb6f83155fde420754ad

                SHA256

                c1efa7b043c57f942d8f453cae7de8ea294c392fbee2c0174bbe7d12a40c2363

                SHA512

                6e947a24671f96421b6965cbf5ab2b77b774951f09ab2e07ae6c4990d0ea5ee7462cc0b7a2dfb92b979ccd749528637ab78e271f5a36003b348587c82f813c9e

                Download Submit