b4021224f94aa43d36f424762db91839b5c8862320d4c6a288926754eba09c4f

Analysis

max time kernel
33s
max time network
132s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
12/09/2024, 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcbaf2c9a505337dc7b76e88f5e60a3f_JaffaCakes118.apk
Size

10.4MB
MD5

dcbaf2c9a505337dc7b76e88f5e60a3f
SHA1

3d9c4e5706063798795bd4318fcdf1fe05a9f75f
SHA256

b4021224f94aa43d36f424762db91839b5c8862320d4c6a288926754eba09c4f
SHA512

a6c8cd5ac0302bd9f0ab6cf6e4703022a048db4ee972e98f9d64701633b437ef217370777fbbdadb540114365194b8c487c255e004c1815bae599038faf2937e
SSDEEP

196608:f/JWxA2uFSxGBvwx7yhx/vwFC73HyuoEUExjAJu40gwA:462uoxi7Rj73P1UCjAJuhgV

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.ddz.mobile

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.ddz.mobile/mix.dex	5063	com.ddz.mobile
/data/data/com.ddz.mobile/mix.dex	5063	com.ddz.mobile

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ddz.mobile

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ddz.mobile

com.ddz.mobile
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5063

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ddz.mobile/app_bugly/rqd_record.eup

Filesize
350B

MD5
0b14ac60a15e310b0932756b6f8df587

SHA1
81056679cf8fdc508c26edb15b49838a4eac2157

SHA256
05b4a1ff3623c62c29f29da49e07e5a1f64fea65e659374cfd2b09463e07cf86

SHA512
ac736f4b2cf9793829eb9f4c8549940bdbd2798c04337b5807fde88732ad146c2f5c5875637a271c6178bdf77ac21e36d56311fce61b3b7d1d34f2fb900721be

Download Submit
/data/data/com.ddz.mobile/app_bugly/rqd_record.eup

Filesize
1KB

MD5
a20def90c1650dbc7b2439c3296632b2

SHA1
2e57738773ffeb9d1f042303f5a6a4540af580f6

SHA256
54cacfc4eecdbe67bbb15c940b97cf796afca54976dbf96d1785a4f6a63bbb98

SHA512
296bf2bbfa448a0f0939da143e88459bcc245a2149d06e66c645be561d2b6a64d90524a4d9caa667a8ea7790ba8277474fdb6a1d548aa676b357a8b3e68b728c

Download Submit
/data/data/com.ddz.mobile/app_bugly/tomb_1726162902319.txt

Filesize
19KB

MD5
ceaed6c01871f3c1823177a11bc2de7a

SHA1
616c93a98a026be2b384fa1db9b5df862000caa1

SHA256
ee6439427c441c908fa563cc3f3b6a1694796dccd5a4c579d242a3b7af7ab3cb

SHA512
1ff99ebfb20614e173adbb14c3d31fa31a451f3c9923e7099ebfbf4dabfd604fa93fdbf9d680885ad8e4ba011a1d6028ebc789f55f2caa10ed39d27692bdb52f

Download Submit
/data/data/com.ddz.mobile/cache/tomb.zip

Filesize
4KB

MD5
ba2b03730469dac308f0ffcc83f6f6c5

SHA1
feaf4e28dc4ccb7f791e8b5c70a3be244fa6b285

SHA256
94977cda9ae0228e70df9ad5c9d867381214aa235d3f4d7ed7781794d41044d3

SHA512
914689bbc5ad79ecf5084493def118b04f0c9a989f5d17e0f1b7d8831f868ae729ecfeb0f6e5c5c727cb60ed466f54c7137d35f050436e19ee918033ccdebf97

Download Submit
/data/data/com.ddz.mobile/databases/bugly_db_legu

Filesize
172KB

MD5
3b0449b01b2a20fe5642ce13f6bbe2ea

SHA1
426c3cddb83d7d76bc153c852854da45828831a3

SHA256
e439becf6bc9fdb3cf5daf8bb4887efe828ab7db64a055e71cfc8b546c73ed7c

SHA512
1c57f3cab652795f0725c3c617f9b64e7512a3a16c8c4c801a53a4cc941e493bba8e38eef5e969ee6a56c260d9c282e564629869eaf139b3e22f0a5a0b324cb0

Download Submit
/data/data/com.ddz.mobile/databases/bugly_db_legu-journal

Filesize
12KB

MD5
3b45a1fd6d901d8d323ccf16cbe66a98

SHA1
313aff8148f1aaf3afefc4b69eb13568eab0d443

SHA256
16d297720b1764b5d2edee5d3ab4741368a701ea0eb8618d7d9f79c9c5b45790

SHA512
6791cf5e25acc222a2f27c801f91b1a42b6f520ddf1b8eb079d44ae74a5b7e2191e71a3d624d5799ea7f9a734e115eacc95ec3766cb3d10cdaf3d407fd47fb78

Download Submit
/data/data/com.ddz.mobile/databases/bugly_db_legu-journal

Filesize
512B

MD5
d8f7965f5e46ec2b0ab16a47c019b9d1

SHA1
59c0356334a3e87742058328fea2eb4d0bbbdc17

SHA256
7c3205639cd932752d272ee00a549f2a890736ebe4dfcc5649d2e199ed5ff9ca

SHA512
fe52f572c5d376f3d40a4afab4ee6a7c0c1844326472aa9e9e9c47760998a2ce4c203f5747c3d7e50702d6affc82dcb73d2225b5c17a57480c8e84f54b70c4cb

Download Submit
/data/data/com.ddz.mobile/databases/bugly_db_legu-journal

Filesize
8KB

MD5
82680f8a58ed394dbc0d28c4d5cf0013

SHA1
2449eb0ad900362fe6dc481fb612175a4d5af969

SHA256
44020faba882e66b63749c39825204d86525d109008a51268fc71ebdae6e0b2e

SHA512
2c7fb3635025be640edc762a4821f526efb5ecf98f864c0cc282bfa6982a990055e3a7ded9e769fae1a3f97ff4d883533640f6ec938f5e519949d4131aa4f3a8

Download Submit
/data/data/com.ddz.mobile/databases/bugly_db_legu-journal

Filesize
8KB

MD5
5735960e3579b8086be16f43b0eca305

SHA1
88af6a62bc0214da46ca8f3d46de47af5d64832e

SHA256
272c93097aedab5688f50efe61cf65efe83fafd4d8e7b3b2e44121dc61aa0e8a

SHA512
9f07cda9429354c693c090ba7a7080d0b4ecdd9f3f709e081fe6c4d0db767aebf2d8e429edc5bb2a38275cfbd75781efa4a14ac945a6762796aebfb73e5daa4d

Download Submit
/data/data/com.ddz.mobile/databases/bugly_db_legu-journal

Filesize
8KB

MD5
727edc9e7dae5241c5ce113b350c256b

SHA1
08f68e833adca384acdfe0a99a4a428faae6628f

SHA256
8954ab900f617a39d4938e0a75948313d5fd62ee9a797a0d02563f455f7a51ff

SHA512
50949b42fbb7b1c889a5e6ff0dfe27e6d05bfbb7376e427ebdf3e10204da629bbf83a5feb77c652ca14c5edfa93a63ee4e4d7c83f9e166881cc43d4bc034c660

Download Submit
/data/data/com.ddz.mobile/databases/bugly_db_legu-journal

Filesize
12KB

MD5
f8bbb8d9b4c938450d5106f080884f13

SHA1
b9394be10b5eb59c1ee6d4218e25a716ad8d5c51

SHA256
a144d35f2cd18ec89d2dbf44fd01ee8c05d25a8377b1ac964d4799deab5f27a6

SHA512
80299c301d0f23fe6ad6550974dce35c1e4aa9470651a45e64afaa42640e1a28b382620c6b9c12dda0a736df6e6cced5c6521a2d5d6e7f48f0642a50cab65b8d

Download Submit
/data/data/com.ddz.mobile/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads