8ff6747322ae1b18f6d3146b76f6440b84bed2da4caba6f14c4ec362463bd725

Analysis

max time kernel
20s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
19-09-2024 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eacaf3b68dc57e0b280f9e4e086a6182_JaffaCakes118.apk
Size

8.6MB
MD5

eacaf3b68dc57e0b280f9e4e086a6182
SHA1

d541645113fea324dad16564c34d42060438fa93
SHA256

8ff6747322ae1b18f6d3146b76f6440b84bed2da4caba6f14c4ec362463bd725
SHA512

2bd0bf6de5b7b23020698cc38fad9b3bfae06f1e9ff6812e367b52f12c803e59d71ef070456678f1e9c3542d2106c60ae0702378ff8fb6bc5a2007189b0b9d75
SSDEEP

196608:+/ETpht2z9Lr7sUjRN1j4PtsFGep2SF1AqVxe5dsOQD11w7:+/ETF2z1TjbpbvTVCQR1c

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.senxing.app.android.article.huawen.news

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/product/framework/com.google.android.maps.jar	4962	com.senxing.app.android.article.huawen.news
/product/framework/com.google.android.maps.jar	4962	com.senxing.app.android.article.huawen.news
/data/data/com.senxing.app.android.article.huawen.news/mix.dex	4962	com.senxing.app.android.article.huawen.news
/data/data/com.senxing.app.android.article.huawen.news/mix.dex	4962	com.senxing.app.android.article.huawen.news

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.senxing.app.android.article.huawen.news

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.senxing.app.android.article.huawen.news

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.senxing.app.android.article.huawen.news

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.senxing.app.android.article.huawen.news

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.senxing.app.android.article.huawen.news

com.senxing.app.android.article.huawen.news
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4962

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.senxing.app.android.article.huawen.news/app_bugly/rqd_record.eup

Filesize
408B

MD5
9a4d70952001d881ca63a0ff2b323717

SHA1
5af992149d439245ba611f211124d6a772b9dc77

SHA256
ded52622abbb327cf216cca18f4d02a1c2221e4b12f13340c1726f81877f5574

SHA512
4bda338a4dad72eb79ab39c343cc61a5c3dedfaa2a4ca0792373e63c9ac5a237098ba5fb15961faef15826d67457e9822790d5bdeb463b93086be817d54b18c0

Download Submit
/data/data/com.senxing.app.android.article.huawen.news/app_bugly/rqd_record.eup

Filesize
1KB

MD5
49ad26e18d80f73683c69c3f91dbf8fe

SHA1
027fe3b94fbec85e46acbc4f062f3e09469de2a3

SHA256
14f4b8780fc38dbf254e8dba4ae637e286bb18f48fab2eb46b2d02beb46e3227

SHA512
9c617a62302d45762a188391482c43ae8f8483ba81ddedbb44203033b190c56a10396de2117a2d6c5c61766e9894294e4c3db6b528bddcaf658765f957ac364e

Download Submit
/data/data/com.senxing.app.android.article.huawen.news/app_bugly/tomb_1726728670191.txt

Filesize
19KB

MD5
ba4dc3397e8b207905d4702742c16d96

SHA1
313acec0e419a8ef62984bad165acd9e383ada6d

SHA256
6c47c6e4929f6b7974e952c29f86fefd541fccdf7c7fef1a5f45dc4bf877a013

SHA512
44229b4093c90daaee9b564b8a07a6b5e9b5334cca5a79b920d55d71e7b870e2a56ced2bced018082021d77b43df60cc2759fbeb8b28653c5944c2ca8be1c285

Download Submit
/data/data/com.senxing.app.android.article.huawen.news/cache/tomb.zip

Filesize
4KB

MD5
7869c2bddb47bfab4b45f3ee5dcdda9c

SHA1
a636a18cd104edf2f2c81acb842f84e14cf18773

SHA256
6d8f3bfe7c7eaa51c9499451ba4924525ba0d063d734c9ed515953047e4da69d

SHA512
3c68c84bf84cf023c09167d5324fe2c097e67a3a6d9b334746021343e8a77900d7ce778e81f95545578ba7ed0e8b07ba968525f875126d6561be74382184dedc

Download Submit
/data/data/com.senxing.app.android.article.huawen.news/databases/bugly_db_legu

Filesize
180KB

MD5
ea0cacbe37ca91e40cecd3e081c348e5

SHA1
3ca519b7436ba5dc098fed7c974a76c6600f31f6

SHA256
54c4f222b7dd842c5baf140710ea1c5aa48f2eba1c0b45a711e67e903597e167

SHA512
977b10c239deaf62968ffdc97350cb2ea4dfdbe5674c9ade97bdeceb99d92373cafb49805b891c2971f2d58195648e6c557e7d9e6c36b2905c8677cb9e1c3ba7

Download Submit
/data/data/com.senxing.app.android.article.huawen.news/databases/bugly_db_legu-journal

Filesize
12KB

MD5
b30280e055ed91e9948596b97ca9fef8

SHA1
adde10e3ee8d0db5a4183f5b9187f376a81fb04d

SHA256
4aa3eb5ef2b2969eb1cd541724617b9faf75d56e9da66044099acbb8cc973201

SHA512
f3253e3c41e6811fc5f54a6807ff5a50e7cf6560e137d1b762eda3b1f41597c3bd50e69d6e750a4b90ac8fe4db525e7f19da26590c91d00563833c60cc00393a

Download Submit
/data/data/com.senxing.app.android.article.huawen.news/databases/bugly_db_legu-journal

Filesize
512B

MD5
f710a1bea9fd420e400f3423c141d600

SHA1
7ac3a2a6bd4b89f0efb85c1f1d345ad801f7e92c

SHA256
130ccb8d5f33f39e480556969b29b4dfa6f95b5e5a680988921ad692705a7181

SHA512
4c4dfca554c33928c4d76c4d0f6b9f5d11e0fceb0b228b504a4bb2c0431b8948dc96f8ff1d9b12b00502250a2c1a499b780b6e714f558f080738d8ee0686cfde

Download Submit
/data/data/com.senxing.app.android.article.huawen.news/databases/bugly_db_legu-journal

Filesize
8KB

MD5
ca3db7eea72abc41a1ca47cb86684342

SHA1
51be5246f44433eccc5417031c8e72b7ac173b05

SHA256
28ea28b18273eb29485358f29b642d6738c8b13c759efa8f4b4a0524337bf563

SHA512
ac90cd003b58feb4988d3185dbe9d990266e909fa9629e7d9879fffb6851dffff63a17495352179fa00e0809e36b7977f9dd10685b0e54ceefefad3fb37c4e49

Download Submit
/data/data/com.senxing.app.android.article.huawen.news/databases/bugly_db_legu-journal

Filesize
8KB

MD5
a9d9a85280c74eb016ba8848cd75cbf7

SHA1
881510c4872e270c9d800461ce9ce29b4a8200bc

SHA256
3e67f2504d53bab2b2bbe8a5e86162d2e35ebd67370c2b91f8c9370c246438e4

SHA512
eea7710bee08fb44bfe47644cddfa5cb4789b3837ca1db45766228346365dbd2713b62557eed0edac1d566e9d908dbd9b8f6e033062d21a1e1f3026099a1898f

Download Submit
/data/data/com.senxing.app.android.article.huawen.news/databases/bugly_db_legu-journal

Filesize
8KB

MD5
e35f6a77d3e9eda497e1b73f0bd594cb

SHA1
18723f5eecf437a0cd1121e8f5fd6bd1ef6d4f86

SHA256
35642ee90403099082e60da534eb05482be054c4496ecd391727f5b1cd4138f6

SHA512
177c1cc76422a99d2c33a601960516a21c94f07a59fbfc300d0fdd6cd45021a2b01345ec7fd9d2036d750f12ed36061baed305b3cecb594fd7af589c80c46238

Download Submit
/data/data/com.senxing.app.android.article.huawen.news/databases/bugly_db_legu-journal

Filesize
12KB

MD5
b862a011c126a657824cf59cf1e6dfcb

SHA1
2685d560cf1b3a9e0480475dea016d00ba079eb1

SHA256
7fa1c68074b71b48905a15eb72ed25d9c374107e6c92e7e11b10d5041fd3b915

SHA512
41420020608ea6bca280418425ac491f03a557fe468ef842dcb2c095116e08deba23574dfc31aaab3241df3f2b0e0cba227d2bc53e6c19d4324ea94b20033fbd

Download Submit
/data/data/com.senxing.app.android.article.huawen.news/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit
/product/framework/com.google.android.maps.jar

Filesize
315KB

MD5
4899aca36d1ed747a447dcac0d101a62

SHA1
32e43edc0bf3e036683ea8639472e6cd31ab9929

SHA256
67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

SHA512
50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads