acdb472e21bc2e2a16492a2e0badcfd5aa122943965716631036e33ac3fbd99a

Analysis

max time kernel
8s
max time network
147s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
25/09/2024, 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f60dc36a96806a3a1e00cedd58a1f46d_JaffaCakes118.apk
Size

12.3MB
MD5

f60dc36a96806a3a1e00cedd58a1f46d
SHA1

83e2ba24e44cd589f2dc62d019a8f38fdb1b72bf
SHA256

acdb472e21bc2e2a16492a2e0badcfd5aa122943965716631036e33ac3fbd99a
SHA512

8fa54d86d1562ee73afedbbfcbc9829342642a8ac550b787f662de376ffa3ab948f5637dc4c317f59e225100775019c2015413a674acbf2e86117432cea19616
SSDEEP

393216:kFG7GgdaYTClcx9uICa63bbJw3zPzoTy0eqS:cEFQlc3uIJ6nJw37zoWMS

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.lushi.zhuanbao
/system/xbin/su	com.lushi.zhuanbao

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex	5048	com.lushi.zhuanbao
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex!classes2.dex	5048	com.lushi.zhuanbao
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex!classes3.dex	5048	com.lushi.zhuanbao
/data/user/0/com.lushi.zhuanbao/[email protected]	5048	com.lushi.zhuanbao

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lushi.zhuanbao

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.lushi.zhuanbao

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lushi.zhuanbao

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lushi.zhuanbao

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.lushi.zhuanbao

com.lushi.zhuanbao
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5048

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lushi.zhuanbao/.00000000000/37CF018B.dex

Filesize
48KB

MD5
75d46252620a12dd7343e91c8ba209bb

SHA1
6615b67e21963e5689685f8494f442dcd729d4d1

SHA256
c433c8e3f847da2b98ee8b704ea3b7d0f38d6249626dfe26a22bef0c08e5fa71

SHA512
9ae5f0ae0a77bc8c9a27a43252ba01d4bbb69a326eb028d2e887d701b202b66a7065765f2f0214d2b0701493634ff33c2104becdb80bf7e8c2657175857b7af8

Download Submit
/data/data/com.lushi.zhuanbao/.00000000000/37CF018B.dex

Filesize
48KB

MD5
4e93a7a07efedcc6e3c741526d2d89a7

SHA1
e25833d7a51783c17978a7c5e7953d7cf1df80f5

SHA256
26fd97dcb56a0ae4ffee7b9514cb697de101ad39e3b2af2933b1eadf409b740e

SHA512
94a5e0b50c0efc69b79fe9b46513537b798a45d00234a7fe1c529e7d5eb153704ec9966a0e0819983f726260579707d7b82e7b31f845fa7602e06c078b98319f

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex

Filesize
6.0MB

MD5
9c033bd10b44e5d5131977e80ecafc1b

SHA1
77a150c14bb65f172c5df57b4b303524a9d4ffe8

SHA256
b0d84fc74b15d0726030b79fe0b72c02515c3f4098d4947ef6aa86cbc4c324da

SHA512
e0dd9ea7c661f965e641085d90b88f0548e4751161740d60f212ac57745088eb09b19c45255b517a3436308632605ed5dcf9553f658189e304f88eb272404b49

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex!classes2.dex

Filesize
6.1MB

MD5
7a640e93fe289fda6a4b087a1924de12

SHA1
440183491f1f3f644c755cd38ca7f1e04e00462b

SHA256
1589c969ba5be207938c9483fcbccc27a660f29a56d904753a05f0a134158a4d

SHA512
315d58dc78ceee663f64ac7f312cf505d3b318c197aa190061d6b7cf067a39cd820ce921b91f257504f7407b649808e29106005cadfbe6a513a30ca4674bea4b

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/classes.dex!classes3.dex

Filesize
87KB

MD5
e3cca5affb2b13e55b7bb73c397b11d3

SHA1
25110f9caf2ad6bc62bdafdb4e3b70cd93396d23

SHA256
10dc27451938c6a4ff8874099824dee1ed9dc23c74cae0924da7f39ccc8c554f

SHA512
917425ed6e8ac57037867b98f93d786b1162806ed18765b20673103471d6eae331840ff5e81f5d3ff166fd488b57947e345f5cafca16b4f63b5694d23e5efcfc

Download Submit
/data/data/com.lushi.zhuanbao/.jiagu/libjiagu.so

Filesize
558KB

MD5
98736de515958ae37ae93a0a0e997098

SHA1
72d0f9d43f7c9bdc9f19d13834c0872f5652c0f9

SHA256
335091dfc73a9f792cb720389c5d94eb6642764a38d70d4b6b7a8afd34038421

SHA512
cc4974ce398bf7f4a20160ad30e4c4b5821ff0d7f2cc9fa0aead73ddc036585266edf429add276b53d6db8dd24a344d709469b9c839451deead6b621e70c92cf

Download Submit
/data/data/com.lushi.zhuanbao/databases/bytedance_downloader.db

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.lushi.zhuanbao/databases/bytedance_downloader.db-journal

Filesize
512B

MD5
e9b747bf4fb7ec39515e535ee9dce3df

SHA1
6e892d5fc73e7d4e62aa917b24ddeec7b93799b2

SHA256
1c3d37283f124d89ae88bbd6dfef650ba6150197e421224990f4aff9e5592439

SHA512
bdbb4bbd710d812cb601793b88784d8951543285ff363669d2bd21d80b31644ddf8b0c4077c4b947e7653708781d2e90e2dbde9aea0e7ba3a5fb18f6ec19652b

Download Submit
/data/data/com.lushi.zhuanbao/databases/bytedance_downloader.db-journal

Filesize
8KB

MD5
669eeabe078fa5b8c941d9a017809e6f

SHA1
dc782eb4b81b60655e42067b95a9a9287257bcb3

SHA256
de43fd4d38264dab4044022254dd5f42c9f3f5762ab5009edebc667a8baa03ab

SHA512
7abc032c8b27a1cfae309a778a1dcf88f5eabb3177500b50bf83259e703e87c3e5dd4d0f13fe0edb64cef0624a431c40fc07b70dd3fd583fc4a46072e63ddcc3

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db

Filesize
20KB

MD5
6aa2221283e2f6a24a1c148e8093c4d4

SHA1
d757b8ca71e249c536d7ee6c9abf30a83205f5d7

SHA256
6aa4c467e4c4b25f7a3b1844f3b1dd4afeaf625282f1c14ce1d8d818bf8725b1

SHA512
f88555a33dac3ec698c8f363e2f9185bd08fcfd407de64625d57a7dfdb4c727a1ecc306565ecc74eabc34c4b84d86ab40b42417f33685521e49c61bc238bf979

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db-journal

Filesize
512B

MD5
c775f3d37c8f08def1e28ac39d92bc2c

SHA1
60544a7198c084e470f9187f7be4ba65553eb57c

SHA256
37cd7256290de113efb269d39be798764a2d02a86876181cb76e0114756a1a8f

SHA512
cebb412e82ae984131f512c5aa130cbd63f9e87de75e46c3a027060f393143834150b3e665dbc09f60dc0f72624627b5e86c12790f4e5ffb2e2db45a2bb19f29

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db-journal

Filesize
8KB

MD5
0b6f2a081e1dba19c4be5f3aed621f09

SHA1
d1c16e346d7541ab09fc1c8cc248cd6dc2a8d803

SHA256
6b7b477608d1bef04cbe5203b19565dde9ece378fc432ddc2728035ff9127d6a

SHA512
c683edc893ee0f5fa62afd4f18ecf2d65976b8e990004b7b3d0f039c027bf5f8a06d4d53628d3e385bf5be06ce86dd1b3b0fc432b1ebc20060a8e93ad5990e00

Download Submit
/data/data/com.lushi.zhuanbao/databases/npth_log.db-journal

Filesize
8KB

MD5
96dadb929981272820681ff7593e374a

SHA1
28e786435bd87ca26c5008bade06f0379d1c4d23

SHA256
8edfc614aa07221e4ee71e54f70fb60c8165d01d70883ce3035382ea3d4056cc

SHA512
34a03ca2f251cf2ea6bda78792dfa3a53f377aa5e83d05bdf45efe90ea2fd73b54c99fd66f58302c6234b2aca4b5af423b504d1160059495b7de69256a676caf

Download Submit
/data/data/com.lushi.zhuanbao/databases/ttopensdk.db

Filesize
12KB

MD5
163b0e3f017becbc89b9d7f330b78f09

SHA1
1ef9cd8ac8655190468d0ccece0a4738634ab0f9

SHA256
cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

SHA512
6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

Download Submit
/data/data/com.lushi.zhuanbao/databases/ttopensdk.db-journal

Filesize
512B

MD5
12c6330e85b95d31f0f1aae6b943e75d

SHA1
e2c28b7a30368d72412c98f03794d8bf3e558f13

SHA256
00dbca2111c8b8a1495c840db2ec168508858276250b464f2ce6d932b632ca00

SHA512
4ee13ab5d0e91b5451fa2e38b453aa7e3310274f37df61f967c0272121167b47a13f2dde49e4216384a8ac1b94ab053cd0753b8573aaaffb537ade8bced07451

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ac

Filesize
32B

MD5
b9c64f04129ffc89111b5e5d879dc0d3

SHA1
7fd48d28f8720e82108283d95d14b277731825a1

SHA256
9261dcf52bcb9f2c8cbeebdb93f6f6d1ccecf1da6a5600d06afd3c78003ad89f

SHA512
1c3c28f3939fdfb3a06729c5d9d77f1c7a58b8850abbdbf89ac2eaedebcccbef5db1804ac07ad56224f9e060b2f2eb7e90bf7b450b89bd4bfa939646237ec9e4

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ic

Filesize
32B

MD5
c45c23630cfcf468ad03b4e9877aa5f2

SHA1
cf30d569f48cdca48b50e4081915ea9fb9afe1a5

SHA256
db2142b77a6511c1f110f2e65c5b13e8456309d106e33b99ad7a7e3eb2f9fdc6

SHA512
a17cb02f69eb27f0ff3215380b398f8f16c8f3ea9fb787a5004ab6fcd0263fcf819f8e8fb19e8d529fcadc57b190f0191ff1c3ae4da5ed03316c29a5bc63dee2

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.pk

Filesize
32B

MD5
7185cffb69741d6fc9101133221a287c

SHA1
c1f4fbde37dd4ae43c7f8b50c5cc079f4bc51f0f

SHA256
a7dda74b143acfce1a566911a709d137d0118dfca53b03375cad84ed90d3631a

SHA512
eea9e239065ae3965f8e4c531f189934563ee06692fd2ac8c82dc348069be784961b33bb7432c75715814ed92e04202cbd8b7194497b9f7ed6d2ef35ca0c9ae2

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.pk.h

Filesize
64B

MD5
46e3c28430cc64537a5232cc3e598cd7

SHA1
e8a8224eb5e46bff62402f1ef62f9a29a918d4c3

SHA256
713cb7b63568f54b5c71fc225896226a848809fb22dcb7f292edcfdb8f50c028

SHA512
f9d9f67af302dd79451204c2791c3354058e18813737b6e9047187a0c88ae46005668ca1f36bbba557f31bde00de92cdcd2e2e8167ef2e436454210d389cfbc0

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.rd

Filesize
32B

MD5
1d2ea4b5d937561a94a9a3a39976081a

SHA1
6e745905dd297b4ac6b2d423777e84cba406bfa9

SHA256
472d7e167a6f26d7223a7ff84053df9b1d083484ba1299223551bccb31ad7537

SHA512
109deed33298ff01e28dc7d44c04eca3dfbc94c1a7ed034920c60be4ab543f501485f65e9a963857b3480cb85191ca6714a8c94c5f7a619733f9e1e1e99fb224

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ri

Filesize
307B

MD5
0c33d6632baa0f49fde3d4dced6fe231

SHA1
6b6db7a66475f21d87b293b27746e596f8ed86c4

SHA256
156f3f9d9a5fd24c78c308ff615ec5e5cc995dc6e2904a5b2f8757a0291757b2

SHA512
7c88ce670cd5e2363b9bcb08dc829c228c09c2c0868d9cec77e49eaacfa6e9c4f174bb7001f22da7149ead406f2273b37dc82773c4ce0a6b8e52123b9cdd784d

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.ri

Filesize
314B

MD5
7900a4e67f2c758e576a5a8d025d43f3

SHA1
a5b4bac13964d9e374b5689584af539d588ae938

SHA256
2c67f0d620d2e82ceafccf48afce829c231b39e6305c67bac201463f0337b5d7

SHA512
4304fb428d7de1ffdeca0d2d3769e187aa751df3d0463cf887d5364cc9c2aec44ea18ffd43e185b0f080039a9fb90416ceabd139da61ce2e2abba8c689029b59

Download Submit
/data/data/com.lushi.zhuanbao/files/.jglogs/.jg.store.report_pid

Filesize
32B

MD5
ef5deb235397f07548506e64c37f7677

SHA1
00b24a7cb177ba9db01d6636058c72477f0bd7b9

SHA256
af7b021d73886155de7f474f254874043c81cbe14983c6340dee71714ac23cba

SHA512
76ea307987f6e0c8c9a03bdea8a32c9b93f44f6a8de6891aa6ffb3e3a4590d6ded4ebffdc98c3fae2edca7e1ababd44d5dba5996a19d7e60125fd6c28f673be9

Download Submit
/data/data/com.lushi.zhuanbao/files/.jiagu.lock

Filesize
27B

MD5
26de3b2813c044eba514708d0835714a

SHA1
3cf6dcae986d02be0fcf8e88234356bb5c4c75d2

SHA256
7e7785613862bb97cef89c860dac15026f00c30fa5419f82ce4b1f81ab095442

SHA512
09f709399469a6918134e666b08b1deea277598cc303c2c134f1c0592928dede08495caff2a5c1b8bfe70e9b9e5962d5e4899811959d2eb1945036b346f097e2

Download Submit
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.dat

Filesize
36B

MD5
6c4b5453c84a3ec2063fb04fea24fbfc

SHA1
89fb06b109d4d045429afc9b61f49f5716af2dd8

SHA256
bc3a8508f84470a3df8d004310b208805def9efb060bc0b50662988024d8e524

SHA512
b6ad9e55ac990e355653940b01b87f5bde4e98ad53555d7285f83ace47d329af9ec34da2b0a9e61b1549de9df889e764b169a97fd39586db70ef37f87162ea65

Download Submit
/storage/emulated/0/com.lushi.zhuanbao/config/5ac714da7be6d534dd74c84a097f98e0

Filesize
344B

MD5
996e9b2de7d4cf13d0472c8ee4492564

SHA1
0919bbf01b7c467a69ab25ae3e19a0f1d1ea05d5

SHA256
a3f1af96b6514e59c510c5941db9173ca14b319827f4b4392e0b0f406a753d81

SHA512
8fef58443ed3a15d640a4bd6169f3bbf7484780a5e6bbb39a333e1b9b78ff243839dd27a68e51f723f5359ce5be9b08c81edf3842376318e5e868aa17767d4c5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads