9850e03b7c99c4927e8b9d26a7c80e3afdbce6c7dfa3d24c7b14fa70d23ef880

Analysis

max time kernel
65s
max time network
136s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
04-10-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11564068e0104f7b4f9b17ac6c9cc295_JaffaCakes118.apk
Size

6.2MB
MD5

11564068e0104f7b4f9b17ac6c9cc295
SHA1

949e18b06f230867e9aa34e4738c6f47901f1038
SHA256

9850e03b7c99c4927e8b9d26a7c80e3afdbce6c7dfa3d24c7b14fa70d23ef880
SHA512

d16eb91349f95639b9a172779354349e7476c66a82a134f610e88e51eb962c9002ba26455c5c6ea08d8c1ad30345402705642f1c9da9a4b45ea0feab8dbcfbec
SSDEEP

98304:xF0jyf79tNMtKZU2MviNrRw4ukxT5p04ASEap77Ccksld3YVLCCzk6ZWNO6XuykT:Jf6K9MqdRw0TsRSE0DkM30COhWokU7

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.bj8264.zaiwai.android/app_push_lib/plugin-deploy.jar	4270	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bj8264.zaiwai.android/app_push_lib/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.bj8264.zaiwai.android/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.bj8264.zaiwai.android/app_push_lib/plugin-deploy.jar	4245	com.bj8264.zaiwai.android

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.bj8264.zaiwai.android

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
5	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.bj8264.zaiwai.android

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.bj8264.zaiwai.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.bj8264.zaiwai.android

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.bj8264.zaiwai.android

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.bj8264.zaiwai.android

com.bj8264.zaiwai.android
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4245
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bj8264.zaiwai.android/app_push_lib/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.bj8264.zaiwai.android/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4270

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bj8264.zaiwai.android/app_push_lib/plugin-deploy.jar

Filesize
213KB

MD5
e70723b8f6c4c7c09a6019733022cf53

SHA1
e3ca32166c65e4dc73c21347ab22d54a7b5a9a83

SHA256
32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5

SHA512
461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd

Download Submit
/data/data/com.bj8264.zaiwai.android/app_push_lib/plugin-deploy.key

Filesize
174B

MD5
1ea8459a688352c3573a8e80727c2644

SHA1
9b47864e96eed98798a6da2b8860c8f8a68f089e

SHA256
be2c0f9e472138a78d35f29013fc43dfeae991806dfebbc5be5c8dc86b8a1093

SHA512
99a26c03e760fdac91546a47e18e58851996b7e38e93812a6be23f1eee64370323ac492c4c224bd419d91566356fcb8eca3989ff4f2ce41db3d16301fa9dd75f

Download Submit
/data/data/com.bj8264.zaiwai.android/files/mobclick_agent_sealed_com.bj8264.zaiwai.android

Filesize
555B

MD5
4a2b2743c2a1f6cba2dadf29a7355d6e

SHA1
210ba824a1928fc1776a7e196ba823dbc1879e91

SHA256
fa4482244c9f2934b8a27c47c5fa3a4b1b05370fb606310a7ef41265b2490ff2

SHA512
3ff014920cd79864bd20a5cab0a10e26f5ce078258effd844011b9d1622be95d960f2e151c2fdfd37152bfc04bcc4f835d7be58df67921cb94775dc9666ef472

Download Submit
/data/data/com.bj8264.zaiwai.android/files/umeng_it.cache

Filesize
211B

MD5
fd7a4242554793b0edd22db820a40549

SHA1
d9d0012459a1bbf92c976093b57a7b87f863ada2

SHA256
e731436d5078e34df3843b5856143b73fc2f61f2dee3d74561271e667f01a1be

SHA512
9fdf6d95c898121e851787fc9149f9f465a18abd4716dac76bf041dacd03c431fa9cd0f6c256293a4fdf34d5445ae1dec69966da923b972554c6a6f3809b46af

Download Submit
/data/user/0/com.bj8264.zaiwai.android/app_push_lib/plugin-deploy.jar

Filesize
530KB

MD5
5597a541eabd3fb792c581587550dc4a

SHA1
6500b0ff20c75717e1cb67dcee76b4641a4e8a35

SHA256
473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2

SHA512
39b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2

Download Submit
/data/user/0/com.bj8264.zaiwai.android/app_push_lib/plugin-deploy.jar

Filesize
530KB

MD5
bdfa71feb08b80b649fddcd7488b03b4

SHA1
bcacf11199fd2c353034a7271b5dbfe2dd4cbddb

SHA256
f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d

SHA512
37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

Download Submit
/storage/emulated/0/Android/data/com.bj8264.zaiwai.android/beijing8264#zaiwaiapp/log/20241004/000.html

Filesize
85B

MD5
05361bfd72f3f59646cda3e58df3acd2

SHA1
e8aa918117a9f7a85730e7f046477de52b8dd8fc

SHA256
9db5263ba5f87b210cdbc0da8cf8bd5d5c8de14ed92fe70eac782580eaf1b6bb

SHA512
63a92fd8f3ec17aa4b143db74910ce4dfcf109b0e3104eb1a9e9fbcc7d512abdec1a39cc59db37d07c7d179d092854222d9ab6cd61f76d1cd029c86646c7c72b

Download Submit
/storage/emulated/0/Android/data/com.bj8264.zaiwai.android/beijing8264#zaiwaiapp/log/20241004/000.html

Filesize
82B

MD5
bb0dba7fd669418eb584e87001a675f6

SHA1
64b59b4e9874440b7ec1e5a900d029a3ee35ece2

SHA256
fab1f6ff66b70f273508a8ff9dab7a31bb3b8a50d17f7538e4093d253c72088b

SHA512
cc2a1a64809c9803585f0c8f825c25c14a42c81b71ebf8c43cb32b4d03283d45353f6791074bb970d2a76d42b31c9ce56851f70d009799dda4aa304843fa9036

Download Submit
/storage/emulated/0/Android/data/com.bj8264.zaiwai.android/beijing8264#zaiwaiapp/log/20241004/000.html

Filesize
113B

MD5
3317e76b4315901acf56b0b7f1602302

SHA1
9a50099b6434123c7f8354f5f89fcb1c80e607e9

SHA256
1a79fdf8691f533a725b17a3326687cd2877bd36571ec08646b43b52fc542557

SHA512
d0ce8961ea3f56fa81b88dcc48b6b40aac5bc34291eb046c70d29b0caab8ec04ece5692bb2358e341fb706c97781cce68f5f217b4c5c260ec257529ef0a5949b

Download Submit
/storage/emulated/0/Android/data/com.bj8264.zaiwai.android/beijing8264#zaiwaiapp/log/20241004/000.html

Filesize
10KB

MD5
bf70f790a3a903c245abcff85ecafbad

SHA1
943211f3489f036c1237cd413061a8d996e7fd9a

SHA256
feb90fbd69e7abccd77bea21ff38f1949eb2c7b13709b64a2dda9e25735a4ffd

SHA512
12ecbf3fdf8f234cfda500de841ea32d7a316641dc55f6e9695cec81aa532e830d406b5df89d7d048707574acdf4a5d20f60115543a7d30301719f5fac686d3f

Download Submit
/storage/emulated/0/Android/data/com.bj8264.zaiwai.android/beijing8264#zaiwaiapp/log/20241004/000.html

Filesize
172B

MD5
6068d776baaca21db68f405f02c3adc3

SHA1
cb06dd296bf0038af9471ce757dcad0467c1fd2b

SHA256
f47ec68f67e1450e087368f6fba3cfeb971cec113cb7d5f518916c1f57dff0f2

SHA512
03e1c1ed7fa4bbee88e7f4480d82525a43a038f54a8f456fa60fdcd0a8d73099473c7d0c4af52887c603c4c2e0c03346c57fffcd3239783e2faa85e4f1a004d5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads