5449805f4a17352bdf8efcc7da5665fac8592a32e792b9158130c905dccabadd

Analysis

max time kernel
143s
max time network
152s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
10-10-2024 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3057b4274b01c0910fe3d3e4918c1338_JaffaCakes118.apk
Size

28.5MB
MD5

3057b4274b01c0910fe3d3e4918c1338
SHA1

4f4c8e41d01a5f862f424e2583f609004b5435f9
SHA256

5449805f4a17352bdf8efcc7da5665fac8592a32e792b9158130c905dccabadd
SHA512

262433c5e79c4be0aaee343d78d47018d90324e3f3b0838c32a1ff9fb4b43ee8bc679c46789aad38680ba78bffa97b098fa199fc3e7b9e33844141d3785d4ccb
SSDEEP

786432:M4PNyyVto5fTqseUM4jzGT6ONueT+KV7q64V1UDt2D:M41yyrAOseXiwNDpW1UB2D

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	net.taocy.www:pushcore
/system/xbin/su	net.taocy.www:pushcore
/system/app/Superuser.apk	net.taocy.www

Checks known Qemu files. 1 TTPs 2 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/sys/qemu_trace	net.taocy.www:pushcore
/sys/qemu_trace	net.taocy.www

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/qemu_pipe	net.taocy.www:pushcore
/dev/qemu_pipe	net.taocy.www

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/net.taocy.www/app_SGLib/libsgmain_312768000000.zip	4770	net.taocy.www
/data/user/0/net.taocy.www/app_SGLib/libsgmain_312768000000.zip	4811	net.taocy.www:pushcore

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	net.taocy.www

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	net.taocy.www
Framework service call	android.app.IActivityManager.getRunningAppProcesses	net.taocy.www:pushcore

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	net.taocy.www

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	net.taocy.www

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.taocy.www
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.taocy.www:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	net.taocy.www
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	net.taocy.www:pushcore

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	net.taocy.www

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	net.taocy.www
Framework API call	javax.crypto.Cipher.doFinal	net.taocy.www:pushcore

Checks CPU information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	net.taocy.www
File opened for read	/proc/cpuinfo	net.taocy.www:pushcore

Checks memory information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	net.taocy.www
File opened for read	/proc/meminfo	net.taocy.www:pushcore

net.taocy.www
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4770

net.taocy.www:pushcore
1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4811

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/net.taocy.www/app_SGLib/libsgmain_312768000000.zip

Filesize
65KB

MD5
522947eaa37b029a247e3973f3be3621

SHA1
31c88e0d7c9b51904c0f598e80245bba41b1c7d9

SHA256
d06601f9eb8d8c991f00426ad30bada9d2bb7886a6de21d78cd0ccb7b7e62156

SHA512
f5eaa9ccf08096bf0df8f004fbfc1b893ae08fed3e6722e0adea1fdea2719a45876314b765134905841f440c27216c897876e3ac6c8903fc44b697854eb02c0c

Download Submit
/data/user/0/net.taocy.www/app_SGLib/libsgmainso-5.1.81.so.tmp

Filesize
576KB

MD5
cf7988110ae39ed28e1466a5a2238330

SHA1
3ea6838d5f2fb0e8925889483b2cd5313af6eb83

SHA256
defbecf65a7b91b076f4e8c0b6c33727c3f9fe281530157b81b25dda21aae7e6

SHA512
4f4ee887f4657ac504d54b215fa36eb6890641c54c21e7d54f1d19ea0a3698c2f7f6612bd25c73f700243cd02d0023db096ad0018c75d4d2ce5759431798e2c0

Download Submit
/data/user/0/net.taocy.www/databases/ut.db

Filesize
28KB

MD5
95a6c90d3f8a4560abffefc32f3467e5

SHA1
eaf7685a6e12c933b97b04134b44a60fda68a163

SHA256
abeef770a2da99de4751fdaa4f3d7e9d4bc54b32cb919f71f03ab7e1643040ac

SHA512
6f953b8ea642b3f56285647fe0125039b1bc46db9171ac67ece01a9940d90331216e52f0552dcffdc1850de88137951b068052e93cc8d6f01764802d744e57e7

Download Submit
/data/user/0/net.taocy.www/databases/ut.db

Filesize
20KB

MD5
75694e403dbc728c85b85d55d972d357

SHA1
346ce6fb424f486cc32f7f46649649470cd57225

SHA256
ad9862b2cfa8b250817df299b073d617bba35aa05292f7f0c6cadcefd47cfaf9

SHA512
591d814f3bdba7180588ec333b554f946a977374df798bf69a352b4f1f0b43a412b5998622a059cfb3ad94eefb56d6ae62c6fe7dfefcb9ec5d47b98971bac6ad

Download Submit
/data/user/0/net.taocy.www/databases/ut.db-journal

Filesize
512B

MD5
168ea55520b0e851b2f6f871f0a5d917

SHA1
65a36eb1c818132bc5f0ad2098ad88e8994cfe5a

SHA256
ae15180611ad2ef3210038af80acde7fe6626168f3735175943805f81c3bb075

SHA512
92fff8ed11a9f6285f91a2e7a5863e852fe163672bf85073e811a5bfc0ded1537d152a39b09644a99d4be4cfa4770f09701c27ddb59cbd4eb7bbcaa6b08362d1

Download Submit
/data/user/0/net.taocy.www/databases/ut.db-journal

Filesize
8KB

MD5
c210af5e649a1e2260d7617c439ba8c2

SHA1
d1f1af34b606587c5a85bfa0df3839809a111d10

SHA256
ed416613344795a259fe773ab5fe6765e9b40c1195d476716385c32fb76aab15

SHA512
ba15cb52e2de5deb24963863d0eb6b83dfe74c4822acaf96281a64b3ee2a17a53c0c5054a4254ec4bef569924d26c74e55670a5351dfe1046427b5877f95bd7e

Download Submit
/data/user/0/net.taocy.www/databases/ut.db-journal

Filesize
8KB

MD5
99d6c2f2088960e2084e74faf3cc41a0

SHA1
f3f822219e63d1995376b86d5fc3be4ffbc7b279

SHA256
3a3fc47dc24ffb22b521643229498d558694e08047437e5ee7b4bf31b7dbe25c

SHA512
af1d0ecea79a6edad4ef11a03e9f5a45b9693bbeaacd52f420b5010598a00376d4d1d044816d62695ebdf231169d4f26313175f9a478c82e6188ddb10323382e

Download Submit
/data/user/0/net.taocy.www/databases/ut.db-journal

Filesize
12KB

MD5
7a123dc64e86457c8e2940e22b12a109

SHA1
c1bda2769b14e43e3f78661bdbb3289bdf3603cc

SHA256
23aba704c9859cd276de33226a97900512c075d9150dda291ba146397895fdef

SHA512
ec92b32820c5c36eddf14d6fdd18e53034e5060c7c18a44a012924d18ec2532b4626d0a7ee73235c306ed79b626ced967b51dd6e3f533865a5bd6c0e96484746

Download Submit
/data/user/0/net.taocy.www/files/0a231bd8575dcf72.txt

Filesize
40B

MD5
4f939a1886235e0276b921c37703a93c

SHA1
f79ef464ac4f0b908532c577e9bd29fe61938067

SHA256
1dbcfc044ce7b80d357cb6a3569d7fa39db7d0f50c0ddb54eede5c058bdeb3a4

SHA512
fbf5f4e3ff729cd9b964a77b430cc6465ff747f08f42cb44564837851237b7c16bec469891a40c1cb0d1e1140473ce3054915110245b7c69fbdce76878134fea

Download Submit
/data/user/0/net.taocy.www/files/21c22f492aba3de8.lock

Filesize
16B

MD5
86a897f7911b78a40405d7535b975ceb

SHA1
05c04b6dca77eda5428f49bca934130e6ee46c81

SHA256
3ba8d7a24fae50c7452b01e1615b10ec82bb618f562325382cd2445056001407

SHA512
71b2c1a7939b40c14b56792a92e9a78af5537b5aed3aa40c4119cd8a339ab4e2cbaecfa26b55deb0a3711781c3fd9a3414bfd498f5346d45709c9dafa8c8f3b5

Download Submit
/data/user/0/net.taocy.www/files/SGMANAGER_DATA2.tmp

Filesize
120B

MD5
cf5ff2d59747c5e4fdd61b6ccb8f732d

SHA1
8f40083c560ba62856820e20335274a008302e10

SHA256
f6e198375799555b7ebcc7128a0d864c29fb11577ddc748e5babbcff4eb18309

SHA512
d67a10de5a31d83c14a3e9068696ef239b499b97cf6078fae8abefe7da97a49ef1e2251bf5d7734c6bc8066a0817689152fa4052a97c7f435f8526abbd884b53

Download Submit
/data/user/0/net.taocy.www/files/SGMANAGER_DATA2.tmp

Filesize
16KB

MD5
f1a1c6444bcd3a1cb22ede8d9456ec50

SHA1
24f6dc00ab7adda199de858a4c62e096d0546558

SHA256
0e00513cc36f22b815839534b0dd35db92cecaa9f5664e19ce87ae0fd706b6b7

SHA512
2faf2f42be679dd2ca01ce5fb820d9e9660700e50871c221cb9fddda5593a462f593cb9fba44dcdbb809a6a6681eafa75a0e6688f8b6899ad0a0b88ee1fe2bac

Download Submit
/data/user/0/net.taocy.www/files/SGMANAGER_DATA2.tmp

Filesize
273B

MD5
66b6452e902db36beb0853c56c904f2b

SHA1
1e8b3bc0b495e37040fcfd436876c069cdb0df4b

SHA256
ad67dc9d0b16e20087adcff8ebc311addafcbf0400f3934c2ee27ee00c3a54fd

SHA512
a0a519e07b0a4e2da7b2f4a678cb94aa4ccd15114202a3795e908afbd949c5087f722dfc3b39e8830f66ec93003606f4cf04fce8d797b3e486750f80f1e0a537

Download Submit
/data/user/0/net.taocy.www/files/SGMANAGER_DATA2.tmp

Filesize
388B

MD5
a7ffdfd5434eb60ec326b351ef1b0fd5

SHA1
e59229b7e704dc9e81b8edee3a660619694e63c7

SHA256
3c075c0fcfce1dcce8ec1d0c83466d7fc89b27db26fa3079dab47894dcc1103d

SHA512
75edc72efd9c3016f3eae0c822956176279d03440eb3d2fdb0d76633741379418b79f2dfdff69278f78aebf94ed62a4f6517a11b174c5af80ce95c043aa215b1

Download Submit
/data/user/0/net.taocy.www/files/SGMANAGER_DATA2.tmp

Filesize
16KB

MD5
c31b50d79437cc6a5d2aab95fe48fdff

SHA1
695caadd7d75c3614b188088f42d0459a916684a

SHA256
ca93179f912ad2d0023a226d4012d701f8d8513c04f50bbe4380a26ec61fe440

SHA512
44be810a6a02803f451ba686662939e560c963a7ebfb3190fd0c632af8526412d75dfff67d16b5f1cbefddc728fa80afeae4d64daf0ed2c82604e259d57d3c0d

Download Submit
/data/user/0/net.taocy.www/files/SGMANAGER_DATA2.tmp

Filesize
32KB

MD5
a50625fd504c27312c5069c5fbe3d636

SHA1
aec494f5f727fc6cac8b897fee72bc861e25ac55

SHA256
aed9c405d6e5da6a5f0e1f3aeba61fe4372a39f1f12531cdb55601d442c97d52

SHA512
8aa44ffc07e5705dd3b040d1614a6a1860547fc8289f665ebca8ef4a4d413eeb568a27e9c02079fed76e31cfc96188344ddf49e21c201bbf4fa924a2495a5eab

Download Submit
/data/user/0/net.taocy.www/files/SGMANAGER_DATA2.tmp

Filesize
529B

MD5
c4dcf134cf5979ef33ccf896cf0ca5e2

SHA1
0a42c04a92dbbe286dce33afad99e28cef050d4c

SHA256
f032bf6a5a7f55f23796952e6c73d7950dbd129a6f5a9ad4a0e25e3ed7d8d8d6

SHA512
a44daa10ead8adfb3db6867d26f8cbb0bafa810dd10fe4daea9db5d2de2fcaa889c8013694b13ee805d0bd1ed26029716d477ade022cd593fd35e02052457bcb

Download Submit
/data/user/0/net.taocy.www/files/SGMANAGER_DATA2.tmp

Filesize
773B

MD5
eddcee4a0ce22b1034ad7ee4293c680b

SHA1
0b4cc3209c5c2d7185f418598be82153205a07f3

SHA256
c2ce3aed1fc20029f2de4b2acf5fdfaf192a6886f255e43687f553d59abb18b6

SHA512
874a062b439129ae051e6c0828706f746ac6cfdcf7d1667e20fce5676c9c223475c11a049ff0e1672078a240d864fc249b01b249fd1f7f29055b487a2cfb3ee6

Download Submit
/data/user/0/net.taocy.www/files/SGMANAGER_DATA2.tmp

Filesize
842B

MD5
b9ce1ef62e488d4c7db2a993c3f4e1ff

SHA1
46bbbefe6c3f1c60c560ee4a567f4947daf886a9

SHA256
6ea4afaa9e670e4292c54a71c5a6b7eb8921f6fc1f85a7f37743bf3d411203cb

SHA512
0f09b32733701243bd2218c1c89a5f3bd2456cbd020e8abc85cf087ae43f57c33f79515897b026bcbf1945169fd780953c06b75bb5b2d47925bb594092d71c3b

Download Submit
/data/user/0/net.taocy.www/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzI4NTcwNTA0NDM1

Filesize
1KB

MD5
592d951da295c9f2b7395d24cc6b4d02

SHA1
800f01408f8dad0134d603dd5db0801d3ad84557

SHA256
0ad0ed7591972eab1c790f7a1e30c6ef148fad3aac04f3e2c23d638e900422ae

SHA512
c2ab4dc22b724f44bac407699c4bc1b2a721372ceaea07a4ecbcb7b11d2c27ae65391d712ac6d029ab4c8c0a9786694aa36be5fbc52e94cb5c991c64f22629a0

Download Submit
/data/user/0/net.taocy.www/files/umeng_it.cache

Filesize
433B

MD5
19a97619481d7785df78028d6e8391a0

SHA1
8fea53a83ef8a41f787a6bdc36aed4417d09d4f3

SHA256
0b266e8a5e06383f06e5c4d7f13f3d6f43f7e1a604224c9fbc8742922128123a

SHA512
a8fb0188a0f0c6e148e95a23fafc4a8e4f1ada6d6699e0551aa1e4f4d433b14f4dfc1d5ac0450de90dd45dc4f6b7f0b2deb42666ca5049b640226cb135a96199

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
dd5cf1ce3b687b52324cee1270edf28a

SHA1
bdea3d032b718254cb2d62026397a720bcc9614a

SHA256
7846746845055351f4ddb9cb01da6e6a86c6bc0ddd55dde9ca9401933a4f84f8

SHA512
0df881e2e970c600a614a100c79f328a59a0293763d4052d84c0286ffda0880c91d978c43047bf34d8ad357886e020a1b5bb623da2b0da59df933088fae27010

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
7913451ac63bc5049c18933907dc228c

SHA1
fcf41d26b2f6538478bea77eb6d8cf1942cbc194

SHA256
85e855e0ae4437515ee17ab78861d3e60a998672b7ea50521bd22e3acb404ea5

SHA512
377cdc7bae5a407d7e9e8dfb6c15b56ea8f7bb5c8b0e98034437f57e47200cad4c4395bf4b8432cf5c6b02a44f29739c534d55343d16efe85df5af14a3f8ae0d

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
213B

MD5
81d483754bf294029cf53349de47eda4

SHA1
33801eae688f3339f1d9e762cd76f9e1d60c45a4

SHA256
12abb0e61f6dd5868d7fb8734b37a11ea45e467228fcd2be4347612643cebe93

SHA512
1fa91e43bba6271d294c6135177b0371e4a2eeb858b3618b0f3ff82585a99a672696c56043bfe83480de5211be5d41dbe30b1b50eae1bb0cbd4569a49c5db10c

Download Submit
/storage/emulated/0/.com.taobao.dp/dd7893586a493dc3

Filesize
512B

MD5
be3895bdaffe60516c41c2d27e9375d0

SHA1
7f41eee085d24d2d420e29ede7ba9c7b0197ce4b

SHA256
d3759b07eb809010751452cbb268f9f29cd47c45bec9b7ff6947182cf540e74c

SHA512
99e7475318370c119d4b4bd338f2be637291ae5734b719763eb95a5347cae809864e3857cbd2293a47b327318060bf206a4f69fdeff88656f267d2b10bf35f94

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads