77fc9dc812fc22caee9452dbde1653ad4b2d62977847fd4feedc87f997ff76c1

Analysis

max time kernel
69s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
13/10/2024, 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40b24d5954ac4d5830950afd5dbc8b46_JaffaCakes118.apk
Size

1.6MB
MD5

40b24d5954ac4d5830950afd5dbc8b46
SHA1

020a7e076b378c76de3e02ca0c57b619b69c88af
SHA256

77fc9dc812fc22caee9452dbde1653ad4b2d62977847fd4feedc87f997ff76c1
SHA512

b2bf21f8b2f3d53060d88cb8062f09b341ab04b5937633af16241c937ab1dfb10200a3d2379ae163ada1243aba7ce8f5a344ea00624090eddd68d6d9534e0c9f
SSDEEP

49152:mgYzgjGbPo+jQaxslyfssDxJTePUW/Gbd:mIYP9jQtIjTePXEd

Score

7^/10

banker discovery evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 2 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.serialno	com.gxh.wmx.gx.gq
Accessed system property	key: ro.product.model	com.gxh.wmx.gx.gq

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.gxh.wmx.gx.gq/zrazx.jar	4288	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.gxh.wmx.gx.gq/zrazx.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/data/com.gxh.wmx.gx.gq/oat/x86/zrazx.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.gxh.wmx.gx.gq/zrazx.jar	4260	com.gxh.wmx.gx.gq

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
10	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gxh.wmx.gx.gq

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.gxh.wmx.gx.gq

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.gxh.wmx.gx.gq

com.gxh.wmx.gx.gq
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4260
- /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/com.gxh.wmx.gx.gq/zrazx.jar --output-vdex-fd=45 --oat-fd=46 --oat-location=/data/data/com.gxh.wmx.gx.gq/oat/x86/zrazx.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4288

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gxh.wmx.gx.gq/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.gxh.wmx.gx.gq/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.gxh.wmx.gx.gq/databases/cc/cc.db-journal

Filesize
512B

MD5
0f1ff6a6bf4b693f63c9ebd6e25f3549

SHA1
104ef2a82ac0a277785ce306bd582c6c418daef0

SHA256
42d15be1bb01c2cd89dfa9308848e0c980816ba8729647b71fbdca56f5ed7792

SHA512
635ba36b22cae44c8a9f938c698502618b665c040a8f54a172c5d3a156e346236e0aa0a3f359700169fd1b991b49e54ceec357f763b68c292dbbf2c04cf77838

Download Submit
/data/data/com.gxh.wmx.gx.gq/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gxh.wmx.gx.gq/databases/cc/cc.db-wal

Filesize
48KB

MD5
758c89cc243abbec24f645c319ddfa38

SHA1
33a85e9eaf5f3fede7dcde3afca99d738cc36c1f

SHA256
05f1fb391a9d239713a9e8869722232d1c8d41b74179adba02706e5d385c7fad

SHA512
0c2f4e4ab1bc7f89209000401e60ec65894e1408fdcdf9f2771b76168448d5b7526213e6565c660d9a3c4cc2dc4a9f34a9ec50fc0e88e7e5c21cb75c2be469d1

Download Submit
/data/data/com.gxh.wmx.gx.gq/databases/cc/cc.db-wal

Filesize
16KB

MD5
8b631554fa48a26163ea59b6133ad9a1

SHA1
66400e628092bfd95957202e1c7b61686464fdd7

SHA256
6152ccd0eee093eda821b966753c5e41fd23bc3862ab46f1fe9b158179d9d263

SHA512
fcabe4ab10da0ea8d32dd567e1f886cf9b33084b95b8e1a4475ef0475cff0cd2119d83702b35ff9d56b21fb72575a2e78254df185d9047b0552901ec402936bd

Download Submit
/data/data/com.gxh.wmx.gx.gq/files/.deviceid

Filesize
32B

MD5
183cce92390d2d2de72855d670bbd368

SHA1
549abb15ac48453fbadcb91b977ca0ccc3f25251

SHA256
5ed44f0d9cea54b0f84112380a274bb10d069fef2dfd7feee627ac110a3c9371

SHA512
7ef85eb874540f6c0aebaf4a6ee779ab5ace4b3ae2c7f39590c9a04aca632bd6f039e383f647984ff11451a4c740d4a9728f613dd0584506d8ccbd6342cf26a8

Download Submit
/data/data/com.gxh.wmx.gx.gq/files/.um/um_cache_1728834322516.env

Filesize
1KB

MD5
9d4882c5a9b9e766c7c6798930403b37

SHA1
004d855d55183ed2b2feafd48edd1e8769da0b29

SHA256
66298060177ce52bfd533c203f0e75edab72611092c311c80a7803119747046d

SHA512
c60ffb8e517d0eab95282296abe64752748cf4639189dfee68a50b9779c40cde469f60840f45d7828963466f099ff73e10cb3ee00264dffbbbcf3ee849c85b9b

Download Submit
/data/data/com.gxh.wmx.gx.gq/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
bce3664f8ea998165de26c9cd34adf38

SHA1
79db3e31d0b943582eea3e48983c6d0cb4e74e3e

SHA256
b27e5b48453743cca4e2d7d54e7f319a6ebfcb7bfd9342273b2b64cf2661f667

SHA512
683e8c81b5c4079c4789b99654d4648c7be906e0e37a8e9809adc2938434fdc39f5d9c4bcfa0c1711a2bc10b717bc002582a7e71246e18ccec499abb4c0f72c6

Download Submit
/data/data/com.gxh.wmx.gx.gq/files/qdbh

Filesize
5B

MD5
66df243d406353d0e9db6c5dd027d2d6

SHA1
a95eedef9091a0498339e0abc4388fd1b4a3da12

SHA256
29433eae6f7f1308d9799275f3a90a0afe1fef0e1818a7c7a4f0aa686493fecb

SHA512
c71660ba645c1080a296f0be0ea98dc10e391fae491c08619e8edeba27c9a8d122323e388ce5fd32e4669440b7cdc72b767b7b290829f9102e5acc9f7306068a

Download Submit
/data/data/com.gxh.wmx.gx.gq/files/umeng_it.cache

Filesize
498B

MD5
94304212f55d70e2ea2199bd8563a969

SHA1
150a2287c88edeac4b47c9e25dc15bac34a5605a

SHA256
d7c7bce4b2e40b3e2cbe633a69b525cc7e43b29a9034210cc786f9b81198567a

SHA512
b8c2949a966cdd3dde36dd64c78f11c4076b0172cf3ec37df2ecd9d10b9b9f854c63310e513c51924203ab464de9945c3228963223d4579bf65b823f8e244a00

Download Submit
/data/data/com.gxh.wmx.gx.gq/zrazx.jar

Filesize
762KB

MD5
7ca56e2f15418335ac4dd9a7dbd3cc82

SHA1
4043f88d6af4264296bf0d0ad9d10b75c2a308d1

SHA256
f03e7f422e710b6f621bef2cf17938dd6c38968c86d57a93af9982ce8e8d12f3

SHA512
a4ab5aca92ced6084e4c8c72d71864c881aa4ba2f5dc343efd1cfc9320b1fd3e8e99180db20e50e3c481c6eaa62e30278e8cd009adc0050d84ed507bc4fa5cf5

Download Submit
/data/data/com.gxh.wmx.gx.gq/zrazx.jar

Filesize
1.8MB

MD5
1770c246529a34d30fc0075253544f01

SHA1
9eacf929ffdc91e116cb0873d24dd5a9e5235d8d

SHA256
5d6e0963b97c4317e14f9d21633d6d3ab0c663e70112325f0c34314eb8fbf22f

SHA512
54a60b8966eb47c66f96c948d23e6617d81dab87a1a0b23230e9b7222e212e2cbf6dc861938c392df1459bf5e4f23dc2f994bbcfcc5cbbc5293c65d8a7123ad1

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
93fc08f662f10f7bebee1546b4595549

SHA1
56a284b363c07106f2bb8e851d20c36696035d44

SHA256
ce960ef61a2db6e1ec785b954bba3d228b4e4f202c2c6a544a9fb85caca38ac6

SHA512
41692349a21a33822f9f8a96d9dfad0b476e152fe0fd602994c5c89fafa2b126ca22052be2aef53069c95eb183fea8abfd1d4e62f4bff6cc167cb5a50033338c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
7a0618fb6fcca989e38b38031120d93a

SHA1
63c94e328c1eacb3b55351fe3599a135c3aaa71b

SHA256
d7b2c22dcbf41887bd4a402d066816f4f7733c394b7d3c0bc96687e6a38ac107

SHA512
43abb0a2de3b4798cc5bbf9c884d0840869dddaf8240f56414b7089bc6b7f729f3cfb25768005f1e9d4e4c67710e2129f84186ab116c97f765e56927f040841c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
f73b326249bb767cf83655a5f4b9a32d

SHA1
bf9112a0acd626394ebacee2b4efd11c701c2191

SHA256
46acabfe2f758343432107f4f08817d9894b588d2fce4649615dd275ce7bf502

SHA512
a408ae2beb0d29116ab174cd19a01a846fd972399810d976972538c075ba59f88337b79424eface2c5c7851ffd6fe09411c52f95d7cbfd7f670da3f0986063a2

Download Submit
/storage/emulated/0/iapppay/statistics/com.gxh.wmx.gx.gq/statistics.log

Filesize
116B

MD5
af03c7b4b5ccb18ebc8d28f2f104b496

SHA1
af8b7850af435e6293c4456e8953667e0a49d5b7

SHA256
aff8e2d974dd046a37776f373ed0dcf56b3f15010e2cd0ecb3ffb178e6565efe

SHA512
72cc78c46947b3b9db4cfbca461ef8778ed2a9b012ed9a6681aa00040b9acaf93a0953ea0967900c59a82f31f31fc57894379f9751091354aaccc41d37775d6b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads