d3bfc11b40cd83d8d00fb77dc24ea0ff30d09567eab5bcf9c41815984d7ffa2c

Analysis

max time kernel
138s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
13/10/2024, 15:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

409e321dc965e8846553bae3aa43ade8_JaffaCakes118.apk
Size

52.5MB
MD5

409e321dc965e8846553bae3aa43ade8
SHA1

2cafd0bd54a82411dcef5c63e2ad20a0a3bfe36f
SHA256

d3bfc11b40cd83d8d00fb77dc24ea0ff30d09567eab5bcf9c41815984d7ffa2c
SHA512

9d618d99797aac6f3d5910421455e5e0757773ee882d6bee988ca3ee8e11bfe3bea66f379cab980d47c6d6d937c9e7bb7d4a4a2e42f14cbc67f58d90fdce0e7c
SSDEEP

1572864:BckHwOcPIfowIzaJdUxrmidZ1NjgKFa0pSeDrQvr0qJ:BckHwKUaExrnd/NjgKM0Mug4qJ

Score

7^/10

discovery

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.joym.armorhero.pps1:unicomuptsrv
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.joym.armorhero.pps1

com.joym.armorhero.pps1
1⤵
- Queries information about running processes on the device
PID:4262
- getprop ro.product.cpu.abi
  2⤵
  PID:4290

com.joym.armorhero.pps1:unicomuptsrv
1⤵
- Queries information about running processes on the device
PID:4313

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.joym.armorhero.pps1/.cache/mmbclasses.dve

Filesize
24B

MD5
a9a1d7cd1eaf0e7f1998cb2ef4bed4ef

SHA1
824a53edfb4542c408c8d43e0615b7c28ed16ba5

SHA256
4307491e47f082e5f663eee645cee9a2dd983ef7c2c22886a51f245e45b9102a

SHA512
f97fd82c14ac87e264bfe8df20fa8d9bcdb4d08ea8097bbabc74f092286e8c36d1d643e2d746e78104398f83a315d7e6b4a95a6e5e9f60af7a74d2229c910d86

Download Submit
/data/data/com.joym.armorhero.pps1/.ulibs/decrypt.so

Filesize
29KB

MD5
d7cb8b5358b1c095511cf9edb1c13354

SHA1
2ecc10b8e73597d54bd13b7b2046477f1bd40939

SHA256
e551db916184b19a7dbd2393e41b54543cc5eeb10ce3550b5219695ab6126998

SHA512
c73123bae60da7a98c56f7209a5b43b3939e774b288790a8392713c1eb6c1ae4902948d2e2faa07648df5d0e9c35753cd6ca4c0f2e9cb67c3fa45eb6d5599cb4

Download Submit
/data/data/com.joym.armorhero.pps1/.ulibs/libunicomsdk.so

Filesize
25KB

MD5
1bed8a396868ebc83b1082a9dd8f64a9

SHA1
13de7ca68be8df5b22ba2439d660b82676aace66

SHA256
62d76b4054b0b0d4544bb1c4f5236b6198c95f0284f60cb42e013bff34b8a2e6

SHA512
0ce9f83952e3c3fdfef20a88351e3243d68b9e504309b8c17f0d5932ac6bb0f8b337b0b467c2a1ae525f02ac0a427cb17acef97c2d084b8b60d9b3836c677980

Download Submit
/data/data/com.joym.armorhero.pps1/files/d_data_store.dat

Filesize
8KB

MD5
68dd7ee58f4157e0f675dad9f80d312c

SHA1
4d60459e2a78d924123934fbddaf2bd42c0ae361

SHA256
e24d4c31308abc367f95a2ad49dfe026a5bacfc2580fe8453c7fe43f600b66bc

SHA512
02e123f42e0b87606b6943b7dc936ba842b70f7c44df5227c06ac230090e065738bd9bbed6a40174cc5a37d453f68d07c81661dccf0f3ac15e318b7cbec42813

Download Submit
/data/data/com.joym.armorhero.pps1/files/iridver.dat

Filesize
8B

MD5
f3257e5cf9cb4df80b664d49ac98fc54

SHA1
1abd60a397615921548d798afac0831d05f74bcd

SHA256
0323ec6cd6be9305f6b4fe9588310c3c433ff9219fe631c92444f0d7dd8d0a6f

SHA512
c03e26996fdaae5bd292dca61021af8900c86a0cc26746c5d03b81ce109bfba888a10371e9f90dfb5249c79d932e6c5e9a41f84f2aca1144f1d39dc4576e6a2b

Download Submit
/data/data/com.joym.armorhero.pps1/files/libmegbpp_03.01.00_01.so

Filesize
583KB

MD5
9acc2a366fb8d0020e534d7f122250a1

SHA1
88944f671633ca222ed9c30f6580895f47bbc4e3

SHA256
c389ea9640bf025e212484fc3b7c2ee7ef9c5de2cf3ebb731c86eb8e0c1e9372

SHA512
0b54f3a19721ee611edee1de14b508d734053d588b7bfec0d0594e4f804b159d75bc8e6474ff1eabb96e89ffeace5d6bbe17ec2bc350d085f08e5f584e0f9105

Download Submit
/data/data/com.joym.armorhero.pps1/files/tmp/AndGame.Sdk.Lib_20150_86098B59D437DE14494674358197AAEA.dat

Filesize
492KB

MD5
86098b59d437de14494674358197aaea

SHA1
815f17554d45f834c613640bcbf99ba4e245f110

SHA256
d7972f0b375427ebb84d3143143959c5d2d5dfcc4a4821fdd2b0a604cd744e7f

SHA512
0c8823b60fc81a4d403e9042ccbb52efe6304b0f1a42afa4674249ee1ec5305ca4f27b20cbaf6f3705cb127fd5cbbf57fa8d7f6c0de852a5ef9032095f8d9319

Download Submit
/data/data/com.joym.armorhero.pps1/files/tmp/c_data_store.dat

Filesize
365B

MD5
3793821c0bdc59c24ff6c4dbf2a0af8d

SHA1
1402e76741c5ffcc096d2507cf8b6a1028827723

SHA256
12045b662fac6c00b9e1435e1a460f5b4e0844a753ad418720533f895f3dd8c8

SHA512
7e2ea86e670a84d99f650cf4389bcd673e777a10e82a7a2020c07b279469c2322ba98b6947b86b5b4345f293fff847dc3642308b4a1a093aa5fe8cbd027d66ae

Download Submit