97819a7a25e6ea9ba0f8a08368af09edad973fd1f4340d5b4040711c667bd3d6

Analysis

max time kernel
148s
max time network
150s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
01-11-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

847b06f468c68ed9b3e8c528bdf7dafe_JaffaCakes118.apk
Size

17.6MB
MD5

847b06f468c68ed9b3e8c528bdf7dafe
SHA1

2b79a1984ae4a273744733e567c68617d869e1c7
SHA256

97819a7a25e6ea9ba0f8a08368af09edad973fd1f4340d5b4040711c667bd3d6
SHA512

ba642be96187d2b3f2bf17fcdf0c061d68ca99b5212fc2f265ebc3acb76e20b9e429710bc923a9c6bffc7a8ae0f96fc469671166abc856e8c171993b04228f20
SSDEEP

393216:2834WXF0OqmCd88scZhC8ahugCf+tjsczBjRNLLJeSfHY7Yw:tNMd80hC8z2bz5LJeSfHu

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.zjbp.ddmslgrb:uexjpushcom.zjbp.ddmslgrb

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zjbp.ddmslgrb:uexjpush
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.zjbp.ddmslgrb

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

com.zjbp.ddmslgrbcom.zjbp.ddmslgrb:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.zjbp.ddmslgrb
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.zjbp.ddmslgrb:remote

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

com.zjbp.ddmslgrb:remotecom.zjbp.ddmslgrb

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.zjbp.ddmslgrb:remote
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.zjbp.ddmslgrb

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.zjbp.ddmslgrbcom.zjbp.ddmslgrb:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zjbp.ddmslgrb
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zjbp.ddmslgrb:remote

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.zjbp.ddmslgrbcom.zjbp.ddmslgrb:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zjbp.ddmslgrb
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zjbp.ddmslgrb:remote

Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.zjbp.ddmslgrb

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.zjbp.ddmslgrb
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.zjbp.ddmslgrb:remote

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.zjbp.ddmslgrb:remote

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.zjbp.ddmslgrb

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.zjbp.ddmslgrb:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.zjbp.ddmslgrb:remotecom.zjbp.ddmslgrb

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.zjbp.ddmslgrb:remote
Framework service call	android.app.IActivityManager.registerReceiver	com.zjbp.ddmslgrb

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.zjbp.ddmslgrbcom.zjbp.ddmslgrb:remote

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.zjbp.ddmslgrb
Framework API call	javax.crypto.Cipher.doFinal	com.zjbp.ddmslgrb:remote

Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.zjbp.ddmslgrb

description ioc process

File opened for read /proc/cpuinfo com.zjbp.ddmslgrb
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.zjbp.ddmslgrb

description ioc process

File opened for read /proc/meminfo com.zjbp.ddmslgrb

description	ioc	process
File opened for read	/proc/cpuinfo	com.zjbp.ddmslgrb

description	ioc	process
File opened for read	/proc/meminfo	com.zjbp.ddmslgrb

com.zjbp.ddmslgrb
1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4308

cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
2⤵
PID:4383

com.zjbp.ddmslgrb:uexjpush
1⤵
- Queries information about running processes on the device
PID:4449

com.zjbp.ddmslgrb:remote
1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4503

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zjbp.ddmslgrb/databases/uexJPush.db

Filesize
52KB

MD5
07d067e437a61c12cea0e8c8dd82c0da

SHA1
acdf6c470b647f51c3227f6c2ceaaa6963978226

SHA256
dae923f3840349dc2137a26444ef469e58f7aa08044bbbeb623cd96c5953e550

SHA512
fb182d8c689e2e3f8f81d947d7c27fdbb5ecf79e212904064eb3f8e95037d71e2551ccf83d161a3f8a74a7811d4f5c70b7bbd07dfacfbe0788dc997ff7636369

Download Submit
/data/data/com.zjbp.ddmslgrb/databases/uexJPush.db-journal

Filesize
32KB

MD5
33eb8e5308f343a2aff5b2ac9ec78edd

SHA1
33095bb4d6acf7b23c56b24187bfc6b2330ac06f

SHA256
93f39580af740557a97a7a061b18de3e0b37586e098d84781f86653a2143d912

SHA512
0b2d373f1c34c96b60faeed2cceca3de3cb9a1f3a4f091380f9d4ec53368779864e2b5c058064213e3772d309669f99e0536cd92baa94c04a318962737337dfc

Download Submit
/data/data/com.zjbp.ddmslgrb/databases/uexJPush.db-shm

Filesize
32KB

MD5
5f64f812397a4079db4cf5b6bb26e599

SHA1
202a7c839f5551881012cdfe9dc50fac6bf4045f

SHA256
7c22b91119aa146a966f32448d5ef39e075bb7eff93edd7d6e01cf43cdfce38f

SHA512
09ea0c39dee6671efce9a6feb421b25a85eb1e3f154781ae774b9df3b2219dc54158a2c50557d1720a63ce939326407a04150936ff1f2792368f770e83aa7c2d

Download Submit
/data/data/com.zjbp.ddmslgrb/databases/uexJPush.db-wal

Filesize
32KB

MD5
efb9bfe4eda71331d473545152a91f53

SHA1
70d53dd31b4d4980216afeb769597537b8eb500f

SHA256
bf7d4f464e0bd97c60da7e97a3ef5a2540a1c68b71466ee584cce00d9deacb4f

SHA512
9c4910a2a7bc577b9a5f38ccf9bf6b7aea8ff6c6b4f55be038218be44b33528d1173125f70c28a0c18bdf59a90590ef3e9c3becda471f645dd6e72329293953e

Download Submit
/data/data/com.zjbp.ddmslgrb/databases/wbpalmstar.db

Filesize
16KB

MD5
a14b1c90bd7761e8cf0b8696ec992945

SHA1
bc6be6374dc114ac0b6116830fcbb8e537562837

SHA256
166ffe2f187dc4d7442f35e27b4b34ca9d95d51f8008639f3deb8e32e6136e91

SHA512
0eef4e3442f0de7dbf69ccbe6a04ba7645807951a25e0748978a88bfe4b5cc01324bbc1e9b2643ce9af263f4cfd900643f9a8be25bffd02469284de32675e04c

Download Submit
/data/data/com.zjbp.ddmslgrb/databases/wbpalmstar.db-journal

Filesize
512B

MD5
2b89eaa199b6011948446264003b125c

SHA1
304c2ef119609dd8fc18973556652ddb661155f3

SHA256
612022acc9fafc9997a1f1614eba947d8cbf9074e190dccab53ca7102a5b3814

SHA512
05588f36fa785b8b6b603d85cf77345072725684d9947ca1acf47c3ad2df77ac2abf5b981f087bd91483408eeffd660c22d0c958a49622d40ac2f779d21c06d3

Download Submit
/data/data/com.zjbp.ddmslgrb/databases/wbpalmstar.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.zjbp.ddmslgrb/databases/wbpalmstar.db-wal

Filesize
32KB

MD5
4c0fd9c4afe43876a29d9af1435ec26e

SHA1
b71b20f22c3f341d1df94da030f117a9306c9fa1

SHA256
686fa172c67bbbf22416e57b8a4de17f2e8af8f947f4110aace258732ebf4367

SHA512
8e9c49d8fab1b156a6e06206b9a7cbdfc670e6adaacd057b92143cfc86cb9cd87331f7b4e26fcb19cf372de1b6a8e7b96494949a1dcd92b65705194cc66cf92d

Download Submit
/data/data/com.zjbp.ddmslgrb/files/jpush_stat_cache.json

Filesize
132B

MD5
ccaededda5957cc6ffddacd42ffa4aa3

SHA1
023becc017f9f01b0f3d1b1295b58c6682463a91

SHA256
225125d3915cd399ddc80f3baa9e84143c123c97c61e15aae0a367d9793b3835

SHA512
2360db4dd7bd630b29c3d64346ec37504ad595fc40f47533683c925b5422eff208b46f75b6298f7357553c01dde8ef08a39721ee1182c187075f302072619d45

Download Submit
/data/data/com.zjbp.ddmslgrb/files/libcuid.so

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.zjbp.ddmslgrb/files/lldt/firll.dat

Filesize
76B

MD5
1b82064546dea63d9af43c8b44ec803c

SHA1
01ce333debae44c217ff2e230eb81a837f799a9c

SHA256
7eaa4d103e6907c550c1f472b3ca30a0e9597b00d8013d2a272518b09fa9387c

SHA512
0f0a9cb861e96114b87562394c4ce47807356e9b99d579a82075402f67b6a97957f4c08367e9e05243c42067dd669d71305b65f4d599b88c70147ed979c36778

Download Submit
/data/data/com.zjbp.ddmslgrb/files/ofld/ofl.config

Filesize
235B

MD5
d1fcbbe8772e4442b774da3668361186

SHA1
9576c3b6076b5e27200846f43aba65931fcbb845

SHA256
4a2f190f594ca881d4002db030b6764e43399edb9ebda206bc621934a885a979

SHA512
ea9cc6f54a156b71950197842525cb0755c8ff8dd8bca8fdede908aa2f7e8391134437ac5a0ed372ec8958e48af8b0ef12d1390b3263565d51629842fc698d1d

Download Submit
/data/data/com.zjbp.ddmslgrb/files/ofld/ofl_statistics.db-journal

Filesize
512B

MD5
310fa36f49bf1b931a97f140a2d924c7

SHA1
d537673697ccda36d5084eef020299eb4b31ce19

SHA256
4326707baa9898d0f967b8df87959c180f4ab66e6aedfa61c8660ae3d104a0fd

SHA512
5d5feb4723f9c471e74364d4bd67e4fda6519cda5f8e87de4eb19e32d34f213c789a22fd487e0f1501948a81d9122f2ec2f4318d5fe850a0b249e385c628caa7

Download Submit
/data/data/com.zjbp.ddmslgrb/files/ofld/ofl_statistics.db-wal

Filesize
156KB

MD5
ed037ef5cdb0ce26e3542d9042ba04a5

SHA1
c960d7d0637d9b3c3f565538306fc9957e3dd0e4

SHA256
75a4afc4a1f6f687ae67eec7ada69d221702fb3c0f5ca0df58151ccdd03e1207

SHA512
7852d84d9109389b590b26a86357cecf3594e056e390e0964aaf941a836bdd09e06ba2453fd5d2e9676cfa4432be0bfbb68a1fe43e73031362685000aa92bed5

Download Submit
/storage/emulated/0/Android/data/com.zjbp.ddmslgrb/files/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.zjbp.ddmslgrb/files/baidu/tempdata/conlts.dat

Filesize
154B

MD5
f32a48fe5cd6d24a57c6f812748f47ae

SHA1
8c3f12eda8d20f13df627a7e95377b471fff07a6

SHA256
9804d0696a9bbea1152d6d0f27b937f298ec3292a8bf751c156b03bb5626bc1f

SHA512
cb6f8aa9e2fb33ad4e5fdc633e3e2ac2af2149e522cb431c72eee1138dc50c5e6173d00101a054234a8f51f7ed5f1dd3afe3e26e6d5acb09140fd9be4d59c1bc

Download Submit
/storage/emulated/0/Android/data/com.zjbp.ddmslgrb/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.zjbp.ddmslgrb/files/baidu/tempdata/llg.dat

Filesize
498B

MD5
e7dba78f6bcb37d49c2fde3b61d8d7eb

SHA1
3cd8de7536d018070a4d9671a9a0bb595803bf08

SHA256
52b4fcbccfe6a4e4760fc0c01d31133ccfe23f33d5a10c7ff0bb2f7e81c135b4

SHA512
0cb9769fe5709fe039e5009fe14298e526648d3cbe938c7c1aac9b10daeb11b6ad0232ee2b12f4e747838b66f7f156a36af55489dceb535d9f1ad6615d3e63ba

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
32KB

MD5
52a23d0891826589ce26b4420062ecf2

SHA1
70f1404e13710bcc4117bf4a98d0031eddcdb3eb

SHA256
8931bbe9b29377d708e5ab16e25c7609ef5218254941780c7e660836fc640e6a

SHA512
a3614a30e669f3850e74fc02ab34cb3e533e6d519850ba0c88c7f7dedcc9c8c71feeac767ab303ccfbb4af21be06d209bd0385dbf0ec204ecb0be98bd3140df7

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2

Filesize
48KB

MD5
f2adc63a09dc2609126e36b1a71e2068

SHA1
a48cb41123296d7c26f4d4da0d2de99c7cb51728

SHA256
b3de838f87774d3bbf190f07bfc0255a04f0144c7e662db11b6655cbd55981c2

SHA512
17cd8c4d1979fd18a425d503649c13c1565e2b72a5069d68dd3aaf49818cb42ae77196f0d5c001ee5b567550ee81905607b4c9191903c1117e1dccc177a6f06a

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
96B

MD5
d71240f6e01263df31dc14ce0f6b32e1

SHA1
b336c7aeef1a686c9f8d7eff36b3150d953f5d70

SHA256
de3a210865f6d3408acc5ebe3e072a1d82b200087bcbcc611bbbe14c68037f7c

SHA512
8cf0b40dcd5c3af8341691cabf03d593ab693f3f94c0790edf1f67029da4d7f43f5c0491ae339eb081d8e95681e021b94dd9c3f30ef3711a39d357b407051e45

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
cf8dc900905164dac32d2bb171843fc9

SHA1
ba2726337f64fce03edc6646158bb09c11d1ad89

SHA256
79dbb578b3b453d5575e17a2f67057109ee143f68c738910045cb771faae9f49

SHA512
58ead71622e82dc4a0a43ea7240a9b24618a82673b87fe5d6d1cae8a8d6aed03fda6bfbad591ed3defe5320e76795161f8eb8c17ccac5132ab2568fd0f456d5f

Download Submit