14edd2dc62f2297e929131231b02535c0e23c18150477a4e81e3a201ee66fde6

Analysis

max time kernel
151s
max time network
165s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
08/04/2024, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e82e33751fdb09ecee512b721d24d97f_JaffaCakes118.apk
Size

5.6MB
MD5

e82e33751fdb09ecee512b721d24d97f
SHA1

8ffcc16d5684b8a439f3a1b8fdfcdf3d82dee7f7
SHA256

14edd2dc62f2297e929131231b02535c0e23c18150477a4e81e3a201ee66fde6
SHA512

5055e8e4c899494c9dda659e2597f72b90a3db5756d498df576dcb12219991f7e91926dd241fdb523a00de75d7d391cb77a3507521aa9065a1ee693050154f5e
SSDEEP

98304:hvAKN4bK9G5Buix2sTgcwEYWsO606mnU1kOVmCc4gnXUY+L2YKaccL0wmh4:ytg/02gBwEYWRT6mn4v+4cUY3Zan0wmy

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.erciyuan.clock

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.erciyuan.clock

Checks memory information 2 TTPs 4 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.erciyuan.clock
File opened for read	/proc/meminfo	com.erciyuan.clock:pushservice
File opened for read	/proc/meminfo	com.erciyuan.clock:ghosty
File opened for read	/proc/meminfo	com.erciyuan.clock:pushservice

Queries information about running processes on the device. 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.erciyuan.clock:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.erciyuan.clock:ghosty
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.erciyuan.clock:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.erciyuan.clock

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.erciyuan.clock

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.erciyuan.clock

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.erciyuan.clock:pushservice
Framework API call	javax.crypto.Cipher.doFinal	com.erciyuan.clock:pushservice

com.erciyuan.clock
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device.
- Acquires the wake lock
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:5048

com.erciyuan.clock:pushservice
1⤵
- Checks memory information
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:5115

com.erciyuan.clock:ghosty
1⤵
- Checks memory information
- Queries information about running processes on the device.
PID:5326

com.erciyuan.clock:pushservice
1⤵
- Checks memory information
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:5548

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.erciyuan.clock/databases/pushsdk.db-journal

Filesize
8KB

MD5
244d77cf610be789d6b8dd061421dc11

SHA1
0e3592a9c96bca687288bbae2ebca9c4150adb28

SHA256
eaf8f9eb373361787914907fecc1cbcb16591a3f960abc464631c0aa999b2877

SHA512
827e2554b7c13ef994c3dd9e3ff240aa5dbb24c802e920019efb9518da371fd1ff64b9081edf8536012a3930a1dfd6f5fb9f2100aa5d6d0c194267099062febe

Download Submit
/data/data/com.erciyuan.clock/databases/pushsdk.db-journal

Filesize
4KB

MD5
c58940cfcd05f0fc0f8e0742e20f19cd

SHA1
961695735b8ab8c03eab26940d6472f2a2311607

SHA256
7bd56987afebaea20883d62d5dce166048d1e250ec2af212624d6f388549c12c

SHA512
777667f0390b76b53bba2ea2f0ef0682dd1a52753777743d076f369f92ffa749f1728ac44a18ccb56ccd453e2f893cf1ecc0c5ea3a1d73b8e57198e5c5f0afee

Download Submit
/data/data/com.erciyuan.clock/databases/pushsdk.db-journal

Filesize
8KB

MD5
af7cd05fe7a8c47e3e70c656e4152241

SHA1
aea9e16675b046297722db1c5d68c58d5de5f25e

SHA256
a77f2f341a1868fff21b68f631c5203ae551678fd9ab8d7590ce8fed362f9c75

SHA512
26d3684e81f04acd1e6cab1d399833f8a607c728b73972defee48a815b0f2e2aa67e25e44087528281b591f159b7602c8650331c83231708b7e9feaef342ca73

Download Submit
/data/data/com.erciyuan.clock/databases/pushsdk.db-journal

Filesize
12KB

MD5
91d44dc38c5473ef4cd07c547b840e2e

SHA1
0c69b580804297a5fb3ffd9833a2bc6b6f6147b0

SHA256
b23db735f266ca8cb76b064ead0cb7442cd0318c189026ccc135307be6cf5180

SHA512
f92936cd9911c0def0243cf23dc119669c5e604f641548a36f516b423de83ec7e30e4b935bd4e0e913ba3ea8a8a9aa3d19643817808f5edaa9c03b591cc37bd2

Download Submit
/data/data/com.erciyuan.clock/files/added.city

Filesize
8KB

MD5
500c5ed3b9d1fa13225ad15a0ce6d7a2

SHA1
d1b86fdbb8e1c8cbfa1bc5472975b2cc6632a230

SHA256
e9a58a641a781bb86d7a3600a7aa4aa9ed3f28f6c77ee5b3f3a5fa0b96bb14d4

SHA512
ba498d4775dda1b974dcacc7920d13b3a9e23a6bb989561ee4d9d1ce823fa2afd54a96f560ee7024ebc1e9be216e3e31009ff84bba0732d98c303dcb8aadb30a

Download Submit
/data/data/com.erciyuan.clock/files/init_c1.pid

Filesize
14B

MD5
39adb753735a050601143c83ff36e9bb

SHA1
0b1551720061f5b70f3aae6745e450f0196d6afb

SHA256
6720e4a9a326b48f5fc7daa2bc2c6b147e2e22a0091c7efc1aae25e864ce8c23

SHA512
05de4149e3d03c9c7293a9c760c838eb49ec1b7f24df67fa4f437d3c6fd7575dcd1c1bea570e1cfbe3985c7c826d62915062a1f650ef44f9251902fbba1f6988

Download Submit
/data/data/com.erciyuan.clock/files/notes

Filesize
512B

MD5
dfad96c610cdfacbcbd28b4d23f29f81

SHA1
808862009bf9e7d4b017179c9e09288e94ffa66a

SHA256
b314d89dde79ac5f2f8a173f9acddace711fec7dc9129bfafe898d37682e827a

SHA512
4bc681a28122fb9f85042c7825218d88d262c7aad24562d81ca6f1afe9070dac4cbd9097b1f4e829a4aa778710db6740050c4cf077e040c84de8c7cd7faf14ea

Download Submit
/data/data/com.erciyuan.clock/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzEyNjAyODY1Mzgx

Filesize
48KB

MD5
0cadf159ee11ae64737605a3509f5a5f

SHA1
9e7ad6c91583facbeae25e2fa7f60071d686c71b

SHA256
3d8dc185813e6cbfc875d366df29f99d3bc03cc6e0fa9a0f3c70ad642c182e0c

SHA512
64dbcd6c22b5e89f8cb5cada23406f2f281d37d0290a3e0d25ab1c619ef2313ea1176d42fc82f67b7c423a1a9629c07f1121b37c62b76b0912648bcbed15311f

Download Submit
/data/data/com.erciyuan.clock/files/umeng_it.cache

Filesize
350B

MD5
7d593c4a07fbb720ed0a5c9d066a4d40

SHA1
129e3a5107dd9439221ed1d2ce27de98ebca2386

SHA256
d78baa895dbeb5fb3956e61d093ec819b611da02d5295e47460f7b994e94a609

SHA512
672d9441a9f8ae352c3343f315f0eb2cfc6fe8636f9a776857c4072b4f43ea14beeedec3529aea31b3ce8ce4aea32eb24e7176435bb929b981d5741c7f19d50b

Download Submit
/storage/emulated/0/libs/com.erciyuan.clock.bin

Filesize
68B

MD5
9311d8aca1161c8d1e019465838d78d1

SHA1
07a15b6a593857c0b17aff672e4feead6b6e6c38

SHA256
f4af7a8789d7a9339ae7c27107a5ed2f2a7a141e70a0b2642e78bbbe04e6a064

SHA512
bf6f815bf6e3666869efaffce9387cad12df3774fa49ec87a1abee558e14efb78e4c1f5817b4758d6c5bc7c6a2a98d4c102ca5389e45a56256876075439682d3

Download Submit
/storage/emulated/0/libs/com.erciyuan.clock.bin

Filesize
68B

MD5
1570a0dd6fa8365c623480ab7bf6ddc5

SHA1
75754a3fee72f19e8df517232339c8035e21cf33

SHA256
888547c8bc4772e261da078963deabb63dc4f7c65ba8a4a891acf62e709fab78

SHA512
2924f163417a210116b0dfc6aca14de76a88296686a58b60e3beb4dfbdb82bb216d19f5fe8e758abddcc76803201d9810445f7e0fa4c0beb8a62c8a30f055ba6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads