1c562ab4f8581e531f095cc915088cb07281793a1d65b039c0334c25bfb6367a

Analysis

max time kernel
36s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
16/04/2024, 03:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f28c17937d2389de4824fdb9c15145d9_JaffaCakes118.apk
Size

3.7MB
MD5

f28c17937d2389de4824fdb9c15145d9
SHA1

a3a42791d2c5556f145ac283bda1d9e444120ec5
SHA256

1c562ab4f8581e531f095cc915088cb07281793a1d65b039c0334c25bfb6367a
SHA512

f1a667e2828c8ce6d60fe158d5d0cff791c69c763166685ecaf6aa1ca4d12a31a77e279893c52422edfe9fc9be68fd1b787f96204cc7f09c6e7c0cbc7517c4c9
SSDEEP

98304:e6pZyMrSE43Lzzr/1VVr/MT7I4iWL07My9uO4dIzwxRt:WMrSN7jZ/MT7I4zw44v4dIzeb

Score

8^/10

banker collection discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yht.shishiriji140003

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yht.shishiriji140003

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yht.shishiriji140003

Queries information about running processes on the device. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yht.shishiriji140003
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yht.shishiriji140003:mult

Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yht.shishiriji140003

Queries information about the current nearby Wi-Fi networks. 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yht.shishiriji140003

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yht.shishiriji140003:mult
Framework API call	javax.crypto.Cipher.doFinal	com.yht.shishiriji140003

com.yht.shishiriji140003
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4306
- getprop ro.build.version.opporom
  2⤵
  PID:4458
- getprop ro.build.version.emui
  2⤵
  PID:4478
- getprop ro.vivo.os.version
  2⤵
  PID:4500
- getprop ro.smartisan.version
  2⤵
  PID:4531
- getprop ro.build.display.id
  2⤵
  PID:4561

com.yht.shishiriji140003:mult
1⤵
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4414

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yht.shishiriji140003/files/__local_ap_info_cache.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
/data/data/com.yht.shishiriji140003/files/__local_last_session.json

Filesize
101B

MD5
3985e88d8e2fa89757d87551b91b0d9e

SHA1
3f22fb70bedce387d085cab0bccc414907d6e237

SHA256
2ab04f2ebc61fce6884e37ec87dd4eb6e19242e96e31b67a78348ec1f79bcb24

SHA512
bca7c9b6f55a2e7220a03602db17478036e4dd3ae9cad3d91dbbb7413439870baba68de598d2758222a3c87dd45627d87683bf52f431adb3248e09efe1e1c440

Download Submit
/data/data/com.yht.shishiriji140003/files/__local_stat_cache.json

Filesize
624B

MD5
79f5f0e4c65f6ffd85493c340802e921

SHA1
7be2059a77dd7f2707598234f8438318197c835b

SHA256
31afb189069bcff74150a84dc3301990d85187b5b4bcbc9f8425b1659fd24e15

SHA512
3ca376dbbf4c54ae73b4313752ee165e41500d5019e2ce36bfa0d5d386cbf53282d7d90d1a5a4990e78fbc41ba0728c56ddeed8902e6e1c5e55b6b14a7201275

Download Submit
/data/data/com.yht.shishiriji140003/files/__send_data_1713236928115

Filesize
800B

MD5
5554de3df7185756c4800d369cd96bde

SHA1
3e3a708243387c79210d14c2be9fa6ab8177cbff

SHA256
94534676e5e07580d147ddbcaa87904c2e2d7a1d8fadd0603fe40c3521caf513

SHA512
f5fe1518b4c38edd38b23cbad4471c7061f6349b5b3781aacde5c5fd6ca953eec7292a4376dc45f617100d041a37a9505d8b40f23cc235224e88d46f53bec18d

Download Submit
/data/data/com.yht.shishiriji140003/files/libcuid.so

Filesize
129B

MD5
85a752891dfe2188c2f954d40aed156f

SHA1
6c35400b0b3b9663d9e617f09f82660cde4a4eca

SHA256
8bc1f78ce6d092839b3328752fb6d21f7d969c4c3ff4662f8fe85bb3f39a93af

SHA512
e5134612bbfd9714c2833e4285d818cf35d03acf7820617220f0afefae876d602f616cb55514800ace7c46c17538766645d38f1b4d550d229e9492d333932e13

Download Submit
/storage/emulated/0/Android/data/com.yht.shishiriji140003/files/tbslog/tbslog.txt

Filesize
24KB

MD5
d0006a019cc39d1f363d3816ac397f27

SHA1
6052c759ac041fb347673122c85c9ebccb0218f2

SHA256
eb6adf3aa2b71a1d8a8b9b16bc198aa3795283ef89ae8d8d2ffd9f3de6d6f287

SHA512
62d7052558274c5de75bb4cc34e6faa1a85376028a923452d86ca56ba740d2326c92811e677789c19f15970d5e1c203bed56022a9356d52a07736e6e7a000524

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
20KB

MD5
249e034c9703afc1fd6062371c7f3da8

SHA1
9ca489179488e0fe5a35f7c0d5887f163e4890cd

SHA256
18fc5cf216b05487a87be99a662e7474bd54120f214e034b3179f40ca989352a

SHA512
b819b152548431c7892678ecdf23abe44cbdcf80e8f22707ab32a2aedb5356346b27e3c3e750665ba893d602af1c7dcca97edbac3c820859a0fc20714c22c0bd

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
24KB

MD5
8c7f6e3b52e6e841b895bbd13644ed43

SHA1
ec8daf46a7eb99c75ea1ce8582ef77b2df8455d2

SHA256
6615188d5d8fa77b44fbae7a249d073b3623316e7489c5fec95fe53188ea467c

SHA512
cffafd628e62fa915872796ee02dd8119cfebd6811291155acd400986ee5d34b244ab3b5d0bd386566724205771f665571bcb04950d390c5c60072fdb90c5280

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
24KB

MD5
b5b5cc4cbe251bffdec63fb3ee1f9773

SHA1
b27f373aab68dc0754340301f0be9ff376182885

SHA256
b88db386e0201081ea4135dcad63256f2c069d79c767fc219a71e04f6901b78a

SHA512
ca4c5fa8acd434be2ab7ad12e11fa0b4767ea0b0816c705f7bec0189d5d727d9fafb515a22785fc7a5819caccac861c4d1c761f47274422958c89136d640a873

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
24KB

MD5
44b09b1a198313c9f1a9e8ab8164f413

SHA1
c67301d144d1ab5615464a985ac3ab9891e9aa66

SHA256
a1869a3475265b86752a7594b692c468a03f758acfca931b4b716e2a815957b9

SHA512
e658656b747d56e920a2a1fefebfdd7ac14b99c61ea3ccf5c4076f8bfaef10d1380b585d85c1db1aea878c3629bd3a15a2a7e80aa62672619189e8906e1a041e

Download Submit
/storage/emulated/0/backups/system/.confd

Filesize
32KB

MD5
b256d0d3c380ad8b98b8d810505e25de

SHA1
010c56c47438d4747c91cb48c3fe58fd1e7dba80

SHA256
3adc80171c2c95414c4a213160cda0c718baa8a3b072345e161bbbf0d7e581f0

SHA512
17a95ad589e7e6aa4f39844744bdaaed71001375b765c4e60d43871acafe3554f1f7a8b3be7e970565157bd24613ee9f27a0f4ea21f725433162477b2b473c0b

Download Submit
/storage/emulated/0/backups/system/.confd-journal

Filesize
512B

MD5
b526d215d2c5eb9f331adf53616bfc83

SHA1
767f5605a3f82e4ed1b50cfe0138d18a4cea4023

SHA256
db4a52e88c9b02cfd78b15f8656cd7bba497869d275ae1805079644d39963ffd

SHA512
451b92ba3d579fb395c5552edaff6b99e3d67f18845a74d46591d55cb32af58d45b7ef464b27cb10728ca64b406905a3e8c52f82b80eeb3db123c77d8e6c80e5

Download Submit
/storage/emulated/0/backups/system/.confd-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
36KB

MD5
f00bbf1a92931dbeab58b2e966b1284e

SHA1
f0f5ccbfede06d63158b66dcc66cbb999d7b47f7

SHA256
9c4c12aff279c588723f140d2b4b31def6312266d7284acd42644319aca4c8ed

SHA512
1d52f46e1e4976938f86e0e10829c1e53435eb19b47b77e7587ff69d40e16affa29488c308d80c45a013568821740616d380048800a6c0d635d1fc5aa4af41d2

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
12KB

MD5
a22aaa368f55d7803d381db084b36ecd

SHA1
2dba544e96bd77acb75961d2ea1408eeea00b0df

SHA256
63b4e0b2e85ba76c9d978e035771e6c2e6721cd220146bed81109270bad38c02

SHA512
232bc7ae158bad2cbd5a5c3c25cd9d149baec684a760128a81711305b0232fd61983b47bd30b47177d85738367d7bc004fa49f9ebc912b50b75c2c370842da4e

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
8KB

MD5
d928ffd4d35db728dee2bc53a1fa96bc

SHA1
bd1cf38ee484d275569a8d918aaf684c7cc816b0

SHA256
580221083c378cae74ef69118b1e2cc4f5b224d5f8fdc429464b9e8301f2797d

SHA512
b3483edf063b96bffbd54fdef22f607c833d713e68f1b00aeb984f1c5af789f0639bb9a783554003df1528c09988b47380dab65d80c53548f967f9def01c8088

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
8KB

MD5
b1269819e9c6c867ac8e04b8ed61f6ea

SHA1
4e8b3f796e8d07c8e6ea45cf7f84116012b1e720

SHA256
b9e96bfdb45da1a3b0673338899beb781f9c6d2618834984074a551135f6ee9f

SHA512
f2f9e0b8c7bde1fbc1ccff503bb3713720c2e57eaf8a36ece22679bb131ab680994023d8e89aacc83c5f464ab9fdd35d1fdeba7e81dcaa76b335eb4ef466474b

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
12KB

MD5
6edf89afcb42f8a2be9faa4711d21819

SHA1
db84aec7a6e205dd1d8df5e7009ed0cae207eb0f

SHA256
7880245becc294c3f0bafa7def0018038b3d1d05f83f7d99ca2f2702c1882b08

SHA512
c34e8a8cc6334916347cf697ab94e3c0a34dde414d3322e0ea853d8fb0510cc3de7d9156974aad1ceea6fd020fef763dee491c29a4090f8f08cd5e87a426eddf

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
8KB

MD5
8d17a0b07451e1fd17e866651d2fc0d4

SHA1
2cd033e88804a5b4cfe32588c9af9975222f8383

SHA256
fbbd6a9944b6788468f2da3743143be762598d442e654002d50313c53fbdac6f

SHA512
b4e135573569bb899e885a6fdf3e78f429796d8b7b244859b42130312cd10447c75f9a0082bbaec1e45c0d13683d09fe537aa026bfb4742cc0a4ba04f2b78c74

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
12KB

MD5
2c82c56d9b967ffecf718b6c2886fbb7

SHA1
1226c36326bfa3ed2feecc34e7d9729d566fda43

SHA256
89b1fe8a04278f2a9afdf242999b8888a9008be4dfc0a1f1887df2db4cb48a26

SHA512
02548534e8c174b11f10dce2f88d8e6e54eea28b9ba0e480395f4256b549f4bae2a9247c6b1a9845d60c13cac1d5ff43ad67a9cfc1ceaf5a9810fd28a6ea1c15

Download Submit
/storage/emulated/0/backups/system/.confd-wal

Filesize
8KB

MD5
913dd2fff7a83ca01384865aef44bba6

SHA1
feb14a45084ec0653416ae9c3fac92f540afb569

SHA256
4fe005c5f2bdb03fecee9d725a64c77526554cce3adcee5b43ece473434a50b3

SHA512
65ab149ae560c89fee93501043812ee60efb212b6db791d1251e61ba48f66618fab234e2e450ed03b1b870a2f5c933c157e1104a0e7f813a265edaef8ad05178

Download Submit
/storage/emulated/0/backups/system/.timestamp

Filesize
25B

MD5
f805b6bdfcaf0ab347d3b28d5e19d188

SHA1
a7ee961897db1c4941ff0d58eaec02f7f50f9733

SHA256
8dd6cdc6485607453719dd827e9f9c06c636b4dddcbe2026d169ef5616ffde70

SHA512
34f068622b8fff65fc7b8dd2059100d28ad6c0eb1d437ec02fbd50664f67d23fe0ca4b29893a8d9c9452fc1218a6790c37c0ac92e855059abc7741124df67ccf

Download Submit
/storage/emulated/0/backups/system/.timestamp

Filesize
55B

MD5
2a8aa6984c83025e661067d6b6981378

SHA1
26abef98c4861009c940e46330035ffa405c4db9

SHA256
8a16071632dfe2702cb3b0682fa16cd70301fbf76354bdd5129fec14a3c8ac9e

SHA512
d14349d3a3b574be4a7249fe7e55f027c5854b7cac79741c39068a1f51ed39264b9f7855feabf7496f723e2e519dea2dfb4ca40a7f0e55168ce349830cbb2712

Download Submit
/storage/emulated/0/backups/system/.timestamp

Filesize
84B

MD5
4d5c5b1b561690989b4c8115707174f8

SHA1
7f7c555b7bfd08caa46740d932b0de1724dbbea6

SHA256
0e5c8cf0377db237b984fc7e48b757805af0b28f28e90fd687b436978c948dd4

SHA512
83cfcb648ee60f2cf4cb46d91d5ea8e2db77e1494b7cba9dda29edf9bf801306279b45d0f053028cc95b04c09dc7c85a5e598d3c38a84e58acf6b64f6fa89ba7

Download Submit
/storage/emulated/0/backups/system/.timestamp

Filesize
114B

MD5
3e9ae319c18c6c1503caf72133016a09

SHA1
72601d2f44b46a9965c74d6332685676749a93e5

SHA256
5c948ee4ab5bd061a8d5d4c8dd267fc328f77b8022ff852de04b2d86ef3d2de6

SHA512
654f98eb299e97ada98dc7d13bd0cb8a67064097106168618dbe8bd35c73d1d4ef44ca9a897b531ae611d24d38d7d301cf4b0897a122d961eebd17790d15cc23

Download Submit
/storage/emulated/0/backups/system/.timestamp

Filesize
138B

MD5
af2930bb78e91971a7d518c703191c9d

SHA1
3596af0b8c07fb7645afac5ecf0ca059e4022fc5

SHA256
a32ea96dcad13c2f3b1c097706dce097b9c5762ee3964472054e303f86d2fa0d

SHA512
9eefe3bb1386b46631e5cd053f603754c9ac2dd43a924b404e009409159ec962940fdaf4e4d5e1da81cbc2b3e56ba888f757c2b897a06f446eda12a25dd35a8d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads