efa68208cb67add4b04365e03b9f96a4e91ec5133937f3ced6159726865674cc

Analysis

max time kernel
153s
max time network
166s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
18-04-2024 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f70462063b86e7687b5a23d6d1231774_JaffaCakes118.apk
Size

14.2MB
MD5

f70462063b86e7687b5a23d6d1231774
SHA1

ef0dafa005c436915e45b39997f3f7dfd1bcf3e4
SHA256

efa68208cb67add4b04365e03b9f96a4e91ec5133937f3ced6159726865674cc
SHA512

c97e7c942dd98cda21808cbbe9a58d4e3022398724ec97b52c29e688b312b9bfd073bc431013e1f4f01d10854f1d6071c9953535dee47dd7e22392b85bf0bbd1
SSDEEP

393216:7q05VVI+aao+T/nNvoV2OB6VTdZVRINWLTWUMA:D5VVIp7+TMVB25fCe

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery

T1430

Processes:

color.flash.call.screen

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation color.flash.call.screen
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

color.flash.call.screen

description ioc process

File opened for read /proc/cpuinfo color.flash.call.screen
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

color.flash.call.screen

description ioc process

File opened for read /proc/meminfo color.flash.call.screen
Queries information about running processes on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

color.flash.call.screen

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses color.flash.call.screen
Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

color.flash.call.screen

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo color.flash.call.screen
Queries information about the current nearby Wi-Fi networks. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

color.flash.call.screen

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults color.flash.call.screen
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

28 raw.githubusercontent.com
27 raw.githubusercontent.com
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

color.flash.call.screen

description ioc process

Framework API call android.hardware.SensorManager.registerListener color.flash.call.screen
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

color.flash.call.screen

description ioc process

Framework API call javax.crypto.Cipher.doFinal color.flash.call.screen

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	color.flash.call.screen

description	ioc	process
File opened for read	/proc/cpuinfo	color.flash.call.screen

description	ioc	process
File opened for read	/proc/meminfo	color.flash.call.screen

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	color.flash.call.screen

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	color.flash.call.screen

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	color.flash.call.screen

flow	ioc
28	raw.githubusercontent.com
27	raw.githubusercontent.com

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	color.flash.call.screen

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	color.flash.call.screen

color.flash.call.screen
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4455

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/color.flash.call.screen/databases/ua.db
Filesize
36KB

MD5
4a8120c91e3143b2db43971dbc77cf8d

SHA1
37c5700d35059c4e0a718ced73b3d73ba5d2b277

SHA256
1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb

SHA512
465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

Download Submit
/data/data/color.flash.call.screen/databases/ua.db
Filesize
24KB

MD5
062a11e16675faf9efdd64c4fd2da16f

SHA1
c10cbf95410de9d26ac9c7a8f202ce0095e014b7

SHA256
382118b45eb6a4f3c1a29b704cb6985662df76b911c31835aec2024763c14b44

SHA512
7abc64d85c8f5162fa0d7144bb4c0494ef8878c9700850478cf761779d73bfd45cae3264fcda22ca5d9e77d4a519f2ee257245fdb551b618b027b545c9de08e7

Download Submit
/data/data/color.flash.call.screen/databases/ua.db-journal
Filesize
512B

MD5
4f61979934951065bd8b207dcdf18f1b

SHA1
7ad365f0e5b592aefebe5e0d1eb0c9063d5ff2ed

SHA256
d9f997aa4be562137323dc34113e74c1bc063331fda1b78cec7904d1aa86daf1

SHA512
e5d0668156f8febcdfa00cb41e011e73fdd769bfb6a8330795c39aa55db2702222b06f93e10390321e85e51369af85efe35d0c42867aa7d9a820afde765d34e5

Download Submit
/data/data/color.flash.call.screen/databases/ua.db-journal
Filesize
8KB

MD5
7f7d640f548eac212453aa3c28884169

SHA1
3a4fc1ca7f2b003c06baa1113dd48b502070d63e

SHA256
855df17d2eb3a4e8104b9764e76ffc8c33510ab802fd0f5b583cd478da936244

SHA512
7d0d9ee9f07ee39565e6919fd30fabb79a4d9df7f1fd648f596e96e9395d97a0f7464a05bcc6070f33c0a5a20a51cef36d1df1c71432883ca4ab99196ed9c9a9

Download Submit
/data/data/color.flash.call.screen/databases/ua.db-journal
Filesize
8KB

MD5
d946821b16c14dfa1c14c017bee3c21a

SHA1
1a62ff7d4e45b6feb937a4e941bcb12bc3392877

SHA256
81b76739b95009ef8988bbd1aeb6044511a86eee32ee008089e182b9a094c365

SHA512
bba40354358be59731ec124b45099596bb4bf5af65460ccd75d70b70f7d3dbecfa2257b68d2b8c32d84a6785227ddc6068a375e21e02a6a5f67e114097c03028

Download Submit
/data/data/color.flash.call.screen/databases/ua.db-journal
Filesize
16KB

MD5
5429647f890cad313a63df53293f96a9

SHA1
86b3d15ac7fc79e718b19cb24c270d8873140922

SHA256
56c10e1f5ea5abd8593712361c84fb12f0855fa91dfab89deb1dfe1405ddf2e3

SHA512
8ee416e9f34572a24dfa4eddb024849496a3511e8e3f8542ae7d69509c24cf42df215ad83d2fe530ebb15225ad8fb9beca18f3f0a41c9be68f9d29e54d7b2eeb

Download Submit
/data/user/0/color.flash.call.screen/cache/image_manager_disk_cache/45c991de63e0517690ccab2533bb31c901f9b20f53649c4649d919391d0fe262.0.tmp
Filesize
77KB

MD5
eac8bf6207d4fde92829a558a1e4e59c

SHA1
352bda321bea759827d8ad3a4cd19b0d159b83ca

SHA256
4d25021919d83fb397692d2a7f8ba44827c65537272d1757f606d1610beab8f5

SHA512
0e4c387c6c1fa7bf4b1eed0d1ae5e1128e0400e0ee7342f6f8251bbd5ba32d5c8c6eb6fcbb3a7b25b3a0c38b6c229e65d63504e5bdfc05a5d7e240c40fa40289

Download Submit
/data/user/0/color.flash.call.screen/cache/image_manager_disk_cache/954652d67f40a2a8259488a20ae30f1ff08affce32ef56c296a13a13f541faac.0.tmp
Filesize
81KB

MD5
cbd0cf090248c5b81d9d92a8af626b94

SHA1
99c4cda10d95ee2ff4e5278cc60d348f2f7b6087

SHA256
e6800c2eb8f7402e14ab63c27361f92e716534a877a51433a486af0030ee8f58

SHA512
4d6e873ba1d8a4a122a08918a3ad50d60bc86a859db54315871ed222be48bb5d89da20cb9fdcca95f939bb612dbcc18cd1180a6467d237c040b068eadd6adf30

Download Submit
/data/user/0/color.flash.call.screen/cache/image_manager_disk_cache/b67712f885342d1c4a9a896fd1e807fa603f91ef796765c04c52d3a55173a7cf.0.tmp
Filesize
77KB

MD5
442389012d65f444a5a12f9e60f553ac

SHA1
d73e54a21a82de988033de8947b72154989cacd0

SHA256
9117714b0a7d0468bd8959d1efe03e6e3faed71d5c9bf4b4507a68af37752e56

SHA512
42c1c5395d463e3b3f9f5bee528ca71344288188f45605f2a4ee3d9b93f1f332c597e8c2b21e6886cc3ae6f76989267f2e1e0ab0426dcea46b5eb85f2153b9ad

Download Submit
/data/user/0/color.flash.call.screen/cache/image_manager_disk_cache/c9d493e97e5b6594a86568b37e21ae3aabcc7b8334466d5cbfc74e231e270dde.0.tmp
Filesize
71KB

MD5
3fad2381c954788b6189a294fdf216cd

SHA1
2abd793479129be40c0c10f97227e584bb76b91c

SHA256
98c233d6e823dff7fad39a06ddd53f8432f58312a8726eacf7dc78550c93500e

SHA512
9cbfd3097c1206178e15bc68d78e56eb63a24687e9e07a2753d918cdc4f57f9bae0777f3720bfae6de130fcede1b3a490d298bde631d2b23e498dd24328d4768

Download Submit
/data/user/0/color.flash.call.screen/cache/image_manager_disk_cache/journal
Filesize
623B

MD5
80154342053583ce2f1cdd3b0cdf0bf7

SHA1
2e8d44ee514a5aa2ad4ad5d4d5bcc0db20d7a911

SHA256
c27d0554b76ed445d39c7015132e22bdbacbbc8276383306889835fa819d120c

SHA512
b9266728722b63999349e6d0d7909974dff64724d7bc0dbec9cb857bba7acb85a161d86b1c19a93f2fc986ce4d35b19d5befa7bd92f6bf07b27379c3df9dc1ff

Download Submit
/data/user/0/color.flash.call.screen/cache/image_manager_disk_cache/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/user/0/color.flash.call.screen/files/.envelope/a==7.5.3&&1.7.3_1713404586504_envelope.log
Filesize
1KB

MD5
a550afc1e6a7c07639ce58a8993acbe5

SHA1
9ea5a0d4e934e0e042d72d792397c9cca7c91956

SHA256
234526d6e46a8ebc7d8a5bb92f8def58c3d771c4a01803859106e3ef17cd8054

SHA512
23dbb31a11f4c9b3f9393cdb71a5eb53781938d42eef339111d04b3836517be9c2ca6e9a929148cf3229041a0c8755c2ca403eebb867d73012eafb8948807783

Download Submit
/data/user/0/color.flash.call.screen/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
8072294fef684a695132ef0f73915a0e

SHA1
2cd9bdd96a9719c528ffe9098fe49c6daa97f8f0

SHA256
676676cce077d9b256777ea8705ee1b0878ecce670ab27199ff56393a1ecbb84

SHA512
b838fc38f623ccc0e05e4143ee84a7ba7e74ca5a7cccde3cff3dd33b13ec23e302835b877939b1bed1619fb7fdc778e4bee2863b4127dbeea64331c3ad0416a9

Download Submit
/data/user/0/color.flash.call.screen/files/exid.dat
Filesize
56B

MD5
92748f62a0fa67da81c48c759c452d36

SHA1
9dfe2a2368aed3cdbdea76e3c585efdbdf35862e

SHA256
16a426c8f0035fe3fe1bff5a665eedd97ad68959748e752be3f5adf64153b152

SHA512
d5d97e2de4ca5c3b01d1c4940c93337a3ba63e0796454c703969f1a3c0cb590872f41408fcf46a677ce9b567255efbe2ce04cbba4a99f6ce33512eb9a25f9763

Download Submit
/data/user/0/color.flash.call.screen/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzEzNDA0NTg2MDE3
Filesize
1KB

MD5
24106555dd5dfd56624d0526fc22f138

SHA1
fe5b29514fd939f2d2061482107460896c380139

SHA256
7aa0c85e1a7f3e7ea1477da3ae1c6758b8eb3541a3dfc0ea18021fe8d4ec0541

SHA512
85fc8232216b776c358fc032e10931d18b2b8fce4f209e14c08ff5aeed93dd6bd6f523edd81d0b90e8419d1b3cf1cb182533667f5a7382dacd510a42ec5bdfb3

Download Submit
/data/user/0/color.flash.call.screen/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzEzNDA0NjE2Mzg2
Filesize
1KB

MD5
b7ce780d9507c63001571cb260a47914

SHA1
8f2db1ab354e16fe114b42d00d8e72041d872374

SHA256
817eb97db7af8e9613af7f658b0901acf036f91e393aab190b260b4584f61067

SHA512
945c936c29a7b21eb204bbd7fbe6f5148b41699db66ef944bc2f3c1934335b7aedcd738c6ec5bf64a33e6f3d2c6b5ae364a23159edeaadd098825b77d83bbbee

Download Submit
/data/user/0/color.flash.call.screen/files/umeng_it.cache
Filesize
350B

MD5
52b2442a627f7d858da64433d9ea34a4

SHA1
748eae835e7abaf74e031f9d17cb8fdb772d610f

SHA256
27692e57e45407695c35c1ae90b8c0d775c941552b185f85592972df8bad8adc

SHA512
0c8b91dfa49ca34238463a4cd6b14c484b31fc3e3e999458c11387c18210505585c609c2da8e2d26173bceeb9ab0845e94f4164518369168edbd70f893d1aef8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads