8b78ea098d13765cf4a5b4894bd3406caf5a05b365bf35529188fb63e35de702

Analysis

max time kernel
150s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
18-04-2024 03:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f72997a24b8f6922826b2fd7ed43ccdd_JaffaCakes118.apk
Size

1.6MB
MD5

f72997a24b8f6922826b2fd7ed43ccdd
SHA1

131bd1ddee5f4405a3068e29d72800cac30c3c8a
SHA256

8b78ea098d13765cf4a5b4894bd3406caf5a05b365bf35529188fb63e35de702
SHA512

0bec0be3f92d6de9fc7dd58da7dae4a862cde7c72564add3593240a9328c1b5ceb4996a4cb46073e3cdd144f851a1cbbafa7cec3c172d4977fc3f31ac6ce2a1e
SSDEEP

49152:fzHGwzHGjBy86fpFuKBvQ7Lxl98Tqapu8zK57e/:fzmwzmljgpFuVpl98A8zQY

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery

Location Tracking
T1430

Processes:

com.my114.my114shuzhibao9698wap:remote

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.my114.my114shuzhibao9698wap:remote
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.my114.my114shuzhibao9698wap

description ioc process

File opened for read /proc/cpuinfo com.my114.my114shuzhibao9698wap
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.my114.my114shuzhibao9698wap

description ioc process

File opened for read /proc/meminfo com.my114.my114shuzhibao9698wap
Queries information about the current nearby Wi-Fi networks. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.my114.my114shuzhibao9698wap:remote

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.my114.my114shuzhibao9698wap:remote
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.my114.my114shuzhibao9698wap:remote

description	ioc	process
File opened for read	/proc/cpuinfo	com.my114.my114shuzhibao9698wap

description	ioc	process
File opened for read	/proc/meminfo	com.my114.my114shuzhibao9698wap

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.my114.my114shuzhibao9698wap:remote

com.my114.my114shuzhibao9698wap
1⤵
- Checks CPU information
- Checks memory information
PID:4213

com.my114.my114shuzhibao9698wap:remote
1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks.
PID:4373

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/baidu/tempdata/con.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/baidu/tempdata/con.dat

Filesize
168B

MD5
5d91ba8100f4cc86eaa88bd3d75e21ab

SHA1
548fb134ea0e8e47b773cf43061caf16e678d585

SHA256
b2cbdf02556db357e914a7cfbe12aa1049a42727fb212f79d0d1a84ef937a078

SHA512
80863ece1ed101cabaa7d796196aae018f41c0194d44b6165ff00e78ba766440e4d9f6a46329bf81a254cf28793bb133779637ea14a292750b212d34cb40920f

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
512B

MD5
9ece93af680d93648dccf3d2465bb1eb

SHA1
f6396fe46c365213e687974a96fb4b720ca31c39

SHA256
82dec1be9e4ac2a8b5f55666f99205688c9b24a9cc5441bf78bc5ea007b1da7a

SHA512
ae85f2cf92ec1b9f7b0bbae4be12fd73ed5ee760a4eedd09edf2b4e67ff212763933b043d54fb2690a1ec53e108fd4bd263eded3a31d524b3a5e09ec320c1ecb

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-wal

Filesize
32KB

MD5
050f427f38955fc025e51ecfc02293e4

SHA1
41af49b7c789f8697650d64cc54a980f6349ed01

SHA256
e5d6dd56ad57ab6261587d847109326f85b6e5bbddcd85ad5e292c9e5a0cf583

SHA512
613378281303c8d4189b36df2bddfab817a3ba3926990cb3c362f5bd2b16611ee4bc140b14f8473b41186ba40d98eb2cd98db4a61046fef3afe4b7f27e33cf18

Download Submit