cfcb1a5a40e6a0b5f85d34e48c223a608124b478c117681dc47b3df2c244264d

Analysis

max time kernel
6s
max time network
140s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
19-04-2024 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f91e82665d80cec11d15f4431bc8d8f2_JaffaCakes118.apk
Size

2.0MB
MD5

f91e82665d80cec11d15f4431bc8d8f2
SHA1

783ed7e86bbef6f2ebd0596615b5bc6d8780dc52
SHA256

cfcb1a5a40e6a0b5f85d34e48c223a608124b478c117681dc47b3df2c244264d
SHA512

0557324ff4d9be6fcfca70ddf996278a2d531877181dbbc6a59389784075c6e84124b376c44ba55e9fc970852b31ab478052b758e52d88e2483c6dd789a88c3f
SSDEEP

49152:e/6X+yQ1536YUWR3OknEAUhxdZXRQ1dugkg:Ui61531m9zSz

Score

7^/10

collection discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.fiash.video

description ioc process

File opened for read /proc/cpuinfo com.fiash.video
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.fiash.video

description ioc process

File opened for read /proc/meminfo com.fiash.video

description	ioc	process
File opened for read	/proc/cpuinfo	com.fiash.video

description	ioc	process
File opened for read	/proc/meminfo	com.fiash.video

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/UmR4ESARQw9bA0EP.zip --output-vdex-fd=97 --oat-fd=98 --oat-location=/data/user/0/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/oat/x86/UmR4ESARQw9bA0EP.odex --compiler-filter=quicken --class-loader-context=&com.fiash.video/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiash.video/filespushplugin.apk --output-vdex-fd=93 --oat-fd=94 --oat-location=/data/user/0/com.fiash.video/oat/x86/filespushplugin.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/UmR4ESARQw9bA0EP.zip	4591	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/UmR4ESARQw9bA0EP.zip --output-vdex-fd=97 --oat-fd=98 --oat-location=/data/user/0/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/oat/x86/UmR4ESARQw9bA0EP.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/UmR4ESARQw9bA0EP.zip	4467	com.fiash.video
/data/user/0/com.fiash.video/filespushplugin.apk	4648	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiash.video/filespushplugin.apk --output-vdex-fd=93 --oat-fd=94 --oat-location=/data/user/0/com.fiash.video/oat/x86/filespushplugin.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.fiash.video/filespushplugin.apk	4467	com.fiash.video

Queries information about running processes on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.fiash.video

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.fiash.video
Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.fiash.video

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fiash.video
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
collection

T1636.004

Processes:

com.fiash.video

description ioc process

URI accessed for read content://sms/inbox com.fiash.video
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.fiash.video

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.fiash.video

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.fiash.video

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.fiash.video

description	ioc	process
URI accessed for read	content://sms/inbox	com.fiash.video

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.fiash.video

com.fiash.video
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Reads the content of SMS inbox messages.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4467

getprop apps.customerservice.device
2⤵
PID:4572

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/UmR4ESARQw9bA0EP.zip --output-vdex-fd=97 --oat-fd=98 --oat-location=/data/user/0/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/oat/x86/UmR4ESARQw9bA0EP.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4591

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiash.video/filespushplugin.apk --output-vdex-fd=93 --oat-fd=94 --oat-location=/data/user/0/com.fiash.video/oat/x86/filespushplugin.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fiash.video/files/tim/DsWAH7HH4-WM6CZkSa5RgXCG2Nc=/F4QcGqYUmtjt7nid8zzSqX68EgU=
Filesize
309B

MD5
d9371cba2aa6a3e5d391a41f8591369e

SHA1
911da7412c9a74a965df4920672b9acb04fe1762

SHA256
a4f0aa13ec635b003e74b69f20a49de24d3c490cada78a1121cece9e2fe47cdc

SHA512
3e768f5b368464cb09dd4719e435e24e54e1b2be4e1e3480aa7ab0cf3a39bd461d874bc0217c4e93e9d0d5effd91a685dbf1721df79acf74e28a6b83f8c57837

Download Submit
/data/data/com.fiash.video/files/tim/DsWAH7HH4-WM6CZkSa5RgXCG2Nc=/Q6SoI48vGt6E7NJX.zip
Filesize
3KB

MD5
e1ae6c1a693ffd311c5d3358204a5b65

SHA1
d1f96310216182d398134f1804d2cea68c23389d

SHA256
6fa0a1abe959bd8374e5371555233b0730739995b2d59265f30a1c38c0c73777

SHA512
cedc4d8a21973c3f5c112d23a724c496248809703b8b7f466b871358e97aed9b726767e0b913e241fb251a06047fd395a9034fd8d9e90b61e0cd788b14cb5be4

Download Submit
/data/data/com.fiash.video/files/tim/DsWAH7HH4-WM6CZkSa5RgXCG2Nc=/e77DEMA7B7Csg5vqZqZvHg==
Filesize
381KB

MD5
11f5d336138d0fe4cb2d939c00356941

SHA1
1f7cebaba76b4c98e793e23b594e66aa6f5f7c2a

SHA256
d442c57a3317657a4d4bd52e780383058289f0100b4b139ecfd8ef5fb8d49231

SHA512
69d437c284921a63f9d4b18908c466905e73523b4599a31921e9ed3210a01aa73930626b4ce44e1c01f6f337deac678fdbdb5ebf5cdb40c9d5613fd450665281

Download Submit
/data/data/com.fiash.video/files/tim/Gj9FCFCVDMZEpfFyXo2emNlosUY=/data.dat.tmp
Filesize
351KB

MD5
38f8ef336ad58ff25497a15a564e26b1

SHA1
c4bd6765cb0896490faf607d65984323d46ee65d

SHA256
961add961f443eb1d75480131c08ca330863cd85a99d9bab1c71f28a05f878f8

SHA512
391d26149c08e52c7e803652ad5a7c251f18bf67243d7858c0b0aa040ed16a884e6638c050a02c0173f86f51f0403ae3d7a4f1f4e0ec8e4d5b142ac1ea57ba4f

Download Submit
/data/data/com.fiash.video/files/tim/TzxVa9cImSXWY3-DX1e7lhQh2-o=
Filesize
85B

MD5
4858f61328fa0636b6b634475d27a459

SHA1
bf5ec1b0936a618da680f252830a6e0c0ab7a140

SHA256
06f29c04986d6fcc7da266598d3fef3b8a4b6c70f9474e03c2eaab633115e088

SHA512
9eac3c18814177fa223a4bd10f9c9677419ffd1ed4aea3571deaa9207b1e680954c3836bebc939e0f0d603c3a192e89b60b6588bdc885e5fb0432a01daa19787

Download Submit
/data/data/com.fiash.video/files/tim/TzxVa9cImSXWY3-DX1e7lhQh2-o=
Filesize
96B

MD5
0738109a02208d61a48e888b2753925e

SHA1
9dd5c1724b023f53aaaa86d02867d8cb628f08a8

SHA256
6ad6ceeb0f161f47bacb11806822ef9a6c720f1b425182a0ed4fbd3dd8b13060

SHA512
c96a75e9df83e5333010dd99680e1ceb30287d7c475bd2854184b3210b569df7c78a8f1a463608e58ce6cb0a827677b866f96c9f8554cdd2e0b5e3d69aa0ccbb

Download Submit
/data/data/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/lib/libtt.so
Filesize
11KB

MD5
39b6ac5154df77bcc92c9cb4c76560d0

SHA1
b985bd345461490ee6c62548a87d648413faccda

SHA256
ab50dcbe107ba99a5065f674f1b4b48bf3d83ff3f0b256e68c502ae483dc72f3

SHA512
cb1dc48f50d9ed016f75b03917e9a66d2a2a9ac751e069063a9cbccc8c76f5c32223795c77aeadfc21989d700fcedd718c9c70e878a8a3962e1152bbce005e02

Download Submit
/data/data/com.fiash.video/files/tim/zImbgVVxT9gLotLoQo92Uf2GrgA=
Filesize
55B

MD5
962c60a580efa123485b89b7f2e0f8ac

SHA1
884178f03feff2cb0ec931299f312bbba15d2d78

SHA256
58382d80fa428f281c6c578d3c7d1999b241f6c30762c5005d16fabde1bb999f

SHA512
2b2e8a7b33152d17ee7314a938d409f3eb9b261aba5d180fdbb4ab04239f69500f4c0aacb8c2d47167d1632ffdf1732257104c2549e6e9889bd0750b2f1921c2

Download Submit
/data/data/com.fiash.video/files/umeng_it.cache
Filesize
310B

MD5
9c5d15e1fbc1f91212fe0408224026bb

SHA1
72b7e31f972f4e3cd6bea9e8f7bcdf930308c9fc

SHA256
ada7ef38772f9db2047ff43ad66290b7ab3d67aa40282071d888e930c7553722

SHA512
7dab7c454091aeddbe637d482d602e5bbd6f5a27c9bd4d0b0b59af99b5c62c9c9a570a532da2a9661e30b332a5192ae4c8df1413673bb1d28c02314ba28febd8

Download Submit
/data/data/com.fiash.video/filespushplugin.apk
Filesize
68KB

MD5
1cc2bda5b2446238ddd1047ef0688a03

SHA1
90886b519a020b36598b6b6c3b0bcdd3249fabbe

SHA256
46d87a2ed30d8ef57cf2c09b17cb6351fa12f33cd67b8832663732c346ded902

SHA512
56dafc0d4c8d60b21da05bc44e2d9ecc86bba6624f7036c9f1018478333545e0f5348506f655b959087e5144dc32921e9b20697052409aa8a6b6b2538ace0c41

Download Submit
/data/user/0/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/UmR4ESARQw9bA0EP.zip
Filesize
616KB

MD5
c95c72a944ecd9c6bf437c70c4c5b2b6

SHA1
7778b2d7e4bc09968adf77e25c830b29322cc927

SHA256
78556f38b32bc6df1af8ae5d868665971cf53fc560821613fbaf9f52cd7f1c35

SHA512
8513e53866316b4d9f2655996e1c11f3b989fa09f5ac998b3a87b715b30a7cb7820c7c764a8a64c3344a91fb2a7615eb196f950f69a643593d927b87fa7ec332

Download Submit
/data/user/0/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/UmR4ESARQw9bA0EP.zip
Filesize
616KB

MD5
8e08b2043b87bc0b45b0e8fbfecf0639

SHA1
77ab3061ae96c8f28a6f4c75c4fe63926a63dc8c

SHA256
a81996c9134aa61051dd666ac936bf32febcb7b7afc60fdec83874edb51b420a

SHA512
d8b0bbd6e63588c38344b35efd4ba51f798cc0db1bccc47c88ae9597b6e1c350cf3ba1754e3226d2fd5ede1e3043d5f60b927332e3d8caf0c4b5e8120baf3ac0

Download Submit
/data/user/0/com.fiash.video/filespushplugin.apk
Filesize
158KB

MD5
56c69f89497e65ded91a74bc51eb1b3f

SHA1
f82df01ff6b95ea06a0d9e9926b1b7a515964763

SHA256
b22ed43090b7c213e185fd13bbcfa88a7c8b80b538000935cd1944e649d88546

SHA512
d05ca799e2e17cf05e2faddf85734eb68a1c7f608ecce09d43a0422f41af537998e284f13d0607cec2323348eed01064646c1cbec16e216581733049951947ab

Download Submit
/data/user/0/com.fiash.video/filespushplugin.apk
Filesize
158KB

MD5
d32e54343ff8e5e2e44332425d6fe58e

SHA1
0af3ad92b5ce7813f8faa152b7ba3e07f86b6ba3

SHA256
fac261da91bd50c1e8b543e060917fc682c9221b494317a552e4c5ef1d24dc6e

SHA512
a938673cffa71abfbeeeae222620c0b252e231c2b7a0c08abfbdab85043f574c1023812e53ea797ecc850744d492737cb63c9b391e43fe74e46d028a6f0a4caa

Download Submit