5efecd60dc593b93b62a412544d11ec14ba812b59cac2959a58b7210f6b8dbd3

Analysis

max time kernel
139s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
19-04-2024 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa6d8f2226f4b8cf0a7df44830833a83_JaffaCakes118.apk
Size

5.5MB
MD5

fa6d8f2226f4b8cf0a7df44830833a83
SHA1

f8b2af056f40c65628f08d6304eb4ffbc9f05bd5
SHA256

5efecd60dc593b93b62a412544d11ec14ba812b59cac2959a58b7210f6b8dbd3
SHA512

0b9b332b905849e88c8248089e48817f7f885017b39c10543449b4f37539a40e28b72d6b2d9aeb013288f6cd1dd5bfcee1cf2809ed6c06aa39ac1523201fe1c2
SSDEEP

98304:I+HZhtigMxGiR6vicTR4NMPZADST5hGRNbo+t0RZJhHyXi8nnCBQ486HY:I+HZhAgMURUWCSWRNbo40RZJhwZnqQ4w

Score

7^/10

collection discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.sbai.bilian

description ioc process

File opened for read /proc/cpuinfo com.sbai.bilian

description	ioc	process
File opened for read	/proc/cpuinfo	com.sbai.bilian

Queries information about running processes on the device. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.sbai.biliancom.sbai.bilian:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sbai.bilian
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sbai.bilian:pushservice

Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
collection

Data from Local System
T1533

Processes:

com.sbai.bilian

description ioc process

URI accessed for read content://media/external/images/media com.sbai.bilian
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
URI accessed for read	content://media/external/images/media	com.sbai.bilian

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

Processes:

com.sbai.biliancom.sbai.bilian:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sbai.bilian
Framework API call	javax.crypto.Cipher.doFinal	com.sbai.bilian:pushservice

com.sbai.bilian
1⤵
- Checks CPU information
- Queries information about running processes on the device.
- Reads the content of photos stored on the user's device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4231
- getprop ro.miui.ui.version.name
  2⤵
  PID:4291

com.sbai.bilian:pushservice
1⤵
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4267

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Data from Local System

T1533

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sbai.bilian/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.sbai.bilian/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.sbai.bilian/databases/cc/cc.db-wal

Filesize
16KB

MD5
aa977c3cb1d35e9110e7ee65d7ae68fc

SHA1
e3f130a19587e4eae3118e57ceb43d30cbcae6ad

SHA256
4fddced915507bd958f6c3b8ba13bcd90166d0a865a0aad9ef08dc537a02dc10

SHA512
c64220954e55f0fb4d5fe184e3d4928d5bb6551b56f9dcdef5134c1d3c22a53d8337a786319afbc912e3f8f782e8c6fb3f06e66f74650a8431e3822554a070a3

Download Submit
/data/data/com.sbai.bilian/databases/cc/cc.db-wal

Filesize
48KB

MD5
a601d0a165934e366f9c03e7adb10b8f

SHA1
85dfaefcc1076ed19749b1f1980b88b9afb420a7

SHA256
30f776952236190c2acb6d1f7182fa93f34a9d434fdac371efc1c743f016df5c

SHA512
7d3232443c40092dbde611fe6cb46a56f20719ec1f402f26e58e313f383ca53a11701f585b2050193ada6136cde647551bf163e42d9f485b76a442124730a125

Download Submit
/data/data/com.sbai.bilian/databases/pushsdk.db-shm

Filesize
32KB

MD5
f15ebf1683b185b480933199800f8643

SHA1
529c8aa78a26b98992ad945a0767434b98424e3d

SHA256
ecbfbc913a4335b564a3b2b9af07757ade989f2e573e5f299fb2ccd90a6e9bd8

SHA512
bfcdfdef2d3cb59b832cd732f8669b490c7fb95a5f275b725530e2282a8edeedd4077beb6302e840cc44c1a274254e9002193543d0d4d537f50f85c2e9d9ed80

Download Submit
/data/data/com.sbai.bilian/databases/pushsdk.db-wal

Filesize
177KB

MD5
226321b8dd9ebb831db387fa05095a38

SHA1
bab88d5e2faf5f42ed741457538d51b01600fe95

SHA256
404162e55aea3b915c8a0e8f4ecc2f0c28d69bb5b1546cc4028937335155faa1

SHA512
5da438c69dcb2d128bda1cc6ada99aae23657315db0ede20940dc8dcdf68c8e5918dbb98c91253f847a3bb0dbe850aa4dfa3743d6022ae4c6d9c38d17e80462a

Download Submit
/data/data/com.sbai.bilian/databases/ua.db

Filesize
32KB

MD5
5700984a0eba5dcf3bd6c7d3067d2427

SHA1
fd9e8a4f5f6a251fd679cd7a4e92e2b656d19a5c

SHA256
b2fc4300655391cca36055719b3fa6cd12adb03192dc8a7b939016387fa94503

SHA512
21ee3d0094ad40a4069369b169e7c8fdc225a170f866892ac7ba409786bb615fc11fd0cee1e081d288e192d1b26a4d54f4382040d7c93d54c0a011b3f970c502

Download Submit
/data/data/com.sbai.bilian/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.sbai.bilian/databases/ua.db-journal

Filesize
512B

MD5
3b0c16430feb2af1cb07aa24496438be

SHA1
bf3c971efd01e4fdd6b46539df7a056902ba864b

SHA256
1838f40fa6325fc1cdadbd90337b63290290e379b0f1e131a248b97103b67a4a

SHA512
dc077a53edda34fe11896077409deb6fc8cd89a11a4cded0cc245c602086cc852cdbbf9328aeb524a569651caf06a763997ffab250c663d7d8d3b6b275d29ce6

Download Submit
/data/data/com.sbai.bilian/databases/ua.db-shm

Filesize
32KB

MD5
dd521aa0a0649351b586c5ae1448dbad

SHA1
b2cf37bac09b6d587c81efa65faa66644b2b026b

SHA256
48efb56015e745613abfe99b21fc34f2b958fdc15d8bb07d3078b5b3e59a631f

SHA512
6c640b2f94180303b4cf892a094010b564d2fa0cf6defb0753372e17587c192262f22351c62fc236069b36425e2c6d82cc81249b0e7b1e81bbbe5d3640359a68

Download Submit
/data/data/com.sbai.bilian/databases/ua.db-wal

Filesize
8KB

MD5
e114de4a51653f2e41bbf609c6dcc57c

SHA1
5f559acf69fb1b1ae492b81bd1dc5ab5448eec55

SHA256
0bfda0f3fc58526b128c58c6ade717894d20555479bf8386d5d70cd6d2141ac5

SHA512
9b56a3816b3ae106a2ef536ab03899723480c15fc4dfe31f2214ad9a71b3d3cda71c0e26754cfe0692e5fe11a57da68874ae7778faae6d93cdff5a6f48262cd4

Download Submit
/data/data/com.sbai.bilian/databases/ua.db-wal

Filesize
56KB

MD5
3d9d6061420ac4b1a606bda636e5272e

SHA1
5e893d061ef73db106fb1faba5022236b605c48a

SHA256
81a65ec2d7bdbedd899a8faa8da954940ae226f5d3df4b38719ebb39d133b6e0

SHA512
d33ae5836dabd57c391ab797d20de6f8e1df681e88521e8f2c867a9070a2b82407b646ca1e627af70416696cf1012921bd36cb0d32b389936930fbfbf95d2451

Download Submit
/data/data/com.sbai.bilian/files/.um/um_cache_1713534402712.env

Filesize
1KB

MD5
29e49bcfe7d2fa3eb98a3760f5cf1a38

SHA1
985546a5303517061e0c401a2519d9e04bc4b43b

SHA256
7806f7c35981e7f4a37c5adeb185edbba3072431f86feaf15243e848b771a06c

SHA512
e91c4530d5acd4e31fde27cc460dac7e6b0c53ce24bb069944377b2b3b29023be979a10f225d7bab9b2bca4ce688ec1fd84e02a369e41d8a4439de70db6a534d

Download Submit
/data/data/com.sbai.bilian/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
2ab86084afed811e98eed900fa1def7e

SHA1
21eda6152d3f45adf7662b619550ac7d7c062d81

SHA256
4ad42dd77cda14a9cd1974105430428279315a574b03834c993c1517c85e3f9a

SHA512
e5026fccf9ee4549cf1e1f33fe9dffcd0a7f47358dd8a48eccca46172e0499fd8f101a4601a817903c3cb95a4b95acd97f88bc642e952a436353090802bd49f2

Download Submit
/data/data/com.sbai.bilian/files/exid.dat

Filesize
56B

MD5
1cc0e09067e97da08c27d13964773018

SHA1
55912f2eae1eddbd1909ce4b5ab33b189fa76a00

SHA256
0586d55e0f2c8517916f3c99e082543bef399f5401122ca0d3e13ad4ddb484b1

SHA512
610dc13b465bbd11b4fa97fd8641fbf63009b18892f4edc97bb1edc8bc1252118870d4c0bacd1a21374344db7c2d00977222684aa5c49e3ed7f9a8b1862e60bd

Download Submit
/data/data/com.sbai.bilian/files/umeng_it.cache

Filesize
413B

MD5
a64f8f0ca39d21e08c486a7fbaaeb9f3

SHA1
092b421c523210a8edc4b46098190bc2f01f98d0

SHA256
b97878fee34b00a483ee3c29dd022cfa1adfbfedcd7fd5068682829c810e0131

SHA512
37effd6672393977b2b5f7bfde68b9f7744fe2b2be6f0b8a9c5edd9aa9b054eaa2d4b8f9d09dfdab8bb7fcd7b789cc07dde758c7b3eb6aa9ec24aa0957d6e449

Download Submit