5efecd60dc593b93b62a412544d11ec14ba812b59cac2959a58b7210f6b8dbd3

Analysis

max time kernel
140s
max time network
164s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
19-04-2024 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa6d8f2226f4b8cf0a7df44830833a83_JaffaCakes118.apk
Size

5.5MB
MD5

fa6d8f2226f4b8cf0a7df44830833a83
SHA1

f8b2af056f40c65628f08d6304eb4ffbc9f05bd5
SHA256

5efecd60dc593b93b62a412544d11ec14ba812b59cac2959a58b7210f6b8dbd3
SHA512

0b9b332b905849e88c8248089e48817f7f885017b39c10543449b4f37539a40e28b72d6b2d9aeb013288f6cd1dd5bfcee1cf2809ed6c06aa39ac1523201fe1c2
SSDEEP

98304:I+HZhtigMxGiR6vicTR4NMPZADST5hGRNbo+t0RZJhHyXi8nnCBQ486HY:I+HZhAgMURUWCSWRNbo40RZJhwZnqQ4w

Score

7^/10

discovery

Malware Config

Signatures

Queries information about running processes on the device. 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.sbai.biliancom.sbai.bilian:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sbai.bilian
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sbai.bilian:pushservice

Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

Processes:

com.sbai.biliancom.sbai.bilian:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sbai.bilian
Framework API call	javax.crypto.Cipher.doFinal	com.sbai.bilian:pushservice

com.sbai.bilian
1⤵
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4298

com.sbai.bilian:pushservice
1⤵
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4341

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.sbai.bilian/databases/pushsdk.db

Filesize
48KB

MD5
f13be1dc2a25db1ab6d296461183ca08

SHA1
d8c13c37899d55a54b414f8c4cafee99833021dc

SHA256
12b23864238c3dbb1cfaba1e00eed8d9c9173692f8e14d3f945a5a7a606528c9

SHA512
cdaedeae0c49a2dfcd3fbd8a7b9346c452093e96b568a4f7c0b9d628051054b34cb21b404cfe32fdfff130264881d865f635a882b261e7d784c11cfe0d77c65c

Download Submit
/data/user/0/com.sbai.bilian/databases/pushsdk.db-journal

Filesize
512B

MD5
ea1e8007c73ccf33cf49b76dadf5aa98

SHA1
2df6626ae1eabe24b2966e46b87519a9cb24c68b

SHA256
4e1075c9720ae5f1f9a2225cfb9f669fb59e7c7583c94f04ce9c2744539e0677

SHA512
13fbb14106c80dba780d36f59d8f1b1e4cd88a27c1b31a167b66d321e9125d18080b8461dac880f983cba5b175858bacf5f0576874af58df47cff1123b9243f2

Download Submit
/data/user/0/com.sbai.bilian/databases/pushsdk.db-journal

Filesize
8KB

MD5
9c41c80d46f90aad6beda982a1736e40

SHA1
ccef5bbb3f54f5aadc3f64062dabfaf778267b3a

SHA256
dcd9eaeb2e94a7539981c93814df8f33d2a1ba0bdc486841dd28103e589abafa

SHA512
e1ccd700455d7646fe5cf21f5fe4d658a2ddfb5190f582e18345eeb843c8151be135a560c115594cbaf8735e211fbb08cf0108b686b012da751b6c8904036dc1

Download Submit
/data/user/0/com.sbai.bilian/databases/pushsdk.db-journal

Filesize
8KB

MD5
438457454cd19f24910dd7078619f115

SHA1
1a256ea263ae604dcafcd51e798dc930d8fdb3aa

SHA256
9ffdbe780b6168120e2249eaaab724db093bbbc4a64b907584519b8fbcccf894

SHA512
5277645a5504f0f3c7c943de88e6223972e193e7843ce50eef7e213f0dec2fda168abb49d7cee2a311eeb56ed5f8f424e0bc523f4411591912ffbde3e75557ea

Download Submit
/data/user/0/com.sbai.bilian/databases/pushsdk.db-journal

Filesize
4KB

MD5
74a7e6cf0c5ed5afc2fa3f4462133dce

SHA1
0232d6126835be51e9ed209cdd8ec06d7ca2c69e

SHA256
ae2f9d6e6c5e833844652dc4b5f2ab66f68a22f7624d0017fa96bddc5f8d109b

SHA512
348713516ce5efe53e5efcaf5ad60aebd99debc2983a4e2ca570d929db962b3f86235d4b55f003b16c1b76b973fa4309637b17557f6fe1c37f3c3f955a3696ed

Download Submit
/data/user/0/com.sbai.bilian/databases/pushsdk.db-journal

Filesize
8KB

MD5
bd9d108d2796ced7317f09e2beebd5cf

SHA1
d3c6b45879c18fc3227f95d62696e0bb04c11bb6

SHA256
8d3aa2a45ca3530966e3ac8648f0180d575ec3581bb2dbafd99a7cb2830dd268

SHA512
8ead55c3d0523bbf695c8c7c2245bdf74b3f3459b7e1acd9edc1ef0729385f38a93194480dceb74d0f75eb9d7517b1b406cfc52968958e69c0b39c92a5b5e010

Download Submit
/data/user/0/com.sbai.bilian/databases/pushsdk.db-journal

Filesize
8KB

MD5
f5d236f5265e0c05c8bc3bdd5ee4d066

SHA1
16f2e3efdf968829b9a5d58053b07404c5d99881

SHA256
7303079efa60f9bec68b79b3244166c622cd421b92adccde3f5aa2f9d9edb439

SHA512
ce3b56dee626ca1fa6d42c3c1e8c37ca010158c0a2caa7a41da372fab7f9e4a20f520b0c1767d5945ef3f4df45359c07f34734ed9d0f7a427ba78d8169c97e75

Download Submit
/data/user/0/com.sbai.bilian/files/init_c1.pid

Filesize
14B

MD5
14ca0fc2293de1b3c48fafc2ab4df584

SHA1
3e40d71475e246d08102fc72ee195c44230afafb

SHA256
d285ee050b5cd4758c1a72c0bb8e7cac7d7fd9755a873207d9386560b04ba9c2

SHA512
684005869dc526c0676fdc81cb27c52aaea554ebe67bb688d12683cea2acf5d03d1015a9d44dd0d4229297d0f3843510255561dee4e5c07644f1e1db59411142

Download Submit
/data/user/0/com.sbai.bilian/files/init_c1.pid

Filesize
14B

MD5
00fb94b50cbf2682908de4d8f2c215b4

SHA1
e0620e0be070e165b831c327a61f823499409f77

SHA256
247e9bad625fa48e9f4ea5099628176d69980d099250fd00cd646255918d49a6

SHA512
1bd2edea9b5d31b8e7480fee235a41f24cbdb8c197205508fdac8ccbbbf844b96d9ab46c5dbe0032478ade0fb1147a5b514c859b2737733a46167553c4e04209

Download Submit