3cbdfd9dc638f69c49792dbdb91632be06f9169b34a42d9d8fcd44f8aab1f660

Analysis

max time kernel
140s
max time network
147s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
20/04/2024, 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd921f51fc6c528da02dc8dd02d16336_JaffaCakes118.apk
Size

8.3MB
MD5

fd921f51fc6c528da02dc8dd02d16336
SHA1

9d6c6549086fa7fd74cf1973293b75229298b40b
SHA256

3cbdfd9dc638f69c49792dbdb91632be06f9169b34a42d9d8fcd44f8aab1f660
SHA512

d4d16b6d71a6d7f706aa1fe0bb790921bb550bddd18e2e6cc38d6d0e08c276a58df045874974a91a1eb029ed9d24100daaf125292100c487fcc64fdee11d51e0
SSDEEP

196608:fJS0fjI4fjefjOfjufjkcKa7koXrrOlWUz:fFf04f6fifKfHyz

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yl_sport.ui

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yl_sport.ui

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yl_sport.ui

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yl_sport.ui

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yl_sport.ui

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.yl_sport.ui

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yl_sport.ui

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yl_sport.ui

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yl_sport.ui

com.yl_sport.ui
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4232
- /system/bin/sh -c getprop ro.board.platform
  2⤵
  PID:4269
- getprop ro.board.platform
  2⤵
  PID:4269
- /system/bin/sh -c type su
  2⤵
  PID:4383

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yl_sport.ui/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yl_sport.ui/databases/bugly_db_-journal

Filesize
512B

MD5
d76c307d45c5f91584636b08d13a84e7

SHA1
712a472e31ba9fd061d6a290bae142f6759f9a2d

SHA256
9828c44681c5eb38ff748948a45f0c89ea6546f8367c403af30cc35eac4e1315

SHA512
17b2907e95ef620b1c97a2910960574b435d1dda7b56253e71905447cc3f875a5bac9d15170f1af7d3aa1fb741ffbb863eaf964bc1a9ff58d346ed097ef74d44

Download Submit
/data/data/com.yl_sport.ui/databases/bugly_db_-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yl_sport.ui/databases/bugly_db_-wal

Filesize
84KB

MD5
85af3cd6e9968021549e45740bb2e3d5

SHA1
c5237d13b17a32fccef2f2974b6a63774c993e6a

SHA256
615fa2b10c3ee303ca2fe5adf0d39708088c142de9dc91a18808cde90588e8cb

SHA512
b5f0af668e3181ae4d8afcecaa47aad41d58cefa4dd411e7243692dbd42c676c0ebfa5e30a40e53598d227e95b19b810671e274b4a08c755578ae4dfc1c6cda9

Download Submit
/data/data/com.yl_sport.ui/databases/hmdb

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.yl_sport.ui/databases/hmdb-journal

Filesize
512B

MD5
865e645103cc14026cd814c23c16e1f2

SHA1
7706b4c009853887140c3c109e1d918d0b6eb7d0

SHA256
574bf4919e85f9f5808df9bedb4bf8a1063fbd3c84e4b4eff877d9ab589f73a0

SHA512
df61367b1845849dcc1e6ad9d2c38602968d9d93868a9c6a7dff25d3e75252dae552736c99956e19517c117dc6e1b0a49b3057aac3d387152dd415d279c0e856

Download Submit
/data/data/com.yl_sport.ui/databases/hmdb-wal

Filesize
16KB

MD5
63e9d04eb5a9ba0c151676e6336d5a76

SHA1
7aada3b94ff3767009716c49d94f604b50a3d7b8

SHA256
e71c51670b41d58e836cb173db80efe870027fd9f8ab9fefd75604a4e29cc17e

SHA512
2727f5c6763b9d9fc1c7bf97955832613c018f4e723727ebcf46e9843fbc235fa392c1a6ee5d5af764718d4e07f5f4cfd5548ed03fb65c6dc7f9a86d9830ce64

Download Submit
/storage/emulated/0/Android/data/com.yl_sport.ui/files/carrierdata/1713644669

Filesize
913B

MD5
325fe7fd098d1650df3cd4fb637eec80

SHA1
85676d51af73e77c106c5cbe1c69f58110fa478d

SHA256
96bf203d1cdf847918e778da41bf6e11133b879530ef11a5a17cbd585bec05a8

SHA512
3782e43dbc0ee8550a24fc62d70c28be095e727e3ad13f5fb43578eca96c76bb3cf68b8d8afb64388d0fae4cade61b7386a73b5b29617f8cf3b7edb7d620352c

Download Submit
/storage/emulated/0/Android/data/com.yl_sport.ui/files/carrierdata/1713644669

Filesize
2KB

MD5
668ab559fab5681ec6c41eb9b302ad12

SHA1
b18e8201d55b922dd95bd5679b55ca12749451cd

SHA256
2398b74bef51062eb8abdd041841af3632f1aa641db883285cf49993535edb68

SHA512
68e89d331e23e46ddb6105fced12f3b1e31fa84b893ce687f6ab091f40f81e6fafb038977c9dfe8881e57f39b4bdb6d0d2a94f7369b9c319e4d67cf17e831ab3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads