3cbdfd9dc638f69c49792dbdb91632be06f9169b34a42d9d8fcd44f8aab1f660

Analysis

max time kernel
138s
max time network
156s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
20/04/2024, 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd921f51fc6c528da02dc8dd02d16336_JaffaCakes118.apk
Size

8.3MB
MD5

fd921f51fc6c528da02dc8dd02d16336
SHA1

9d6c6549086fa7fd74cf1973293b75229298b40b
SHA256

3cbdfd9dc638f69c49792dbdb91632be06f9169b34a42d9d8fcd44f8aab1f660
SHA512

d4d16b6d71a6d7f706aa1fe0bb790921bb550bddd18e2e6cc38d6d0e08c276a58df045874974a91a1eb029ed9d24100daaf125292100c487fcc64fdee11d51e0
SSDEEP

196608:fJS0fjI4fjefjOfjufjkcKa7koXrrOlWUz:fFf04f6fifKfHyz

Score

8^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yl_sport.ui

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yl_sport.ui

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yl_sport.ui

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.yl_sport.ui

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yl_sport.ui

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yl_sport.ui

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.yl_sport.ui

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yl_sport.ui

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yl_sport.ui

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yl_sport.ui

com.yl_sport.ui
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5113

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yl_sport.ui/databases/bugly_db_

Filesize
88KB

MD5
ee0ef340ba37c3eccb8b744e5385d437

SHA1
e146d6da5e4d3b9a7d3ab84a22a73e14cd3d0ab1

SHA256
08b53441ea2c7b2f7db2d5b77d12084581009eb98d02fa9ff74d8e357475f063

SHA512
0f354bfc9d2f76385ab59236b8a7066eb3959cb7733579d7f61e2f3110de5945e4596916f39eb18b25e28a1712365a70ff5aa4af9d7bbb418cc160261a96e525

Download Submit
/data/data/com.yl_sport.ui/databases/bugly_db_-journal

Filesize
8KB

MD5
eb74fd3db586d27789a80ade80bc7ebf

SHA1
ba5c3860d78e216f19c6a996717a2683a704d750

SHA256
85332a116d160aa827d32d4f4ef75a0b45f002df3326ce9834d20d0a663059cc

SHA512
2e2d91af02dfb0af6e80d0e3f87d6f19d183f8caeffecf2558a2b2e997d54403cf8a42ffecb8cde33cc70fa0dc29dff42eac9936e6bd008fddff8f5e799bc07a

Download Submit
/data/data/com.yl_sport.ui/databases/bugly_db_-journal

Filesize
32KB

MD5
f0766bff3a0a3d87bf16712bea6eac95

SHA1
4f510cfc0b7afcafcc9c8242c8402a31915a5418

SHA256
c5524164bd7d5959aedec7f60ba471836a51b86ddd3af4e0ab05b25370536e26

SHA512
6030ec83ede7252b19e623c05194bf413bde4951e3ede04bd30df4a07fd057e18e764c5ec61cd14c4d79533fbb5920bb0b0d1aa1926cd0047d952a56c04e4f8a

Download Submit
/data/data/com.yl_sport.ui/databases/bugly_db_-journal

Filesize
512B

MD5
911eba08de8395e8e946bce936fe1171

SHA1
415337eeeb1f780ffb3258037af52a83fe3de6c8

SHA256
8d18e9e6142194665b9b931436d0123b345d0cd0ba9cd297b2aa536dbd4a1bc1

SHA512
89168edbea2e85554fd4e89910932a89789e390c5a5919654c2a6315665c0f362c05605a33ed41276331bc22812ac27db9a7ff88e4228612e69f56ecf453c76c

Download Submit
/data/data/com.yl_sport.ui/databases/bugly_db_-journal

Filesize
8KB

MD5
f2f3922d4e1208184e8edc0544fc1460

SHA1
af23cd28f05451edeb3f430b9448e53a934931b9

SHA256
951a71a1a293d9631559e44ece0a309b249bdc0d6e1fc1e678c039f736d90b52

SHA512
2dc44ec53893f5ed830a4706cc76dd2e12a70395b70bd54b2ee93ad28271422fa42b0787d31844af888cdda234bf88225c3a26f46dc800e97c928c56139089d2

Download Submit
/data/data/com.yl_sport.ui/databases/bugly_db_-journal

Filesize
8KB

MD5
c12bc169026f2103021a544f5ea65ae4

SHA1
9e86878ed37fe84d94061e1be544cf892a6d6c48

SHA256
ebcbb175c1f9208da1f24bb8f1ed1e36678ae20f00d3232b88193828581c86a6

SHA512
1bf617a338b0d6b413b23c0063b4644e50a36b8dfeff3a581548e26ac680643e8b5ced65544c8b6fc7e9325acfa0260fb250a13d3005d9cd0c83d421f7dc794a

Download Submit
/data/data/com.yl_sport.ui/databases/bugly_db_-journal

Filesize
8KB

MD5
edf85df84c3556bacd6b106fa72deb2b

SHA1
dd33db9725e46988d39b2f46ab7f50f697624a78

SHA256
5957374591ea0ba3e6e56780aa274e3c06a92f03fada10a01d2546c1c439fd79

SHA512
dd965c8eeeda744496a9c23477c012d6450ecf104984bc62e3b2cef458a20e1345b059a5e26ca9a08e308b028d2d75d5f0da5945078441f9d2399d2c15d01a4e

Download Submit
/data/data/com.yl_sport.ui/databases/hmdb

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.yl_sport.ui/databases/hmdb-journal

Filesize
512B

MD5
d42c330cc1a53455df27461afdbfc250

SHA1
1d9057b2ebfbed6cd31f60f272daea576a3128d5

SHA256
40810c5f130b1e9aa4a041f46d1c53372d3a10c9751e8e7802d1c80a20c1ab5b

SHA512
e7b61edb8f5e0f0d244c4a58a88b813145a1ec7e689e4390bca9491dc92346cd784eadfe292b994758ebcf6f7ec69406486cb7491ed6a78006e85c3874afc478

Download Submit
/data/data/com.yl_sport.ui/databases/hmdb-journal

Filesize
8KB

MD5
c444caa75e37b8243a251f1e1c07a29e

SHA1
117ceb257472e01ef226fd87a34159c05e9b4947

SHA256
2ec3b732b28b8e4ecbc0e7fa81c0e1633392295b6be201809d645fede8dfff0c

SHA512
91f2534c3d7777a83dc344bca2e4f9ff159cb770005a99a14358fdeaf9ec312c18589922db695912eb7aec817ab9dd3326da9ebddd8dd660cfefa7940ff0ac92

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads