a7512330defaefb7c72f084d0ad4630f0a81e112ece5de559a5791a1ce978bef

Analysis

max time kernel
7s
max time network
143s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
26-04-2024 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01f48b9f14971968f541dee3d34c07b9_JaffaCakes118.apk
Size

22.1MB
MD5

01f48b9f14971968f541dee3d34c07b9
SHA1

db317fd638ff69296d5821422203efdb4aa81119
SHA256

a7512330defaefb7c72f084d0ad4630f0a81e112ece5de559a5791a1ce978bef
SHA512

8efb7970d6af4264ca66856e777dcde5a45950c822ab54ffc44a1bb958457e79e04e0fc3121822be1be36bbe06aa709cee4ac65862c19559fb56b43619b68ce6
SSDEEP

393216:EFgwuTq7RUrBfVg4OI4M15YWKC6LbxHt8fA6AaegF7q/EFyGtH/f+M:ogE7RUVfVgNKY3nxHB7E5dOM

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tanyu.lmys.guopan

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tanyu.lmys.guopan

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.tanyu.lmys.guopan

com.tanyu.lmys.guopan
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4179

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tanyu.lmys.guopan/guopan/sdk/plugin/gp_sdk_plugin.apk.temp

Filesize
458KB

MD5
e3b36f82c76f157505d8b7b893525bca

SHA1
d1b22a2f143d1b0267c2dad29a069db557ce3ce8

SHA256
bec9a1bfbb499e8905e16b1da96f033414e244d88c6b4204d2ccb4ffea5aa370

SHA512
6f4ca52a646867971d941bf46717ef2148cfca03a99670c51b61df5ae915b0c45ec9cc277c1c0c2b5dde23200d890eeaeec12887eacc00baaf85f717ebc8221f

Download Submit