Overview

overview

8

Static

static

6

0148de886a...18.apk

android-9-x86

8

0148de886a...18.apk

android-10-x64

8

0148de886a...18.apk

android-11-x64

8

Analysis

  • max time kernel
    47s
  • max time network
    146s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    26-04-2024 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0148de886a0e76d26b5feaffe9129ac1_JaffaCakes118.apk

  • Size

    3.2MB

  • MD5

    0148de886a0e76d26b5feaffe9129ac1

  • SHA1

    92a5657fb3385b87e90c8567f848e9f28f8f0e71

  • SHA256

    ab9053888d876d33d29120cdca47077fd55971698948f6086c89618065958130

  • SHA512

    65d04efa2d41296c2c4f57ad3cc0ddbbe28bf8b51711cba7f80914fcf9a8a0f71f0f4315261a09015a03de7dafe52c37527fad87b6fc7ca19d7c5f154e2ade96

  • SSDEEP

    49152:ZJBuh4MBQjrmm5PTMr5fWWcCa+mHLpvhSz7Y4/RcNzjcUBup7pHl5Uqrgg0P:zxMBQjrlAr5eOa+mHLLS44azjcAaHQT

Score
8/10
collectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • changda.xiaoyou.app
    1⤵
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4212
    • ls /sys/class/thermal
      2⤵
        PID:4279
      • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
        2⤵
          PID:4340
        • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
          2⤵
            PID:4359

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/changda.xiaoyou.app/files/.envelope/i==1.2.0&&1.3_1714152452880_envelope.log
          Filesize

          2KB

          MD5

          66a3c2730221f9de31261a65f0f94e3c

          SHA1

          a3420478a963aafd0def15b30333f7235d58e4a5

          SHA256

          623fd788358129d410260d1de3b0c7c8588ba7aa810f61cb3f9073f8aae2f13e

          SHA512

          0ed585c3befa32ea4081cd2155367da09a93604cf775f71826bcdc6cad0b82c16dc29ca87df997fd7c6405205390410d7fff10ccad8c01ea51e2b4d2cc72ed9d

          Download Submit
        • /data/data/changda.xiaoyou.app/files/.umeng/exchangeIdentity.json
          Filesize

          162B

          MD5

          c76ff75451208360971bfad4e2be3299

          SHA1

          43a1d9b6ff2df18bd4f9d4d1df7d9bce0e06c04c

          SHA256

          f369282ebc69ee3b3b471fb26f816e2338aa5e0d773b6318749f0be75c1a88b8

          SHA512

          e5f7eebfd88c10848e2cae921010d2fe58f5263b5fa6e0b90f1b4337a15f2d8e3d88fdbfa3c8df7446dbba12228db4ce5bce811e10c8148ce072c1d77b35b263

          Download Submit
        • /data/data/changda.xiaoyou.app/files/exid.dat
          Filesize

          55B

          MD5

          06b93803540fed0d22a448689c241831

          SHA1

          28500114908df8ae7932ecd65502df366d718415

          SHA256

          4b2f1e39fbc2b7e142c74286c3218432bb65612ea3577b713f8303454f51550e

          SHA512

          18f215ee09d861de3ab53a1e70286901ea3dacffa13efa4de54075d7ebe2c429d8be2e97a20e43eda60e4cdae135398aae8ccbb2096912cc462fb13316374c08

          Download Submit
        • /data/data/changda.xiaoyou.app/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE0MTUyNDUxODE3
          Filesize

          1KB

          MD5

          3b8534c15b31b14bc89570378d7f1eee

          SHA1

          efa438f0015b63e27ed459c619f3223d69b46a61

          SHA256

          7cbc5256345b362c58f504729009e581dda565d5e7fb443c69441c9a68de66e2

          SHA512

          f4116c4bad860f3c010c40a31ec256391e0563ef668b36b6b831674be89dd713dc7db4b520e3c0cd48371f531e9d0ca5312b3032590f26cbcd5c33b77befa569

          Download Submit
        • /data/data/changda.xiaoyou.app/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE0MTUyNDgyMDAz
          Filesize

          1KB

          MD5

          bfa7f8d848aaec63ac8df9dd7519a5c2

          SHA1

          83e9676a5e59daa63df19dbbce810b86ab41b71a

          SHA256

          59fcaeed0bee847fe4a9da8a9eb8a1963f1984474e4b644ca6c2f454786987e1

          SHA512

          846525576f0dcdbd3dbb487ec8e1fd0bb65be87837fb9ab84f9c78a28e60f58b4a11a3c5feec7fbffac3a889ece84517379893801798fda37e7297a335120009

          Download Submit
        • /data/data/changda.xiaoyou.app/files/umeng_it.cache
          Filesize

          415B

          MD5

          4fd53cd59a46b0cf75e9c6fd66657946

          SHA1

          0858e645b341654e9158a318e97c1508ac5e0798

          SHA256

          44f44ffb140ab1000422e96549e4ec87ba541a212228a7620edb639ae76d6f9d

          SHA512

          52b49d5fc855554182d531140869e9cecfa489cfc53410deb7d1daea4f00f416f2ab830a0319e30e2a8f3efe25c67e660a8b8d4ecb8fb2d112b44f995d3df50a

          Download Submit