bc8fdbdc9464f6a752fe1e013ffef4b8d508065f510cb8dfd3d63ad87cf77b9d

Analysis

max time kernel
4s
max time network
140s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
27-04-2024 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02b5b4f4a13ef384c60db11d12ab44f1_JaffaCakes118.apk
Size

17.9MB
MD5

02b5b4f4a13ef384c60db11d12ab44f1
SHA1

92803b721d4d164150583a2a4115f5ece7b69eb1
SHA256

bc8fdbdc9464f6a752fe1e013ffef4b8d508065f510cb8dfd3d63ad87cf77b9d
SHA512

37fc46db98cedc6841328d88a3923e383a6e5f0ebe2cb6d98b45c8017361b4b504aac1325b30b3e6974fd80119b0c9239c9112b1e1c0f86286797717b4c856cb
SSDEEP

393216:O0u53XWPcXXiNKnJqZa2/XPIRzICdU4hXzscA0RbxwRf7u7ic7AQZ7RLbQyu:3u53XWYSNSJ2XwVICfucAgMf7uOMAQZW

Score

7^/10

discovery persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jovision.xiaowei

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.jovision.xiaowei

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jovision.xiaowei

com.jovision.xiaowei
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4193
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4242

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jovision.xiaowei/cache/OkHttpCache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/storage/emulated/0/Android/data/com.jovision.xiaowei/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/SOOVVI/.logaccout/bizacc20240427.log

Filesize
378B

MD5
1eceaaeedad257bb1ba59af430a9ad9c

SHA1
8ff5dcff3f2091d571bc6965afa782619b4462c3

SHA256
faf26ac171f9cc3ba937365a31112605892eb39915771ae48371a0a8e9ec80c6

SHA512
d1d06a673e1dd2cb30d667602f8535be88201bac8dcc5b66b88f82c96e1bea2e2f183360615509af2a64ae684c29ebb73ab84ff074929b0fc288634b712aaa81

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/2024-04-27.txt

Filesize
121B

MD5
a254890057db977548213f30d55c2d31

SHA1
c6854f253d4a16a8c2ed055688a3459efcd3f3fc

SHA256
06bd3708ddc05c96fab77423aff4443d236c58cc4bd010c529c2abf615fdefc6

SHA512
72f28ecfed663992049ea57fba687662eb5e02b909addead1e17c492551bf8bae7a43052640bb44b8dae9cb01a76beef25aaefecfae70458ba5bc859a4f98ccb

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/2024-04-27.txt

Filesize
242B

MD5
f4d175f098c48ec0a85953fe6ade3d0a

SHA1
1d1b03bfd8e327d1f5b39c3a39530731a55b0162

SHA256
694c2b41c6e8c630aa923feaae5fcb6e2f873177ae23e7e59aa8dc75ec222e16

SHA512
0d30581e5c32140b0b4467b045bcffef3c5737ed0f3a4876f0032c5bc15e8245aa9da4550b08c6059fd60f2978e4776a9cd0a31748ebeecd8cbd9baa4187c882

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/2024-04-27.txt

Filesize
321B

MD5
7312a5d983405e3a5953c9e810898865

SHA1
473593a30c49711b9bbe48efa3a1fd517aa496a9

SHA256
5b8c9db85eb2c425b900b65c06e5f201062f028df480fba95450aa3808b3c5a9

SHA512
5187c12c4857ddf561c307d5cb38d91c24c62fc6a7b6c8b4eca2f904a576c7c8eb3cf11d49130e367d809b7e59a6723389a90548f2bafb6219efbd1c57a54b03

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/pl.log

Filesize
711B

MD5
318adc180cb146f76142a6e43f1c42be

SHA1
0ffc8be2c8a2e36697efa7f88863c8bf9d45081c

SHA256
f8245988dc3f10b69c9db22ecb2b5975b333e3dd03ebc4da00af4fd4c54a374f

SHA512
ec259ec145d6df05a27eacf06cbea022a14ba362cb9d89aa5aedc6189a0b382749445eddf73884d7dd89d92083028fb47d6e93b0833923a264c876236f4514be

Download Submit