f77fe73f10d10ab91da0ad26bad724a026af4e0cd172355c08f60dc6beba0d8a

Analysis

max time kernel
66s
max time network
136s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
28-04-2024 07:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04a5eee50217b4ed080a0a36b0208968_JaffaCakes118.apk
Size

14.5MB
MD5

04a5eee50217b4ed080a0a36b0208968
SHA1

a4b7eb349ff670078e144300739a946133574092
SHA256

f77fe73f10d10ab91da0ad26bad724a026af4e0cd172355c08f60dc6beba0d8a
SHA512

db2b62ae4d03c54e3a0fa8ca4f6ae1d13ad27ab1bd14cafe24fffb7f5d1dbb44e38cd861d1e5233b45e38129b2508481b81d3ed40f3cf5982d1087132cc86b41
SSDEEP

393216:5Ke9YExzi56b/iCIJBG2Ebi+HlDgsiuVaXxYO:BYj56bHxbiU8sghJ

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.HBuilder.tcyouwan

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.HBuilder.tcyouwan

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.HBuilder.tcyouwan

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.HBuilder.tcyouwan

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.HBuilder.tcyouwan

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.HBuilder.tcyouwan

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.HBuilder.tcyouwan

com.HBuilder.tcyouwan
1⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4326

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.HBuilder.tcyouwan/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.HBuilder.tcyouwan/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.HBuilder.tcyouwan/databases/cc/cc.db-journal

Filesize
512B

MD5
ec6d078bf6edf32c8a23fd1fc9449b25

SHA1
b5d087775e95983d7a488b3247807235df58a693

SHA256
01cf6009bb6c06fc55f0d438520c79e29efdf5c1dba573faff36508d187e18f2

SHA512
b5ff14b148f9982ce1415bf8edec79da6912e89297589e780b57cfe731cfb57652fde1287891734c62cb69a56c90c6526a2424bc5f1b668d9eac8df43ebe1f28

Download Submit
/data/data/com.HBuilder.tcyouwan/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.HBuilder.tcyouwan/databases/cc/cc.db-wal

Filesize
16KB

MD5
c39e72cca36d575708fc6b38f64d3bfa

SHA1
991ae7e202b3eceed7c27778527c2a994aed894a

SHA256
8dd9ba0242007182533fcdb040787ae5db7d418a47678ca4a0e31f3926a4648e

SHA512
db4e03c387693e7618023720af14f1af9871d947a4a9478e426269977af5d378cc0d791820c7743aa1dc1362a28316faf988b211870ed0fa702da48fa2516c26

Download Submit
/data/data/com.HBuilder.tcyouwan/databases/cc/cc.db-wal

Filesize
48KB

MD5
4d4e9bef33720138d961b0b9741030ea

SHA1
c44a159bdc94476a0981d8609ef0b012674294ac

SHA256
ee9ad103392aa4305ba01c14d50e09d4ee99a45f8f9e10982035247a1d90cb2d

SHA512
cb55f7278edeb60814c14719164b269cb53d6a3cf94ab3b20a891f4f96971484b1a6fb66b2aac6584754a789554dadf46dea82e0f2819672498ab89b3fd2a05a

Download Submit
/data/data/com.HBuilder.tcyouwan/files/.um/um_cache_1714288380979.env

Filesize
1KB

MD5
085ba329eb86ebffd02fad561e5d7ede

SHA1
f27ddb366afaad78698b2fd58594b804bb10c194

SHA256
76c2286d132f179000f2c00a2a8e885b3400f14a591fe00d9d7efce92a4dbac4

SHA512
97513cd6760932ed93ca829205d8739ee150e569e23e6ae22cc519819a28a5143e9b3c080c2ad1c623e3ac396ab4f51c9166141e6eb38c31858a9fbb9da693a5

Download Submit
/data/data/com.HBuilder.tcyouwan/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
e960b4720aa06667642c6aee015975bb

SHA1
ccd8af93ded1770c6573b156a8836d677fb547f5

SHA256
910234a863e08204736418451c80d7e52cde1612818375c3593866f11342d23c

SHA512
52c25b5d16290d8cf41b09d435801a6d48704e1d613ec4d32bac5c02a67f11231f96b1758347c0bf3bb1bd48acc9288264b15417d64ba34bb71641ed49234c2a

Download Submit
/data/data/com.HBuilder.tcyouwan/files/umeng_it.cache

Filesize
415B

MD5
f2f2a845fa22002c160a3ce92fb7ad99

SHA1
ba7e178d0a8c3a1d80d2c635d08f5586d5719543

SHA256
2e64e37d4354dbe7c2444e7814bce3baa81bdf7ffba48fba4a4663e333621f68

SHA512
990918d7b4b68f681c993af20dee8b17e091eabfdcf2c526a48281220e8581a9ccc71e3471fae7260d4b1ca1c06d02a3c583970884d77f9bbd6d9e3efa8007bc

Download Submit
/data/data/com.HBuilder.tcyouwan/shared_prefs_ext/test_app

Filesize
24B

MD5
128e989955175dfa22431015b88daa15

SHA1
53e307550a4e96eeffd53c5e88bfb8468964aad0

SHA256
e75d3c607a87beca55dd9a53aa06ea4a93e80ab462e0beac0acf01cb0f93dce3

SHA512
0ac69bdd59de274cb66d09d3b196b4b8ff69e293f25565a376c446026bccdd5d025d0a39510feb9fb185b95c730fe85cf26d6bb86ec5f1a61efb45fdf20b398a

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
56c9f05b41730ac64e4d7889bc153352

SHA1
b7e95080411e7ac8a4809b23b5cea264ca652e58

SHA256
3102877de08c7f575ed709a23e5c5044a74bee6708c4400cf5c101bfa81c8573

SHA512
5f66525ce6a8ea55b20fcb2a10b845f173953d4dbb04322cb16e39efa7c3cc27a5f8a053f039cbf3e26b4d70999b236d118244b69820ea39bf1bdca7c752b4d3

Download Submit
/storage/emulated/0/Android/data/com.HBuilder.tcyouwan/apps/H56356094/doc/channel.txt

Filesize
13B

MD5
be8b1765b50a14e58132224d516f9e47

SHA1
38b34cf3a5b485ef6581eb57e82e6a2dc8241e69

SHA256
863e0df73dc6c90821c4808059d84a4e536eeabe859f3bc240e72c8acd7dab6d

SHA512
003cc6e60e40b0caed358d02f88d7fd802e2ead945dce13dda41cfd3ac89ac15eac8a50af23baf5ffe5198d835648f5658150f0906d0020a44619ec330ca198e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads