bc37ee02454672362a8ab073002f966f3ea85ba96141849b2aa982acfd1c5858

Analysis

max time kernel
115s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
29/04/2024, 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07da2dcccc59cb128fb650ad1d4f2ae3_JaffaCakes118.apk
Size

27.7MB
MD5

07da2dcccc59cb128fb650ad1d4f2ae3
SHA1

bef14afddd12a674592b3498aef2518b781bfd55
SHA256

bc37ee02454672362a8ab073002f966f3ea85ba96141849b2aa982acfd1c5858
SHA512

f3decaa98f9167de771b37f1f2448d632089c6c0577e26ed92b9c160d9009c05f65884789cd4dbc1a2abc35dbb33ad454bc65aaa4e156e0de735fdeda4a14372
SSDEEP

393216:evCevXAp+PqCbhurwSMfIt2GtIqlWFX28bJUJQCw+p44WGCevclbJziNXT/:e1jhKtIGGXfbap4m/cXilT/

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.flyyxxxz.aichumen

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.flyyxxxz.aichumen

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.flyyxxxz.aichumen

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.flyyxxxz.aichumen

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.flyyxxxz.aichumen

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.flyyxxxz.aichumen

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.flyyxxxz.aichumen

com.flyyxxxz.aichumen
1⤵
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4225

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.flyyxxxz.aichumen/databases/plan5.db

Filesize
52KB

MD5
d468e1e0d1483c3047f7f3daa3ba3d96

SHA1
a81d6509abdaba30ddea01328558300edb993be8

SHA256
695f88cf62cac0a0a45b5d77d129bd2d1543025a86b374a80d82c15d55162ab8

SHA512
f22de6d350fe30e7da1c2e12a57d0679a3528b6f8c49c1273b877f72638bc840f3da70e10de62100248be24e4494880202d2a9663ab02c2e732dd9ba88f96281

Download Submit
/data/data/com.flyyxxxz.aichumen/databases/plan5.db-journal

Filesize
512B

MD5
5db567dee2e958d937ca0269fcf55b96

SHA1
60b9d6993deef1a3b370556c00e75e0e1b178fff

SHA256
84146cb4be56bcfd73a5b8ac547b00f973a5ea9feb2256abb7ad05e8516ec099

SHA512
41c6bc33e21672c24f0eb04905d0972290495846553de12533d6f262ed725a5b3b304edcf706d942eac111cc2ad2bad42e91ddb803971aa356460b808e72996d

Download Submit
/data/data/com.flyyxxxz.aichumen/databases/plan5.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.flyyxxxz.aichumen/databases/plan5.db-wal

Filesize
406KB

MD5
0a84a2ced70c98ddabedec3ac452633c

SHA1
b248b62f22e2af0245f0466a8dd71d6c01e62de9

SHA256
b13a55a66eb2f9ed92d0d8fea3a52c1ba7438a786e4669b7697757c3b81cdfe0

SHA512
4f54db0b62eb3ec2565a75a6b9baf136d3824aab42258c9d8849cf2d416e491a22b977107da31177a910efaef597ee3feb3b4622792e46fefef714fd0a72cc3c

Download Submit
/data/data/com.flyyxxxz.aichumen/databases/sharesdk.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.flyyxxxz.aichumen/databases/sharesdk.db-journal

Filesize
512B

MD5
bdac2b2edbd98180f403582c9c1a2fff

SHA1
df6f1635cafaaceefc6c136ef01caebc11d8a06f

SHA256
b46e64e73e2f1737e900cfcbf140836fd012d5bf6d51960a45d8fd546452e5f3

SHA512
649445a9e14359165399aba2602595ac945ce5c2f2afdd7899a5e4e0484e1db614f87163eedd4cbe7f1e94fab351f7fc62c778592f0764af64a0d951e8a646f4

Download Submit
/data/data/com.flyyxxxz.aichumen/databases/sharesdk.db-wal

Filesize
32KB

MD5
a5cbc9bdedffcbae8463cc369b77cbd8

SHA1
9f0a8e0ab17d67a9370b879bfc511405ae2f5286

SHA256
285a1331375e525e0ad50a99e18b4ff032b8f27b761c6a8f5fbb8eee6b6e3e0c

SHA512
40228cb7e89cba7d00dbeeab66d7fe0275a06ea5cc8c5c4589825ce4372f0571699f81384d420fc74764d1ed69bceecbd8e66a64a7e30b4a469b31b935a61563

Download Submit
/data/data/com.flyyxxxz.aichumen/files/jpush_stat_cache.json

Filesize
147B

MD5
8f000eb98ecd14d03d1a3613d62f8a93

SHA1
664b8600e05b084657f764d856983107d47a3772

SHA256
10144ce42807a15b82c855c6086e46f6d2892a138994718e772ddefcec71d159

SHA512
7018f544d714ad578b9e93ec0ae3002435ab254fb777ca309451bf2a16fc7f7110991b9fed479ad419f7f13f7a1e7691a7d8eda7d7345a00666e1acc830e5334

Download Submit
/storage/emulated/0/Android/data/com.flyyxxxz.aichumen/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
385B

MD5
05e7e0433ec6bec840cc0ee54aae54ed

SHA1
e9c99ae4a7e8597aedf818cda79816735dceff27

SHA256
fecf59ece45f8da769d377b5b77a92e17c750c6fe7f3affa03715ebc1e02d1f3

SHA512
ef151b3cfbb0b2616ea7b87876c98b0d0bce7dace5bf35effaf4ddf327cfc412c158a2a5340f419d6b83bc2e74c9510362782a803695af68b7900b12fa39be92

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
484B

MD5
9a8276003ec1f6cc2e9e60760e673573

SHA1
a71c4f9712eda251f415fda15ba0b82b967a0910

SHA256
d0c855992f5071ed22de463f67a7a8fb5eaf103d2438b65ed996c63e75e9943e

SHA512
d30d3206a2e82d4219eed83dea6a5db65f2507b8566c0f50e3034697c3521274d06dccb5a4ae37fb355445789d594fe290d3977829f8b88ac20fa19d091d2889

Download Submit
/storage/emulated/0/ShareSDK/.dk

Filesize
107B

MD5
c9383021bd97affc44be4db7018c4d7b

SHA1
7e680409d1c86e35149bebc22f2cf8c484f0d23e

SHA256
b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65

SHA512
7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads