7e5cce8593b4da411162af2f8b3b35f02825bc18e3e433f8e9380adfea7e4bbf

Analysis

max time kernel
10s
max time network
126s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
01/05/2024, 03:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b0593ac2a4ebc582d5423f53241f3e6_JaffaCakes118.apk
Size

2.8MB
MD5

0b0593ac2a4ebc582d5423f53241f3e6
SHA1

a950a66d9687910b76b569d7db4abb6038422ae9
SHA256

7e5cce8593b4da411162af2f8b3b35f02825bc18e3e433f8e9380adfea7e4bbf
SHA512

e45aa67be1e7d024d61bc8f20b0543781180fc069e396faf7bde50c56afd7d329eb46ff8679d65bf7d1362e6ad156350be4785bf5ea1fef37a419a4a8fe9e6b5
SSDEEP

49152:Bu4BIaoayCDgJfDFjCM296T6dXE4Q2Uy0fWkTpcu7h0zPevediUa+:p6ao4DWUMRT6dUVAgTZAewj/

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.wczbcv.yh

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.wczbcv.yh

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wczbcv.yh

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wczbcv.yh

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.wczbcv.yh

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.wczbcv.yh

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wczbcv.yh

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.wczbcv.yh

com.wczbcv.yh
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4285
- /system/bin/sh -c getprop
  2⤵
  PID:4364
- getprop
  2⤵
  PID:4364
- logcat -d -v threadtime
  2⤵
  PID:4515

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wczbcv.yh/app_crashrecord/1004

Filesize
222B

MD5
06968389f090296ebf568fdd7fd5c427

SHA1
c0a46b927505371c482da4300923686f4a31542c

SHA256
9e190b4b3e6d78630a82fd9308e59b8693ac1bd48f24f435fa702206f5498f52

SHA512
f427df3298462d38ccf838cb3cf35ffa7a00b008ad94f6383baf3b02b9abbd8a654226229b74332eac1df04550747be06795f14aeae0742fc0a1979f6836f1a1

Download Submit
/data/data/com.wczbcv.yh/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.wczbcv.yh/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wczbcv.yh/databases/bugly_db_-journal

Filesize
512B

MD5
1bfd643d7bfd653f94e7b3e2682e499a

SHA1
9c5a7d167a1dc2505523099f4134907a89956112

SHA256
d608d219e72d88b8dc518d3428cad0b3cdee26369d90a63430c7f4e202d237f6

SHA512
665c9eeb84ca86082e41ccd417bf01a095a7e1d67bbb83383bcd237b8319340607fe80f4c4e16ef4246d758bfef37269de769e9905e1d39922e57dff6495901c

Download Submit
/data/data/com.wczbcv.yh/databases/bugly_db_-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wczbcv.yh/databases/bugly_db_-wal

Filesize
177KB

MD5
7ad9bcdf6eaadb7054bfc1e0a1327fb3

SHA1
64a163061ac2f1d5d60cba4cef51ba67d816b751

SHA256
9de4bb72470eb1a5fef1b9dd94c06f44d8547e14ef4325b3cd8576577cebfa3b

SHA512
91bf1cc73ba1019bfd71ec83be58243ed6193ef8d3cdb98d247ed49a6f617fec1055312f950c865b67afe0bc8da4ba4fb6b8bcee9bdd160b7234da36cb1b4c19

Download Submit
/data/data/com.wczbcv.yh/files/ae_database.db

Filesize
20KB

MD5
f6e60c132af4d82931a2d4435119b4ec

SHA1
8ff3edd7b28d41ece5ec6d7556e8f9f4ec8db477

SHA256
6530b9a51bfa6315455340fd4e428261871610c71849b9a1043b712ffa7f8f31

SHA512
39fa522a295f46060e55bb1319ec3067221844812ab4faa3f75d013820925a0a8fe11629d04ba8ac78f3f89edce89eb94a5d5ac7b5a360fc3f7a4abf96ca87c6

Download Submit
/data/data/com.wczbcv.yh/files/ae_database.db

Filesize
20KB

MD5
28ae71cdc725775238bfb9c65a97af2f

SHA1
3d0afeb8f126fee78f1786c88d893e2f197ed03f

SHA256
4d6c5780436c1424a08c953fd315daf88c59d110e2268631d0267dd0d7858e27

SHA512
7c514bfc2b2c69cc15ea4179687f39b88beb3c8b5d668b4db66b3c669a9890479e5c3eca9861e68498aae2bf51e93463524377919809920ae1e2a6774240d5cc

Download Submit
/data/data/com.wczbcv.yh/files/ae_database.db-journal

Filesize
512B

MD5
e26acce49ae63e71e76ad62d89f88f95

SHA1
93084274e6f2274b5a32ab8901785c785331c8e1

SHA256
cc6f9b7fa78e4abfccaf5319397008b5d196f67b9785dce5119aa091f8239ba2

SHA512
c1694bba63019e09cf216255779a252ecc0f1e8907eeccfcf6134b1414d57e1bdb2cb79d0c553f1dcf8fe9870c9583dcbbd969708b1d58dd0ababaea885a4f02

Download Submit
/data/data/com.wczbcv.yh/files/ae_database.db-wal

Filesize
40KB

MD5
24e6a378bedb1c5fe83e78394b3b9197

SHA1
e99efef3cd6758fe72d9fc28f0cc2c027642cefa

SHA256
6e70a984a04742a162091b934a2abd807544713e2f96e03bafc810db8483fa40

SHA512
13d2bba3414c44815729470257240b117b14b7b837a69e4fb28d3ce12cebbe13e158907693e8b5fe81e15078798419b724bdcdeb54b3b8ff352781ae8bdd9dee

Download Submit
/data/data/com.wczbcv.yh/files/ae_database.db-wal

Filesize
8KB

MD5
1d176ab5e261994ee5daab00f7ee36c7

SHA1
118ac087ec22b80c31bdb19120105c04f0d25749

SHA256
cbc40c21285e82ad851bcbef1fa675a16efff7fc52b0cdcc113cf6e4dede4203

SHA512
538e746052f9230d4820cdd7f08018deaceae14ec6028255c622467ccbb0b213c2b5f354bfb0f2d077ee8df9a3dbf637d55bc5206f7b5dde147c9e8f27d208f4

Download Submit
/storage/emulated/0/UcQkDir/qk.dvid.txt

Filesize
65B

MD5
7923b4ca316fbf1ef8f0d55e41ea99b4

SHA1
e62b190ac0bb3f8e29fd763ae623ebc132176d73

SHA256
c0713af24e5f725fa1647ba076ce564d8ba78808cc263de914a416aa8d9c351c

SHA512
8d97a8727d4a30ab0ddddda003edf337e261e5a4fa6adfbf009092ee953ec8fcb59457c3fd4fb3b96171b9aef125dfb2ec48961858b28a243d677b8c76277b99

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads