ebc1a8cc8f4435bce6cfd25cd4e5ecdf44fda321431dac2849ef6d2d8792f804

Analysis

max time kernel
64s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
01/05/2024, 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c557327d6746a731febecd2e4e27815_JaffaCakes118.apk
Size

3.4MB
MD5

0c557327d6746a731febecd2e4e27815
SHA1

41fc3429ca8c39ec7374137e724a5970e29a8544
SHA256

ebc1a8cc8f4435bce6cfd25cd4e5ecdf44fda321431dac2849ef6d2d8792f804
SHA512

15a3901e3271fc7a47ce28922aceffd4eae5f0f3290ffa370cf4e0eb3f51538958daf04735601213c817b321be5532a6f189f1f5b8853f752103a7b5524e1e8e
SSDEEP

98304:DdwyoQFnvKx7tNT/5r6SxBh3t2zrHGL9QBGYtjtEYs:2vQNKf95r6Sri09Qw1

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yiwyxb.dk304022

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yiwyxb.dk304022

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yiwyxb.dk304022

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yiwyxb.dk304022

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yiwyxb.dk304022

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yiwyxb.dk304022

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yiwyxb.dk304022

com.yiwyxb.dk304022
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4185
- ls /sys/class/thermal
  2⤵
  PID:4225

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yiwyxb.dk304022/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE0NTgyNjk0MjQx

Filesize
1KB

MD5
fd5c3998f21e76418aee13ca8d32e92a

SHA1
c4257e67a25df345313b4a94bc151eca3a5899d2

SHA256
7fbee17a3d11571607c1083bca2122a482b182d4fc037273b3834894ccc08043

SHA512
194aab0f69bca5224c1261186d6e653c752bdf021253f490b32ae8e93a11385b765d27ace3a12aefe7c524c33b2ad43fada1873931bf03e14daa5edb5ac533d4

Download Submit
/data/data/com.yiwyxb.dk304022/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE0NTgyNzI0ODI0

Filesize
1KB

MD5
3ca5ff004a4c2503ae98001031d9b622

SHA1
44abe6cd678aedce005a599a5b2a69f8684db2bb

SHA256
bb72751eb3c8de161510397d4aaef3eca8755df73204b5dc9937bc5254d7f7ca

SHA512
dd1e3ec4bdb5004249dc4b2dc3003ac8e8d519e8af6b6a9e8fe2785b64c94c13b31d56f3fee1d09bf2ac22ccf99c54ab58013ab0a0d562bbb33dc0014a0e18bb

Download Submit
/data/data/com.yiwyxb.dk304022/files/umeng_it.cache

Filesize
415B

MD5
240d401e3e7ca5d16f5a95140d59e8fd

SHA1
2cb8ed80b8caf41165499b64dac100056e84169e

SHA256
8e8a9cd9e4994b2bac850543d535ed9a74405e5d583ea39279a0aceac5896a0d

SHA512
89f2b0948798fc082adb91d25d4361f6b4db5dd97fd44940084ad191d4ec5835f9816efe85c4e25ad27fc989a6310402725fdbe6335030f16b3954724677ea7f

Download Submit
/storage/emulated/0/Android/data/com.yiwyxb.dk304022/files/tbslog/tbslog.txt

Filesize
18KB

MD5
0185b0485a1aadf41d87d88ced5b8be4

SHA1
4e83ffc45dfc3671142ed4d40a21f793ebfc8e1e

SHA256
a6143c84e94c82974648d15829d9c82fe0a753dc85a65f94e460f4a8e1f5c62f

SHA512
1a5e973fb7fcf07ffada3589e6d83f22220b03b7061bdeb8b6235508e7fc44fcd0f962772edd76e54d62936574f484f9752595896d2ed363539779dfabd69e27

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads