Overview

overview

10

Static

static

10

1feef150da...18.apk

android-9-x86

8

1feef150da...18.apk

android-13-x64

tcore.apk

android-9-x86

tcore.apk

android-10-x64

tcore.apk

android-11-x64

Analysis

  • max time kernel
    113s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    07-05-2024 07:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1feef150dabbbce3dab52fc48dde0479_JaffaCakes118.apk

  • Size

    17.0MB

  • MD5

    1feef150dabbbce3dab52fc48dde0479

  • SHA1

    4d12e9f06fb52e27756c6fd619c313c05c375b41

  • SHA256

    b3e2dd5f722ddb21e3b0d04dabdf5c267e66bcbb7dcc85f242681731a075794c

  • SHA512

    aa252b0b9cbf2b9c2d85095d91a10658ebd31f6f6226ede47fedab08263d7c0bce8f2d47dd645f0c33492739d4aab038925a139012c5bf22bec423a4de3c060a

  • SSDEEP

    393216:S36wM0zi/Nqnc/Bl/cb7sfgt9AjJAnEet7xRv:S3rMmiTJo4ot9AGEeZ

Score
8/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 3 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
    impact

Processes

  • io.dcloud.H57215100
    1⤵
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4268
  • io.dcloud.H57215100:pushservice
    1⤵
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4400
  • io.dcloud.H57215100:pushservice
    1⤵
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4737

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/io.dcloud.H57215100/databases/cc/cc.db
    Filesize

    36KB

    MD5

    ce6135aa1b1fe4f2c2db2a546d2a5558

    SHA1

    79b59582154017aadab783dc266fcb158c252940

    SHA256

    7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

    SHA512

    2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

    Download Submit

  • /data/data/io.dcloud.H57215100/databases/cc/cc.db
    Filesize

    36KB

    MD5

    bf98de399e74cf11c4eb7f60a611468f

    SHA1

    d14907e3d7f580cc7a78349fca0293534efdb5bd

    SHA256

    f247bd42505c26313ff1dd94556f193753a97f41e6c8d47d1399f1fc3bb92ec8

    SHA512

    a5b54cf7076011fd2a12f2e98b0092702a17a8b851f3e8c1387db11e4ed17a16f17f639075b5f97fe9d96aa06abd7b942564eeac9859e5b3249c2c2d6b61de68

    Download Submit

  • /data/data/io.dcloud.H57215100/databases/cc/cc.db-journal
    Filesize

    48KB

    MD5

    f9922995bd2ff7d50ea762a323514134

    SHA1

    185ed72baba62ad4a20a0d058f927ea631d90fdf

    SHA256

    fe31b3ff4918f7837b6ef6d89d43ede72233affd117d2a3fb24fec9f1566b779

    SHA512

    d4bb160890609e6836e4733f0abffc7c5331331f522a8bdb67ee8e6f9de60dd6d4b5eef52ae4c8207024cb99a843db153d38623996bc24c6421d20e622e1d14c

    Download Submit

  • /data/data/io.dcloud.H57215100/databases/cc/cc.db-wal
    Filesize

    16KB

    MD5

    a109d224673ad719ce51c6bb47263b0e

    SHA1

    5fe7134e689798100cc36413a993c66e7cc35f63

    SHA256

    29c485d3c0bb645888c09da49368fc12a54e3571387a5edca31131bb094663c1

    SHA512

    cec2fd56661f82f87fafa0825347b3fd67e533056ced550d56d8a0e8d94fa10a1ac3341d81a69f59d68ddc580b7cc5c61b59fe7548ae88dbc478a8ddecb41981

    Download Submit

  • /data/data/io.dcloud.H57215100/databases/cc/cc.db-wal
    Filesize

    48KB

    MD5

    a6eea749b019caaafe7758d57f79a28e

    SHA1

    3bc3cde8b0aeba473801bfeb389e0b3db77603c9

    SHA256

    5974b85a258eecd2035ee6dc4384e70aa5312ea66fa905d20744d463b9b5e175

    SHA512

    0d799ab2ba6f69ec93dabf51edbd352f63b9809ce83778725cfbe8fed3f0f0dfbb4c48425f34c0e48eeb2c79d379de31b517091eb237a2e6c44b325c1b16a07a

    Download Submit

  • /data/data/io.dcloud.H57215100/databases/pushsdk.db
    Filesize

    185KB

    MD5

    d9bdfea22ef8c9ac20bc190874285f7c

    SHA1

    ef80f6147eb7d852b8115f1a5963dc4ef3d14014

    SHA256

    42c65fa426469564faefb8cebb74da8636db4eea1bd115cf847f6a939a2cb82f

    SHA512

    a5b5c2bdcb3cd09288dfc985765d501488f066de6a177ad23d3614a1a12fb5ecc694fc6d2adbeec4838aa37fa751a53135066bc0f0d2d076e88696829c3aac81

    Download Submit

  • /data/data/io.dcloud.H57215100/databases/pushsdk.db-wal
    Filesize

    128KB

    MD5

    58f6bc9e2dd1fe303b5e92d72310ece7

    SHA1

    9bc7fad2b4d58a4707a70182d46815ac14d894c5

    SHA256

    b66e0c1b4d2dde3b3d2b3562664a59866928b981b9a763f9090682457f6401fb

    SHA512

    e218387ebf20dca10122fac8e8ce47c6e91c63ae8b85975284dfd52cf0330a0afd5b9efaf57d7181583054ee0aa8bab0e36bdc1f3259ab37c4e9da7fe09e7334

    Download Submit

  • /data/data/io.dcloud.H57215100/files/.imei.txt
    Filesize

    32KB

    MD5

    cd453175e5d037731986747035e9c65b

    SHA1

    3d39a89da710a7ec27c69b091f4a67325b03f110

    SHA256

    621231a69b7370d016f0c691478faf09d1591d16316ff29ec43e53abbc0cd030

    SHA512

    f6ddfb32016e0422e9647eb9be2786029b18c5b3b76b15929f11ea46d4c21cc32de630c61df8384ba9167aa667440d10a84dbb1d64f5702cbe7749e1d4635b40

    Download Submit

  • /data/data/io.dcloud.H57215100/files/.um/um_cache_1715068193667.env
    Filesize

    1KB

    MD5

    8f5f9f3b687153ed8f6f231dd79a7b93

    SHA1

    a4d892e8c0b94073886791436cace9cbde2d5a1c

    SHA256

    c7eed547a468a6862461260323b5c55b691e2db96e29d6a662ce112994028a33

    SHA512

    15e038fb1292f06df9e0321fac9e8949d546ef1715fb9e77ebc41a8e6b3f075936342bb47489fece0d83d6115d704efd09d4e93a11e6fc41e89f00918ab108c9

    Download Submit

  • /data/data/io.dcloud.H57215100/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    59f41e6f16710584a4bc601cb9c880cc

    SHA1

    2ce43ebb5e5d985367d70ea79d0534d6f4bb4804

    SHA256

    af5c9b57ad1226e92bb1238708c03cf09a8d0fc7e58b5f281bb69ed58ebc0053

    SHA512

    1aa5cb82285b2c8e1703c3b61681fc3e18626aa3174073aa813996404e08fee323c4ccfec93a27dec80a7a4bb123f3b84f42452d4fa1746f9665e1a6428bf7c7

    Download Submit

  • /data/data/io.dcloud.H57215100/files/umeng_it.cache
    Filesize

    32KB

    MD5

    c61f16cfb9fa5cec42dd9bf49a527d92

    SHA1

    aa93f26682622dd0ab9c45841b1ea08a2ede54e8

    SHA256

    fa5d726652b6e804f2c5faaf035a267978537aaa24dff1538e4f57025e474bb4

    SHA512

    2f968613ec7911a6e71738e84fc3f65998afba7cdfa78a776fe4f8379fa503dd5a889ca51cb6ec487631e5364aee697f989fc90003d7da833d2511349e40c3b8

    Download Submit

  • /data/data/io.dcloud.H57215100/shared_prefs_ext/test_app
    Filesize

    32KB

    MD5

    022cc0cb8a530a906418fa6cdac4ce55

    SHA1

    7ed30762453789d416e0e305672d2a0daf28f3f1

    SHA256

    ced814782f61b04305ced53f1bd179ecbdd9463835939c0cc7ccd4562a1e8656

    SHA512

    01959f9a2c31201f1b93a4bc430ac3732fdc0c3d4ff43d69e59c28685b94c559113d8ba8fff5af6f76f7c836cb17cad285a704bec9bb6285f0e536c08e7266d6

    Download Submit

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

    Download Submit

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    111B

    MD5

    81b0605da416f3a777b5502c3bf44841

    SHA1

    e0b319883f74d46601b3e81ae99b0d9a6cc815ac

    SHA256

    046281398fbcec6e9c371b0da2dfc2a923e04f15e493330f5a020bd8a99ec30d

    SHA512

    055f76954ae449ffb842846f4950433153524be65a6342dcecb455a5958ff9e92341bc70a112c89fa79c7c80357ff04454c3d6781cb5a7050034316fbaa5565e

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    512B

    MD5

    afa103dec194b9903f24f9048e2dc8b4

    SHA1

    eae8e9931be0f8ab9828e2dad20d48613f8f5e64

    SHA256

    a23978b3c566d377b6c13e5a34b626e94f5c5cdbe124c51218aa55448a39acb7

    SHA512

    9638978aed35ac7b7a3a6fed35711806431e9e9982d0db92318c57286d11a39c43d660979fd40964d4f23ae7a9d5a572f7406adf1f8d8b4f9c2ba38e87451724

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    111B

    MD5

    d0d1a43a7baaea7e0dff15491c02c3b9

    SHA1

    7205257b750ca8ddb069b0f40ae67767d0db2d02

    SHA256

    2422fc7eb3e5215f517c15f22ce976137c37a227ed7785b18249c42dbadb0232

    SHA512

    09ec74a31ca8bf898362ac22e3fc1a276e4e5e1868d92c31229a6ba0f468fb0b56c981664f1a60369b526265b133cae3ab6d4503ffb7667dc81c8385a1bea443

    Download Submit

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    44KB

    MD5

    4822574a7d881f46ef81fc224e846a3b

    SHA1

    a2a887e8b321cf45be79fe62561039a7a0f91728

    SHA256

    b2329153ba3ad1629a7ef16040cbb33f594ec8e0f5bfe3a3fb5cb4a778f50a7b

    SHA512

    b0487eaa55b6b77da9730f7a03127172a85c67e925791b73acf6780a9ace831d71e899f6762f959e6791d2c4e6e6fde504117aa2eb3c29fb76f626e8269fa929

    Download Submit

  • /storage/emulated/0/.imei.txt
    Filesize

    32B

    MD5

    d64bd4c432097ffef0eb63adf0de588c

    SHA1

    a7b14d4f451e8ce2ff21f3ab31db764f10b3a6f5

    SHA256

    2efee6ab71561fe9f2b88276185888249fd0b9536dbe44a2d5a9cf8674680d13

    SHA512

    67dc5e2acd06664714b5215e2003d379618491a4e5264b08ca5a5d32e0e4d0b1c62db2512952b4569b3a9ea0c76ffc55aca1f4088bdcb99793b360f41989ed0d

    Download Submit

  • /storage/emulated/0/Android/data/io.dcloud.H57215100/cnc3ejE6/eje3cnc
    Filesize

    32KB

    MD5

    1c4274aa7a9a5cac8c6d1df71e4588c6

    SHA1

    abaecd685e01cc68801292e3dc7085654a22feba

    SHA256

    3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

    SHA512

    1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

    Download Submit