4a982809dda2157ece2d4da296027dfd345caa2b0ebebe35339d6ab0828a4ab3

Analysis

max time kernel
73s
max time network
131s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
07/05/2024, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20c1bc3d8e01c0fe3452e75fbdac37cd_JaffaCakes118.apk
Size

2.5MB
MD5

20c1bc3d8e01c0fe3452e75fbdac37cd
SHA1

e262d2139f95914f289867cbf384c3b9153fec73
SHA256

4a982809dda2157ece2d4da296027dfd345caa2b0ebebe35339d6ab0828a4ab3
SHA512

a816c2547b15a03652287ecfc4bf80a55d347b4ac58e50fcd536827053898f555f4129530a84b0ca2d330ce19ccbdf85811087e1a03cae89bbb80e4157d32b33
SSDEEP

49152:BSe8oZvnZCQs+SE2AufApvq+ji+jYehqtI9dXtj1KlFusi8voSgbwUnRUpKVGShI:ce8uvnLs+SE2A5qgiALXTXtO/5APMUqv

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.com.ctvgb.iyueping

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.com.ctvgb.iyueping

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.com.ctvgb.iyueping

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.com.ctvgb.iyueping

cn.com.ctvgb.iyueping
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5048

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.com.ctvgb.iyueping/databases/dbxxtv.db

Filesize
40KB

MD5
f4a72a1f22e1bfc48cfad567355a429e

SHA1
c87ddd9fd5e0427ef393fb4262ef320893624e3f

SHA256
54582bc54fde3ff280fb3375c97a6f52d08131ba6a3e5bc308fd82427f753ff1

SHA512
1cb65ba5efc1257384675d13646fc84e6cd4547a14a5bd62365dd758118931d4a7026d9ea78b32d0cdc62a909799d4dc6c1e13a17efad217a9e9e96bf58e5ba4

Download Submit
/data/data/cn.com.ctvgb.iyueping/databases/dbxxtv.db-journal

Filesize
512B

MD5
b341779e0b8ac5a64f92a45cf7931d9d

SHA1
ae234c5d51530895fe1037efa7ba8a8b4db43ec2

SHA256
e165ff2af23a98489901e2a303f68cebf2b8105b7d957e7eb0aadc94e954c3a7

SHA512
604b20f535758e01607624ef7292c6d4c63aa08a0ee82f315726a2b28c1b099d18c1a5b3645a9e5c70cdbce0a3563da3a53ed9527469ab86fa4e9b88b11a0e3e

Download Submit
/data/data/cn.com.ctvgb.iyueping/databases/dbxxtv.db-journal

Filesize
8KB

MD5
4b00a8abdd844d1ae4eeca58584ad486

SHA1
be35bda39607b8384ee39a7c7796431a91109909

SHA256
fef145b79737701f7fafb086b369cb67ff83fedcf4def230da5c7d459c14bda0

SHA512
bfd7bbec1618013eafd79fbe40cc2a507313c1c65447dc61a2eed231a36069805909fa622e3e81248095e7461a40799c0aa5b7812bf4a3334bd2d3945eae84d8

Download Submit
/data/data/cn.com.ctvgb.iyueping/databases/dbxxtv.db-journal

Filesize
8KB

MD5
3a6e5c064066b9e5dfb497b8b2e283e0

SHA1
d03d9aafc069cf2363d07d9ce4ecac372d02c2d3

SHA256
5db241343cb84efb91b1a4dcc01df15b72f8beaa02941505d13ebd8db3bdb6fb

SHA512
ddb1480a61ef3a1bdcaa78aeeea69f345db35808e9cba881555aa9b8a80d3ebb8776f005269263bcac61650b7fed0b7951240b26c1eec594d75b508fb6b930c2

Download Submit
/data/data/cn.com.ctvgb.iyueping/files/mobclick_agent_sealed_cn.com.ctvgb.iyueping

Filesize
568B

MD5
26c76bc1f8505ecaf5b584ed298454f5

SHA1
c58301394279e97fb6311a06be1924fe91fdf4a6

SHA256
c78644419ed757efd83919fad6afd1d6811af2f8caf4a89a019e9aee7fdd9af3

SHA512
7bf9bd2d923bd48e24d6c552704bbb30142365905dbed20857871e6ffdab24cdd8ebbf33bab138cc89ce75456add24b712d38fe2111e70fddb952c44d5dfa4e8

Download Submit
/data/data/cn.com.ctvgb.iyueping/files/umeng_it.cache

Filesize
231B

MD5
8520be90a1bb175fe9fde49eece86197

SHA1
109ca13a117a1c53c6529fc6fa1f062cbfabdb62

SHA256
ed9b743cb7248055746f2bbac1ed53437425feb3af7580177798c16839e66186

SHA512
0a357486b2f533b1c2743847d1a501cac90aa05b7599ab43220c945d9e10c2d5ebbd0f3254c292d0b2cc7d9d16aacba51729d5415333c6f3b0416dcb47ce8b42

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
e977df2c90808f07e51c01b1801a9ab4

SHA1
53383f6a78fd8f99d8474221213028912bcaacce

SHA256
8a5bb4a1853d6e0b0e20a0cb5c559da5054132ec4785eca6a7ce8dd227d28020

SHA512
045f3af1bd9f838740e617b76fbc27cb25240f68a3b54778ea801c361c4f0ed9fb0a42187a6f2a3aeca7dc7da557864078ca84eb36b4645acb802b988d9cb562

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
c61abbe5e9ac549cf21060e7b83f0ab8

SHA1
7f543f91864d249fc5f67d387947a4ee09da73c8

SHA256
1898a09f05be3fef5f94c63df2820fac9eaf861b486ee07a10f8d4e961a66f85

SHA512
de85688f8e28a43c7cf3ac65d11540407373995d5931a5a5d0fdbd49aaf20672e2eec3c06e793144f2d910da8331f0400c8dc0a2300c767d431eb82e6af06f4a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
408B

MD5
63fbec913324bde55fd95637f6889dd6

SHA1
d02fe7063312b5d8bc5a5940d0ee2f93bd6eb86b

SHA256
5f1332fb45c846ff713fcf15c02043d84466d5c06a5e7ee00907564730e21608

SHA512
a077f4f408af9abfba335924d1a0fadd75326502a8ecb7303ef1fc1070833d4c4fc8323035a79ba6d96856e3fde2b5134b6c3eca4cfd0ae67d96643a8cfab630

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads