c363239249fd6760c34025af54848a20d9ce62d57cc5022ffab5c9b9a60fc7a2

Analysis

max time kernel
133s
max time network
154s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
08/05/2024, 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

230461560877d37baa86e6b6f6278b88_JaffaCakes118.apk
Size

6.4MB
MD5

230461560877d37baa86e6b6f6278b88
SHA1

84758e4ef89c0868a5846bf616d42ef9eda96dde
SHA256

c363239249fd6760c34025af54848a20d9ce62d57cc5022ffab5c9b9a60fc7a2
SHA512

a52c3ac43454b739bdb81f94802f2a42b7249ba2a155aac488f1db516e648acca3080db2b0c24ce2adbe11c1cda9261259456e95b3b048081ef68533625ce793
SSDEEP

196608:0dMM+mrAXpZ/lpLFivvLHp5+15i+WoRdMX9fv5:4lh+/lwvLWjQove9v5

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cn.kuwo.player

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cn.kuwo.player

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.kuwo.player

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.kuwo.player

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.kuwo.player

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	cn.kuwo.player

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.kuwo.player

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

cn.kuwo.player
1⤵
- Checks memory information
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4245

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.kuwo.player/databases/kwplayer.db

Filesize
88KB

MD5
12f4bf7070bfa5ab1dfa00f043d98e7e

SHA1
a5df5b96a75478c8cf48ec09dfcc806d59805f82

SHA256
c3db2f5edd6fae49fe492f7fa083d7593e86277220e0391bbc39efab6f7b2fcb

SHA512
2644fd990c7d8344255c3f837386a4c6bfa11b5260cfc6b4a91650f70334314d6ee756e03ed959d5d0aebff1a108b47906a01bc7b99d9be1b66ba1c46b0dd2b3

Download Submit
/data/data/cn.kuwo.player/databases/kwplayer.db-journal

Filesize
512B

MD5
6d73ab1c46f6e09868b5116051e23cf5

SHA1
c513c0e225fe6f65bf41cc81907093ccdc4d3abb

SHA256
1c02e761a2b00da26b70162397dcbafb48f54532755ce94e1e65c8f2b8e23ab1

SHA512
23fae2aed61428edf58cf2d3bfbc57838b93640f96da499fd367fb71fb8a73b428ccb49971ed3191b4e6ff791304a469ddeaff18a175cbdc1463b4ecc4c76358

Download Submit
/data/data/cn.kuwo.player/databases/kwplayer.db-journal

Filesize
4KB

MD5
fd772c743436b08a23c696db82df35ad

SHA1
0249e210e3141d7c1bc1bcc09bf71b06ee2286dc

SHA256
c0360028c029e5055c5409e1aaa2e438a7cf54de530d60d2a26f8a52bd03d186

SHA512
9a6e477fce79d38ec89932678c0f98efc402859e833c5fb9e613998824978127f814f16e5e7e48aacb04a0177d4af2a63ab95298b49163912f64ea78a3e22bc1

Download Submit
/data/data/cn.kuwo.player/databases/kwplayer.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/cn.kuwo.player/databases/kwplayer.db-wal

Filesize
132KB

MD5
bd4b5a519b06dd3fe9ced884e3f86abe

SHA1
0d42e9fba1d20559ad9accbf7fd13710e3c46229

SHA256
445c60f4a59772e22e608ab14bfa2e09a96a3d55e6542bf4d7d957ea2ad99651

SHA512
4c2d60ad7f2b24a660d3fd1db2e3494beb21516dc266fe0a74f824bb613c6f9330351d7433e8ec24d86ca92f3f73894a1dcbb8aa5019421a77d9953106db30a5

Download Submit
/storage/emulated/0/KuwoMusic/.log/kuwo_service_logcat.log

Filesize
54B

MD5
1aa9652681c17261e33df697c2ebfa25

SHA1
1289666e724597845ff5a9e4aca989d1dead1b18

SHA256
ae17f84606f5082257371a9d835e21e346b364c5c54de1e88b2fa5cefc0e09ba

SHA512
81b6de080b303b9d29c421322ab82fde699c7d91e4225031a2a6ca6b4649a30ac81c0b1cdffc5c81e63dec594b57b84a1718debb4d9acb534b42a9321fc4e0f3

Download Submit
/storage/emulated/0/KuwoMusic/.log/kuwo_service_logcat.log

Filesize
53B

MD5
612ff65b265bbe18d7a94ae2d324b875

SHA1
c5d485b9889d75f0937e02cde6c59f56561f6ec9

SHA256
4eb2e15d7adb823f7c844b0becd5b6972a3cc503248e4699a49e81ddb205763a

SHA512
62ce2c5efe7b5b96ad433e9023b660541e4403b05d117920fb85eb154688fac62fefc26dfee8b8104a3fb01a831f05aad40d2293ac9603f374aefe9f882200c6

Download Submit
/storage/emulated/0/KuwoMusic/.log/kuwo_service_logcat.log

Filesize
76B

MD5
820a42d118ca5ba058d9a5d016d4be83

SHA1
9ba6ee12f4cbf3325db7209a461cc982828c8dee

SHA256
eb1136679496afd2ccddf907ae81435c204f339845d957b8589e22c8de78e813

SHA512
def620979719548df01b45f581e5ad9f9e554e32fa2f08a844a4fb5a48eb943beb22f6f31ade6f34512362791f92d5cb669ac3c932da50213325d0797a5d75be

Download Submit
/storage/emulated/0/KuwoMusic/.log/kuwo_service_logcat.log

Filesize
77B

MD5
69f7b8ce3f35ee149e76560f8734ff54

SHA1
2670c76e3875c17fd2575688f8dceecba7ea2899

SHA256
2cf9ae968c22c85288d4c1485eb332c595e975b8bd953ab089ddd91ea5a1527a

SHA512
33f743f8dfda866851ec63c3312802e768ce74f9cbe409fcd2b855747c0291e69523705fba2047b542a1bbd0f7f9c1e0c5b8cccc930bce0e5d299be459e1661e

Download Submit
/storage/emulated/0/KuwoMusic/.log/kuwo_service_logcat.log

Filesize
71B

MD5
3175854bc16fff7ddbd3334f2e68fc2b

SHA1
fcae28cad37bf828065d9a87ba15960f8cb80f57

SHA256
a71e29981ccff2a1afe07230d7f59fd524ae2d6bd24a71f9669894db28fa7024

SHA512
b3956fbaebbf522d0c1c34a5474a3662f86f16b1f919f75a953cbbfae99f358cf5f9c86b6aaf79168e3e0220af282e83fbe4df2a71af379a5cbad50bb9db5802

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads