Overview

overview

10

Static

static

10

230666ed67...18.apk

android-9-x86

8

Analysis

  • max time kernel
    141s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    08-05-2024 03:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    230666ed6713519868e943ddc546556f_JaffaCakes118.apk

  • Size

    5.0MB

  • MD5

    230666ed6713519868e943ddc546556f

  • SHA1

    36150a2dc35998cca103313e56c9aec33868a15c

  • SHA256

    1a2603f3834bc5a75131759bbd41e2e7809e18adf6de6f92d94913b6f6c04f96

  • SHA512

    411de132c4536e9095e418b98da1bc11e2aebc8054dd90e03b073bb3eb56a257dbba8c419a88645d0cae4378bf2f6832680a5cbf9e7cd54c7b4d325b34274a41

  • SSDEEP

    98304:mpzhC2RPiHNxGEVDet3AwlvQC9dBFUd+prC5qDxEMXVsb/76r:mVXPiHNxldetPvQkdwyLxEMeb/g

Score
8/10
bankercollectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 2 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 3 IoCs
    discovery
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell information.

    collectiondiscovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
    impact

Processes

  • com.wta.NewCloudApp.jiuwei249032
    1⤵
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4462
  • com.wta.NewCloudApp.jiuwei249032:pushservice
    1⤵
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4526
  • com.wta.NewCloudApp.jiuwei249032:remote
    1⤵
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Requests cell location
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4540
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wta.NewCloudApp.jiuwei249032/files/tongji.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.wta.NewCloudApp.jiuwei249032/files/oat/x86/tongji.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4677

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.wta.NewCloudApp.jiuwei249032/databases/pushext.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.wta.NewCloudApp.jiuwei249032/databases/pushext.db-journal
    Filesize

    512B

    MD5

    cab35f442b00388da5a80d7fcae0f222

    SHA1

    743580945c79e88a80e8cccb7a93d67a15bbc832

    SHA256

    8ecaba526834a7d4c98aa226d1f35ffaf3b05213b34604ab0e9e7c0a66e960d1

    SHA512

    ced42927e4a86486f7b42053b5a9abe4fc39d72bb03488260bb8cbe465151349dcdfada0ae17e760f966b34f66a592a735db9857ffb648e86cdfccd4009a85f8

    Download Submit

  • /data/data/com.wta.NewCloudApp.jiuwei249032/databases/pushext.db-wal
    Filesize

    52KB

    MD5

    7b83390bbc84903512f87847e208a6cf

    SHA1

    f2a19e31604bc067c9280f018583648dd7f05c0c

    SHA256

    91bc79cf43e8c8f75570c078ed19baa9e7c33b222ff719f6f42f936fff1e9c63

    SHA512

    879475fee0006a24cc9f8583311dab52b45033ff7290e437d6db16af9b1840dac37b75d8ab84ac4b50a09928c4eb1bad5f5cca916bd31ec338c14d99c511e74e

    Download Submit

  • /data/data/com.wta.NewCloudApp.jiuwei249032/databases/pushg.db-journal
    Filesize

    512B

    MD5

    03a669d0dba420a339596890abbaf719

    SHA1

    eabdee6c2d6ba7369f4372b9a5987696a552fa46

    SHA256

    f819a144ef812edf44a56a3a1ab00d0a79a60b6d0c2b91f4af336979618e8621

    SHA512

    56ed8e1942a77c270b470604e9d4a0a67892b756f0750840d1b53bf897df2a2e70c14e92ca677ac9b2e5945593a1fe97bcbdad6c6fe3c779bec6fe7f45f8c98c

    Download Submit

  • /data/data/com.wta.NewCloudApp.jiuwei249032/databases/pushg.db-wal
    Filesize

    44KB

    MD5

    ad12e1b598cc7abead7ee00e5b1f33b0

    SHA1

    4805bd1bc9786712677144a2ff0a2eb3dca742f7

    SHA256

    207b4b9b3bb6df9904ec3ab1f1b6f3a74b72ac480548c658f6f1e51e015dd4e3

    SHA512

    1ce3f276cda0ae9f0cfe20a5156bdb094e54eb8a7f27086787d3e37d3d37c43b9e0991b3591c957f5329f432b1fa9fa8d8ef648ce33d5e80b39dbdfe0690898b

    Download Submit

  • /data/data/com.wta.NewCloudApp.jiuwei249032/databases/pushsdk.db
    Filesize

    17KB

    MD5

    8d24c5ec40c65cd23e5401e90d9a55db

    SHA1

    8bc64aeab8dc3aa810c3833fada110b6a6c5c054

    SHA256

    a9524d2a883504d4b2ef25cbd4ebc33aa127ea84aeab6e11eb5c79703c2a87cc

    SHA512

    12771ac5109f12d96b5e6f4a2cabe8d24bc46a3f103591c9aac5511fb6409763d8c797e2ff6584a7c63a61d4ad6f7090add4e71d959b8704d14c99de4a683f27

    Download Submit

  • /data/data/com.wta.NewCloudApp.jiuwei249032/databases/pushsdk.db-journal
    Filesize

    512B

    MD5

    ff702ef9290aa705890c1a2f92d61d48

    SHA1

    35bbd3e76ab733257c174c9b2c55b9c58e263797

    SHA256

    56394047802bc05b386fac3ba5120fb99e3ed9bc939680e6db7b7aee8d0d1fe6

    SHA512

    a3ede69d0ba75ab60a2f68e1d2683ee2bc6902821763c5e1ea90ab635479d68b5960f28852e565c56679113f2544b7b9bf0e381792efa7e3ed5b5735f3250b61

    Download Submit

  • /data/data/com.wta.NewCloudApp.jiuwei249032/databases/pushsdk.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.wta.NewCloudApp.jiuwei249032/databases/pushsdk.db-wal
    Filesize

    181KB

    MD5

    cc77fcea564eb486a65fdd9d2949fc8d

    SHA1

    c48fccd2069e48552daf0b86bfcc24e2ac44cdd6

    SHA256

    c915e8c50a5392e54fb9b0bb83d15ffefa60fab1fc98e5887b75cb6388bc779e

    SHA512

    1678a05f7c92c6ecb790a8da6ad59fe6196c4abe121cb7e2f167699ab73b3362314f9effdb897091e6183bae42cd87d654b0313965742619ec400fb531fa41cb

    Download Submit

  • /data/data/com.wta.NewCloudApp.jiuwei249032/files/init_c1.pid
    Filesize

    8KB

    MD5

    d75b715fafd6816afdc96b6225361e6d

    SHA1

    81f26c9e576275c9fb6d8eb7e2a70c04cc784624

    SHA256

    e54005a1c014c3660538257b66bea4ad3176dcbb3ba3ffea58b1024995c2eec7

    SHA512

    2baad6a7bc0341cfd94f3cadca4a9c969ea3f77f87d3b0487fa37637065b2d8e7c5d21e2d4152467044cf091b67e18cfaecb0e32f84328488d6aaf952b99d5cb

    Download Submit

  • /data/user/0/com.wta.NewCloudApp.jiuwei249032/files/tongji.jar
    Filesize

    18KB

    MD5

    b51f5cb9b5512fe1a22832bbc0efac5d

    SHA1

    a8584950ae7c8130bc08c469aa50b79d63b4f977

    SHA256

    c96c7901717a2b7d68871031bc4f16bcc514f4e23c28b99b3a09e8619100cca6

    SHA512

    f9788282e9720093850df834766de0424fc0ce8fb1769d11f8b4ebf8bf54eccf6daeeec93a0a600776aec6ff95ba6dbfcb2b464e0aa0396e1a099d95902df91b

    Download Submit

  • /storage/emulated/0/libs/com.wta.NewCloudApp.jiuwei249032.bin
    Filesize

    76B

    MD5

    212be8cdc4fb2c12627db48dfd76e82f

    SHA1

    55c190da762d0ea12258d4c943ed4ee7b54097e6

    SHA256

    8a022e9229ccf994f8c7b49957179ea688fe190469af189fdc65006896550414

    SHA512

    173a87d407afdacbb845b62969f0e04b96442be9b7c00b25542161cf0132294fdc8efb75f1b981d5eabdff9b9d97d61c9a21efd585e2e8afcfd3e9fe93aa3f54

    Download Submit