6be5484d167ba3fadf873b0344fc1d9246644ad85bcffc7a37b21faa0bee62fc

Analysis

max time kernel
134s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
08-05-2024 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23de146d15a74316c9a3739a2c48535a_JaffaCakes118.apk
Size

23.0MB
MD5

23de146d15a74316c9a3739a2c48535a
SHA1

a5da6b2777537835e391f1708c543fd40b27494f
SHA256

6be5484d167ba3fadf873b0344fc1d9246644ad85bcffc7a37b21faa0bee62fc
SHA512

b18395845c9f9a569efe4d53865f779787dfa3d5cb0baa2754f7a878e2cb58178c62db9af53fe4881859124ad19ff5cdb7434e5bc07423bad4efdb31d8b33b3f
SSDEEP

393216:pBpgP9fjk6C3ZH0lRkdTQs5ptyonvxUxFSVoL4ro:pIFkfZU7kHsonvCxk+L4ro

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.happyteam.dubbingshow:remote

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.happyteam.dubbingshow

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.happyteam.dubbingshow

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.happyteam.dubbingshow:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.happyteam.dubbingshow:remote
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.happyteam.dubbingshow

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.happyteam.dubbingshow
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.happyteam.dubbingshow:pushservice

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.happyteam.dubbingshow
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.happyteam.dubbingshow:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.happyteam.dubbingshow:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.happyteam.dubbingshow:remote
Framework service call	android.app.IActivityManager.registerReceiver	com.happyteam.dubbingshow

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.happyteam.dubbingshow:pushservice

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.happyteam.dubbingshow
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.happyteam.dubbingshow:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.happyteam.dubbingshow:remote

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.happyteam.dubbingshow
Framework API call	javax.crypto.Cipher.doFinal	com.happyteam.dubbingshow:remote

com.happyteam.dubbingshow
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4503
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4654

com.happyteam.dubbingshow:pushservice
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4553

com.happyteam.dubbingshow:remote
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4599

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.happyteam.dubbingshow/databases/dubbingshow_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.happyteam.dubbingshow/databases/dubbingshow_db-journal

Filesize
132KB

MD5
eab9e2271cfb775331ee1959ef66cc60

SHA1
9f4f6a0ed8572405fc13c4c52b057d481b29d1ca

SHA256
8c3ba7698102e0d7b1cfc85ab34f20b6b55540090290a3e300c414d9363bc0ef

SHA512
a9693b38f03a09233f8ef2c2d679f72eac857d070977807f49cb7c81905cd9c6f7e79c701817045b321dacc609f9053029ca33aea1b96c0d11e65cb27be1b2b5

Download Submit
/data/data/com.happyteam.dubbingshow/databases/dubbingshow_db-shm

Filesize
32KB

MD5
25643975ce46699bd883dcbe8d8afe6c

SHA1
30e44114c376f28c30def5e5bb77fa94ec9ee576

SHA256
d98f7d76f66d43a8dd3129e1ab653e771c8ac8f41dfc039e21e0010f4df63078

SHA512
29cc6e465d4515819cd5d995e3fb8abfc3a10194e22e287c85dc8aab8fb03880ce355ed9843c3a5bbd4d4a0c9bbe68a5fb8407f804f9ed3412b510de33832f01

Download Submit
/data/data/com.happyteam.dubbingshow/databases/dubbingshow_db-wal

Filesize
120KB

MD5
1581d1dba6fc783ace3c7334bedc9ce6

SHA1
26ea67ca9d15750658bb3c40cbe4abbccc722e93

SHA256
22f2013956dc57d7f54dbb691aedcb13b0d93fc2cf529e8fd4d7d471a8cf2c18

SHA512
870e57a2219ca122bb17cd630e8942f4a6c8388f426366a005c27453ebdad6cdb9c1fbef5f106e509a0f7a55b6950d9760d52852344063c92e634eadc4d15243

Download Submit
/data/data/com.happyteam.dubbingshow/databases/pri_tencent_analysis.db

Filesize
32KB

MD5
d373f6e3449012a07a310892096c3ca9

SHA1
506530a472376b9b79da30225e710f2204e969d0

SHA256
0366ac94a9581119bce41c3563044960758d8b80778f17d9613fc5db8ce41243

SHA512
49f2a9133807b661c41e8e9edfc797d5df9c928ea85864b95f9588c591f65338b0e89132a5c462eef83a77293b510cbc05aa497f97585c91796abf1243a4000a

Download Submit
/data/data/com.happyteam.dubbingshow/databases/pri_tencent_analysis.db-journal

Filesize
32KB

MD5
2217a4b8c598ac080550bcfa6445a7c9

SHA1
e90a36abfe4f239fdb7715d8473f0027dac9faf9

SHA256
14a0e001d3a844552f656f5236c12665a6f04f32720fe296232195e0db227bca

SHA512
4907dd2e111529d8d2daf8dc9c141d4c018a3a7f0ba4f6a8da16528578fa5b020c5da58175df31584630735c78543b3eb29af73ef9107d5b38213973af07cbe8

Download Submit
/data/data/com.happyteam.dubbingshow/databases/pri_tencent_analysis.db-shm

Filesize
32KB

MD5
8bc8185be2162588b5962c9132f1ffc5

SHA1
65767d3a5fe4dba61bf052fb2584c174bb21e1ce

SHA256
dd818a5ddcec10dcf95ead817b6c155f2d735610fe16cbd719834d513c4e0e4e

SHA512
3aa7075a9ee72a4fbcbbeb5f4e52ffb842c4d50bc04417a877cc9d7b396f6d1d851e3faa1d77bb4c1f3578eb67bb8928892b63d70b664c73cef21508ea4cd094

Download Submit
/data/data/com.happyteam.dubbingshow/databases/pri_tencent_analysis.db-wal

Filesize
56KB

MD5
1f01904fa1f00870b6669c8eb3f63231

SHA1
29397dd7990d0b83de67842f208033ba4fd83fb5

SHA256
6079c7fe476e1f86cbb35ce0a4a6f3c50171449698ce7c6354b13f359646dfd8

SHA512
0d10cf5931a3e907f5328448c1acffae381afc251cc4bda8a19b162b72a89f83d6ea227705207114c4c7628b6e7aec43d17cf68a3803aed14a1c22729d79d31d

Download Submit
/data/data/com.happyteam.dubbingshow/databases/pushsdk.db-journal

Filesize
512B

MD5
67eba69a71c89227281cff0b8feb0e23

SHA1
a818100e710524a4a17fe79db57834c297ad96bf

SHA256
0678b719f6eb05052f2489a202c2be80d3174ef6a94faed262ef66900ed8ac88

SHA512
846b399ba7b7a9eed8a4404d17d376f5298f15a8ab7c8b0c59bed05089b611f2942bbaa8b277788c9dfa21e048f8e4f63f19a8304fdf04a8a582f493c5946a40

Download Submit
/data/data/com.happyteam.dubbingshow/databases/tencent_analysis.db

Filesize
44KB

MD5
f1d594e6237826e8e6b93eedccba02d7

SHA1
13d2876876e53c9b8fd2cde4b845bb03a8503f94

SHA256
ec503334cd2742051b24e749764a7a156cff0d748c32435b3f3eb73b56ff0032

SHA512
1e44e3c5b8ebd18f7b40df7cb28d0545722aaade606311f3ad2f6790338052f9a1600a39297cb8402865f934266c447a9737a30e9a0f7ba1689b7579a9d4e56b

Download Submit
/data/data/com.happyteam.dubbingshow/databases/tencent_analysis.db-journal

Filesize
512B

MD5
d01287d95cbb0df47d560f88e931bba5

SHA1
7fae6cf04aab3ce5681f5955b696e0f037383d53

SHA256
2ed911ab39994a9d96655b7ca7784eb1cbac34cfc70ff39b9774911810d632b5

SHA512
b7499d9dada60d0078b2686e9c9dfca0adf3077047a7d8ba8c912548d1fd6b7b28db5c4514ad650abcf3aaed3adf238bca946b15b04719020df2d7289f132d3e

Download Submit
/data/data/com.happyteam.dubbingshow/databases/tencent_analysis.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.happyteam.dubbingshow/databases/tencent_analysis.db-wal

Filesize
76KB

MD5
63f8290647363712b54205d0b42420f3

SHA1
a13298291810ba2ecc9b134d688cfc87103d53d7

SHA256
deebb63e33798cac3c9c0993f442f0dd818f99dce5316d4a56bfba573fec0492

SHA512
1246244af145af8343f3e39c10c76d94b4d5732b1e318bdf8b8dca6d46ed84589ce6715d73c3f2f8d74f35d5f5c5440711e610b6a481ac67abe57cea48b1bc4c

Download Submit
/data/data/com.happyteam.dubbingshow/databases/tencent_analysis.db-wal

Filesize
16KB

MD5
4448601385685e6702aa97053e9ad94b

SHA1
822c3258b91a80191828c4525a153779ecb01da1

SHA256
1dc77c04b695f1d1a88f605ae78047fc28a179d2c6829fcf74701d85850c916b

SHA512
06bd06c836c8e1b3aa4e9ea6fe0a3b7d67940f6c625c360d6b85b5085d8dea913caae1dac7ef6a580ccc9f12c9862a1f72790af7669e08f2c9ca7d0c69332db0

Download Submit
/data/data/com.happyteam.dubbingshow/files/umeng_it.cache

Filesize
211B

MD5
41593a511ca9aa41e2fae40c723d1a9f

SHA1
91c861f9eaeb1d9696e4a0e02a5c613e5ab9e41a

SHA256
e9fab15b737822c433fd484f180032a452041b244a83b8bec28b34345960164c

SHA512
f433de0338fafc8caac41710170e3151bca4896a5d109a906c16729bc7dc95e4c97c83bcd9ad20663ce495c506017d17b9cd9ff22aa93299a67f05fc02cabb82

Download Submit
/storage/emulated/0/Android/data/com.happyteam.dubbingshow/dubbingshow#dubbingshow/log/20240508/000.html

Filesize
10KB

MD5
2afa8b90115902cf1e57de54b1cc7596

SHA1
8414bb0aea9211e36730037a8217554742ad810c

SHA256
38843af1f37ff8d3a26cba1988d0a87c08a6dfd7111e1465167964147bb26ba2

SHA512
01c044b9b51e331aa9e494d450d13d91443d133504938b57fdfec494f2791e2115c6a536e3c04d7189aa17286e8fd495e80abd83bd2724f6960e8c7d6ea0e57a

Download Submit
/storage/emulated/0/Android/data/com.happyteam.dubbingshow/dubbingshow#dubbingshow/log/20240508/000.html

Filesize
76KB

MD5
d4242cfb0d10c56d100e9c386875d104

SHA1
3b7e9ddc30968a3a7a34fade3ea5d687df305e29

SHA256
5a473439cd4072f5f00b47db6d27c941e5119cdd508597e33d74cb228e1a128b

SHA512
8a834c01d4ee4c1e368b1dc74d207a8867820e84a5109751e4a1cc8e77fd571d0ef3969ea5ceb62828db4fff4c6a7895c3ed6586422aa5fdba0481d88e68bb8c

Download Submit
/storage/emulated/0/Android/data/com.happyteam.dubbingshow/dubbingshow#dubbingshow/log/20240508/000.html

Filesize
32KB

MD5
638ea4d6501972855e93ff34d920073d

SHA1
9dad288b1c50eb2c5ba47e46effac71861e0e741

SHA256
d5a6a8a721ca7b3889a506b524a9102b20e9897815d3f5765b11271e6c5257ec

SHA512
174cdc87fbff5368aa268739dfad3f0b860057386a706d3c1e795e49386851dd2ded2818259e831702af043087fafd14b743c237951906daa7c866bd890b7ee8

Download Submit
/storage/emulated/0/Android/data/com.happyteam.dubbingshow/dubbingshow#dubbingshow/log/20240508/000.html

Filesize
82B

MD5
0ccda60d5e98c060bd8de6172938672a

SHA1
0e0de2bc4f760cd49b83c84017ffe833c805b3a7

SHA256
d7dc3988ef2f0d43001438a219d6ba6033216c33e11403b052f0a03b13a03526

SHA512
51413aa46547249b00b242dd2ed8c8cca027826ea591806f7c36fd61804707298123db027fa39889bede9a43522c71003491e19fdfde7d7b7e6f66e8b935b9aa

Download Submit
/storage/emulated/0/Android/data/com.happyteam.dubbingshow/dubbingshow#dubbingshow/log/20240508/000.html

Filesize
512B

MD5
8495354a6d16cc0bdfa618bf96e453a9

SHA1
3835255ec24a46927e7cfff12e90ea58bb2d53cb

SHA256
64e56b7dd2c8d907d6b120d551f95e8b889eb5e349de5ef9a7721a4440a2e8af

SHA512
5a390603aceadbfd9d82faa625f45bf360055faee19eb94df921eebdc949a7a6c65399a03dbc33e0380f9ed1cda7e07f90e98cc67c11e67c8c33ccf88019a77e

Download Submit
/storage/emulated/0/baidu/tempdata/yol.dat

Filesize
585B

MD5
04be5b7e910453ac8323af983d0f0ddb

SHA1
de9ddba18602ff3eb42c2da63086dcdef0edcae5

SHA256
263158114f025a083d6094852776b073af686ec00e889e2fee57a2af1dbbd1f8

SHA512
732c92da90565f9be0b998df71524a283887c5e20e642005962fd2e256e0a77928a0cbfc537d8e810532b37350795c222ddb4d66dc0a0994020fd4457fba0a65

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads