cc8e8635549b0883384a267fb094bd7f528e5ad910b4b23453618fa3425e3f64

Analysis

max time kernel
115s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
08-05-2024 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

249ce56be3637ff8d5b5c7cc88b17110_JaffaCakes118.apk
Size

12.6MB
MD5

249ce56be3637ff8d5b5c7cc88b17110
SHA1

e5227e6f5ef51c0ed3039d8c9ba4bcc4539ed92f
SHA256

cc8e8635549b0883384a267fb094bd7f528e5ad910b4b23453618fa3425e3f64
SHA512

cb7f257c6469ed6c647177b80276677182ee4fd10c8e8af28d33d65bcbe75080f02427db574285b3eaa34d5da8c9bad4ef1630c5b37c88e8a335157353abf77b
SSDEEP

196608:6ar3fd3U0ryNTfYNykIq3B3CuAD3iv/apvurSDn5jLKskKno2GeskKno2l:6ajh9wfYNZ8uAD36/sNDno1zA1zm

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

io.dcloud.liuliangkuanggong

description	ioc	Process
File opened for read	/proc/cpuinfo	io.dcloud.liuliangkuanggong

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

io.dcloud.liuliangkuanggong

description	ioc	Process
File opened for read	/proc/meminfo	io.dcloud.liuliangkuanggong

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

io.dcloud.liuliangkuanggong

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.dcloud.liuliangkuanggong

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

io.dcloud.liuliangkuanggong

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.liuliangkuanggong

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

io.dcloud.liuliangkuanggong

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	io.dcloud.liuliangkuanggong

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

io.dcloud.liuliangkuanggong

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.liuliangkuanggong

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

io.dcloud.liuliangkuanggong

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.liuliangkuanggong

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

io.dcloud.liuliangkuanggong

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.liuliangkuanggong

io.dcloud.liuliangkuanggong
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4275

io.dcloud.liuliangkuanggong:pushservice
1⤵
PID:4403

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.liuliangkuanggong/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/io.dcloud.liuliangkuanggong/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/io.dcloud.liuliangkuanggong/databases/cc/cc.db-journal

Filesize
512B

MD5
f31380c0e34e15f41649fac86fa68cd1

SHA1
5c822a63d1d010582e74c7ead4011be531939877

SHA256
ddd20d8c60036e20a691f4b0d3b1b33d7b2d59b212dba94148ed985a2cb3518e

SHA512
7f24a9364b7f484678a1b7f82e43e8a40715fc3875bfc6c6592907466ee9e3dd7211271978bdbe5d64748c88387da7d3d38004567572553c2376510a03f0b89f

Download Submit
/data/data/io.dcloud.liuliangkuanggong/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/io.dcloud.liuliangkuanggong/databases/cc/cc.db-wal

Filesize
16KB

MD5
63b4ae26acd4d44668a71fd2baf0e89c

SHA1
8dd082043b68ee843595aceb92a971d484ff83fd

SHA256
2c21e97477cc88ed47533b5b62a7d4930ef5b3818007b95c7578ffd1a367dc8b

SHA512
2e63ec1c36cae0bd8f202ab84eae427aad9e5d41ca425b50c2ff9295af6632d4dc3e8e31cfc30f66b55eafdc0ac243cbd4aa25ac2ac3db1b4f52718d6fe0c63b

Download Submit
/data/data/io.dcloud.liuliangkuanggong/databases/cc/cc.db-wal

Filesize
48KB

MD5
0c92025349311441932957ac71d29bf6

SHA1
e823f7d6d9e13d3076f55135c744d0efda47bf7c

SHA256
4e50b5e53e1a2540780940acca3858047affe3cdd2f552545a8f1b5ce9b4ad1a

SHA512
bcc5c5bda7a6c008d3635a53200b989e6f4f498f1cff7804fa3b1a7b6bc0139e070d14b1669bda5d63ab7a098cb12158d1b7f46c941167165467a22e433e1192

Download Submit
/data/data/io.dcloud.liuliangkuanggong/files/.imei.txt

Filesize
32B

MD5
44552961d087b8b6a4cd68a0a22ebda8

SHA1
4706471161c90e58b270cfcea526c2a111bfc409

SHA256
797e93d1a7963f325da3e049ab78e9c947deaad5c737ce31589d69f5646ec598

SHA512
1001dd1d85585adaf021c4cd3fe2db742e53f598dbc53d3f495dc39ffa25d06483edfa73cef91bf7eef1884e301d759c84b13d6a1425b10ee0a3e48499259786

Download Submit
/data/data/io.dcloud.liuliangkuanggong/files/.um/um_cache_1715167305044.env

Filesize
1KB

MD5
c4c3bf31b0cc8f38624d1a531845f389

SHA1
8529f6f345d63238181d2fd483ef95fddcfabd7e

SHA256
30e480f969392843eb3967236d5c8184949409ede7ff3f27f2a933aff85d5a8c

SHA512
65bbcdab8c51b492e0652fd356098efc21271283dc68701bbfa710d1472a69a738f380741a56a9da6b80ede1c930740201cf13ceea71155285e74fb86c85f809

Download Submit
/data/data/io.dcloud.liuliangkuanggong/files/.umeng/exchangeIdentity.json

Filesize
152B

MD5
baec23ef5d0645bf0fc98f3cb563e893

SHA1
02a2be6e47542c68df07ae693d4df9e3bb38d839

SHA256
e3a3c2914349cfa36d8a7fb0bb4d9a11ef1e8775fb89898e1e43e4ed897ef777

SHA512
f4f04cae41de64bbf5aae286f43b5c205a0a0907d9485608a05620c3b434ce3d8dd3982939ebad2acf30433ba14109e54918eac55bc787ef0af9fc9a01ebd30d

Download Submit
/data/data/io.dcloud.liuliangkuanggong/files/init_er.pid

Filesize
13B

MD5
76e5cf3dd1a2387e18bae13fbbebc071

SHA1
fcb15f4068194fefa6b98973e23577351fb8408c

SHA256
96fdb502437d1ce6c66ece419cdacd41df8c87934e920735c505f74bc159b0e9

SHA512
7d07e35ff396d4d04d2ddf68e9b224160eeed1f005be00e850b165f5599c4c1e822cfcef87d70c90fd106d6f2cd00c35f34a646ac152bfe51f966eacac148601

Download Submit
/data/data/io.dcloud.liuliangkuanggong/files/umeng_it.cache

Filesize
498B

MD5
e5574be2f4e55830c32b77c659ed7931

SHA1
3303e183da944984fc02f95c01d3aed60396f743

SHA256
bdb7251d28a63646ef4ed771ed08b64bde00074bd111a0c966801deea22102ba

SHA512
aefe76eedc3ffc086ff2d750d505439bc2efa9f20ba673b503fc2ee3dc98e8420fb3b95be7cc50e37648d5bfc30f27c3c7eca182dc789ba4358c94798dfc6193

Download Submit
/data/data/io.dcloud.liuliangkuanggong/shared_prefs_ext/test_app

Filesize
24B

MD5
09b1e63e831aa6ee536da2a627cbc331

SHA1
321859d1a38115b9ecfa37fe7691310b21481802

SHA256
c9dc33ea510219408e811853d29898b27aa6f05f04788fb3f0989f67403a2aab

SHA512
64848e255b10de534dce29d4517f3003d3642b327588de6e7951ad61c2c4caced38256e19111a033391d288e22b3333e0aa2cb5866a8fc9ef35c4d9d9df829e3

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
39c71024feafa450082f88bc9ad2266e

SHA1
4fd5d4c899db418f2c947f21c72756bfc7834fa7

SHA256
ae0c80e9e9da0cf9445880327061f294686afb05aceed07f94ae68db429c4162

SHA512
fa32dd51dbb77b324320bfd3ef17faadc3a8ec57078889220fb174447071cb47518a7a019eaf30f312491c01f3e8c3ac838ccf06bebae063707904efc519c880

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
be490bf780b1e60075afaecd7104460d

SHA1
177cac51cd5e4afcd4fde2e8c664bdf7044542c8

SHA256
4049ff5401a2708354260022357c296da165c6ea3ff80c89d446acfdb02c80bb

SHA512
365bd4e0873138c67f1a0a7d477d69907c2ff7c110e5f44ee3f889e3662332b450e0d891533b970990ec890a1e1c110aaddc479fbd98404345c77a57621513b6

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
2a85f96b8f5d2ff9762b36d574f68076

SHA1
bae9f5f012b1b2e50ed353b0d9d9d6ae51fefadc

SHA256
207db44e8391a5f2dbc1e6b865211cc9a33bda3e167e21186e76eaebd2c4969a

SHA512
b8818b44b6031906e062e4e600b3a0a7a0fe8ea63c7a9f31af078ae73cbdf608b533035e4c22b9a1461a649632f78f7dd4f9bac05096b0dce998e9a093395109

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
10907ee8f88bc9a6c0cf7bc2a3545ce8

SHA1
b14b2f2197f66fecbb39b56f25cdc91976ec48ad

SHA256
3314bedc0bde0fb04146f604f182562975dd26f3647f6c8cc74fe9541e5b22de

SHA512
b88783e04c05d7945f3f8855d6df057f9445a44eaf6e9e5e1f8d108a7822adcc55912b85edc4e9dca7a4a3fe50a4ce46a61ac80dea114ef7ea7cb87fe481b574

Download Submit