53bedcb9ddc7a815010806ca23ea9e711b28502a81c5161221635a4d74e97dea

Analysis

max time kernel
139s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
09/05/2024, 06:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

28a55583db934de08a04bfae16d2e552_JaffaCakes118.apk
Size

24.7MB
MD5

28a55583db934de08a04bfae16d2e552
SHA1

75569584bf4312e15d3c0e420d21da2b10eb27c6
SHA256

53bedcb9ddc7a815010806ca23ea9e711b28502a81c5161221635a4d74e97dea
SHA512

7c338d86c320c72a4a056bc35bc59eea6139a9e7755cc2ebff0942354081aa20694025c0d2eabb639fa771e672838cbbe6800d7d5cb281657a8a964d085f0131
SSDEEP

786432:SQLDEiez0Qz+xBUE9JPmuaVi58diTGQUytWF0:DLu2BtJPyiqiqytL

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.DuckeyApps.ColorSwitch.dbzq.m
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.DuckeyApps.ColorSwitch.dbzq.m

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.DuckeyApps.ColorSwitch.dbzq.m

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.DuckeyApps.ColorSwitch.dbzq.m

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/res/1365/dex.jar	4328	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/res/1365/dex.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/res/1365/oat/x86/dex.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/res/1365/dex.jar	4295	com.DuckeyApps.ColorSwitch.dbzq.m

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.DuckeyApps.ColorSwitch.dbzq.m

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.DuckeyApps.ColorSwitch.dbzq.m

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.DuckeyApps.ColorSwitch.dbzq.m

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.DuckeyApps.ColorSwitch.dbzq.m

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.DuckeyApps.ColorSwitch.dbzq.m

com.DuckeyApps.ColorSwitch.dbzq.m
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4295
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/res/1365/dex.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/res/1365/oat/x86/dex.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4328
- getprop ro.board.platform
  2⤵
  PID:4368
- getprop ro.mediatek.platform
  2⤵
  PID:4388
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4472
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4491

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/databases/0M3006CS7U0ZC2K3-access.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/databases/0M3006CS7U0ZC2K3-access.db-journal

Filesize
512B

MD5
35cd81d88d628498dff9b598bcc41b3d

SHA1
36adc1bf64f84f445054e0c0bf393f97f57ed1f5

SHA256
73b65b11c64855ce041a5928c596cae31d7ecda7eb21924dfd56b300818e13a8

SHA512
ee2e7593cacf7e114aacb6afc18bc07599a43df92aba27c4c8cbec5368c111426f2decf62ec207c18dc9cb26fa1bb8ae7d4c7bddc9997c4591355500ba78e825

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/databases/0M3006CS7U0ZC2K3-access.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/databases/0M3006CS7U0ZC2K3-access.db-wal

Filesize
32KB

MD5
594eb4831ea527fd7c8156206fba01ab

SHA1
65a09ca2a3a6b3c92e69e94359c03a81fe680985

SHA256
b47d1041fb54f701a2941650b5e5c2e1ab6b6e71a31ac7301bb3846769fb00df

SHA512
72a9161b4d25839a67b6d7cbfdf8d3397d3346b5a0fe375b324ea14d9d10fd8c3e4aa7251fa4e3f256c9ae5274e4db6e4a824c8ce7eeb468aa8deebc95516d2c

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/databases/ownad-journal

Filesize
512B

MD5
b08c176ddfe90cea277ec34efa4b076d

SHA1
277de3bc123385be8767ae13e1bb1fdf1572005c

SHA256
677400842bac7c2d541d79a5c53754e54f957c08970888a7cfff3869356023d2

SHA512
dc3dc244051ed460091e94a967e90bc88b76df2191815697064c6abb63a7e90c4de62d854ed0bf09aa10994f4bcf638cdeca62b762ab84ace78561f871b914fc

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/databases/ownad-wal

Filesize
28KB

MD5
a11ada22d3de1f71e0ff34f894d0fd95

SHA1
974de46a1e212cb43b745ef80467dc64e32f4cf1

SHA256
9be9d9a1465717ee1e316fb57a1e30e2460cedbccd26ba9abde3908785d87257

SHA512
e605befc91613b58e732dc47a4f84756fa7e40d287d42f8bcb71337f243ceb16e023e591c421b2e11b86b68fd8a2c1f7a90500e2a65a021e94fe050bd3807805

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/databases/pri_tencent_analysis.db_com.DuckeyApps.ColorSwitch.dbzq.m-journal

Filesize
512B

MD5
81adb4ea3ec6e7324ed29b527d1137af

SHA1
7665831282d832105439a074b0e2c9802653e6a0

SHA256
4f421f2567482c710e97482b9e703a0bf5ebca1b8cf6da256f0ded146987514f

SHA512
90311dfd6d934874e605aba695e9c27c1d3b492ad1dd064cfb5b39da7f4f21ec3163a434620a1238dac742d09d4c16126be96105b45c508bd6074d6e7bdc0bb2

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/databases/pri_tencent_analysis.db_com.DuckeyApps.ColorSwitch.dbzq.m-wal

Filesize
52KB

MD5
aa7fe2414ca187e31886dc7fb0f45f08

SHA1
7af721130915f88a9bb8b2152591901fd2197e2f

SHA256
688287f7cb3783f274468e884c0dcc4466f2152bf5af44570f5785bc6d98c95c

SHA512
b3fa0e4500d160d1b7fe679e0847ee46aca1171619c5966c8cd1353ecddbf1e1355462e91b8eca35827fb91f3e6543da316b2b4e1a3fff72d7d534592494cab9

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/databases/tencent_analysis.db_com.DuckeyApps.ColorSwitch.dbzq.m-journal

Filesize
512B

MD5
607884b5420558f842f642dab8b483fe

SHA1
f385942acb4e4d3c0a0af9427721253a1f64841e

SHA256
4b4e6cf124a512b102a6cbad60859a86485c9bde708f305006f28add37a4d43f

SHA512
00227e777bb64e0ae2dff686e7846087667da55dc65a1b196610c4b36716a1d9853329c46ac7f92be63ec662ab238811f2a0717d1e53e27b14124568611ae88a

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/databases/tencent_analysis.db_com.DuckeyApps.ColorSwitch.dbzq.m-wal

Filesize
92KB

MD5
779be7c49c4cfdd94e13e8a26cf3fb3c

SHA1
e7675411bef3adc9fda1280d1a800c1ab552ddc6

SHA256
a352f330ce11a1795eca9cf2c244449b98e20c16cacbf11b8f02a24175d87ccc

SHA512
815fcb9fd06997045f80334a1f6832f031f1b1a371db451b223eedbeb549a9f7d8915dc93cf743378a74e6d1c08748dea1d6d5d5308b872983752955b4f48a77

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/res/1365/dex.jar

Filesize
1.7MB

MD5
c964a8ea4b6ad714085a47d936d730c6

SHA1
6c036008d9d4d602a6e48a7b4a50462c941f57fa

SHA256
75192fa71ac4dba249fd73dc5250ca7988ecfcf5c89048f78dd5d5827be2a920

SHA512
45e724727cdc6aa021520c6b9c6efe84c5d03e5f43f64fc2432eed4610fb63ecbc893e1496785190a62537c49f25f137aaf7b84f1c1753b9f9eab48a47f8d8f7

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/res/1365/oat/dex.jar.cur.prof

Filesize
1KB

MD5
1ec0131e22f4e57047367c27ce14ccaa

SHA1
0b49a71eb62c09eb75778faa41041f952ee2cb7e

SHA256
651d9c9dcf07f4c683f37cb81529e723e98dc8d172b041b75d93ced7100fa58e

SHA512
e0d535c32a22814e557d3bc29ed8a6d960ff9eb43b66faf9c0c9203d2635c004359c6239040c7897909c9c413275569fb7d144a6b4c75b2d4a01f02c3396758b

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/res/1365/pack

Filesize
3.4MB

MD5
19c53a17d18cf54afdc40f8c01cff7f9

SHA1
687f5d8993f573f69091e5f9b707b7f4d089ff36

SHA256
e350191860e61e7206cd2de0c5c229e6cd31df8a3f086543afd532f837b34d2a

SHA512
76afc9f4c273386a192a1d85a4057dc6ca2fbc63dfa0ecb555a5ec3aecf167ff4132bc29f304c785237b11fb066b999fdbd8e00b75708114497f7e13d4a4cf6d

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/xiaomi_dbzq/1365/md5

Filesize
32B

MD5
fbfa0c9f40874a4994168593f40ed045

SHA1
fd84eff2968b02735f3fa12f69f0ac59e867c2c5

SHA256
e200d85dd5f1af6317ce747cabb2709aab52d1191ed50fd89d5b4548ad240fb9

SHA512
07fd85f32129ad1835d32d29f439ae06f005e41bd67e9bf570f00d6256d764452872a673f9d606bb3536c967acee408317c641375eab8bfe66ffbec84f7cb3d4

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/xiaomi_dbzq/1365/update

Filesize
3.4MB

MD5
0387cbc1c82eeff7f110765cc448ebf3

SHA1
c6e82331e266c5324bfbbabcf06a97bc3d70f45e

SHA256
4d1dfdd9819bb530949cda5aa991dbfacc107a78aab6da2e7fd9d8d17259a2a5

SHA512
047d94b96770230f1aa3e34a799f15e373c434681fb06289a053c6deb4ce5ca18dc749ccf0908cd4b9cc6dbd7d4ee11faa7f7304021334c97c9afb1b94cdf400

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/xiaomi_dbzq/checkupdate

Filesize
8B

MD5
b1e7722406c76a929001108ea5898528

SHA1
30601066395b7715772f6a7e73af3c2642ff5460

SHA256
a84279bb3a82ab21b90af4d44a621bfc828cdcbe5355ba5dc0e3ace09173e4ab

SHA512
bafe1f31441c215d9dda0afbf13250b762735f35cb336c0531a3afcb298c6f98ceb640804d50c6afe3c0b4ef50239fae627c7c84cdc123987254fe6671dd2768

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/xiaomi_dbzq/version

Filesize
10B

MD5
f7b09abdc757a03d4ddbc52f506209bf

SHA1
7496041883131878e8525f296f102bc3b5f509f7

SHA256
ed24cf4ac2c8501d4d4060a393e9a12cb962e97db74c48b92155710081b3c76d

SHA512
58314353621ee0236508f7bec56175305aa4f4108cdf265e7493942ec455f10c35118eba92088a6efc5072157ead71cc9a09d83cada80b4c94874034ed3cd104

Download Submit
/data/data/com.DuckeyApps.ColorSwitch.dbzq.m/files/libtencentloca.so

Filesize
19KB

MD5
2c1ed75b42b2e5fe45c87cc3729a4ec7

SHA1
60e15d8d6e99d144d99cf8936d4304272e0c3782

SHA256
7e713c464d2e1285098b82953d2103e43e43bd42dfcdbdeaccc0cfb115b9e155

SHA512
d681a6f3870b1960968d6633c2351ce67ebb0b4b1bea2926d4154dda10826f71d1529507bf32aefe436bb21f5b6682203dde61150c8ffb68eac3b50172343710

Download Submit
/data/user/0/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/res/1365/dex.jar

Filesize
4.0MB

MD5
11f1cf0d6d4b423924d2bcfec60cff6b

SHA1
adf79ef22e96b7bf0a85b8fc8228cad89c1be9e1

SHA256
4c0c3933ecf891a008ba17e1ed3ba1c283ed7d1bf1fb6fa58390de6b3669e9db

SHA512
5d874f9a1fbc2c2b5d42f0b1448b3ca8ad65f0dd14ac2039d482b31b3cf35bae5c7b8575acd52033c45321a4be726d9d099eb3c1f71e1dafe5db6f81a2dd7b31

Download Submit
/data/user/0/com.DuckeyApps.ColorSwitch.dbzq.m/files/kuaiyouxi/datas/res/1365/dex.jar

Filesize
4.0MB

MD5
3fae95c506fbcf2cde65206120529733

SHA1
33a3a0ce64607d47145bf225888f052de16391cd

SHA256
0842401c2f537cf4f10369d366b3eaa01274b81123c858a5324f898f1178b518

SHA512
4b0679ef29f493762a368b78134242d8f63464fe4a2f17d0a74b15d6842cd001032eecd5f63cacd4c8e1fe4c49453ba0fbda79844a89c1f078beca4b916d7e5e

Download Submit
/storage/emulated/0/.rwtest

Filesize
1B

MD5
13c8ffd977013703a701cf8e11deac65

SHA1
067d5096f219c64b53bb1c7d5e3754285b565a47

SHA256
e7cf46a078fed4fafd0b5e3aff144802b853f8ae459a4f0c14add3314b7cc3a6

SHA512
527cff2b6fdfbc0f54fe092b17d6d8c7e22500242635fa56981e85a64da6ce8a12a3a66cf69fd48f588bcba9bad141b8e351a0cdd4925ae57289933eec1fc153

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads