01c7eb8a1fff8735cd8969806454e136ab9a2981ff1e64eacd649438e4d48e0b

Analysis

max time kernel
66s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
09-05-2024 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28c517b49836845917ec6d75057d4492_JaffaCakes118.apk
Size

19.6MB
MD5

28c517b49836845917ec6d75057d4492
SHA1

7676f34866ee0d1a2ea576cbf475ad0d8882ba58
SHA256

01c7eb8a1fff8735cd8969806454e136ab9a2981ff1e64eacd649438e4d48e0b
SHA512

bde57b95b5e046d3fe9406895f6d5187ea4bd8a05a3793cce9f6341bdcd1c1a296517d8d14f6ac557e62e6848596b55cda62af6efbf9a28161806f5070c7c21c
SSDEEP

393216:sMbF56syC7fMXBwkoVGOA3NxSoEZKHnrg1JBN7vfXzGTPDryacXQ2Fvcn4:skQwfWBroUNdxS4AHsyrD04

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 2 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.shuame.mobile
File opened for read	/proc/cpuinfo	com.shuame.mobile:optimize

Checks memory information 2 TTPs 2 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.shuame.mobile
File opened for read	/proc/meminfo	com.shuame.mobile:optimize

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.shuame.mobile/files/beacon/comp/1.jar	4278	com.shuame.mobile

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.shuame.mobile:optimize

Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.shuame.mobile
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.shuame.mobile:optimize
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.shuame.mobile:optimize

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.shuame.mobile:optimize
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.shuame.mobile

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.shuame.mobile
Framework service call	android.app.IActivityManager.registerReceiver	com.shuame.mobile:optimize
Framework service call	android.app.IActivityManager.registerReceiver	com.shuame.mobile:optimize

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.shuame.mobile
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.shuame.mobile:optimize
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.shuame.mobile:optimize

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.shuame.mobile
Framework API call	javax.crypto.Cipher.doFinal	com.shuame.mobile:optimize
Framework API call	javax.crypto.Cipher.doFinal	com.shuame.mobile:optimize

com.shuame.mobile
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4278
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4356
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4376

com.shuame.mobile:optimize
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4406
- /system/bin/sh
  2⤵
  PID:4482
- - /system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/com.shuame.mobile/busybox /data/user/0/com.shuame.mobile/busybox cat /proc/mounts
    3⤵
    PID:4515
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4543

com.shuame.mobile:optimize
1⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4609
- /system/bin/sh
  2⤵
  PID:4640
- - /system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/com.shuame.mobile/busybox /data/user/0/com.shuame.mobile/busybox cat /proc/mounts
    3⤵
    PID:4668
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4715
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4734

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shuame.mobile/busybox

Filesize
353KB

MD5
cbb5a5610124d7c25264933bbb72184b

SHA1
7adf8746a414a8f8a098d449f47672c68561d603

SHA256
a8ac1fef0c0f690f89945e30f8a84df25aa2707a661c306a3d4679ac5248fe03

SHA512
c7b56b214f0b2cd1261b1c4b4dc394b5fb944d00b69171d80516514400c842ac0bb39873501fe0c7e869d01671173a88bbd33ffd8a6d2c206d8e9e9e47b424bd

Download Submit
/data/data/com.shuame.mobile/databases/0M300KYTRV0ZLNW7-access.db

Filesize
112KB

MD5
1f7f8d9ebf79ec0980ebdd5b6bdb8819

SHA1
983b568a1b29622cf693a4d43af5af3ad515f8d0

SHA256
f0c02fec8e138de50824d875572840ab48628a82af6b64d06434809abe95286c

SHA512
4369842efc2299a31684fcd8e6a971ea179478a25052aca2cbe691b3645c06d52dc3f54ad21156e556f35d95ac105a7c6886065d892dba269775fef452e10012

Download Submit
/data/data/com.shuame.mobile/databases/0M300KYTRV0ZLNW7-access.db-journal

Filesize
32KB

MD5
0800e24bd4d1b9a9793e4b8155ee7215

SHA1
3ad6fa984e26d6ae02ac3531a89c519903034056

SHA256
4ff7c1be8d51bbd967544bccc186576a440c9388fb3a1b2881bf024382d7c1b3

SHA512
944f479d3ab78ae3f5a41561355b9721b5c11f0592fba1c1d91ec1541d5087f7099e2e917495c44be80a03527387d3bd0f6ea7ea810c8028abb620e2f29f9852

Download Submit
/data/data/com.shuame.mobile/databases/0M300KYTRV0ZLNW7-access.db-shm

Filesize
32KB

MD5
a40b8012417ff73dc265056b843562e0

SHA1
f339bbef7fd6133b2b544ca61e8a4f3464683039

SHA256
fd3c12606048da4340f301527818ec4b2a8eed2036fe504d3422d8477e21d487

SHA512
766316387babaeb797bc8acbed83189c2d59c2d5e58591f8b3853f7a77696cdf135b7f11a2cef26a19e92b38e5013aec055704e41bd2fefd98b99948235d6497

Download Submit
/data/data/com.shuame.mobile/databases/0M300KYTRV0ZLNW7-access.db-wal

Filesize
48KB

MD5
e5d4a47d76a16109988b2f2a06aec414

SHA1
10fdf40d5723c171759cf1d3196e4908c01d67b5

SHA256
2c4d4dbc0f1ae8aa99da9f7cc62593624d8ee7fa03e3d3ec5b227cb0afa7cc3a

SHA512
a9166850bae9ef79b149f5ea41f90f69c853e7a11163ceef52a0b05492be8bbe2b9b4c29fd7a13757848d6bfa5e3d79f4324f5c920f36e91edfd90b3c039cbbf

Download Submit
/data/data/com.shuame.mobile/databases/appinstall.db-journal

Filesize
512B

MD5
002ec259a25a3800eeac9b47cdbc66dc

SHA1
a58e98976bf77b37a50958e18682e7ed4b021a69

SHA256
bb737b2e5d073cd8d76df55d359f18db0ca9b7645e45010d75f098369c1a987f

SHA512
877f385266e12846062e116af1e14d633863fb5fcac6440a01413070d8dff0ed975e43a3a8d5008f653d1d9644ea907b74c27f3a01d06382df2fcf81c9cf8919

Download Submit
/data/data/com.shuame.mobile/databases/appinstall.db-shm

Filesize
32KB

MD5
48cf1e90521c2328c8b3ec6d3d97b02f

SHA1
3bf084d1860ef48a7125adf85ab68aba25c0d65a

SHA256
41eb2dd668cd1e07eff5fdda9e1bfc3de3dba4b5b5568a2ea66e9ca317763131

SHA512
9aa9a9aefc03e4899a86aca22ef7d8627052925fe7169b62356aa18900737bdcfae389cfc54a930854663cdda20df6a3f60a69ea9635d339c4240bc36b6fd303

Download Submit
/data/data/com.shuame.mobile/databases/appinstall.db-wal

Filesize
36KB

MD5
e94c60f5ab03903780c07a4b45e9aff9

SHA1
568dd1d035f416ca991dfc3684e6780dc7e09292

SHA256
5187ab2c4491bf75262f8ba48324384522fbe0a046426583ac35440a57993a7d

SHA512
649fe7662d21cdc07f3bf53adc3b36fb879702302e0c5d70d70fb45f60bb53d5fb2f6b6c747b37eb63c43af1abbb53b0e9ff6f5126843f5186e7fa4d5c0aa8a1

Download Submit
/data/data/com.shuame.mobile/databases/qqdownload2.db-journal

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.shuame.mobile/databases/qqdownload2.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.shuame.mobile/databases/qqdownload2.db-wal

Filesize
36KB

MD5
ab7ce43f2ad4ee898580936e7ab096b4

SHA1
6b55f8f5e063030ff233d075c58220715a7983aa

SHA256
5942227c61796d7ae0e0f96cfb18e58587386effb8dde287c4423d32cbc7ca67

SHA512
6e351c54ab4480945d55bdc7368497667fdfd12dc0e7c84398636bfde04d7264f317fafc0b0045822e0b9915c1b544da240a61f9c9f8bca1c60fa655e2d4bf9e

Download Submit
/data/data/com.shuame.mobile/databases/searchRecords.db-journal

Filesize
512B

MD5
5652da6da6e48dda20226c83b953d958

SHA1
4b53e623dc99e3e1e4554b00e8a08bfe9171e145

SHA256
5627253bcf40166839c3c99e8c430cd70cf8387b2cc9358b7a422008fe4f02cd

SHA512
9cf0939d9f04a493e543fa5586551931dc27dc8fb5f54d09019b36bd8cdbfa3232c3a7a21f443752a4312240200b9286a4a9922b0bc5e0340116d4e99522cd73

Download Submit
/data/data/com.shuame.mobile/databases/searchRecords.db-wal

Filesize
32KB

MD5
ffe3c6872d7d1e742e8732810c7a74dd

SHA1
f70867266093fb8f852a2d118d33580dd4c6c99b

SHA256
fe41bfd0081dc9c69dd5466e9faa9c8fc73c4879198dcd0759003851bb4516f2

SHA512
ffbf685c9be3aaff82e4dc6c9124535fb3ca398900e54c33f134b11755b22a0ad3e638d98ff62ca9d7fb5f2fe568327524d0fc0aa644481e7d0bb510529cf6e6

Download Submit
/data/data/com.shuame.mobile/databases/statv2.db-journal

Filesize
512B

MD5
aac21dd2076760f799ac60bce473b84d

SHA1
4c8b12066c35ab9bb95d63b85ad43f43d1a23a48

SHA256
86387f3d0c80bac4d63c1f06bde214228ec2ffe06346ebf3a805446695d25eab

SHA512
02e0c0c0a7ae8701877c6070f2cb06d3b09f48f265c1ac0525350948fbc047186af535d75b9ced5575ab9c5cf2b5add07220a40e8bb0556ef542a205f40a933b

Download Submit
/data/data/com.shuame.mobile/databases/statv2.db-wal

Filesize
52KB

MD5
e3f2d61242dc06a3cb6480d914d9240d

SHA1
5b744fb4c3a7fd2b3d099027eeacea4905c3c1f4

SHA256
0088fec3a787dcbd318f823cf6df4a402e54137686af7e52f55313765d49b6fe

SHA512
9e0b41fa4b919981cbf07de5438990a593c2bcf6011f6585d1d266a34631ffe20aaec7288b37e4b8feac111f9688afe8030d80df74b715576a4025e9ff9ea2b7

Download Submit
/data/data/com.shuame.mobile/databases/sysAppInfo.db-journal

Filesize
512B

MD5
b2d98cc2996dbdf259907977555235f0

SHA1
1dbc9e895f090c05957884b0d218df06ee38df2d

SHA256
0ce9bf1d72cdf743bce500f30ac88dfd75a000df8598fab42c7f7e55cec0443e

SHA512
1699ca645fed8ce39d022ca564a3e7aab279698e66e59d1fa5dbd21138df33490e7a9dcb479f286e8d5151b925e87fc5f2b143e93f8937ea53a6e053741557ff

Download Submit
/data/data/com.shuame.mobile/databases/sysAppInfo.db-wal

Filesize
36KB

MD5
27ceda13f257b78e01330fe342dd9178

SHA1
e0ddc5319463afcf61b8525f4dd8db7c420fab03

SHA256
d59b5662a44b6a0c82538be483ca9ae3cb92c8304b3fb2e77a4d4a71d19ec7d1

SHA512
019c4dadeb36ce6546040960809295acb853228f25bc648ecf714d7398923a9a3a174497036ab08350e238756523e9cb3471b237965b8feb074c13e337d59be9

Download Submit
/data/data/com.shuame.mobile/databases/tencent_analysis.db

Filesize
88KB

MD5
23496ac6139f53f8e50650aad6df4f0e

SHA1
e9bf62deccc01066efaaa465c6168391eadf55a7

SHA256
78dfce532bbcfce5bcab3c9d04f60fa3a4ae43add14dbae6b3d0efb13741197f

SHA512
8085c680109453298a108a7859941c554c12d2c13dff54c50d698a4be3fec4b84d94808e44dac2cbc466b0c2ba3867001e29235fa68a39721c77e76dea3896b6

Download Submit
/data/data/com.shuame.mobile/databases/tencent_analysis.db-journal

Filesize
32KB

MD5
104aa41f581368421e7d886863d9ae26

SHA1
6579bdc963666be86dece94a039cdee8f8b9adde

SHA256
99d75138e438af0d8f0bb5578e9b096562d693009985435197ab2deeaf061676

SHA512
402ef839bfef8c14ffbe2f192cab50882b348f12edb923045a71fe9abe684d1849b413dcb521b1df061565d373e773565d4b0aed7c4522f80e843c709e4ce88f

Download Submit
/data/data/com.shuame.mobile/databases/tencent_analysis.db-wal

Filesize
76KB

MD5
1d9b3b2092ead66adac57ae888b45197

SHA1
c17168fb648513f0fcf0b508dff1b2003f5993de

SHA256
a6b8acab488c9f2356d2ef27bbfd7991e760235d44658834cce4e284533f53b1

SHA512
4b49daf2066540aa2a4df9d5c7d80211fdeb4b071e693d14f61680c5c39029ade0c8e37173541903cf74397966084e96963e5a02d5f01a31a48127f8e59e532a

Download Submit
/data/data/com.shuame.mobile/databases/tencent_analysis.db-wal

Filesize
100KB

MD5
51954c73cec7b4b93ceb3a83ea0e5fa4

SHA1
d7bdf304f25a1a1df5d6bea22b011bde1bc0c43f

SHA256
761019bd8f7b7cb453ecfcd7681e7e203f2d43a46743bafdbe3550b86142261f

SHA512
f4736e6495de7082f5f92f73cd76bbbff3289c7d82d9c5f4186894c75eb0b20af763028780495a6350e8950f95a019389618e84d60e1a56c2909d9faf0fb3217

Download Submit
/data/data/com.shuame.mobile/files/beacon/comp/1.jar

Filesize
70KB

MD5
4f198eb855b4409968888cc350a4d65f

SHA1
5bccbd8f60564cbf7930576119b790cc311a13e0

SHA256
d4f5a27326ca3b146a84122d04f01365459fb0cd63c34576f9957dce0df130f3

SHA512
5bf1db583b205fa84fa8c6637c80eed639f2a1acc3a0a73711c5f51444b064116bfbde23df15110d8cef78cb7792d744a6bbd6526adda65f842155c30785b371

Download Submit
/data/data/com.shuame.mobile/files/beacon/comp/5.jar

Filesize
3KB

MD5
0f007704fec9b983054009f7d9dd593a

SHA1
3ab6b7d14f326d4aa6279eb41465a98b1603abfe

SHA256
696a941f6a45156144e4baacef4a8b8ae187a70c92137d9f6077995334ba45a4

SHA512
c5725dcf0c21112b20a0b89274bdf077d78b97986d57ac546e5c9b48ba4ea9b68e74bc4dddf873d368a32397bbccb3f9a83707c6f8fa7856315ed9ca27715437

Download Submit
/data/data/com.shuame.mobile/files/beacon/comp/9.jar

Filesize
5KB

MD5
78fda54d578e58f8eb258237c776f472

SHA1
b906eba1749b99a5119aaacabcb7fc0ffd16bf3f

SHA256
7f7e8e10a3d14416c033231ab70c649bff6b4ec4af9a8f34cb177b64182998d8

SHA512
d36331fb108e464fd18d4f35f79d0fc30ee0ab8575e4acc2bcbe332686cf1b1641499c09b2c0f8f0d28d663e7ed2d1dd8f16f7ab23a53a38ebdb9c58ee6259c3

Download Submit
/data/data/com.shuame.mobile/files/beacon/comp/libBeacon.so

Filesize
24KB

MD5
a99856a4a0b5766f911370d5adf38fa2

SHA1
f8e2a1cc14f1156e833bf6931069acab3953a640

SHA256
80471bf1bdb73969bb4b75ff0050fb5e400a1fcd6053c9d0ae859eb993bb38c6

SHA512
6fa88c0a04ae114107060c8deb3b0944fa5d9b7d58420d9bdb66af34d2a1711617ee2246dee2b28fbdf35e219b8346ba22420f8c957ec4f2116b47cfa244f6b8

Download Submit
/data/data/com.shuame.mobile/files/com.tencent.open.config.json.1101689309

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/data/user/0/com.shuame.mobile/files/beacon/comp/1.jar

Filesize
148KB

MD5
2f1265b9116adabb799363d2009ffc6c

SHA1
c965c95f9e5beb2a10a69a565c57e032070aaf42

SHA256
fe6a80011a1065e085b53689ca9a2d77dcacbba89cb65fb2dae5dfc0aa27cbea

SHA512
210b763c42181bb490f116bc177246987004e472231fd6a669f44bca187b231e518d05e9dd30f0fb85796ad26a80bde6e7e5b363e144bf750bfffd6c29debdc7

Download Submit
/storage/emulated/0/Android/data/com.shuame.mobile/cache/image/58povi4gqow8db8dwsqdpy8g9.tmp

Filesize
139KB

MD5
5dbb493bf80392b8206cea99cee00a10

SHA1
c6dcff5f61aa5c1ce75bb31df787fe73e6924eaf

SHA256
019f6a0a9a0442e4d95fdb94367d58210d8b39d71aa23a00ece39403c4376acd

SHA512
b2bd365d40ff87d5b59ef9a950c4a05d1959483ca1eeeaeefda2c5f4b8fdba227bbdd582c600e1f206ced0767f345102f0be5c4afea4fa29385963c1a99905a1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads