148caf84e23f771b457a6b43ead1665ff23b1fac7c070ec59519cbbead7edf75

Analysis

max time kernel
3s
max time network
131s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
09-05-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

298f79c5804b27779032f81312c55b19_JaffaCakes118.apk
Size

31.8MB
MD5

298f79c5804b27779032f81312c55b19
SHA1

a51c355d8c986e583ae5f575a1efe2b0fa4a7c8c
SHA256

148caf84e23f771b457a6b43ead1665ff23b1fac7c070ec59519cbbead7edf75
SHA512

11e35476e66cc0afa456e52b614fe4836af2ae07e388f7db9df2bac3c0b71e66ed9217cdf29ff214640b90c844e8fa9067ad3bda15c58255a594c9991935d5e2
SSDEEP

786432:yXdu/I+DNpjUAhqwhEKROlA0KRHs0KRHQWsyfSvV:sWnRhqwhtenKRDKRwU6V

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ydyd.small

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ydyd.small

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

com.ydyd.small
1⤵
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5099

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ydyd.small/databases/bugly_db_legu

Filesize
60KB

MD5
f91047cf2d853d122401e3921b08e182

SHA1
e35b71dfc866ae4697e0327f1b9a2344cb5ef661

SHA256
ef06f09c4113d23112b751fa8ce295db92d1b5d88a0e6e70ae70554eacc26a3a

SHA512
f455bc9c46f3852480dd27fa18eec52e59b0cff3bf8830c5fc910d8eb54953b464c0f83b25da65cab8678eb0b13de001e329050535081834ec70088f0e1a20a1

Download Submit
/data/data/com.ydyd.small/databases/bugly_db_legu-journal

Filesize
12KB

MD5
806ff6d1a006fc37ab7cbcabca247d47

SHA1
b545faf21f1687e2f538bdd7043d8e60670fb052

SHA256
8542307af53be9b080ae41112713808e5d1083476750653340876f8780df2d9c

SHA512
484507743e9b63fbd17bbf51c6a9f032c0fa08f8a571d81c3c9f63c8ae30a1a8cf28a5675251b8ef39027649fbdfaa2275af5777b0752864a403212bd8866f02

Download Submit
/data/data/com.ydyd.small/databases/bugly_db_legu-journal

Filesize
512B

MD5
172a5a0f4e942fdd20becb3f8458a7f8

SHA1
28559859b52d26df1ce814197ee62af29fb47849

SHA256
11d15a4d2339b25defe622677d6770970c303470b7f54d557868b9ca91ce6e6b

SHA512
4160abb8e51269c96df174337c60470f7505da1111f06848ce367989b874cc34c890effe08c9260a357b4dfedae6ce41de8f1bd22f44189af8fff9a0f9011389

Download Submit
/data/data/com.ydyd.small/databases/bugly_db_legu-journal

Filesize
8KB

MD5
49e576ebff55e5a70c92b2c63bef5fe6

SHA1
b8b5a6bb334249400277a4e1e8cdd4d1df8c3335

SHA256
b8817f9e781567ffbafd7af0c289cbed4b550205f2077105cd6dc6703028d7a2

SHA512
62e117c7f10f88aecc0f2a64baeaf55a962704052a0b0a079faefc06ecb212790fbb7262026f5d69fcdc0f8470fd8ef74003db5e747423eabb5b137e42693490

Download Submit
/data/data/com.ydyd.small/databases/bugly_db_legu-journal

Filesize
8KB

MD5
dca49f931fbf0f5e251a781f757cd5c7

SHA1
a13588d3c7b9150cd50a7855d70a0ab6c3368007

SHA256
9b3c6362997b780a854e5443a95fc73b2fcfb9f0ad136d10a12f0f87ac523962

SHA512
1730c9876188554483520e8db9b6ca08ffe54db92ebfa38453801162c587a855d4a1b88a82330ee70207130744a52f3296c08be419ff41977530b83868503cb1

Download Submit
/data/data/com.ydyd.small/databases/bugly_db_legu-journal

Filesize
8KB

MD5
eb0a6d94f6ded45cb3e81d36e6b7d5ba

SHA1
cc20c1ae3c4a1c39a8981f86136bd57fb8e2ef28

SHA256
8e256dafbc551482f3d0ceff9bd23f9a4b262ad93342d3e3ee6f47f1e6a78519

SHA512
dd85caa511563fef21d9ce82291805b1f08e87604fd82a0da75be1807d383fdbbef246ae3f253766ee2205a3bd1fee305746747f6745852cbe09867bf14bb0ef

Download Submit
/data/data/com.ydyd.small/databases/bugly_db_legu-journal

Filesize
12KB

MD5
f84809b67abfbf4acb172ec8bf7cfb8f

SHA1
4fe45eadddae10c80785fe6e5a73f13f12997ffd

SHA256
88267f22c91981928d6640ad474a50495cf1d6d599988ee78a51908d41a0d5a4

SHA512
e484dbee555dddb3bde9db85bfaf5b49aad8ddc3c212269972903ab58142ec3c0e91980dd7f42356c416a85d0df0fdb64d98281025a6d8aa43d8b47085e545f3

Download Submit