5e57bdd1bcd4da9a76316252e28d745d3663bb8c2f37ae5af5721edcac3d4989

Analysis

max time kernel
116s
max time network
161s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
10-05-2024 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

316104fce3b13aa8cc8ace57feba2379_JaffaCakes118.apk
Size

14.8MB
MD5

316104fce3b13aa8cc8ace57feba2379
SHA1

5d5d98074dcecb9b1fc1338a7f05da769c6dfec0
SHA256

5e57bdd1bcd4da9a76316252e28d745d3663bb8c2f37ae5af5721edcac3d4989
SHA512

a9b3384734bedb19ed1350b59bf5432d6f4dd8d94598ecfac235e43e709308245ff04af656629e0a892223dd3b2121a4c1f44b5c577b06c61b75339dd5156686
SSDEEP

393216:p+2fFOOxtKenryjD6NVD8vamZnp19Cm6l5E65hJc:pTjKPjD6NV+awpijrRO

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.fanshucancer.www

description	ioc	Process
File opened for read	/proc/meminfo	com.fanshucancer.www

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.fanshucancer.www

ioc	pid	Process
/data/data/com.fanshucancer.www/mix.dex	5117	com.fanshucancer.www
/data/data/com.fanshucancer.www/mix.dex	5117	com.fanshucancer.www

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.fanshucancer.www

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.fanshucancer.www

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.fanshucancer.www

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.fanshucancer.www

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.fanshucancer.www

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.fanshucancer.www

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.fanshucancer.www

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fanshucancer.www

com.fanshucancer.www
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5117

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fanshucancer.www/app_bugly/rqd_record.eup

Filesize
362B

MD5
4afbe46ad3267aeba86f0d1740fe2d70

SHA1
273e2175955c3350c2dd586696e940220c3a2734

SHA256
bb8b6a661fdc9e9ecc011aab63d6b0f830899fd9bbab1560b60cbfdf222f26a9

SHA512
bcb6118271af841f29f183aeeb03d8d5950c2d94935faf15eb80d330b764a40180c97b261fe29549184900fb1892dceefa3cfab146684d9384d6e6a4424daaf4

Download Submit
/data/data/com.fanshucancer.www/app_bugly/rqd_record.eup

Filesize
1KB

MD5
bdfc301c24729d44a6eff813ffc57403

SHA1
e57155a2bcd5a0558e498cad4b91a91f633cf079

SHA256
d0a6637f3d8f0dfb2eb86ca4de0038b37a0c78f335a27a8d44ba1f560e0df0cd

SHA512
462725e0728f79f72781784be764801487e73c119b12f4051146e8db38effd2cb8d5a12413c0e290b485c940d41038d0a7326d4f45173eca6b0de7a43bf1ea99

Download Submit
/data/data/com.fanshucancer.www/app_bugly/tomb_1715380748783.txt

Filesize
19KB

MD5
2dc1bd6cab69304c78da5adb924743e7

SHA1
5c95cabeeb7319b683b5f616bc90b34045fccd43

SHA256
f27b4e818b82afebb5c7d01bb80be97bfa7df49912431ee30419dfa9f276aded

SHA512
ce8806423cc1f1d31bb8bfd2557a9bdd898588484b7a794637a1b3db352665c2c69d67d623c429b22ed149c1bd142534cdae4dc5dd32c2ae3c09b7708288a1e4

Download Submit
/data/data/com.fanshucancer.www/databases/bugly_db_legu

Filesize
112KB

MD5
7edf1400794c3fed9f6a00a3ec8d718c

SHA1
231d0e8e80aebd3ad5301714941c9909a30dc930

SHA256
59b390509d958dab5f60319c6a5b3c79aefe97aab5aee3cec45620dbc235ee5b

SHA512
bdc225eb32bf5424ec71dfc0ae4893759a522a59650ab8a2f77c1081de9b22398c92ce100fda655c5331c5cd182544de30ebfcea71303882a05ca35b586486c5

Download Submit
/data/data/com.fanshucancer.www/databases/bugly_db_legu-journal

Filesize
12KB

MD5
fa139950df1e7258c1d2c23c2833bb7d

SHA1
dd47702fc3085e570b1e7a46181cdd40d431c0c8

SHA256
4e34305d4c537317c1e6f28b9ff676c3f2121ba886b8596c1f4b72af6f2a42d3

SHA512
d311d175328b25c419c475a5004223272db83305dae0c6bcc0d4f9c9793f6a8222bf7e074b2de3bfc9719b69ae298bcdbb4d3e7e742b85ed4e919f29e4c0d9a8

Download Submit
/data/data/com.fanshucancer.www/databases/bugly_db_legu-journal

Filesize
512B

MD5
2fb2f240db370d46816f14a1fec0feed

SHA1
f3817f2e370c8f24fa71076a1c7c7d48abf820e5

SHA256
53127c59d72da086679847735d0e6f7118242ff9a4a1aa33351ea9e2645da171

SHA512
cb4897aa8e54942202b7abef9691b6cc4c70b72683e6fc2e8e113bfb00e9968bc678a3b08b5214df4be35a8e31c1c27a9186453e3cadc4111f0e1498637f5601

Download Submit
/data/data/com.fanshucancer.www/databases/bugly_db_legu-journal

Filesize
8KB

MD5
8cf9457fe7fb45bcb567801eb5f0bc49

SHA1
150274993b851ed369eb347cde3e8234260aa787

SHA256
3b8925d1aa178013e03462572542fa4a5f16d30d11b69279d08521360c58d3f3

SHA512
3b2a4f8362a766d53f92483afb08293a13280b87752c8a5d57aa65f26f79a68926cdd48b4ede36d8f3622b6b1dcad57d7bfa586dbb075d02a14df6988ea96bf6

Download Submit
/data/data/com.fanshucancer.www/databases/bugly_db_legu-journal

Filesize
8KB

MD5
f6286e85d709becc407957e390011bff

SHA1
ba10a036f2e76e3a0c083ed6796a83a244349fac

SHA256
a8f349f441606bb1443f1485db127c543895e0876c6bf73a640908ebeab4a304

SHA512
d80d0442998da291dcdaa627ba1183ce9514964a2755568c3325254c24e0e9a081419cc9f0119d9e39c2e59464ffa828979ffaf7a23f3e3749a757810898e544

Download Submit
/data/data/com.fanshucancer.www/databases/bugly_db_legu-journal

Filesize
8KB

MD5
1efe4826e70d726eb9e2ba2f0853fb66

SHA1
ebae3cc1069ceed57bba3db5d4c5c65ab7ccc3c4

SHA256
9fe2542d98ebe488c97fb9f65d6f95c3b488654febd0520c72f50e19b00d87ed

SHA512
5bfe868d24f3fa110df782bf534ab3a9549014f6ed1ef34d0950dd3ed18d10d5d37b9670b264fd9417709d2eb20c923367346f8ac37073e6d481bf162d44b215

Download Submit
/data/data/com.fanshucancer.www/databases/bugly_db_legu-journal

Filesize
12KB

MD5
d0786e31aa77f4546bb87d3d39fc94ca

SHA1
4563036ad73ba5ab57b9029c6683725d97fcdc07

SHA256
5ab3557d77a9810d2dcf4af979000230dbf1993c341e592b650df7320fa9f6dc

SHA512
8f2d9274ba94e4c71dd691626af2c854295ab3a066e415df044335c5ee6416c9d39979f5572f5d38e7334ac02e9cb6aa0ba2f85af6d2825a8b71d0216497d2e7

Download Submit
/data/data/com.fanshucancer.www/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit