cfa7781f7f80c2a076dfd60c1742aba4c6bbe0a8682ec8ccd9e752de942b16e3

Analysis

max time kernel
147s
max time network
149s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
10-05-2024 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f25c08663728eac96a6c6e7bfad8da0_JaffaCakes118.apk
Size

12.2MB
MD5

2f25c08663728eac96a6c6e7bfad8da0
SHA1

0bf665dd2310c9ef33eadb36f11c87e739996067
SHA256

cfa7781f7f80c2a076dfd60c1742aba4c6bbe0a8682ec8ccd9e752de942b16e3
SHA512

3ca664448216cdf489c8a771687c8a62518d91abcd1096cf7f87947ab55b7c6be967c29eaa4a4189bcff7226685e6e49dcd9b2ef6aa894444d38b23a1a8b9816
SSDEEP

196608:rmTJY980Qp2JlBRcqRn8YJtkJrRFgRsK211mVVZ396i5obxJrxobxJ4:STJm7/rkJNKRsKey3IPzCg

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ibuger.wangzhongwangtiesuanpan

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ibuger.wangzhongwangtiesuanpan

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ibuger.wangzhongwangtiesuanpan

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ibuger.wangzhongwangtiesuanpan

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ibuger.wangzhongwangtiesuanpan

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ibuger.wangzhongwangtiesuanpan

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ibuger.wangzhongwangtiesuanpan

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ibuger.wangzhongwangtiesuanpan

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ibuger.wangzhongwangtiesuanpan

ibuger.wangzhongwangtiesuanpan
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:4281
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4363
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4383
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4506
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4525
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4576

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ibuger.wangzhongwangtiesuanpan/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/app_crashrecord/1004

Filesize
256B

MD5
35077cbcb5a5611a3f52da72ac533086

SHA1
be44ed401c5368a05311531ca72a684356fff805

SHA256
74628280e920b481930356dad02416fb63d13c6c292aecede66ab83bc9ede95d

SHA512
4054110f91fbcdf3ab66e7b1ad6a7dec3532df8ba6c17a2353b392aef56167e8db444661d3006f0d93c695dc21261fe6dd6fd0cbe092740bb58d7b6618b7aaa7

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/cache/HttpResponseCache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/0M3006CS7U0ZC2K3-access.db-journal

Filesize
512B

MD5
001548f6b6f5c4b3dfe2f1e926cf52a8

SHA1
bc5261746644e38571d8376164dd6229b08fe777

SHA256
8f0a5e784c8c1ca27c411ca1780168634510864282f75db00c375c9542f95489

SHA512
a493a0242af4fcaacff40677ee7032248dffa88398e89b2a23d44eb236bc77509d84fe22b47ff90ead20909e7ebf3f771f78b0a9b856af50814b3643356f6711

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/0M3006CS7U0ZC2K3-access.db-wal

Filesize
32KB

MD5
caa937901037611eaff7c58bd9b8d75f

SHA1
21e27108f9655184483ac868fef1fb5988b5c9c7

SHA256
a4ffb1f6ff8a76a695f8f29700f715e67cc695b5874304330f913a7bc9524959

SHA512
f904c85f3fbf50c2fc8fe5ac72f1d2bed43a8c658c8d6627b0c2fee8194a5bf6b30127dee825bcf46ef9a6f5b0b06b35dc4804f9cb49ca1488380924adb42b62

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/OpenComUpload

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/OpenComUpload-journal

Filesize
512B

MD5
bf47831a67937eace86cecf3cc4a0f88

SHA1
c526afdbfa17bac9fed788741c48d155925233a6

SHA256
620b018401065a641759b1103a52d7ab61e2afcd76ecfe610d2ffe5e3021075b

SHA512
405e9ea69104a6dcbc777a76f53724f17fb0a631ba31a1ff3346a60cae598e7d68498bab318717d18466eb5333221a9de5e30efb92f74ea30002d75f14eda264

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/OpenComUpload-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/OpenComUpload-wal

Filesize
32KB

MD5
b9769c9a6818aef612e8470d5f903981

SHA1
ed48ffcca32c5b69296295f0c4fe220c38e0b89e

SHA256
e617ac8e542b9a15d0395fff2c6f22bd12dd8a8ebc3c83aa87e780d977b4fedb

SHA512
f7965222907568e9d30bb706dfe78880cb27c14fc59329255051c6ed9a5cdc36919a17009997e836420b88d4af4f5f0eae6589ee9e10999928166da643e72124

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
b77b015635e772c399c38b41cabf4c9c

SHA1
eea738ae1ceff468828ea3bb9a649594be68c6c2

SHA256
268940c73485ce2b2955ec4a71f7307fdb8ec636bac4c0d8b218e4b6f323b181

SHA512
3e38c643fb1079fbd96d648e2a3dd39a64c4c5db8188132418f75c4c652ff6517bf2b0ddd65de6feb1f656479ef1c7b07470151b16c696dc45cbd443dd16caa3

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/ThrowalbeLog.db-wal

Filesize
40KB

MD5
336c874e74ab66c647af8005d44be0cc

SHA1
dffb07ee70dfc7d9754217a75ceecfdd0d0327a8

SHA256
e50c87bab5ca31b6c894c98d6b39dfe85d9278b7a28ff26140841a483fc5b707

SHA512
a9b03ea9e2d98311e7cefb30e2930f5cf283ea565d82f4b053b03f4502bc70b21df4efd7bb13f249a71e0f584d0d83c4e3481b0291fd0a6fc8440927ad5e8fe8

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/bugly_db_-journal

Filesize
512B

MD5
b1bf385922e3e679e6b501ead0f0856d

SHA1
33a3f13d18fa85eec1235ea0e2f1c85840492bd1

SHA256
fa1ca584226b733119bbfb96249679abfc5ff01043c8d644b6d22311e569f662

SHA512
9e74653124be178e8be46e07f1a0860f3032efc6d20f6bcdc26049ccff7e9d5353cbbfe4a88aac41e3b3b7d0478e09ea4cb0846503169433dbd0cbfc0c5170c2

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/bugly_db_-wal

Filesize
80KB

MD5
e26c8d4729eccbe62c6276ee79b59509

SHA1
b69d25e3421b348045ff08545c3f44c7cd0a274d

SHA256
c9458dea83894be43042dfd639a860a064ae48411ac389ebb4975a3f533f1698

SHA512
a9c07c3e1ac6c2a9966436b10ac16b55b2c53f47194ba6d019207aadd42ee2001ec112de616b7c20822970de6304b484e897537105282689da0864be93f9385b

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/pri_tencent_analysis.db-journal

Filesize
512B

MD5
6cb22d37c528a2bcc98f4542eacd17eb

SHA1
e6d88536b004b368b1c2456f9eb2d52ad5665124

SHA256
72b91d009fcbd1a683af032a39ae7c0212d77d04637df61ef48f21b4deca4d7f

SHA512
32f6e5e6a47fbf3cf3ec7285388e921ab0335f9b67afa84b0eb13379e00c915baf5c624a4a3b5f29cf2f4e345939eb587bde7560a8229a03f01688a8eb72717c

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/pri_tencent_analysis.db-wal

Filesize
52KB

MD5
dd2a3793d9c15f7f65d763183ad1564f

SHA1
9509f691389a67d5269394dfc89b1ae65df12a37

SHA256
f61a0ccd34e0a2d752595db53f7db28a64872e52f6e97eca9d151475c2fab380

SHA512
9f08fd56a306638921d98a247ddfd8637ee9bedfd32b1c594740d7165a5acef8aa25a432ffce3ab6b1d2c2322c46ee0a1c79d5a9445aa969bd2fd488963f5945

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/tencent_analysis.db-journal

Filesize
512B

MD5
f309c47687a3eb5d50e86bc3a9550f62

SHA1
4edb84f417fa8f242123da62df18c7d25431893b

SHA256
8d9b8bd0424c372bb15cfa4e453d9a1c09f3ca998d33abd7dc4c8e0a46e53eb3

SHA512
324a1eb6be577ca70892465e16f65fd75e4dbabd007e97fd104aadd965232c3541cffc4986fc922dd706f92b987d54f2f0eb4e8f73027c905eb1f1f2f23aa1f4

Download Submit
/data/data/ibuger.wangzhongwangtiesuanpan/databases/tencent_analysis.db-wal

Filesize
76KB

MD5
0356d05e1eb3fb61742081e0039010f0

SHA1
27de6b05c2c08aa75318c3fee9ebddaaaffffb32

SHA256
3ff4188967a29e639e033721781bcef8ecc45be9d0fe1ade6097ff302adb35e1

SHA512
933ee349f1a6db2d5837fd313d0f0c0695385d4d1f7435606ac0c865fd9cc45dd1cf4d74e13fc902e771fc6783aabc1c2e6fde2a0539b80df9d9d8892bf7614a

Download Submit
/storage/emulated/0/Mob/.dk

Filesize
107B

MD5
6f8553e74c85a287bc6092066c93cd93

SHA1
480d588e842b307377c5ac8435cd8cfc6e689475

SHA256
3f647aab7a1cd5a8d907455d733c750d547806f78fb2229548cd80023047aa77

SHA512
bf33e26ac95b3e1e639a1de6170d742debddf529aab46e703ba8dfddd7138563256d725e24975a29cc378e026eb40b421d9879db4355200c36fc37493a8e1ca2

Download Submit
/storage/emulated/0/Mob/comm/dbs/.duid

Filesize
496B

MD5
b2663c651a0ef9a5fd196a728b4a738a

SHA1
a75630f3abf175b6892cc67367099b72c4a6cedc

SHA256
f33ff7c3723ef2e95e9d064ea94aa8096f8d07e4a5d6b7d0b993f3089674d85e

SHA512
3aca0203c7bc071dc9b3f928046494e89f06a7540d2ea1f574a6a8a36b65fdbc7f6cc6d548f60a3c2fe07d373a0319c9e323228d69666287ea586af0c5fc3694

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads