c2500c820c6dcb16f9d6b65cca7fa9a249f3345684165019b7848fedaa0aec5a

Analysis

max time kernel
144s
max time network
161s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11/05/2024, 00:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

31ecc32fe57554e1b96728c5e8e31c2d_JaffaCakes118.apk
Size

14.9MB
MD5

31ecc32fe57554e1b96728c5e8e31c2d
SHA1

c8b3688a2e14840bcee37bc57141acbb3e72c583
SHA256

c2500c820c6dcb16f9d6b65cca7fa9a249f3345684165019b7848fedaa0aec5a
SHA512

ac9939611b3c8c4827a5f14a9e60a2d347de28dce86ffbf69389c36bf2a55761da6804db7c8d23ae2986cd07844f525698407a4eed6448ff64b308c9e1adc16d
SSDEEP

393216:s/a+JjKwmMnZpzgybsDh9dwaYehgzyUNw8wzaZC8MQyZ:ma+J+wmMZpzgywlwZeqOFzaw8MPZ

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.wufan.test20180313132796621

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wufan.test20180313132796621
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wufan.test20180313132796621:lebian.base

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wufan.test20180313132796621

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.wufan.test20180313132796621

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wufan.test20180313132796621:lebian.base
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wufan.test20180313132796621

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.wufan.test20180313132796621

com.wufan.test20180313132796621
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4503
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4707
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4727

com.wufan.test20180313132796621:lebian.base
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4534

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wufan.test20180313132796621/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
4090dd57ae4a5d6717da87eb54613397

SHA1
cd9ce033785526fe4f0abf4dbfcc57de5997d66a

SHA256
75fd0783176cfe6d97c50400e941966c89388977db07d59d3f04a277d6631ae6

SHA512
3fad61689bd0db1c58a7fbb302d763cc2a5611a13933b08b3c6d7c5c39674ce944bd659026cd63dbd03075f3481ce3bd13cc6b5fef788f8ca05dc34ba7cab102

Download Submit
/data/data/com.wufan.test20180313132796621/databases/ThrowalbeLog.db-wal

Filesize
32KB

MD5
7242aa28080a981c6098563592018aee

SHA1
61ef48795a91c64da0746d885f66225e052ee049

SHA256
2b4e5cd92da5601397a90a10f872441ab1eb55f537bd4b394f47bbc0f74c71ce

SHA512
bb0f90af4c615e8886f483df1c271aa18587008ff21d085d2c550d4ed66a648b3806082f36f769b0e8f2c9d0d34df768f1b348cfad3f3e5e7960261a46fb9f62

Download Submit
/data/data/com.wufan.test20180313132796621/databases/mgdb

Filesize
260KB

MD5
f19ad37702199ffbe9ea075d2e1f4418

SHA1
bdb621263c6319b387602e9f758832f02d7e49b2

SHA256
456d1dd37a67a3ec9c9373078b4a05a50dc0efff725da5ea9c8e24ff9cc0ee80

SHA512
ecc51c5b72c235899de2a3e3648b5c5de8c6c4ee78a9214c938a2a60baca39b8f8256f53a975a10208abecfc6b37454f2eddacbe1389f1e7d4328ca31877e8c8

Download Submit
/data/data/com.wufan.test20180313132796621/databases/mgdb-journal

Filesize
512B

MD5
06534e573b8c476fd1efbf26558b5b7f

SHA1
eef71fa50bf3a3e73c52e6f96eedda1bd11a27a9

SHA256
ccb511aadf41c7f90c4dd5cf840559c64e90706628465840117602191bc4893d

SHA512
2bb903e8119e1d1d3843fb5b0a4c7e385d39fcfeaf2920bc89f1a32762e5a3e210114b0c1e6500bc3b5ff94865a341cf099fdcb119ec5237da79c2fb7c5bc643

Download Submit
/data/data/com.wufan.test20180313132796621/databases/mgdb-wal

Filesize
402KB

MD5
c1413bbbc31e6a1ebfcd44d00a56da65

SHA1
d0237523e412ea2d4bc7da1fd9f14f77aa1e8c86

SHA256
c9766199e3474c6237713e5e79c1233467cf5dfc202613eb86e36cfb7a94b769

SHA512
03e04c3691d8a179326361abb779fbe881689231b86cb74d99c06c55ddfba50a767d106612d31dab2890b7a414e8445de7abc26d731955b9f047b3d72e14c082

Download Submit
/data/data/com.wufan.test20180313132796621/databases/papa_stat.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wufan.test20180313132796621/databases/papa_stat.db-journal

Filesize
512B

MD5
59f885d8044542b0bb983f038f68a278

SHA1
421e8b30cb7d6645a9262ba0615cd5a0c8cc0e2f

SHA256
c1d9b576937670b796ed0ec4cf6fdb9ad36090fca99278614d638cffbc1582ee

SHA512
bdb1d142beacb4fa23c0649519edd1a5a698d91e4dc6c0002e969e9a639a61b73dbe704867a1489fa6ee091429c85868d5b578efcd2de777cd3d688a44d6a2cb

Download Submit
/data/data/com.wufan.test20180313132796621/databases/papa_stat.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wufan.test20180313132796621/databases/papa_stat.db-wal

Filesize
390KB

MD5
0224c3a4c5407d882b56bb68cc05e764

SHA1
43ead1ea8b1e51208286b4368a767129c1ccad63

SHA256
8e241c319b4948b0d3085f58373523dc415d8411a15f6e3e9f0718c5a4a5a148

SHA512
2f01f4efcf95bf0b4e6d6f18bad2412bb585dd52caba54ca349a33a33f2cb4877c757dea9422ad6687d58a6a7711cd926bf60c128c2358cc369957e900d2e8e4

Download Submit
/data/data/com.wufan.test20180313132796621/files/.um/um_cache_1715389197519.env

Filesize
675B

MD5
62458678f12fb681f6cc4d7284c83087

SHA1
7f1a5e6387886c5834b5feb2a92dc2c049c48319

SHA256
8198fb6546434730c9662fadd99b56247d609563eb53c2667e3e04674445cd50

SHA512
5c14b60f5c65450bbc099498aa353d5bce7b36b624fbd7eb597c1082532197e667fd1b7b182f3ea2a914d9a3d87102ec9bd430b688183ff5a76e038273ec5fcb

Download Submit
/data/data/com.wufan.test20180313132796621/files/Mob/share_sdk_1

Filesize
40B

MD5
33cb980534aab16ae84147204698e2c4

SHA1
6fd706e6c76a476ada74dc93955ff9ddc5f6ce8b

SHA256
01656ec265f9c3ce3f6fe3a84c480cc39f32c8c1d757e49fa36da44342a63e09

SHA512
8036aa4287b7afbd241748aed933ac3ac9487a0d3c65e04876c133951085fd79d5bb3d400aa59e69f5af8faee201b07bdb695227a578ef0c211452932d189348

Download Submit
/data/data/com.wufan.test20180313132796621/files/Mob/share_sdk_1

Filesize
64B

MD5
868d4ed50d5ee1a08c57cc5c86b7ecdd

SHA1
d9fff51751b37290df34bf02370ac48a0a03de67

SHA256
215f5f982bd434dd472984f2bd3797f242c8eb37a1a6ed566e1f482b411a278e

SHA512
ee756ce5054e9ccee7d35e2a7738e00a00af67c5678eb4383a5b2f3494d69885dd28ae5d1622842e891f11a824c508c4cc2dcf2c74dfc3c1bfe0a9375504edf8

Download Submit
/data/data/com.wufan.test20180313132796621/files/umeng_it.cache

Filesize
310B

MD5
0e8822500baad84c00a2c3591a89fabc

SHA1
d79a35b338004c7b262827b226b903759648bd4d

SHA256
0097580623eeaba66e57d4d4a3e1efd0156d27be712ac5b00551f572a9cfb740

SHA512
b272219c81deaad4c36f69edb19755e88a02571adb808c4fa61db8c7e271e160d72925f7d6f3e885d18c9d5385d325e86fad3a4990b7dccb23325faa02d3b21f

Download Submit
/storage/emulated/0/.papakey

Filesize
36B

MD5
1dd84e4a6d661cb53ed2cc8276d99e61

SHA1
53ed49d2d3ec934b2aa5c943319e7de23eef8604

SHA256
93e35dea958aa9a1f058e90eb90e55b34befa20d7aabae0c766c71df3abbf206

SHA512
b04e7edb9c1f5d63eebcb592502a0937ee88690eb26473559b82c4d2de63b8c6238b009c96e54bd5867e19f7b391b8bba329537716deb3cc454197ecc98b5318

Download Submit
/storage/emulated/0/Android/obb/com.wufan.test20180313132796621/sdkinfo.txt

Filesize
6B

MD5
c7c8d45e0fc1a2ac188f9b0a62f1a797

SHA1
ffe2c07fa6f7f6b99e9be07d89c766dc029b846b

SHA256
91bf44d0a10bdb192c372abd8362e5089b7da61c9dbb2dffc0d936b0f33b5caf

SHA512
6abc5570f847c76a8f091301c26679321be9e27ea4fd07d067227937b3ee7d1a4c6e0020e4bffa769ea0d9355604e390ca29d2c998c2ca49a9341cec57a54755

Download Submit
/storage/emulated/0/Mob/.iew

Filesize
64B

MD5
d62b25791b9f8972176645601373ffbf

SHA1
03bb840c1867ffda55c486a53fc36a9ad95ef4fc

SHA256
2050f5a0e4bce2cc95fedb74e8438f87814131057ba93f8b5e175be144bd5ae9

SHA512
21de1d2fced190df5709a7444cc2300c850537aa91a26a2ddb6d87fe59321f54e1b96e616ad1462f41a1d73db837beaa36333bcd6b7e2be29dd25c261e29c112

Download Submit
/storage/emulated/0/Mob/com.wufan.test20180313132796621/cache/comm/.mps

Filesize
26B

MD5
840eaa01e5d03fffee257ed5ce4fba9e

SHA1
886bd732b29f6dbdd94b890a2b203c5a276ae773

SHA256
7648e772307acf936c331c4ea9d92872b1af6367cbf83f33f569ac204df65595

SHA512
b0a4f9238c4b60bec0cca9c72e551a702a95210a735bd8176c1d5ba741e264d2f1e885d65ed07a88086afd74f69c5e02a92db8068b222a62c6f56762a26b7d4d

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
/storage/emulated/0/aray/cache/devices/.DEVICES

Filesize
32B

MD5
1a2f8e6dee195add920fd9e5f9c3ad0a

SHA1
e50ea22d83a663f5a4fc6835b177f4ce514e0f84

SHA256
233df8cd10d4be9feb4cc7948516042899fd5897bcdcd39f845c0219fe3f1d6f

SHA512
d25f1ee4b306b39bd3a51a118b2a208a6f0ff725b39523e902da664a546bd0a47071a85111b546a874931eef5153b3ba6d5ae4ea884ca6213216cc394108ce73

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads