045aeebae7f23c2a2078692849e48e8b5182f40fa13c059cedad64c4abcad50d

Analysis

max time kernel
135s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11-05-2024 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33bf26ae8778bc32e7e54bbd1460560d_JaffaCakes118.apk
Size

11.8MB
MD5

33bf26ae8778bc32e7e54bbd1460560d
SHA1

d0b8777825da9e5cbf23f905d1e20edf74c4bc7c
SHA256

045aeebae7f23c2a2078692849e48e8b5182f40fa13c059cedad64c4abcad50d
SHA512

6b6ada7c258aebea26225f6af5f6ec2dd971e3b51d6991cf06535b1dfe74804e456af1eeb46c5641265fb909acbae4f429353d26ea26c68884fba713512a8944
SSDEEP

196608:/pvbvkOzHcGo3XMe3mM/O6S8yQsXho9Z7PF0WhYfg89O9o3/cWzcYirUipJjc31D:ho8HzoL3mMG6FnsXhK89bPzdirjcoq

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.szgame.bfwj.aligames

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/lib/ucsdk.apk	4432	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/lib/ucsdk.apk --output-vdex-fd=95 --oat-fd=98 --oat-location=/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/lib/oat/x86/ucsdk.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/lib/ucsdk.apk	4267	com.szgame.bfwj.aligames
/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/modules/stable/cn.uc.gamesdk.loader.apk	4463	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/modules/stable/cn.uc.gamesdk.loader.apk --output-vdex-fd=98 --oat-fd=99 --oat-location=/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/modules/stable/oat/x86/cn.uc.gamesdk.loader.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/modules/stable/cn.uc.gamesdk.loader.apk	4267	com.szgame.bfwj.aligames

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.szgame.bfwj.aligames

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.szgame.bfwj.aligames

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.szgame.bfwj.aligames

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.szgame.bfwj.aligames

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.szgame.bfwj.aligames

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.szgame.bfwj.aligames

com.szgame.bfwj.aligames
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4267
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4369
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4389
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/lib/ucsdk.apk --output-vdex-fd=95 --oat-fd=98 --oat-location=/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/lib/oat/x86/ucsdk.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4432
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/modules/stable/cn.uc.gamesdk.loader.apk --output-vdex-fd=98 --oat-fd=99 --oat-location=/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/modules/stable/oat/x86/cn.uc.gamesdk.loader.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4463

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.szgame.bfwj.aligames/databases/gamesdk_stat.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.szgame.bfwj.aligames/databases/gamesdk_stat.db-journal

Filesize
512B

MD5
9784beadb29d6ca7db7f9d3d3762def0

SHA1
810a4f46c638abad96fbcd316d50582992d5f16c

SHA256
c97f20ef05187b0482cf81964aba5ea2be7636c13a5425c3446979c2db759f2d

SHA512
65f1a630be5a41b55e6f0595f7728afb16b7b4b0286aa43219fb34a95ac4b80936aba1ea23d324a1800fcea038571abc68a49a77f037de5db4aa89222a873c62

Download Submit
/data/data/com.szgame.bfwj.aligames/databases/gamesdk_stat.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.szgame.bfwj.aligames/databases/gamesdk_stat.db-wal

Filesize
52KB

MD5
ce8e1b4e6ac2c90afb8dc8d357221ddf

SHA1
e4937aa85256b3b8a53c5b52e3a364ceb7d7ab00

SHA256
092a72f6bffd5cf70cb6b13fd165f5ead57eff2f6ebd8c7b3cac4fe691ffa3df

SHA512
7e00a0fa36817af8404b3723f4ac279e8ea796e85d3e45386f8c33a96da467af32a1db77889603295759d10aecf639509a8f05d1e7a79a95c86430baf87516a5

Download Submit
/data/data/com.szgame.bfwj.aligames/gamesdk_modules/ModuleManifest.json

Filesize
14KB

MD5
ac17b7ae144644c8b685c54df28c1c06

SHA1
a28f45b90570a41825ba9e486298221d4211ac59

SHA256
2fbfb6eecbe16ba6eab60ac2161db4373c94358fb0f7943a1db29c0ebc87a3e1

SHA512
17d818c84cbf0e54c523871519e3066b52e18ed81ca86a744337611ebaceaa9efae84be5c0c6256fd3f32fe1864cb6b33b77b04496862b096dced6e82c9c69f6

Download Submit
/data/data/com.szgame.bfwj.aligames/ucgamesdk/lib/lib_ucsdk_softlink.so

Filesize
13KB

MD5
de5541d4716f3c5d3ebd0d4acd9e9189

SHA1
481e269137aa7f6499a3d5aaf124fc96577bc695

SHA256
108e6b9cfcdab3182d05b6228fb9f7f6cbfeb3f45f1ad63463fabaeb2d8f2032

SHA512
6779decab36ddd4fd79f8ce6f89b0e65cd2fdd0d871ff6d2953af757c2b640d000998ed0dad2adfd899fc3b329082d12a4959f48ca7bb20e6fc429ee97c944d7

Download Submit
/data/data/com.szgame.bfwj.aligames/ucgamesdk/lib/lib_ucsdk_xcrypt.so

Filesize
17KB

MD5
ead4174884d6cfc308f14513578f4b1b

SHA1
00a464c606ce86fd8f9256a0dfa3b14cc9a5a3ef

SHA256
1deb7c9b63b12884021e29e15a850910ee49673ce86eca4addc2d00256be7b18

SHA512
13628ced7db0eb4ca0b6b9b877eb5d3762e1da4262df49fe9df3392985ca0749a0b6b88a03c4b63f62de186b76064112b5ed2458d565cf73cbd56d27894fadce

Download Submit
/data/data/com.szgame.bfwj.aligames/ucgamesdk/lib/oat/ucsdk.apk.cur.prof

Filesize
256B

MD5
2c81bc34a7afcc40d13e2c53bfd933b7

SHA1
25dcaec99cb375b3c0902cc003dcc1b510465a7c

SHA256
a60881c3fc9019b6bdb54aa77038ad32fbec8fa811f81a86596d54752f13cbf1

SHA512
754aa5dc6db632bbb827c3c18ea62f7daf7b3d8213420443f735a4d55507e790d13711c4d95d25d9abfcd3fe2aa97583c9da7431c4297c855ccd9f6a6d400405

Download Submit
/data/data/com.szgame.bfwj.aligames/ucgamesdk/lib/ucsdk.apk

Filesize
37KB

MD5
1e5d2ae8f1e890c4182fd46f6a84f932

SHA1
7f86c7f330038b2fb2289723b483c4077edacc3d

SHA256
8ad31017a72b5afd54856038d992514ffe66e56b508f34897992426344f7a46a

SHA512
d08231273c8c4338917a73ceb8fa963246feaa47eb028e6faf25dffcee42fb0c7efa7e4067b96bd7427abb83bc63a0ecb6c29368167ba129e403c8bb0c4ff15e

Download Submit
/data/data/com.szgame.bfwj.aligames/ucgamesdk/modules/odex/.verify

Filesize
95B

MD5
98bebfe7711850e5cb13ea97159d019b

SHA1
e387516ebe4accb69307aa9172f9714041dcc298

SHA256
2814258988bfe2720ca71fe30f99d4b86d8f0c29a96941c86308a10cdd6df804

SHA512
d8ed5dfd6da5d59763574b57cd00a82e4c68fcc5fc1e87ed3e244ab0b16530314177bc84a40750632b5e301611ad2aa6e949c328fdf0bf9e63dc30baebd701a7

Download Submit
/data/data/com.szgame.bfwj.aligames/ucgamesdk/modules/update-1/.verify

Filesize
32B

MD5
194b18104886ec4484a427643f1fbc09

SHA1
5d084dd21d9b489c5c67239432dc5f99d3303d4c

SHA256
ec1f4a5def080ab4f3d4a79451477c07d5577381397761d6548b37464cacf3bc

SHA512
8b51db5311f07b06749c252d986597fab081a395e9bfc55387b65f3ad2873721762b7baea1f9f72206449edfb47b2f263a73ea15e76f5bf7aea4d173170da608

Download Submit
/data/data/com.szgame.bfwj.aligames/ucgamesdk/modules/update-1/cn.uc.gamesdk.loader.apk

Filesize
7.5MB

MD5
335fde5214c72552fcb9b6232344b7ea

SHA1
5a57cd1f0c1e339c4cf533008fb9311465bce69a

SHA256
642c37662f5561c9962332745d8ff0b921888783529f9424f6acf1d74a7c7354

SHA512
3cb804c9824570ead0ebc3ca8846faec4e4a472acae199ead9916fab40ece17fe9565de81a6c87ee812a387ad0354b5baa37d5b3f45f656d502b3bcb13f96385

Download Submit
/data/data/com.szgame.bfwj.aligames/ucgamesdk/modules/update-1/oat/cn.uc.gamesdk.loader.apk.cur.prof

Filesize
1KB

MD5
7c9e94d297c1d3eb258004049985fbba

SHA1
7609c512fb9f015d200fcf58cd623961d56ce72c

SHA256
f3c05b7829f4a54d5e9fafdafb748e2532167d813d2affbece1f4e36bac46835

SHA512
73004f2f72019f03e42d9cce020ae71f1bd755e8315d4a1d9db2e4feb948a42d5f4c6dd9bf2622ee061c24326ea8cc0433af3eec69a43225210d4568e7132b92

Download Submit
/data/data/com.szgame.bfwj.aligames/ucgamesdk/modules/update-1/version.ini

Filesize
11B

MD5
77f7f6bb2ef86a18a4800847d63d1f12

SHA1
cd8f0ecf823ceaf7a022a2cd49ff5da55e5dfcbf

SHA256
d63a2091d77bfc3ee4cc4a94b8d0d0ffbc52b95255e17da8205d38f90e8f53dd

SHA512
0dc1f0947b2a7159e2926c4373a6c1e4fc0f3dff93ee2b98fd3caa5db53ffb1883cd547f1236d354c7550d9766afb7dae5768d74be35bcbce3f3668e8b93ecfd

Download Submit
/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/lib/ucsdk.apk

Filesize
72KB

MD5
57d6409f2b13c501f14aafd641a4abc5

SHA1
8166381c0f54852ad0fff84325d5718497440c83

SHA256
df76a3545fcf49f3069fe6b69f0b46ba229c313dc61dd699f0d7b308947396c1

SHA512
87432e2315aa9db721f85d98c031b088e5f900362be318f7a67ada9024ae1d615165ffd4ade5a129b9afc663b274a3efdd1a3da93ee11a32fd9533b4ed160ce7

Download Submit
/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/lib/ucsdk.apk

Filesize
72KB

MD5
bc98a72c1ee413f791f5af39d379e4b7

SHA1
3ee3542c278d7ade2b3a2854a2937c5989557e4d

SHA256
357885fa36bff7b60745a4fe4174d18598de8a15d713c951844db174339921e6

SHA512
a13c8a7c597ff8f6d3a91b4bd48fe1dadbf00feb915fcd932d932f35797348b8080cc123d2e8c4deca8e9a13f3cbc77aeb508569cb56393615f20d7999529947

Download Submit
/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/modules/stable/cn.uc.gamesdk.loader.apk

Filesize
3.1MB

MD5
1bf9dfc638aec28d36291ebf2cfecf09

SHA1
0fa496df9bde38df7cc2f7d00785db07274f176d

SHA256
ee4036ef683603c59bf50d56c0679dac59ecf2843529164f7cd65bce37638ed6

SHA512
4a8219f6d34ae1f893cf1655642dbd31faefdcbb50201cbfbae5eb642a5b2479e58430054e1fbe2033b7941c0517f3fc631e819cb0969cb1c0b5e77fed875645

Download Submit
/data/user/0/com.szgame.bfwj.aligames/ucgamesdk/modules/stable/cn.uc.gamesdk.loader.apk

Filesize
3.1MB

MD5
3eea151dffa051105344ddaf36577735

SHA1
8fbcb02eee91182202616adb0c4c878beaf9a6af

SHA256
f22e86eec1d9decc304a220eda9b8d64fc8724081a93bd9617d4a9725280c80f

SHA512
e3456bf2e1892b03b5142fa814b9624c5dc4ccdf20d49e0a5b0bbfec4cd94471bf156f61507ae775afe190be0cc559dcb016b154e38ef3e2c32c13acc6c0a367

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
5b858c5f329e0008ab8bfba5b90933e3

SHA1
89a501de904a79ef98a2662f7c952bf316183d1f

SHA256
2c201fe924e414b9503929a275e28d52aa72c24ca621be21b8b74e849291f657

SHA512
3969d5b23cc9d6646a02b23b97f38fc217b60b620e12c2e4c4c293d0b64c0d2de5628b8381e77be223979719959994433bcb056efadaf54e1d09fe08ed7c5c2f

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
f8d81936c2fa2dbf8b59f67c66878069

SHA1
e953a6b5d02009cbf64c407206960cd5aabacad7

SHA256
5fe5efdf7899ccddb3463cb8bd6208367ef446f943420a781241934ade8d537c

SHA512
1f4743724795ae1b5f9b694261e1a02ecbd533c35226f34aadd1c22e642a1b7cbb74f1373564d64808a42ec376b26a35339789fe52cb9e7192ddf5c02db9bc35

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
a1e37e57447b57de7fe4e27967eb8e45

SHA1
ad61d436a233b56318033992744bdb4c7c9ca76f

SHA256
f37f5f096faf6ab7274e9a840aa3854740c7895ed6c0122cd7331f8440cd3d82

SHA512
c5919b0c386b286bc3b2466c6dae7760ed0a3e01740390d48a59c718b29938f61a288db9800ebb822d6510f8a72c737f8aff70698b01dc7c9c8a47698ca43b86

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads