c111991241b0615f5d8fa9f1e42512d0cd4f18b348e200c6724c466fefb3bdd1

Analysis

max time kernel
46s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11/05/2024, 10:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

341e66a135e9b5249546a53e47c67ae2_JaffaCakes118.apk
Size

8.2MB
MD5

341e66a135e9b5249546a53e47c67ae2
SHA1

e85e7b88f4a8c85fee538e23b424200a60978f76
SHA256

c111991241b0615f5d8fa9f1e42512d0cd4f18b348e200c6724c466fefb3bdd1
SHA512

6a85aa7bf7496996102eb3a7f3cc6eda47b4ed4acdc939deba253f8dccbac8812ce4d7c89656fae556fa149e7222752c1cec65652f8d9ce1d1223cd67a043aae
SSDEEP

196608:cwhBfc36hYnR9EUH4RriNIBY3ayJ6qf2deI6fDU5cbA9HIDM:cwhde0QR9EUYkIwayJ66/IOy9HIDM

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	me.weishu.exp

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	me.weishu.exp

Checks the presence of a debugger
evasion

me.weishu.exp
1⤵
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4279

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/me.weishu.exp/databases/exp.db

Filesize
20KB

MD5
985c1f4742829cb71148db8c3c6af6b0

SHA1
7cbd74720491f9d39bf9cdab6549e316fc4f671d

SHA256
064c76b93474dd4418bc238a1dff9f147f2b5b60867cac72afc9ea12dd5cddaa

SHA512
e512612c5966514b67e044c73f2740850174324166a0f25be1697347001098a5e1496b5cd180e927bac77bf064fcab93cfa9b465e790a330e7eca078f1c92034

Download Submit
/data/data/me.weishu.exp/databases/exp.db-journal

Filesize
512B

MD5
8d0ea5c726be9bb363b67cc78355f8e7

SHA1
623324f9caae6f1c5d0672ee4d6e682287ace203

SHA256
0f7963e371dc2a886861235c92b4b70ca5340ceb71cc27be4c6c71c443676ce0

SHA512
bb60baba771b80635eefa177137dd6a7704285092b4005769902b346ed12369e7981b3f87e2a1a74ebb77aac80b15eabfafcf42298f237829e9d2b222d4fb2c9

Download Submit
/data/data/me.weishu.exp/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/663F486102AB-0001-10B7-90A49CD49366BeginSession.cls_temp

Filesize
77B

MD5
d0eeaa73366f17e8dfdf7f1e38c240a1

SHA1
c732ef642de4e8049b8fcadea7c31d8a9460ce65

SHA256
71f20922eb38366f0190127b0006e2af70f6c9e6929fc71fd8688e819fb4ce97

SHA512
ccd3f726079acf55985adeefc7a4dc4147ba435560a5e121b7e5bd5b2965f6eba0adf7443c2fe302a59da0ed39fab172df3f3a1ad18b7f75b584c6516ea9257c

Download Submit
/data/data/me.weishu.exp/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/663F486102AB-0001-10B7-90A49CD49366BeginSession.json

Filesize
132B

MD5
8fcfa5ad94a7397b1735b6a2607ec424

SHA1
b5f33a051d3182a8dc8686dd45a250c04f01953c

SHA256
f309b1a4c92d513195dcf2aaf6baffbcd5c4bcceebe776aaee0b1b3975777456

SHA512
b45baf2427f27ec5bfce8ec87a139e363b471c771ee0b7a0c6b93c5b2f1d2a97753eea5b25c6f053f5af52a1a74b1ed680b4433ea32f70880458bacfe0091e15

Download Submit
/data/data/me.weishu.exp/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/663F486102AB-0001-10B7-90A49CD49366SessionApp.cls_temp

Filesize
117B

MD5
6122c268e4ac812aa7779ebf8210a4ef

SHA1
db16035749b48e02f80e780d0a36355dfd8d6546

SHA256
2cba071ee8a3d98c5a8fc5b60ab514a32e735073017ec6de06cb001fcf2074c7

SHA512
2f31263a8e9b0edd2905023fd9161fe734ca709a66f2bc49e025c8457211e652e14adb3bd6eef0988c7edf2d87fd61490c0971a71bc5d42ff131ec706c469874

Download Submit
/data/data/me.weishu.exp/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/663F486102AB-0001-10B7-90A49CD49366SessionApp.json

Filesize
231B

MD5
656d800a9af943ce417f3b673c66d23e

SHA1
f021b799fc7f610053478626cdf7a18c410e0dba

SHA256
61f38e3bd53b1e82a4f2f2e17b7fcfb6f9ce7830780544f3f44ede5d3885375f

SHA512
0a87e2c4baba8cda0bd91dc6f5536ef560b23d0872f5fb99aaff2580b4737854b0f9e689691c60f8b29e7241e24370472d42beeb203ea9cc81c036e1b7b16dce

Download Submit
/data/data/me.weishu.exp/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/663F486102AB-0001-10B7-90A49CD49366SessionDevice.cls_temp

Filesize
48B

MD5
589e59397b14726aecc2a17b191cc00e

SHA1
aa5a32c16f0eeb2ab31a19e8344ed97c4d38784d

SHA256
30dc4b56dfa459b8766b1086514b3ee340e64589949f1382a813b22f19ae5d28

SHA512
83c156354683f8790d5d5df40cb1e3034bf06d08ca916ca15555f43a4399797f48b803b74928fdefa6ea6ad7dc221b3449ddc6146538c9355116691b7b481b62

Download Submit
/data/data/me.weishu.exp/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/663F486102AB-0001-10B7-90A49CD49366SessionDevice.json

Filesize
202B

MD5
d9ec3d6321dedf24a31de2e58392e6c3

SHA1
0930747fcbee87c28c3de1193de4652926ad3030

SHA256
3c45857d9937c538eafbb07bc44be4fad0ef27f3a14831311fc197a06b3106c3

SHA512
5a9e68cd895b7339146f22c9fcb4101c6f6bd58dac45650211889500e0889416c118a9f2459e7f51969d83e39500b399575b48c39b813be6f80d081995fe1576

Download Submit
/data/data/me.weishu.exp/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/663F486102AB-0001-10B7-90A49CD49366SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/me.weishu.exp/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/663F486102AB-0001-10B7-90A49CD49366SessionOS.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/me.weishu.exp/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
2KB

MD5
3c2af468ca223e0953e2dbe8eccce515

SHA1
dfba5d699fbea01578fb4ed94923b5f066da9ec0

SHA256
4d569285095de3683c97f2bf7cef3b79f94ab7fddcc50d8652a47685d3bad10e

SHA512
23ea52cdb36a447cb97bb00097fa54a22798e4cc9fd2d8e4052f730a1c175c30155d1c020d95acb63cca0fbc508040253051147482ed7e7047303e47f6bec20d

Download Submit
/data/data/me.weishu.exp/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
434B

MD5
c7cc868d5e2affe61b4ff27749a6bab1

SHA1
a9b13de887c95b2df7ef7caf96af0398eeee64e8

SHA256
46381e942129bc3add641abf8c789147902b687e0ce8a83a96ce205e009d0354

SHA512
44b866b863736918162e47ce5e41593d016d8cb2772ce3b096c1310f61d4c9eb4a10fa0ae54ab910fd9e80eec85e144a02ae3e210fe821c9a02f44d774be4a09

Download Submit
/data/data/me.weishu.exp/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/me.weishu.exp/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_53acbb82-96d8-4c39-8c41-44bcd7795702_1715423330014.tap

Filesize
358B

MD5
ad563ac934cb500d7bae5ad63068e413

SHA1
a9f02491584c9482eccb2b08e23aedf3d81d31eb

SHA256
6df0d11adbee87992730860c709829c326396fc02e3b770b48af9dc63d8a63cf

SHA512
91e3fd3887ab9c7dcc10d8804039cf28ebca366a05a33a15446581bcfb42053ecdab07cc57314a80452609c38feb5b10ea189004e2892a6007af641b0d47d303

Download Submit
/data/data/me.weishu.exp/files/.dat

Filesize
25KB

MD5
3e7c7ed5e750ad3ecbb80b5833efdf23

SHA1
248080365cf294a0c51b1346adcf94fe9cc1c73a

SHA256
0ee99fd4983e71632fcc6fea92cdc9571aa191c26f77c21991fd98df50d13c9c

SHA512
bc05adff5aa574a25080064a0f46dd002639d8da7c15a8d6c733fec5e6463603534f5ad043d772accd5ac4a4480dac56c101f6aba8df4e53bd799ec0b593d3f4

Download Submit
/data/data/me.weishu.exp/files/.exp/.abc

Filesize
15KB

MD5
d38448e7a9100bbcfec7ed819f84d2a7

SHA1
2715be48ee72a5e03fd7dc0fb317fab5cc577842

SHA256
3cdcdab29df8181c589885016d3d365083553f196e0e520cc6c608dbad4fef82

SHA512
20c62a8bbf8f006de11f13473dbab1fa07e6505f745832b02ffb0fbc124b948c240860a159c4895bfb1c6e2b998fb0c289b7bb1806d10c93aab9fc835c8c481d

Download Submit
/data/data/me.weishu.exp/files/.exp/lib/armeabi-v7a/libepic.so

Filesize
474KB

MD5
d51968285fd6a57818addffa25fc1729

SHA1
164f8800abbff4f9cde378b98f919c4d3ff11915

SHA256
9a6b2c1ea8d54d8e42bf1076667b15beaf9fdcfc0d28037f889ddc64b3bfcfb4

SHA512
7366ef08b71697b91d44c65949a84052835b322b2aff0fc9ccca3eb5e7587353f466c594131bf898ca6583c08f3b32e88991b6f375d82653ae590444a331d5ee

Download Submit
/data/data/me.weishu.exp/files/.exp/lib/armeabi-v7a/libepic64.so

Filesize
737KB

MD5
cb60b8438bd14951c7708bbe31dbebad

SHA1
b28598fa1f2cf373a4d7f8be291ecf1c3261ffd2

SHA256
6dcb9a0d9044d47e523cc2c0075d3a351f7e6a4cc32a2cfb1713c70969007c1f

SHA512
aab339d64b33bf379c67be4e5086652e5d9187797e345b1c050c78cd6575ad8f8d6b830363b35ffcec306c6668f3ade87683afa21fea925351f3468ceba1da9c

Download Submit
/data/data/me.weishu.exp/files/.exp/lib/armeabi-v7a/libexp824.so

Filesize
1.7MB

MD5
0e07860ca17c9ed0bc997fbae49a02d6

SHA1
8e8df90cd6ec171c3478097b92d315961cc88d16

SHA256
a833a951826052add69416323332960292cbeda12036fd9e2945d24ebd018825

SHA512
4c219cf34f69a2d09d9e3ab98eac3ca7cb46558fb2428efd1168399694aa6363a5b81b6e41353583c684aa9964e1a2c81b2d01a35245f7a61411c6c56935949e

Download Submit
/data/data/me.weishu.exp/files/.exp/lib/armeabi-v7a/libexp82464.so

Filesize
2.3MB

MD5
7c92be245dbdae6a36207a9e1a4faa6f

SHA1
5862832d4183522f844a894532879a1c27a97af0

SHA256
5b9acd33fd2186e52f92ccf7c8e5323c307b42919e2b213da375274aef73d5fe

SHA512
1ddb2bb3b353949946b8b1a12f0fc936743b719903252daec9eb472912ddd44adb420c6fe514028f77f2197f72345d418e08285c9add2fd54b2c7072f36147cc

Download Submit