Overview

overview

8

Static

static

6

385b75d193...18.apk

android-9-x86

8

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    12-05-2024 04:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    385b75d19363ecbc78f6d77e688a1868_JaffaCakes118.apk

  • Size

    17.0MB

  • MD5

    385b75d19363ecbc78f6d77e688a1868

  • SHA1

    4f5e97552ccb87d322f5be34f5354b2429ba6595

  • SHA256

    9549de9c664e2f9bd0247ce565a54a7f3058630384d352b5ef43024371dcdb60

  • SHA512

    9a9afffb41d12b2c1ead3aa0ee56f5d76cb33b6f575e94e2d46736b7b94ace1b1321760a8d49edc88ab21de6220593bef4f5ab58e1d25c20efe33aaacc756d4d

  • SSDEEP

    393216:K2wa7lYB+qzRi3CASWWFwKTCrhplxS/N05/2GZxfL+fg7HxQX9wQ:llO+EM3CPwKmhZGN05/2GZZ+fg7m9wQ

Score
8/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.kingnet.xyclient.xytv
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4190
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4291
    • com.kingnet.xyclient.xytv:pushservice
      1⤵
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      • Acquires the wake lock
      • Checks if the internet connection is available
      PID:4216

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.kingnet.xyclient.xytv/databases/ThrowalbeLog.db-journal
      Filesize

      512B

      MD5

      d262626c96760adb9ad48117b702752a

      SHA1

      fb004b1e2bb73f0d322abc601d97b15cb7ba18d3

      SHA256

      8b407f94afe9b540c3a30578dde85e3cd7e27bd1a7029fc398682d2f4549294c

      SHA512

      7a76d5271054b69f7d4f9bc67f008c6c74951c1af359c04281e9682879fc493509ea90418e0b275b373c10c85b2eca3da2b928e2e96997742e94658b5efefa44

      Download Submit

    • /data/data/com.kingnet.xyclient.xytv/databases/ThrowalbeLog.db-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      Download Submit

    • /data/data/com.kingnet.xyclient.xytv/databases/ThrowalbeLog.db-wal
      Filesize

      84KB

      MD5

      3dff90404debdcae23cb38154c6d7050

      SHA1

      cf17a5a75f50cca99cd6e1d97bce432b061aeec9

      SHA256

      334c6fb13d6decbf1b6905e8f88e97993338fa4789df5eb79d2b55f3fde358a9

      SHA512

      9db1493e9fd3323435cfa2f1d61e30afecf6be424ed9a2bb4db733f6bbd4644b770809cb23bdc5de8885625ee8bbe753b9eabba7dbb9378784f6c20f1b9e3fbc

      Download Submit

    • /data/data/com.kingnet.xyclient.xytv/databases/pushsdk.db
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

      Download Submit

    • /data/data/com.kingnet.xyclient.xytv/databases/pushsdk.db-journal
      Filesize

      512B

      MD5

      7df76c3baf54f669ad5bfb7ed9faa175

      SHA1

      4427237dace2b3dd7c9459f679b96d5f7b90d9e0

      SHA256

      687282191778e3fb34febace311c23a7801c1ce86e680b0c1f12a8264d423193

      SHA512

      3fec6328c66a08f66ad04de049be2e2c7206256e1ae15ffa43de1c3dc0c3919fe88330443fdbb8e3c8a22bb4adb373692d9196377100a40803b7ea4ab5dcd509

      Download Submit

    • /data/data/com.kingnet.xyclient.xytv/databases/pushsdk.db-shm
      Filesize

      32KB

      MD5

      1c4274aa7a9a5cac8c6d1df71e4588c6

      SHA1

      abaecd685e01cc68801292e3dc7085654a22feba

      SHA256

      3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

      SHA512

      1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

      Download Submit

    • /data/data/com.kingnet.xyclient.xytv/databases/pushsdk.db-wal
      Filesize

      173KB

      MD5

      ebb92544666cdf324e8bfd45a7e7a976

      SHA1

      d60d92f09d8fc224ba0ae1d5d98235b3f21a1fa8

      SHA256

      786b8cde9456d34e1bbe8210d95b286b609c141458f50e4910cbdbf9b767cb54

      SHA512

      6895da964529002102b0a8571cfb23f6d93aeba82dae13bb9bf8de11cd38d1422079f201cfb215ea2130b8b804efbc4296dae2661d9f45677be725f8a2283d0c

      Download Submit

    • /data/data/com.kingnet.xyclient.xytv/files/.um/um_cache_1715489683167.env
      Filesize

      600B

      MD5

      edd6591654d7293d519d1b66a39e0ad5

      SHA1

      575123d34e8271c53f78ffc385c46f56af9d825e

      SHA256

      4c663dfb3a45bfbfab1ae357758a1af290d0e3aa4ce4121174d9d4a7917e4699

      SHA512

      129be5972f2379ab9b77653c9906f476295d772a9ee453cf16677ae0137a06eb44a8e043a9b8b8e24bb5c2831d254fe1d78140ebc99c69cb443a9f1425ea33bd

      Download Submit

    • /data/data/com.kingnet.xyclient.xytv/files/umeng_it.cache
      Filesize

      310B

      MD5

      ae4c2210f1de8f4edf5efb86e89919c9

      SHA1

      7c214cf873c8a07be47e7968b0f0cc9494bbb11b

      SHA256

      f2a39d130328c3e5876f3714fc68d0dfbc4b8534f536e53418638c383ec4c449

      SHA512

      04317c66a2483de1b4711fa07ef858a3be451a3090d24b4958950bf976cfde50fa08222a048d1531f6a82f73b0ceb888af8ba578caf9ba39ca42c0f4b20ea262

      Download Submit

    • /storage/emulated/0/Mob/.ba
      Filesize

      472B

      MD5

      5988db9cd99b42ff379a52eedfdf621d

      SHA1

      71273c9e227fc436c11875cb240a01d65d73f419

      SHA256

      001eef3345b9562c093c84815a39b4cc41749968a653f219ed3f74a4e959ad5d

      SHA512

      fd4a82c59cde3077958b9ca4d2f164fcb9f5a4a032d7fc4804da549c5f36e0eb1c501bf7dc03ab144349b47a8ad0652e9dd5b7d59dd6732740d36dd046cb8a44

      Download Submit

    • /storage/emulated/0/Mob/.ba
      Filesize

      373B

      MD5

      d0c4c31f0409033bed9b89bf9d2931d5

      SHA1

      c2da6fca26bbb57f4cea6949478956f1efc068fd

      SHA256

      db671af064713530e99e4af08eb4fe1e4b5dd5db63b13ec06dffa2de51ad5fd6

      SHA512

      be90b20d300aea75fdb329e2706fbb9118b4464db7259fb10f5877bc0e565050cc1fd79cfff29e0feba01ede8d14fd0addb149676acea07b8bf494afaf772426

      Download Submit