ad087fad314994b1fe01a22506dd548050b9af7f2a1744271cde10469d46ef95

Analysis

max time kernel
38s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
12/05/2024, 14:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3a9e933e236d0b6ebe049e8583663492_JaffaCakes118.apk
Size

26.3MB
MD5

3a9e933e236d0b6ebe049e8583663492
SHA1

d39b8e4e7defb8982b8c7d5895bcfbbacb603280
SHA256

ad087fad314994b1fe01a22506dd548050b9af7f2a1744271cde10469d46ef95
SHA512

f09ebfaec6e399eabadd2ab49e587b9d04e67d7b3b3f8b926ec0356fe792d59a2e5958c638d4891cb3e7d8b0977f6d763f404a0e5ce22775e454e34f74205a8a
SSDEEP

786432:/bSVZGf8LQg2uzMA8wH6+ep9f6REpg+H3QdpiddXoRDNI9P:/Uwf72BpL49fNpga6XWl

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.weiyun.mm

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.weiyun.mm

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.weiyun.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.weiyun.mm

com.weiyun.mm
1⤵
- Checks CPU information
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4496

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Android/data/com.weiyun.mm/files/GaragePaintUsed.cwa

Filesize
33B

MD5
0a339861163bfa3ea1b80fc7d0a2ee2a

SHA1
182daa2d9b2a9488620d00a6a58fab31e5045c5b

SHA256
b351d233fc42b5476f15569c8366bf8dd0a315badfd6134db03bf5c10b6b4c62

SHA512
462dc61323a6417122c4ff834caba70d6b1571da8b8c9e5fd5c7457ba00a7937004c1e7ede9492f15e8b372192d9991a44a6ae3659490573cf8874c178658e3a

Download Submit
/storage/emulated/0/InAppBillingLibrary/log

Filesize
165B

MD5
1b64524e9be5009cb2b19bd42b88de30

SHA1
10f3aca8037787ef11863d7f51bf85cd22bc0dc9

SHA256
d1850208e4edf610cf8be795a193b42373697f5b1b76ad974d92b7442b4330be

SHA512
9890f039ef09e5ba8bff9751591331d2b64d6f2dfa83cf0196ab471292ccfe65deca3d29102d9441f881836a4935b4c73fc468219c5c2e9912d593e2234d7a24

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads