8141846a27f9c48f2a391ec544d16784245585714fa3e88fd6196fd1e59ab9ab

Analysis

max time kernel
124s
max time network
157s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
14/05/2024, 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3db13d04450e1b405aba81b3033b1b75_JaffaCakes118.apk
Size

27.3MB
MD5

3db13d04450e1b405aba81b3033b1b75
SHA1

4054a91e917bac72b7da61aee4f4622f4a06bbfa
SHA256

8141846a27f9c48f2a391ec544d16784245585714fa3e88fd6196fd1e59ab9ab
SHA512

e5579aab301b92b48a7b3c6db5e6ac61ffa30f522708152ab6b0b8a8def8c88a4e6fd159cb28719ae0c9378cc5d151f18132811d5e27cb3dd96bf644ea8ff0da
SSDEEP

786432:goPDyE8HZRvEEslMoRR98+qBN/yE7cG2mxRP+Q5:jNSNEtXRMJN6EVN+Q5

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.twelfth.member

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.twelfth.member
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.twelfth.member:remote

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.twelfth.member
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.twelfth.member:remote

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.twelfth.member

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.twelfth.member
Framework service call	android.app.IActivityManager.registerReceiver	com.twelfth.member:remote

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.twelfth.member:remote
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.twelfth.member

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.twelfth.member
Framework API call	javax.crypto.Cipher.doFinal	com.twelfth.member:remote

com.twelfth.member
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5135

com.twelfth.member:remote
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5185

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.twelfth.member/databases/TP-infomation.db

Filesize
12KB

MD5
1e5a2008136f395f1beda54387839db2

SHA1
04b1c05fe1990abefa6fcd881d196e0702938c64

SHA256
b66be7dc3ba04bbf6ee88da7eba16b0a1ab7d9080ca06b5d2e36ec3154b5754b

SHA512
dbf2ccbe6ea055c53296d58e3f8b690e86ac2e2b21a628ca3e93d6c0aaf7006cdcc2c4dd71047f88a310e7fa1e5a24cdbc4fedc50f5d40b6d4a074930d88e0fb

Download Submit
/data/data/com.twelfth.member/databases/TP-infomation.db-journal

Filesize
512B

MD5
a6da5173a196787b13d5979f7747aab6

SHA1
768b005e24a0afde5f8f54780e12ec2b9fd09a20

SHA256
cc82668c545894b8fea55332f1f617cbd547594fe7da6515c35cb39e31221211

SHA512
a5107d387277aae043878e32e8948d8cac4c386cd4c8ef549286ca7cc86daf579871c6d8d2d89b15a38efc42d0bbad38721869497b6858eb8135908c64a1bca7

Download Submit
/data/data/com.twelfth.member/databases/TP-infomation.db-journal

Filesize
8KB

MD5
94eeada6f7bb612db6855ed6f23c7f9d

SHA1
b1030db594ed3ef5bd38fc69cddb3173aa2570e4

SHA256
2c8a6b8278ae5e89304138398f8d5add9144deb3705e81669fedebe3ec45d3d7

SHA512
b682871e97b1aebe5bcd41c3ed1f042b9edfbd47be48292148afac7cb0738c505e51a3b9e69b06a98e95a90a40b42983944c98606789883df571772042736e86

Download Submit
/data/data/com.twelfth.member/databases/TP-infomation.db-journal

Filesize
4KB

MD5
89977075ad76949961290e5d02a00d52

SHA1
8ab63a311e16a3176c43c8c84a2f3a8165d09ee6

SHA256
a9febf246cd2f80cb5092b582d276e9c48deb874ef9f5a046c64400d405ce768

SHA512
121d502942307b27274ea7cd4ad6181904281eec5662d5b4ee8ecdfc2e4877b7af4511b8daf100dff6a5d9312bd2944e795f4929401e351e283503ea2b28a9d9

Download Submit
/data/data/com.twelfth.member/databases/ThrowalbeLog.db

Filesize
36KB

MD5
55f198fe769c1b5b64d6e2894decbfec

SHA1
f0e6312aa2b078883dcc42dd4f49af427b5de951

SHA256
706e4c0f073a031038e54629fade4c98370d464f1227660de69dd6ff7950446d

SHA512
17f279f868649dc59521f3cfaae43e237c0aa6a1440cdb1bf831ce8d2306968f910154d6a24587f272610f7ef52ac052fea779559735fd5e0b14a8b4dba83a1a

Download Submit
/data/data/com.twelfth.member/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
8f56e923f639291eb897cbe2cdc78f1a

SHA1
5101f463a5c4052dab688b20f9562430215b152d

SHA256
3da06ce2d5e8d6402c36a8a342970d8b5849cd13f450664898dcc6b0a5d226fd

SHA512
d63cbe6741a1ffa93d567b44146b4198c07a7252a1da90f9416e40074f9767484d5ae4834bd8918152698480afa40917e3fc7d84da33a23ae6d3d618fd7e012a

Download Submit
/data/data/com.twelfth.member/databases/ThrowalbeLog.db-journal

Filesize
8KB

MD5
07c70063f4cca2737965f49b1ab2bb98

SHA1
73ca9822325c2e1a37592fe4b86aa3765ef98de5

SHA256
5d8744912ca45377189ba4fe57f5dd4f0b940342c52b0847bc749a8ed89ae88b

SHA512
b99c9ce4d8e86e6e986a2f4a42719221b070088c0ff6a34a2c89bed11e32b65fccb307b2df5b5e0d75b777076465224d5e8bb0fba88cc279695a8f52a99d81c2

Download Submit
/data/data/com.twelfth.member/databases/ThrowalbeLog.db-journal

Filesize
8KB

MD5
ab35889d84eb53a6a84d7ccb44f3c169

SHA1
afcb828e1290c269e80837fa4fff58fdf67d0977

SHA256
72b258d459a3387e214a13bb06156cdda6a0dbcb12ac0cf015c5834df93a768a

SHA512
ae41452994a8b2eed472910240d3c6db6175b4bf3d904454334b16e54674df11e5f50c95e45a0b8fb63f59ad49baf14913c5e8664b011ab977ab8e3406ae7b38

Download Submit
/data/data/com.twelfth.member/databases/ThrowalbeLog.db-journal

Filesize
12KB

MD5
8d7f8896ef29a5d15875e383f8ff4705

SHA1
b413ebd3b462f05b9054789907de79f94331ba0b

SHA256
e4460f5c45c9218635f1ce9ca9f84f4a58839ec6b571eec1ece6ceae3e8e0f6d

SHA512
723e94e1d5de4e4d129c081ce616483a27dccefd98927ea93360ef6677ff81b7e9cb0665e893e88a61025633c4fffcfedf8f7914923e23a56df5753cbeee437b

Download Submit
/data/data/com.twelfth.member/databases/ThrowalbeLog.db-journal

Filesize
16KB

MD5
4d0e42b6b95f87f01871d0f903761568

SHA1
e9706bc7db8ab89d7c6505a52a67cecc07905215

SHA256
d94d5d65f41ff755f6775911aab9a817b3ac55e9bf249617f6331976013805e3

SHA512
305875b74913f9e4dd181ee68c50811baecdcc161110098df4b1a1fd311200a9472f6bcaaa45d44ab38e3ea3bef201534e8a3276f1e110a5c6710c3d677c2e0e

Download Submit
/data/data/com.twelfth.member/databases/ThrowalbeLog.db-journal

Filesize
16KB

MD5
1b41b0124dfa111cb1412f3f850d1ffb

SHA1
6e473d3fd65911b17ebf6b0e81d91c5076d2f493

SHA256
7ce32119713a2bb8e79b7ebb9e50d996b8c0565d94f8ee9a283a953c12eccfe6

SHA512
8e638203fcca0d5972068d9498a0c91fdebb230937297a15323d6316987fa287b0b1e06ddefcb6b9d0c0a95376228143291f2b108f752c955ad90c1ebe28bbc4

Download Submit
/data/data/com.twelfth.member/files/.um/um_cache_1715656799906.env

Filesize
549B

MD5
b225318c3e52ceb56134341ef1fc6327

SHA1
8e188f2997f25896ae2f6775472b5ef52810224d

SHA256
d1e7bc605905cc00c9b15ef3b255a2d2bd95a3319f1327aa50e782964326f79e

SHA512
5c57a3c1a1b4c5a0bdd8de26eeca7ba93e028f764901ddcc840328324931677b5724f5fb3b21b99adb617cb1f70e8fdb4fd1169733e0f60d0cd0b4ee6a08347f

Download Submit
/data/data/com.twelfth.member/files/config.json

Filesize
34B

MD5
cd32a6e20417848a23d1529efb7a2cad

SHA1
21e639c905d2a44625fc6cfdd09ae8fb8d31dc39

SHA256
625cfbed3b88b453fb43c81ab568aa7b42e449d43942fa2bacbf226f8dd7ff31

SHA512
5116cd11345f65070ac0d44fc6810423e0d83e3a00f657a315ebddcb1716f7e1fbfae35db9a4411f9ff560445a5306e5a302a7e9d23254964610819a8980b6f1

Download Submit
/data/data/com.twelfth.member/files/jpush_stat_cache.json

Filesize
141B

MD5
59e343a5455944f21fcd94820b3f9235

SHA1
055bf82b1c3a43c23cbcb66f2fcb999859694cbf

SHA256
095085d1d95094c19d588d130c39e7c3d254f5914fea9d1e26ad50e08b297035

SHA512
88cfe6110eadfc3a023893aa6d89b80fd0bd379aee8a0d8c95e6cd6329afa047ce51a82beafa38a883754f9b21deb1fd77add75a642832a8e2286508fd56e2df

Download Submit
/data/data/com.twelfth.member/files/umeng_it.cache

Filesize
245B

MD5
158ae5c84be81a1512b5cdff9b5e739b

SHA1
d71abe037d4f8b3e3536340faaa8b514e68a3559

SHA256
43aea30dfd2721ca9d63d3c2e48da4b65b0f1735ee2b1cda3308db6a95540197

SHA512
00185679ce85d5b8e827b47b90d4f7ae974b1fece1945f99d1ddfd87922c4f8cfcaaa1dff7560ae3fd4fcf0da7c5c79733a4a5ef410be6cf71c977a506e17657

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
32KB

MD5
a0634d55f92ae3be9b67fe3409fc3302

SHA1
d23aa5ab505844708a2256b1dab11fbe4f622182

SHA256
ebfffc8a5b87d18e6e057183aa4dc8993e06c4cf50535546c56ef71c3c91c30b

SHA512
fff77561a2273a659898987536f36e5450e75fb4843ff97b0db2d878d44d261e4869e0d48490782f956ec9133fe91d04c2586c69f4c5533b0809159c0803ca4a

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
cf63b802abc1e59939674024a187f500

SHA1
8c70ca3fc9ba2a17fabfe4447d88377ba1efcc14

SHA256
6361dc0b5a608b4574741fb7e98ef65c5b730669f056dcf3ab62d3c354c7ef31

SHA512
675b8fe76326750292ae64934b4b8f9a8a84becf536797a3b994479055b89b29aac7253ae63eeeca6d46b0a6812a0beae34e0cb996df0e7955df2d67e88c3358

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
16KB

MD5
297b938891d8ac41ecf99c3a35626827

SHA1
d894e510b1defda060f1534de8df1c7de015309a

SHA256
986bc26b5de0aa16661de0cee233adc448078d774f6e4daab3d20ff805ad21de

SHA512
19b8e0e6b6c24f34fcb8f80f0bf59a39407259019e09d9fc37c9040501a4b1c28994abf930076a828f399affdd83b5994f682c0014f32bedc97d51b79843d092

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
0f709201d55785c61c5f93fe7019917f

SHA1
10b2c84dda3b443a946a0cb77797fdec9f471dfe

SHA256
3df7f305af00395ac055f43f59ec8875cbf63575158967eca6248d0f8d829eb3

SHA512
36fca5122a034f08671413e8d77c766427951f85a7f59c3b184ff0731063ed373e53dd419067d8632e262e7f2ecf3c7f732d24cd94c7de125b818feed9e35302

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
03cde80a2ccfd892afc9a07d1101eeef

SHA1
8d05f1be59d6c042d1a41c57cb7eb63817939477

SHA256
14a152ede302a27f8d851eb97cb603fb8eaa9de871f5df71a1836dabe55fc686

SHA512
953bfce3cc85102ab6dafd6bd4a98f2cdabe310e5896f6e9ae6c2830c3e58e7b50a5ff2329e2a19ef954f94474db05ad5c09da5e2df8b70d48fb93828583bd55

Download Submit
/storage/emulated/0/Android/data/com.twelfth.member/go12thman#12thman/core_log/easemob.log

Filesize
8KB

MD5
483a6ea0bb9832f0aa226f1a905d81dd

SHA1
dac16780ebd079c43189fe27142d1360ff073c8f

SHA256
e5bed51a6d3d4e2cb40ace6b1f95dd97fa8f7a23cec81afb8d1f4f5bca49450a

SHA512
3d6b8a65b4f2df382273a7992851dbaba6403d2026703d029b4ca87c79342f2b44ad7c976e50df8305017fee6922ad6e6accfc59bc5954e54882807d5f66a520

Download Submit
/storage/emulated/0/Mob/.ba

Filesize
369B

MD5
af4aa5b8478a31f604f93d175301599d

SHA1
e7c0ee3831345e1d106ceb28849d2add2a3dd06b

SHA256
8e9327675df06102237d2f4f693c7d98d4e07db42b79d7edeae34a6030defb23

SHA512
7d48a2daf2e70e1f509757b1de902cd3ce1a6a00a8f80f7f4c4c2cada2ac0d97e83bc5a3e47e8a62dccd0aadbc87d4370a7b77b57c54105491abb17c1e7299cf

Download Submit
/storage/emulated/0/Mob/.ba

Filesize
468B

MD5
2b6933391d61d981c1896d66e66c8ee2

SHA1
b5b8794cf67bf376efbf1c82a437e1bc59401eb1

SHA256
5829fb0e7ee3ef60a1b5a5ba6fe1d4b45e1cac4c04f99e22eecb7e58c1398943

SHA512
4d1e7b89889160da4b8797eac2194af0e47f8ae07c55003ccfd5653aee20c88fab1b10f71fc14d7e4740858d582feafb118b80ff66094bd0c6378003b2b9f0b0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads