169728c32734f09a54f6c8d47a67d05ea43db3efa8910f67e13eaf2d78321fc5

Analysis

max time kernel
15s
max time network
134s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
15-05-2024 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4836405e08b6b85c1a6ea2d45e6da7f8_JaffaCakes118.apk
Size

24.5MB
MD5

4836405e08b6b85c1a6ea2d45e6da7f8
SHA1

d25d34414b8d5dd42dc68ecf356d50ee8429bd1e
SHA256

169728c32734f09a54f6c8d47a67d05ea43db3efa8910f67e13eaf2d78321fc5
SHA512

6cba8b3a7da35539648f9d86be12f0997d739bdfa888dda1e3fcb015b69edf0bfb399f0e642ba2ea60381ab09e41d4bf4ee1d310788d5db12277c9211b0dfd2e
SSDEEP

786432:2HVk40cdQH114jC7CCVtXq0KRH20KRHFWsyfr:q643Af4j5CVtXNKRJKRlUT

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	io.dcloud.H53F98B25

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	io.dcloud.H53F98B25

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/io.dcloud.H53F98B25/mix.dex	5154	io.dcloud.H53F98B25
/data/data/io.dcloud.H53F98B25/mix.dex	5154	io.dcloud.H53F98B25

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.H53F98B25

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.H53F98B25

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.H53F98B25

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.H53F98B25

io.dcloud.H53F98B25
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5154

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.H53F98B25/app_bugly/rqd_record.eup

Filesize
360B

MD5
c2e0a0d6d4b6655ad940bbf9671debd8

SHA1
8888f63b4b512c7c342d5f238cb35a9dd3a5f218

SHA256
d3cac977dee60453c78d0f2b6ff9ae2ce98f56462c300b8938c0ab3ea46c0267

SHA512
9e249d0a5a18624f8710b316c00f0482102fbb86256220cfbffd714ccfe8cc9e4a999c0123cd927e1ae3d905142174e42041f1d132f5a155920055cefb5f5106

Download Submit
/data/data/io.dcloud.H53F98B25/app_bugly/rqd_record.eup

Filesize
1KB

MD5
335761eaf5e3801a586c0d95f7c8a682

SHA1
72f1a686d97883a37698dd2f8eb5141064bf738f

SHA256
d6fa0787e333445c556099bc4e9537f549ffc6299fd84002b91b6bb3bbffe8f1

SHA512
dfe6902475fec9d5fd272d7f63edc87c3478bf41893cd09a2aba641e163d39726bd864b14f6bdee7d3cb35243ac17131316078587aee59ccbcea82763e812fee

Download Submit
/data/data/io.dcloud.H53F98B25/app_bugly/tomb_1715810292159.txt

Filesize
19KB

MD5
7532cf1ba53fa8ccffb37482fab5d678

SHA1
27d361c33ce425b7d149b8634948a1f00a36e744

SHA256
52c44981c66c4820af6552d32430f99354ba167e9407c2a8f39aebe61e5809eb

SHA512
6046248e61b88cc021ac7386fdf3e36b12001b07e11b614b65a8cf840b441e6105eda4eebe54567fa8bac2a7dc256af51113b5d48f9373dfc1b1b9fc661cb38d

Download Submit
/data/data/io.dcloud.H53F98B25/cache/tomb.zip

Filesize
4KB

MD5
6f248a18de5b71d0266dbcfb68259c5c

SHA1
0e682e81f1bd158c807ab38c401c666e7fe6875b

SHA256
ba5f1caed3d292935c5cbd2a522edffa0cb234ee312cf736c6caeee1015c367e

SHA512
fa68199daff03a9e31c24d5f55ce192d1e89bc625ad3e29070f548289b1636f51e49e44c348cba8e69918393f782276f6d468eb0a88fa120877403dd524b2103

Download Submit
/data/data/io.dcloud.H53F98B25/databases/bugly_db_legu

Filesize
164KB

MD5
b4e9b21cef28bc99a77f91e8cd4cbc33

SHA1
2fb1fb2af5258e48b169cd4c17064d725977d1c4

SHA256
3195571cb967985ce5d22daa22c39f60eba1b964a3cfb289a71adbcd5562219a

SHA512
2d3c6d3522c461a748f8955d0a6d2b8d658f99b04c39321700fc14d2c0df2a29b07e314a6cd157cc11f1616576f1569d1f4d6b484b4481b04988bb228110663b

Download Submit
/data/data/io.dcloud.H53F98B25/databases/bugly_db_legu-journal

Filesize
512B

MD5
9cd05f5164e7b629cf03c5d69706035b

SHA1
b699277c510ef876b773951616adcc6f034282a0

SHA256
757688212a4ae391f2867123264c2215384c72305bf3e9ad3c35bef99cfac0b1

SHA512
f739f83c0378cd88e54f50b7c3afaa8e610c143428acb7fd39b9a177ef38db1ebc30617eabc7aebe1cda97a14b9dd2a494a5c0196086f1ee0d5d25a863f18210

Download Submit
/data/data/io.dcloud.H53F98B25/databases/bugly_db_legu-journal

Filesize
8KB

MD5
ebe8a60ea8c55f26e9b9d215ad5edf56

SHA1
829540cff46d18e595906445bd94984b687cbf1b

SHA256
0f9d1b03e6a16048a087ae32292485547fe41316d57d1418e8b7225415d79ca1

SHA512
87258910735f23aacb0a5129e85c9a773d5f0b282f23435535ba9ef6b829a8d4ba58c1c2f07d23bd160680ac1c34ab94b9060c2a032e6642a9f016c8a9153084

Download Submit
/data/data/io.dcloud.H53F98B25/databases/bugly_db_legu-journal

Filesize
8KB

MD5
7baf71c8cb5602903e9d52bb988f230a

SHA1
cb18abeecec3c47c7ba002022e59f5c84d8f434a

SHA256
fce1a11ed4a68a97b64bc1e648314e737e8b1bf7b6795172fa63bd9a38b067f0

SHA512
bd62c6b910bcf773016349c1f777793382cd72c9ecde1416412d364fd4964d3fc7d9ef134b1b7ff20740e7319f136d94b1b5bfeaf52a71e713edbd7c71b57b89

Download Submit
/data/data/io.dcloud.H53F98B25/databases/bugly_db_legu-journal

Filesize
8KB

MD5
27470a9758171fe845145a3bbae9c594

SHA1
df05667ec4314b55061eaaadf236fa802b09d22f

SHA256
b08045d7f23f0afe527328f1d2f413e060180e71775ec7c45ac36c5dda499c8b

SHA512
55e188b811c788f67ddb5f67252269b6680b54bb2dff56e825e9e15687ddae83b0d022ffe67f37149b53389ce5611b0b771557dff0b3faf310067ccfce632c37

Download Submit
/data/data/io.dcloud.H53F98B25/databases/bugly_db_legu-journal

Filesize
12KB

MD5
a2ad6651e475ec63807e02df5567f3e1

SHA1
ca4c74a82742423d98d3079396e2b1deba9e4d39

SHA256
b1add8f32819a69424c30befd1953f241c2b40491a22d760fb5770cfd3ebd796

SHA512
98d0d5817d12444842486811d92aca022588e6fec3f7529cb8fe2a7838e6c3b2657b553ba6a2c31576038352cf364a8fc4cc950aff40a8f7cebd80b5b8049996

Download Submit
/data/data/io.dcloud.H53F98B25/databases/bugly_db_legu-journal

Filesize
12KB

MD5
7842a92ca3ab9ceb61a0749972f28bda

SHA1
f26708805317c32f44bfad5a53f3ea2e8c35c35f

SHA256
b5c805d90e38dcc832a54ec2b75d0a1aadb8710fe19c2d97a53cf0d3f2add083

SHA512
171461ca06b9c34d1500c5398ee49161fd91ce047883e5dc6c738631a7251a78c12fde5c9cce6b4b56bf2009d0b1f36a291153a3b2ba1bbb0e14f160cffbb31a

Download Submit
/data/data/io.dcloud.H53F98B25/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads