ee830ae6989630bc7d507c46443bc21c606f119f18f268eede686557064b0ff6

Analysis

max time kernel
4s
max time network
149s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
15/05/2024, 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4551a0b50c774b323f2de57ca190c3c0_JaffaCakes118.apk
Size

22.2MB
MD5

4551a0b50c774b323f2de57ca190c3c0
SHA1

6a1e2bfb82b851ff8bb838acfa4d0d79af4cbcaa
SHA256

ee830ae6989630bc7d507c46443bc21c606f119f18f268eede686557064b0ff6
SHA512

7e5810b5962cf10fd56f7e126b62a729f1475ed080daf65251703754309ba6b700a839d6cb882bee9632d8a1ee97f3e2909602844b3832cf62fa839e9af33071
SSDEEP

393216:z1iz1crg6YkcpjGlo35BsfWR9LGBw2mkcTlBVhZQ/zs0NXpvT6SWbmi0E:z1iz1tFPjP8Wew2mfTVhZ4Np6SQ0E

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.sobey.cloud.webtv.wangmo

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.sobey.cloud.webtv.wangmo

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sobey.cloud.webtv.wangmo

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.sobey.cloud.webtv.wangmo

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sobey.cloud.webtv.wangmo

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.sobey.cloud.webtv.wangmo

com.sobey.cloud.webtv.wangmo
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4307
- /system/bin/sh -c getprop
  2⤵
  PID:4377
- getprop
  2⤵
  PID:4377

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sobey.cloud.webtv.wangmo/app_crashrecord/1004

Filesize
237B

MD5
af09e6daa4d2ab6f5a781750d4341988

SHA1
eef90f3098c056c3c564e6945f2ece11bdff4d16

SHA256
e4970a7a31a6cf181aec31b4dc713b754da9e9db6e94f17bc6ebb6da7a7c8b29

SHA512
1d8aafe8ea492fcb42177232f2b4fa31b8b8db3a1185101d1443793acc9025bd420c19cc89143a051a15b61514c5fd93d86b9dcb37b7130b6545fd5abeeeefad

Download Submit
/data/data/com.sobey.cloud.webtv.wangmo/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.sobey.cloud.webtv.wangmo/cache/CommandCache/d4b154d4e2cade72eb65ce3211c8d26c

Filesize
1019B

MD5
ea77516d2a211cdc7870aa62c5a6492d

SHA1
91dfe052e592284cab3451e12a41e06774a81066

SHA256
589d0ceb2774f0dbbdeaa522dd7ab8de7551795731f2faefc3050a72a182168d

SHA512
61a6c2871a5614d22425d751c7842665184f3d876495e302378501099c6c469f85304cb472a52da4ab01c535bdf4187161f576e2bb99e1f370b02bcafb5a0fad

Download Submit
/data/data/com.sobey.cloud.webtv.wangmo/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.sobey.cloud.webtv.wangmo/databases/bugly_db_-journal

Filesize
512B

MD5
6aee3fad04aab54d9e692bb3b9e381e5

SHA1
c4f45522dee8d6d93eb57a53c12da69f64acd6cb

SHA256
d2096f39bbcac3cfea459f142ac7e0eb9c14950c20a4ac8854b177553225c64a

SHA512
be6b94d70d8dec9d9ccc04fb8d6c3f72a6819219c518ed7e7cda8bf9815b0535039dcafc2b38db74bf267e1e587b89b69105c1a63c469afeb9f05861bf6eed55

Download Submit
/data/data/com.sobey.cloud.webtv.wangmo/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.sobey.cloud.webtv.wangmo/databases/bugly_db_-wal

Filesize
72KB

MD5
6ae1aa7420971af201220101f20b67dc

SHA1
37a9c88e0c6b81a98f385751948b771aacf791b3

SHA256
cf53ded455aedb486a671f418a49dd56f4bd91ecf134399b1abd20b2156a67e1

SHA512
17e652eea175940683df822396268e9fb89b5f36aa0c5eaa5f0d61f2fbe43241079c7088f98834dcfef2a9e80128527155a7856095ec36afdacfcdcecd2943a3

Download Submit
/data/data/com.sobey.cloud.webtv.wangmo/databases/cc/cc.db-journal

Filesize
512B

MD5
b81be619ab9b2b67d875894e04552d15

SHA1
25f2c849ee54d3ac9ab130a958fa5d314f7deacd

SHA256
52aa24f8f332c664ab542d65daa426bb791da7e3d6ecaefdace7cd5b3ad2c3f0

SHA512
92a4d8f4f4a7a2d6870e149f326818c97ee97d6dcbb3330541bf42d743e76a278390eb599320dae0fd8fb9a5378cdb1e73601239fa93784a94298d3708a53ce8

Download Submit
/data/data/com.sobey.cloud.webtv.wangmo/databases/cc/cc.db-wal

Filesize
48KB

MD5
d92bc8d4cf401666ffb3ae5314f0a320

SHA1
1aea0cbac11f308f132d57cd75da07376fa1f1f9

SHA256
b66ad9cf904bf9670ba616b4c1c989a0f972c6c69f96338895a210af5cdad64a

SHA512
fa40dcf645cfd22cb74a126e942eb64f0781a422e1145ca5dcb7c08c856591905700eb8919924584154b2dea2901deca1f4d7c4e0dce9d1bd824f2cc8c22692d

Download Submit
/data/data/com.sobey.cloud.webtv.wangmo/files/installation

Filesize
488B

MD5
39805bd15f10914f5c81a4ab4f542b59

SHA1
8157b99698d96505b827015428bc9e3e2a9631b7

SHA256
29dee0be9f812f639bdbc09b4d3e1ebe913844bfc5d8e59835a888869d2ad018

SHA512
acf11afa70dc382cdb6c0085a0014aa45725630e5318aa202158269f15b70b5994aa9c3f9f777ce70332ada6ecc3909e7a9f1baa24038db884065ef93b5fbb8e

Download Submit
/data/data/com.sobey.cloud.webtv.wangmo/files/libcuid.so

Filesize
129B

MD5
42748b449de2f1632aa75e3cc6a6b914

SHA1
774b7234fe22a0071f89d0a6fda6864add20a105

SHA256
c2697e34e35fecc1dcb9c829425ee840de8a21650d96a8203e1d8b908e70babc

SHA512
7c034406e21b0dd58551a43144f2f1968414cec6b81cb3331eb8e67a6f13138d8e8b2bf5db4028387d3ac2a186c83dc53234de8b4a51debbf24013f49453a0ed

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
6e9f1137a838a0a3d7f4726cd99c8632

SHA1
504ecf3fde983bc2549f95c2e879aed74b8f1a52

SHA256
6c200890b48b79238353c602f2053595e910c46991f2fbb410f7cc68c775ac3a

SHA512
eb8261065bcf1ebd689b6490db5ce70a45c8141231437c0398811807d6a931be08f1415d44a8f54df37ba635ef6b38dc94581491888da5f9b2e38de774feb83b

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
515fb1c98be251c01463a20d28ec09a8

SHA1
224dfbf19c8f900db8b37586335941910613d697

SHA256
af214d7eefc587e2518345a5b7cd4d83229a11cc1237ec212a0428d44caa9a62

SHA512
af5f9fd470ad818ea6bfa579264260cfbee65eb5947689fe8c0d1d5b201ca9a77657c9c1af2f41b7566651b0093de023885d96ff5d31b5056d4fe0918ae4f652

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
160531984e2e7e29d6a1f1698d67f430

SHA1
151d61cdafc574f0849e1703d19f24a86b6a5ab8

SHA256
eec854a1a3eeb696e49930e1a25e12361b092ac0d513a6411a2b69c18e465d08

SHA512
d1976129113d287d02e82ba35aa52a6b310c0e2e64a6d28b3f043abed62ffd5221fc43121e4d9c5a289bda34c6a6962e7d24e2d199d02536153bc4ad03bc58e8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
291d0f0db1b7f7315ca0370b708aff55

SHA1
7a44c3b75aaa77b9f3d6b4a901a0b79b355b5eeb

SHA256
f67acb742f45fc3c75f3d24929b0f2c51c6e18741f24c13ad62d7b5295837345

SHA512
58dbe4a8985a2d26f8298a6b5862c94f297e8cd96ad879fa87865c42e0aecf03a99271c9cc9d0fa9e6632d43f011e54727f46e7eef8634146a58224ef6b1364c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads