5110f8c1034582d9258f887815f4a496bf86eedc4b7bf1cf42fd5cacb0b76c26

Analysis

max time kernel
10s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
15-05-2024 09:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

459f9ef7fc5e86127a55d70b75a6b76d_JaffaCakes118.apk
Size

16.5MB
MD5

459f9ef7fc5e86127a55d70b75a6b76d
SHA1

cf14ef3df55688d7b3a61970a3f64e3316961284
SHA256

5110f8c1034582d9258f887815f4a496bf86eedc4b7bf1cf42fd5cacb0b76c26
SHA512

c3f8acdc5c04ac0a870a311ee58619eb7afd5431a34cc620bafa10c16d37031ac3a5a45b24c078ebd8e60b7246c15bbecf80a1a5ace3205ab6e92e2fcb16bb3b
SSDEEP

393216:St0zX5Iyh14q0zIP2rjzGZs0lUP1ym68BMHEFQnr+MrvZlbOW:StWIa14qh+/zwlUbhQnrR

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.tencent.tribe

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.tencent.tribe:service

Queries information about running processes on the device 1 TTPs 4 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tencent.tribe:service
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tencent.tribe
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tencent.tribe:service
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tencent.tribe:service

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.tribe
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tencent.tribe:service

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.tribe
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.tribe:service
Framework service call	android.app.IActivityManager.registerReceiver	com.tencent.tribe:service

Checks if the internet connection is available 1 TTPs 4 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tencent.tribe:service
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tencent.tribe:service
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tencent.tribe:service
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tencent.tribe

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.tribe

com.tencent.tribe
1⤵
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4265
- chmod 700 /data/user/0/com.tencent.tribe/app_bin/daemon
  2⤵
  PID:4293

com.tencent.tribe:service
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4332

com.tencent.tribe:service
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4409
- /system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/com.tencent.tribe/app_bin/daemon app_d -p com.tencent.tribe -s com.marswin89.marsdaemon.proc.Service2 -p1r 45 -p1w 46 -p2r 47 -p2w 48
  2⤵
  PID:4480
- getprop net.dns1
  2⤵
  PID:4509

com.tencent.tribe:service
1⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4556

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.tribe/app_bin/daemon

Filesize
13KB

MD5
99091b9840f719cd250fc1b565d4f8dc

SHA1
8b4feafbce6656fcf812e2e20ca0898ac52e850e

SHA256
6177f1b187665135b420ef9375853d78bb28ab4f3fdaf2f7664e2f0a8dd8bb80

SHA512
b94e7a3f60e46fe418778adbbc41959b035998a19a56833f9e7f3170176152e6c827fa88ad89632a5caefaba7483de99bd771c7e61e509940cf5f1e61bbf5817

Download Submit
/data/data/com.tencent.tribe/databases/bugly_db_

Filesize
4KB

MD5
38def92722fcd7886080e8ad6a446889

SHA1
2b0ea33d20ebfc4063107e73c692e9bf3fff9c88

SHA256
5c080f17c2739928bb5687cf4cc98c6c282a2b915e54e28dd34f6aa9d3e33686

SHA512
474320ea486d02cada5e85c8b9e9bb3433c2a613bbb0a207598d5e4cf50be78814ac93c84c014019b12501675331db0044d4e3c915c7fdf925d070f8b1c6c01d

Download Submit
/data/data/com.tencent.tribe/databases/bugly_db_-journal

Filesize
512B

MD5
1accc6e2a24f3e706f46f05144a30a38

SHA1
5e33bb30e153a31b2ccbe72ffdbebc8e725b2705

SHA256
837c509cc8e089ef07d777d163d2636262f4190442910dcaa0ddec75c7d31d5f

SHA512
3a035c0fc4bdd5bc1d443665eb7ae387871a602db0ceaad58b963ba385afa83a0e3f72a363a3c51406064f99bad6df72c7e505e1c6b35d2a1372d5ba6f915d92

Download Submit
/data/data/com.tencent.tribe/databases/bugly_db_-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.tencent.tribe/databases/bugly_db_-wal

Filesize
64KB

MD5
cf9c1a09fd73b867037350c37284f3e8

SHA1
c8d90e406becc94111b493d2be2136ac42d05569

SHA256
0ca755bf7b674e5f3015da06b81cf107f287d04a05bdc045d7c0e4b784e38b86

SHA512
fb7418ec8c1947e3d941a6f6cc3d86b21e14d4ba95f59a304b952a347147b1dc620bb7293d265f72cefd1eeb64f060b358fdc3075ccb035f124894c483b316c3

Download Submit
/data/data/com.tencent.tribe/databases/eup_db

Filesize
36KB

MD5
46e169ec5d0ab480f3004e8a6edac484

SHA1
4c133e8589808bb3d1c8fa37b1ef19aa266fd852

SHA256
eecbe6a417f1fb33acd076fdd7e1841bfba293af97133d1224da0fde28a13945

SHA512
18e6213068ab38eebf467b006597dd41aa63749a9786e390724c0c5bfbe28a27eb3647cffe6a451be7c33971a37cf89cb84e282017ae969a7d510738f486d2a2

Download Submit
/data/data/com.tencent.tribe/databases/eup_db

Filesize
16KB

MD5
3a28cd193185224a3f6a07c119f49f36

SHA1
5cb56a235159e259b301b0cc033258dab7fdc8e6

SHA256
c6d8fe5847fa657dc4e59755336325fc518e3dc2548027d09b5da6213bb12321

SHA512
2f387ebdc3524135807433b7b97e19ef0cf4e276156f1c64a2bba4743fd6b0a8c6997817329bed67575a53f077e2ef302901e155b75729de85abfc6db677c4a6

Download Submit
/data/data/com.tencent.tribe/databases/eup_db

Filesize
44KB

MD5
49a9c3ed7291f031490564211c131c2c

SHA1
95fd57fadba393750bdb1b1872595dcf239d07db

SHA256
dd7110f4f5dd0ea8e7e19864e8a0ed7b6a65f96af6b4e73571452e369710da21

SHA512
9399f5a24ab46ea88b806467dae9f6da402abede3be6e783966fdf3dfed536dabab4d8561620da955979fec4c2b4e5329a77f7f5ddfc72d2e52b401df8a9225e

Download Submit
/data/data/com.tencent.tribe/databases/eup_db-journal

Filesize
512B

MD5
b3013e712fd5cb26c36a86df16d75e9b

SHA1
608f1583b326f0759c770b1a47615e37be5a294f

SHA256
500d426272c95854b71f08dc51f458a871989de4371bf15c8085ce66f6b52a3d

SHA512
d66ad99a9480f930308f0c2172dcad9645f35887f82fbcfd1805e5857b46b7350ef278eae3f49ec82a59326980b429b6258b83707f4c7f916e3e0ad166ce3b75

Download Submit
/data/data/com.tencent.tribe/databases/eup_db-wal

Filesize
60KB

MD5
ae64cbdeed7f84a4041056f9fa019e4f

SHA1
2292e89d78af6d6d46f1bd6e98e66fed252a49d5

SHA256
259b1e83c392cf0edcb66026ac20f369420a6a91bed11cf515703b4850e160f5

SHA512
7a90de50a76fb5f26184f95970d288c723e2c27139da90a0c0528566f10af66e10ff9ba14d4fe44707af5372c4e09e1e9c82dc4867ca4d188705600e8e99a612

Download Submit
/data/data/com.tencent.tribe/databases/eup_db-wal

Filesize
4KB

MD5
fafb3e34608e0f137e09478c36a720e9

SHA1
d899adedd8fdaa36b64547af3638dd59de310eca

SHA256
a117b9b2196ff67624b5d245c2469c144cf112dc19d6bf801a937ade084c5b22

SHA512
db08ec931a20984b404a0dfe93754691150fbe9d07918e128ee7aa333ae152eeea4fc9335397f70f54fd0f20419a301ab9f70318f6199ed7ee5fb472a8a7dfb6

Download Submit
/data/data/com.tencent.tribe/databases/eup_db-wal

Filesize
4KB

MD5
377c2885e393d2f8ce0fb893c3493497

SHA1
8b8d099b522db9086282544b23d0223278c39c1c

SHA256
a9dd60e44b992cc6c87980d56479b00e14bc01b1469607b45f1e57586b53418a

SHA512
ae74db9b1ceb54e52bad07fbae241e3a2752f33c88f8de652edff54b41fbf2635443e9b013adab3ad677a8ab19c54b8303cb2dc8ec6dc1345fb35db0d5f0a471

Download Submit
/data/data/com.tencent.tribe/databases/eup_db-wal

Filesize
4KB

MD5
52ff27657cdae28c13036b4e63d3ef52

SHA1
adb8b1dae7b20a3d5488104086dbf526a209630f

SHA256
c3ab47bdba8795ae787579f89a7f549274de9b1fb2430c6807a48ee29b993b16

SHA512
d28f5ee98a812676d48b4c67aa37b17319779d6737650ba5a1f01f273029d161dbe4cb5f146b9a41d6a64df5f63d7dfa2ed9565409e01fc36cb9411d5c679134

Download Submit
/data/data/com.tencent.tribe/databases/eup_db-wal

Filesize
20KB

MD5
a57725b6f3f0e9f31ec881df7992358a

SHA1
c3cb0a37aa28f378a4ed6a8b52b7f43e2899bda0

SHA256
269214abffffe7eb4a728b320ea9c0509b075ab4960a5429c5f2d98d3002f7c7

SHA512
1a2ed1aaa721339b0d1ac7407047c48c1d4a1757e552c09b3518a0c027b8e38517f9d6395c98b979bff84ea1c8ffdff2b28fcdb406e775adc9045da2d42ffb9d

Download Submit
/data/data/com.tencent.tribe/databases/eup_db-wal

Filesize
40KB

MD5
742a61e9835d00b1f924f9df7db1c7cd

SHA1
ca0e401033da327a72d8dad1e747c787a28bfe8c

SHA256
7f0c90eb56cd6364cba94d04d00d054c3d74816297f8d563b1fb160bee01f9bb

SHA512
3d21a2bece05961d591602817dc222d496992ec0603b53ee62171702aa2fd3ff2be6352cece82a7a9e025e81e62efab7a2218fdc644437d09ba6dd762ddc1857

Download Submit
/data/data/com.tencent.tribe/databases/pri_tencent_analysis.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.tribe/databases/pri_tencent_analysis.db-journal

Filesize
512B

MD5
13fa6e2c9bad3026d3d7a107675b4b9f

SHA1
7cacce09a26876d73cfa360b8735134cf6c0c0fe

SHA256
42cb5bd3c38a5bbfb8cc2774714838171d8323c96d863c8b6adbc9a1847235c7

SHA512
e3390f3614fb75708093092a0b952eeaba724b9f1b4fcc04ec1a87f0e4219dea49789d5a59b9eeb9404cf548885c1a5135b92b2d6c0faf416a1767e658cafb36

Download Submit
/data/data/com.tencent.tribe/databases/pri_tencent_analysis.db-wal

Filesize
56KB

MD5
52a4df4ab2bad879517c911ffdfbccde

SHA1
bdb69b78c05cfd746f7c3ca87972a849a1144a53

SHA256
3e93188803425ddd2ddf584f89d29c422acf7dcec6fcf89d8dd1eadb43ca10aa

SHA512
f66f24abcc679ad06dae392119d2d8d9dff010d9953589e6a7938b51c39c7d872ef9012550e272a0f75d18482504c853ac4085f79b749200f76c37edbb72a7eb

Download Submit
/data/data/com.tencent.tribe/databases/tencent_analysis.db-journal

Filesize
512B

MD5
20d19105b1eacb8098d5fb4f60d7c2c7

SHA1
da3dfb3aff66ad9a9b5a090633a28beaa2cb8e2e

SHA256
f8caa82c50f129bd595f0bc31461077fe7ca747cc38382718e3d7968bb1fb7b1

SHA512
f1175bd0b916452d36c9126417f2e9a48d5a87558a2ecce8c8a77c4115789fb6a4eca2c878eba744cef6ff1ae97a9f32d32014b636c81172bcdd30a47ffa51ff

Download Submit
/data/data/com.tencent.tribe/databases/tencent_analysis.db-wal

Filesize
64KB

MD5
88bb5710007b68f129c62d939304fd1e

SHA1
bdc87dd9e9c998fdc7eca04ff879473cf372a721

SHA256
de5d0d7e8e0606a0a68dde0b3433cfc5da0eb2c63e017a0fc8af3c1e79b481b1

SHA512
1b7257357c60f669695c297e759d9bb4a433f0375932b3531590b7d1d3e1534643a1d6abef353803a245e7cdab3230523e1612d2fcf72fc30d9003e708a74261

Download Submit
/storage/emulated/0/Tencent/Tribe/Log/com.tencent.tribe.service_24.05.15.09.log

Filesize
111B

MD5
9f1a032913bca83e46fc56dbac5e891c

SHA1
5fc4def21a25aafb53c26b85c7127a15000b6332

SHA256
2d500fdfb95ba37c9dfdd4c2942140bb05ea79ce80cb0b42049073d72df1c950

SHA512
68acaf0e77e3bd102c49c54a3675b28bb170560f2f67cd6b7e32abc1552b9f9038166bb5897c9fccd6458644ef512a45587418001735c6b19549f64e5ca24f4e

Download Submit
/storage/emulated/0/Tencent/Tribe/Log/com.tencent.tribe_24.05.15.09.log

Filesize
2KB

MD5
716f3c7e97b30887e150ee65675d3ff3

SHA1
54f5dd1739ebe1259e31cfa45791aeea44bee68e

SHA256
c6ac9358c2cfe3248b86acd38223f13121cb9c299a2e8e9acef0a3da11df49d4

SHA512
bc4176206967f55233e291a8f6c1014121e8d504440b43bc6c108bd0afc9bf9d3c8872f0d8261ebd154d308bfebd42547928fc7f49a46d73beecb9840dec23ce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads