650949980f90160fb477a3a982b4784b802d1f323316d536cc0ac673ad6c5079

Analysis

max time kernel
170s
max time network
188s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
15-05-2024 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

469b6010012d338d6da768e818e78771_JaffaCakes118.apk
Size

10.5MB
MD5

469b6010012d338d6da768e818e78771
SHA1

8cf1349b8f202bb40cee49cd6598e67902426bda
SHA256

650949980f90160fb477a3a982b4784b802d1f323316d536cc0ac673ad6c5079
SHA512

795eabe05e546122d5f22f75ede9f22d3222979473149ca070567003eef2a6db86b5adaa0573350d23814a1129969b8a89b5ef0db5ccccb6e293cc695864ddc6
SSDEEP

196608:Dm6283ozh+7urCT29BUXRU4mRrcmYSHaciE4+L3p29/YDAT22vUqhJYL3p29/0Cr:d2wuWm5/bvL30YkT22vUqhJYL30su

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	io.dcloud.yun

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	io.dcloud.yun

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.dcloud.yun

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.yun

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	io.dcloud.yun

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 5 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.yun
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.yun:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.yun:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.yun:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.yun:pushservice

Checks if the internet connection is available 1 TTPs 5 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.yun:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.yun:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.yun
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.yun:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.yun:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 5 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.yun:pushservice
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.yun:pushservice
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.yun:pushservice
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.yun
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.yun:pushservice

io.dcloud.yun
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4298

io.dcloud.yun:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4425

io.dcloud.yun:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4572

io.dcloud.yun:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4728

io.dcloud.yun:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4839

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.yun/databases/cc/cc.db

Filesize
36KB

MD5
5a972f80b0eeadf481412b1645e527a9

SHA1
2503accc4b2d709e062f9121bf56b915d90a8e5e

SHA256
1a5987fab5f989434e0859d88848a23d7f0d04c79f17dd3238f4bbecc04a3fbd

SHA512
5abd3ddfa1ad84247d2b7f7ec6593f0d4da389a936d207c4a94901468d57c2f80d14b62702ccc9c031c724cf9a5b91c6897f537d9c99eec8e6b2583e26dfc0c9

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-journal

Filesize
48KB

MD5
f88092eebb41642bb3b5f5b62b263784

SHA1
96a1c7186c47c9056427366ff0ab4383f5a89471

SHA256
261ced864d5ec4270a66972e1694ffb2e8b37380059178622f44a7252735fb3a

SHA512
886030dbe6c1ce567be0be22ba38fccb21f1d0050dae025d3c40e1af3648d4580b9bdea4cf3ec1fb4727d77bbb219e72d31b652769c5bae184d28a14e202c14b

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-shm

Filesize
28KB

MD5
670d8bc46551c40a1fb9ff8ec4b72092

SHA1
82253b089122b4d8c7ae61dbbeabd9d037ddd49c

SHA256
ca2684e4da544d08c906c70f147d8dbc91da3a7972d255e6a00e1c99419f78e2

SHA512
4977d35230c533e26162cb0e4da38345a23a87ff41510685e755a52152fc78d0b027e8e8942fe10ae28fe332b16bb9a7ba0c0644ec0efd635d579515c3d5df67

Download Submit
/data/data/io.dcloud.yun/databases/cc/cc.db-wal

Filesize
48KB

MD5
20253a3926d907442cb8a72c8d0875d4

SHA1
2b926361e8913487d63b38b3b8581a2073f94a16

SHA256
5a049b1d4d2d35171fcf19c9efc757c111c5bbbb525efc8c6c0c69e56ae5e13b

SHA512
7d684403947be8fd0e7ba1bd10fc8b4ec9b707210c51fd3b50ab7551953543b7fcb65d4d058e462b1086149b3f475b29e20081ae495dc5d48644369246e1a400

Download Submit
/data/data/io.dcloud.yun/databases/pushsdk.db

Filesize
237KB

MD5
2ede7e19521eb861d868620485925dd4

SHA1
fb67849e8780c5b897450aad2dc2e866c416de25

SHA256
8cfd38ce499293d0fb0386147e009315ecdca12be6d59d7cc3c9fff40dbf08ac

SHA512
becbfaaae7933b2d94f24d0a00d070b453dcbf0fcdc9ee082c1235d83b5f46ecfd4a590e458218a860ef3cfc11af48c2c35b6dfbf4c20938df75c08c3a0164b4

Download Submit
/data/data/io.dcloud.yun/databases/pushsdk.db-wal

Filesize
116KB

MD5
dd4722c964b9975580b30de19b352761

SHA1
36b59e36cadafa54968b03bc5d0904d3ec1eb7dd

SHA256
3d942bb8b457aa1a7ff6b8da134308a8e50d15926f63d497024738831d171e05

SHA512
adfbbf99a3a68858c4636f4815e393e883600602259e0ba3b65ff476fe4c449557399162e31b2d943a43a5af54097c509354136f7b5130a6127824e0a45fa020

Download Submit
/data/data/io.dcloud.yun/files/.imei.txt

Filesize
32KB

MD5
ef6de68731e01f2d22114f662052061b

SHA1
115ac40ce5dd55d5871eaaa3d994887fa8783d0f

SHA256
b186611acced1ccc149a80c112589e3d8e79c6808f87bcf7b70f502431c59e32

SHA512
0fc496432ed49c87b5756ef416a72a67d3adc73669679817651ea811aa722e9c55532ab3a57e23a82b87f66f9802810f56b44c34cc4fd407d3f931414ec01629

Download Submit
/data/data/io.dcloud.yun/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
15001b34db39765b0465479db52bc4cd

SHA1
aca8f78f97accbcd8afcb1f42241d2ebc78fc32d

SHA256
01a312c5f37e95dcfc54fe5b8e59d4dbae631e8fd76e2781d65082fc3a069f7d

SHA512
6c077da34c96d79d64e791a4c9798c17c74c689b30ec210d8c98db0d80a30964167068dc0a70e17a84d8d17c0d703edf0e41643f37b1ac71375ccc5c0f7c6342

Download Submit
/data/data/io.dcloud.yun/files/umeng_it.cache

Filesize
498B

MD5
65240f57f35c8bcf7fd64cb1d9d8b743

SHA1
13f2250d205aff78e75180bc82991ba62ef7fb7c

SHA256
830f38efcbbd0d8eedd29d2bf25439730e71c544a909b5ff08da8c82d272fce9

SHA512
85437a663f7ad5ce078f35507f3e50234fb6446dbb67693fadcaf90c10ff1f68c7169c0b9fefe2453cfee195d63e3d57dd00a18237668bc8a48f7f8432418be3

Download Submit
/data/data/io.dcloud.yun/shared_prefs_ext/test_app

Filesize
32KB

MD5
cd3a330290e5c3487c0819470756a65b

SHA1
425ac9a5d66fec3058335c1f720c5d72926afeb2

SHA256
e5b5bae4aab22acf880f1741c2461e71b38b7d304f70e7950ad6c75ef27acd46

SHA512
84d122a405338660609b525babfd5c6f26c3a8233c76e30e3a1f9e2af5520bca148e5d05586ee5754900368bb0593c100bfb58a0882104cfa4a5d89388a58ced

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
32KB

MD5
b15b00bf90b7c93b3665eda88fbc4808

SHA1
5d90cbaee0798753afcad7e6555a92d2567dd02a

SHA256
92882182a7ffae56437ee1b2b3a68ddc0594b28c1e3a4254920023015cb4b429

SHA512
cbea5c61e2043c01bbf5b0ba79e45106bf011e29447317a4bc66560afb52177f2268f5fd95d84868152b25b1aa4368256392d24eed3f4fb9a56cb2eaa1b27059

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
a743bb57df5f578da2bf182c17984bef

SHA1
0268022c1ee670261627423cea158a540e7c5845

SHA256
98b870aaa103bf0afb73e8e3222348e820cadfe373dd9032e9acf00913c0ed2b

SHA512
f8fed05efa59790d6e583a9804023e05185e9b956688f14b6b0f3df9e960b802c429b7cbd082824c51cc6f93dcdf30867ba677772a921ccb8500c9044dae7049

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
512B

MD5
6a3a2fa4a76c9b84687fe8b0f764c8d3

SHA1
809e0226f9e6bccebcb1399fa8b879a893171dd8

SHA256
d022398498a4d7891aea639995460dc7ff51eb5a20c6824da4d526daa0ce097b

SHA512
eac979eb6418e0e142b54ac8689627b7388c3bc9f6dc75294b4897a0b1fb33fa90957464def3d296969ec795c0837f5ee63d712be97741edd1337609e31d61e4

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
44KB

MD5
42675c3c42daf37e6a4075b0dde6610b

SHA1
63d2cb55a06aee48c53ee4b536465805e85faa96

SHA256
60b05aced4772af8b8e408bfda18cc78dffb107d8933769b534c831fc98f2ce8

SHA512
26d14b905d1e183a11e92e6a540103bcf7ec19039f856ef4bcf4f8f8071d23f4181eea0eb1c5ccb1a87628997a2e7fb46cb804630ff427c9f5867e3c59c2e621

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
7fe06b0da2c6ed7f69e3f49b99a65a3f

SHA1
ddeb393336978273c0766ff9b46dacc2850cd0e1

SHA256
7184078e5ad46676dbed68dc0feb452889b54260eae471cc622b9725bf3ef704

SHA512
86175101497fa50e499c0cc756dd160709ff915df0d45c1cf14329b92bbd533078c16333203c040ed4c652a703e4fe1f6456c119195147ac36585a609706823d

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
9457eb7c2b072693647fd1efb8cf6d7f

SHA1
45f914c640e3dd7fee73dc208757efc81b8030b7

SHA256
ffe096ee228453cafde8dd3a8e2493c7450dbe69478b8823524d09cc51ecb596

SHA512
84667c29cf3e1294255ebe3a0e7919feccd46fb7b49099a14e92e99a485de39206e59dc368b719cddfe1144bf67e917cdd9f560a9fcaf746229f801871fd036b

Download Submit
/storage/emulated/0/Android/data/io.dcloud.yun/cnc3ejE6/eje3cnc

Filesize
32KB

MD5
1c4274aa7a9a5cac8c6d1df71e4588c6

SHA1
abaecd685e01cc68801292e3dc7085654a22feba

SHA256
3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

SHA512
1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads