Overview

overview

7

Static

static

6

4f505fbd18...18.apk

android-9-x86

7

4f505fbd18...18.apk

android-10-x64

7

4f505fbd18...18.apk

android-11-x64

7

plugin-deploy.apk

android-9-x86

plugin-deploy.apk

android-10-x64

plugin-deploy.apk

android-11-x64

Analysis

  • max time kernel
    179s
  • max time network
    181s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    17-05-2024 09:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f505fbd18622b6c35cf165067af4066_JaffaCakes118.apk

  • Size

    5.2MB

  • MD5

    4f505fbd18622b6c35cf165067af4066

  • SHA1

    e877c473542995545b20d5875abf923399096ede

  • SHA256

    f2d50027840a8938ee1bf2f74de8f0128e255ea24589aa53b4e986d2a9095fd2

  • SHA512

    9ffc1273be2b11fc5db4dd956c2ca27779e92acd2c4f7dd90a4c08fbba9ff71639183848caa029d3ac5424b210377a7ea983aac39e45e91b7aa1904baf98a117

  • SSDEEP

    98304:lCFt7jtoVfcjNBkBgXl3ucyXg4VIO5fSVdOIIJx/5/MOCbviZXkym:lCF1jCVfFgXl+cyXgov5fSDGB5/HBXk5

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.dalongtech.cloudtv
    1⤵
    • Checks CPU information
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4262
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dalongtech.cloudtv/app_push_lib/plugin-deploy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.dalongtech.cloudtv/app_push_lib/oat/x86/plugin-deploy.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4288
  • com.dalongtech.cloudtv:bdservice_v1
    1⤵
    • Loads dropped Dex/Jar
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4318

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dalongtech.cloudtv/app_push_lib/oat/plugin-deploy.jar.cur.prof
    Filesize

    258B

    MD5

    24a4c812247c37c3473bb0ec8e99ec52

    SHA1

    11975ef5c556883916e92466d98ca099df723c34

    SHA256

    704c0ae4255ed618f0a69cda19c14b2433bf3f610d9156ef462975e238d44c82

    SHA512

    a71a26009ae9cddd9f02697f80baf6456fc21bae65487e831c21809c2e0137674470a98d388d75e2e5ebef603b6b628b2021bececa06cbc8d5a1ff929c5e9b33

    Download Submit

  • /data/data/com.dalongtech.cloudtv/app_push_lib/plugin-deploy.jar
    Filesize

    213KB

    MD5

    e70723b8f6c4c7c09a6019733022cf53

    SHA1

    e3ca32166c65e4dc73c21347ab22d54a7b5a9a83

    SHA256

    32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5

    SHA512

    461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd

    Download Submit

  • /data/data/com.dalongtech.cloudtv/app_push_lib/plugin-deploy.key
    Filesize

    174B

    MD5

    0962d25125ef0ed46f690676d6409e8b

    SHA1

    38da7a16fc055a1b8eab4a9935bac9f07b39c364

    SHA256

    71aa6948040d527f83d5bb2f7a0c93f50d2a23d49d1fb9ef1706acb975b085a8

    SHA512

    3ab2adf164e2a264dbbd6b83ade9b25fbe741e917884d1f4395e2802315422c4af126143db87ac118b3aac1639b349fa05a38f80e21180e097411adbad941a1e

    Download Submit

  • /data/data/com.dalongtech.cloudtv/files/.um/um_cache_1715937429024.env
    Filesize

    630B

    MD5

    3f29364be18f0f6f6e205d230442bde4

    SHA1

    27f415699c6b8ddeb8a8f042f6853d9cf024538e

    SHA256

    d24a1c3191d43edd53aae071e1053dd49869910743cc30f65290b83f67761718

    SHA512

    41ca0ff28fa41f576a7c02758e543a076014b82e52d58502d3313033e683d41159ea5954b1ee6c7e739f09a97527a1667d93b45c08c554925666484205efc381

    Download Submit

  • /data/data/com.dalongtech.cloudtv/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    2227ab12d6d7d3ad0cf26e44f0e411ce

    SHA1

    d7d663cd24797ecd469262ce6d1bd705f1e9091a

    SHA256

    ee383e9e0898ff79cc51301158045cc5313b51783e36772706c4d7722a78eb90

    SHA512

    601371cfa5229a5211c06113b89862e8e7145bc9571174f7f52361da26e7ba1a695e7e01a0301d0d1b640bcfd5e44aaf36c9254a70d4b562e7595f53a6e35837

    Download Submit

  • /data/data/com.dalongtech.cloudtv/files/umeng_it.cache
    Filesize

    310B

    MD5

    c23552c4b4637119e9b832cb7ded13d5

    SHA1

    4b0d8ffd406e408b1fa6e4b89733ce32475de488

    SHA256

    b6baebf2d74964a86dd9a011c5786672bad98588704858ed87de0e61516fb33b

    SHA512

    06781cf61de6c20e40f3d2c9a8f0123ea647ba6c7a2cc5807082d07c903e85f44b397025cda395e53ad9784390e61792dda2182ef92c31f9f824dfa47266308a

    Download Submit

  • /data/user/0/com.dalongtech.cloudtv/app_push_lib/plugin-deploy.jar
    Filesize

    530KB

    MD5

    5597a541eabd3fb792c581587550dc4a

    SHA1

    6500b0ff20c75717e1cb67dcee76b4641a4e8a35

    SHA256

    473b02216f8d2b5ffb26571e51ff322e3ce04ba45418408452bea103576ee8e2

    SHA512

    39b4acd82f67f11140cd1b0b4291e656a4a46ba63064509977f3f1de24a931dce83964f031e16ccab95cf0540ac5f613ca87d7665ce99f1c1ee4a0778e2c19e2

    Download Submit

  • /data/user/0/com.dalongtech.cloudtv/app_push_lib/plugin-deploy.jar
    Filesize

    530KB

    MD5

    bdfa71feb08b80b649fddcd7488b03b4

    SHA1

    bcacf11199fd2c353034a7271b5dbfe2dd4cbddb

    SHA256

    f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d

    SHA512

    37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

    Download Submit