f2d50027840a8938ee1bf2f74de8f0128e255ea24589aa53b4e986d2a9095fd2

Analysis

max time kernel
179s
max time network
186s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
17/05/2024, 09:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4f505fbd18622b6c35cf165067af4066_JaffaCakes118.apk
Size

5.2MB
MD5

4f505fbd18622b6c35cf165067af4066
SHA1

e877c473542995545b20d5875abf923399096ede
SHA256

f2d50027840a8938ee1bf2f74de8f0128e255ea24589aa53b4e986d2a9095fd2
SHA512

9ffc1273be2b11fc5db4dd956c2ca27779e92acd2c4f7dd90a4c08fbba9ff71639183848caa029d3ac5424b210377a7ea983aac39e45e91b7aa1904baf98a117
SSDEEP

98304:lCFt7jtoVfcjNBkBgXl3ucyXg4VIO5fSVdOIIJx/5/MOCbviZXkym:lCF1jCVfFgXl+cyXgov5fSDGB5/HBXk5

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.dalongtech.cloudtv

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.dalongtech.cloudtv/app_push_lib/plugin-deploy.jar	4578	com.dalongtech.cloudtv
/data/user/0/com.dalongtech.cloudtv/app_push_lib/plugin-deploy.jar	4625	com.dalongtech.cloudtv:bdservice_v1

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.dalongtech.cloudtv

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dalongtech.cloudtv

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dalongtech.cloudtv
Framework API call	javax.crypto.Cipher.doFinal	com.dalongtech.cloudtv:bdservice_v1

com.dalongtech.cloudtv
1⤵
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4578

com.dalongtech.cloudtv:bdservice_v1
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4625

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dalongtech.cloudtv/app_push_lib/plugin-deploy.jar

Filesize
213KB

MD5
e70723b8f6c4c7c09a6019733022cf53

SHA1
e3ca32166c65e4dc73c21347ab22d54a7b5a9a83

SHA256
32d35cd80b0302e3fcdd7349b4ff9a7b689ce080435109607ff79a834ff710d5

SHA512
461c0499193c5ef5aa4e2e5d358031e7d28c98c8e1e38d22b710271bf3b561c28232bfaadbc2c275357e31b7b0ad6bca798008328ac3cff3701c1c9cca2ddddd

Download Submit
/data/user/0/com.dalongtech.cloudtv/app_push_lib/plugin-deploy.jar

Filesize
530KB

MD5
bdfa71feb08b80b649fddcd7488b03b4

SHA1
bcacf11199fd2c353034a7271b5dbfe2dd4cbddb

SHA256
f8bd07a7afce2d102976afaadd33dc70336a0b06682ac8d6fe9544a08d086d1d

SHA512
37dc848b995def498d0c832a76ed0ad429db18f26a5e9659c2b77a63bff555560160b6be4d22387eb529b2291bb27ae21718ddadb315bd1aa4c092d6330f049a

Download Submit
/data/user/0/com.dalongtech.cloudtv/app_push_lib/plugin-deploy.key

Filesize
174B

MD5
1ea8459a688352c3573a8e80727c2644

SHA1
9b47864e96eed98798a6da2b8860c8f8a68f089e

SHA256
be2c0f9e472138a78d35f29013fc43dfeae991806dfebbc5be5c8dc86b8a1093

SHA512
99a26c03e760fdac91546a47e18e58851996b7e38e93812a6be23f1eee64370323ac492c4c224bd419d91566356fcb8eca3989ff4f2ce41db3d16301fa9dd75f

Download Submit
/data/user/0/com.dalongtech.cloudtv/files/.um/um_cache_1715937428203.env

Filesize
595B

MD5
9422995dbc9f7d2fa7ef15b00f07e88b

SHA1
6b5e338b11ec50cd33b5d34896d2e25a8e7e48db

SHA256
18a74acba40366f240b5100772ba7e7f0156b376e156332641a32390f2ef3a91

SHA512
7f3c296ad4fba7405119a2037c4ff7f8070cbfe269196a4546b704e2e50355752cd23133cde9039384419f0e4a8bd941c2a5da5629bc7a5fe6dadd57576d2643

Download Submit
/data/user/0/com.dalongtech.cloudtv/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
284610f2e5208bc3404f9253948c514c

SHA1
7e90a9c1d7fa744d8aa0e6c18be9f51fd4ac7be7

SHA256
b537274cc8abc13fccd4c6b3d33ae1689de51b96423418e965ede86ac541ed91

SHA512
ee7e04d1ba3f601a2741f8ec78779e8342ae7641abbe12a70630869af959b29a4044f78f7000599d8936fd5dc912fe27e056538d9e8c1d9573b50f916d75491d

Download Submit
/data/user/0/com.dalongtech.cloudtv/files/umeng_it.cache

Filesize
245B

MD5
bb2caf8cc17ebd6c2fb97b0e42679f31

SHA1
8af38858f52432669e5ab8b3a23c113d379cb956

SHA256
ccd67c2d966d894d4eb0344eaf1f2101d7400a2a31ad858cadb30720d7d75523

SHA512
9ab212122b80834223b7f23811a6c10713e64b92108b7d813772ae11bec6eec18997ac328cd56aca63fcddd53b49d1d8d03a23390dcf2c298f773fef4b93f64b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads