4499f7b775d18998fc1ae4a6851e66ebd0f51017a758f8320687a738a16c5771

Analysis

max time kernel
179s
max time network
185s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
17-05-2024 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50782829adb6127099f799f794572868_JaffaCakes118.apk
Size

4.9MB
MD5

50782829adb6127099f799f794572868
SHA1

bc1eaff041668d8015c8d3ba0eef949cccf23dd0
SHA256

4499f7b775d18998fc1ae4a6851e66ebd0f51017a758f8320687a738a16c5771
SHA512

ce001abf5ae76683eca6e21f908684bbc728a4d0a1cc73d17bb6bd5b5fc76321feaf3e1149f81dcb190a3f58c9ff24c3053a509073031c1ccf349f1982d631eb
SSDEEP

98304:7HDcwyHRXY3osK/aHhpg1RltnGyKXHdirV2UqrE0SCqIsQgl1FesZfr7CzLLw/oi:73+1ios0aHM1R7G0rVNqrNSCxsQM1z6Y

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.syezon.wifi
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.syezon.wifi:remote

Checks CPU information 2 TTPs 3 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.syezon.wifi
File opened for read	/proc/cpuinfo	com.syezon.wifi:remote
File opened for read	/proc/cpuinfo	com.syezon.wifi:push

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.syezon.wifi

Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.syezon.wifi:push
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.syezon.wifi
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.syezon.wifi:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.syezon.wifi
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.syezon.wifi:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.syezon.wifi
Framework service call	android.app.IActivityManager.registerReceiver	com.syezon.wifi:remote

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.syezon.wifi
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.syezon.wifi:remote
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.syezon.wifi:push

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.syezon.wifi:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.syezon.wifi:remote
Framework API call	javax.crypto.Cipher.doFinal	com.syezon.wifi

com.syezon.wifi
1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4324

com.syezon.wifi:remote
1⤵
- Requests cell location
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4385

com.syezon.wifi:push
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4500

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.syezon.wifi/databases/UmengLocalNotificationStore.db-journal

Filesize
512B

MD5
6d2a735a349d950d6a8a7b899eef95e1

SHA1
8b9abeaf87b90031aa68da3a40734516da5e8493

SHA256
9406ffbd633b68d131cf2b5989e06ed572ff188e346f786563424696b48676b0

SHA512
2b92c61123097a0817b903912012152ce2249be52f630a6fa01e87bf8f24f7a7516ff9727e36fe450d885f46d393f52cf8856df420517503b18c222d6c7d8650

Download Submit
/data/data/com.syezon.wifi/files/libcuid.so

Filesize
512B

MD5
d06b1b61e5bbc63fdaea51112bdc187c

SHA1
7ac3a306d4d504577161cb49782c758216fb1be7

SHA256
212e17b333696d2408bd30e08f4e3202225cd5effb6c26b82ed79707adad573c

SHA512
75a21977315fb1790d5cd2925c28c069e0ce6104ad84bf61edcfbf68c21e5798b46607548c4c4ed8d651017c1376e9d06fd85922033ff382baa8df7c5e02ad9a

Download Submit
/data/data/com.syezon.wifi/files/mobclick_agent_sealed_com.syezon.wifi

Filesize
690B

MD5
30972347a127ff1c4717bbadab1cf978

SHA1
8905c653fd5f78e9d082cf362bd37c1571de14d5

SHA256
71c486d1312954599009cebf55bcfadb2d6abbde234bcf2becca76f8b7f6187d

SHA512
963319786f3bc07b3849e6f895475a887e3dfbdce20e7fbcbe67571475f1336496722b76524ac3f98def8a8690e5c3ccd09e519d30769d4779738f20381978e9

Download Submit
/data/data/com.syezon.wifi/files/mobclick_agent_sealed_com.syezon.wifi

Filesize
685B

MD5
ddbb24a072a6ff36925004645f3f0d54

SHA1
729ff8ab70442668d5b1fa679b2ad03f23950731

SHA256
8486d6d15c3d4b2dbdd33e7a02701e407e2c936476e20a350a25a7af815f5cd9

SHA512
0fc3040acccda9d14b10e87ac7033702e4c68898ee5e99539703325b31d8e95be6f91d8c456bd5262afe8a3315b8032cd332951b666452d951e8125e0b806e76

Download Submit
/data/data/com.syezon.wifi/files/ofld/ofl.config

Filesize
589B

MD5
a98ddc5fb81d37992477cbe7c3ebd882

SHA1
bb2a01459d5cb2e78ab2936bccec8924936a3644

SHA256
5dc9f69a8a5a5e9c5b0d17076aee58630aa44a8bf89c5b391ba744ee50682e60

SHA512
9508a649f0ffb2e63fec0accb33c7b6a780e172f81bffd787af8d64cc9e82c86deb7b04d9f79575331a543bc9a076f18a7522d4f20f0e6cf295e91d1114de1d3

Download Submit
/data/data/com.syezon.wifi/files/ofld/ofl_statistics.db-shm

Filesize
36KB

MD5
2e9b9b5fda2d7f5ee2e129d651935078

SHA1
40fca833469eed19251d9fb79a73434576305685

SHA256
d5c0819f926ee69c1f88211e3835994f695be4329a3e444bdd3c7d5c65a9d000

SHA512
dd1131e947565f026bca994f023905c03eddae41ec3506c2dff7d46ef2d169a9a0fdb854711fc787c26af78bd82d5a8cbe045379056b9b9eae19f62f8af1108a

Download Submit
/data/data/com.syezon.wifi/files/ofld/ofl_statistics.db-wal

Filesize
156KB

MD5
f05e321ba81081ed0ba752a484636ec4

SHA1
bbcfa21c39562f400a25126f91e4cec83899f8fb

SHA256
23a40b5b4dc067a25d49e6596b04b46333d0a22279c3f42f0f5bb7fe013c806c

SHA512
60f1143d1a17a30225d89cb7756f131c296cc9d93dc6c98da6e11724b777428b5d3c32ba64a0455dad484d6c28031ba0131eaf61059e67d0b7d24cd77aaab96f

Download Submit
/data/data/com.syezon.wifi/files/umeng_it.cache

Filesize
52KB

MD5
99d1455a50cfeba05517c654463d01ad

SHA1
753c60699c9a010b426df653278a29371f65cae4

SHA256
e195af14589f6157534c1d7b9fdccff23c6495bbcde88ea1993dab1120176f6f

SHA512
0ecc21fbf0852a4688781585474abb87f43894d67a8eb254c01e317f9b1be685581641ee174bc55ccc19441ff64f341223e293e986ef6760a33a0f4d131cf819

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
778B

MD5
0abf9bbc8f7cb1e2c045fb5fabb151c2

SHA1
2b2fcf4407b3a9eccc85e2dc8ffe76acaab8b314

SHA256
4ca62dc10cd1613b949ee1de579a09ed4e6ad89fb6c14f095ac4326c8e20f8db

SHA512
00864074389ca562a38f0897432786be86aaf43d7f8130235e45b162eaabbcd4c758fb03640b48ebc670e2d7aefe9577e010c968917b52c1b92c9307e22af08a

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
578B

MD5
772e4e708b96bc5742e2128a7d317414

SHA1
cb790abe93b45c13219a4df161253c77fa843780

SHA256
3e0f43f5317c71100f42f204a59a95740da3313610dbf7e9b18c85e4034396f2

SHA512
d9cb585bf4fb3ab9a6935c1eb3ddfd889d1f034ffb3d4ca10939c4b4fd18e621dc81306c37395d61054bb8a4e4cdd4819572b9cd71503a758abfd056f793116b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
436B

MD5
9c331c31b5ed423000fd0057d803bb0e

SHA1
4699f1fef9ceee43fe59fe7f7e96973073132243

SHA256
417c2917925f6ad86bbb02fefd2e38539fdb6dfcdd3add243dc21fecfce3c211

SHA512
565138edf167b709b2892c2a0b8a4929110c1c1f29f7624af9f0bff415015f70177b6cec4b2d0d207865623a763c4b6d0dd80d19992c1a791fab13cbb0fbe8c4

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
485B

MD5
b834904df2f4e1f2eb4fd35f2e0f4b80

SHA1
6d351e1c9fb912c48b024f5b38d694e2a9014e68

SHA256
d78934d3d2404f375c505619cd8787526ff1e5874553b4d1317431dba6953b3c

SHA512
794a7401ad5b9f36d65c0f23f768269ef594cd4b37679a056081742af6f0b480a0b1252dccc3d999f1523083eb1d67646c2372411475917a7ae1b4c55d120639

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
28KB

MD5
ac40dbf850fb4c83e2965da5c791a566

SHA1
087a05c09a9fbc0793dff85346bd781e8d963bca

SHA256
a78d92c1a9fc447a39f8dcb239679519cbfbb1b4fa41ae674ef6aabcdbe29e1a

SHA512
3ded01afe8162a7463ae77ac2f5a87cf6a91a27a58f5c1ed100dc346a3d17cccfefbdd4c1ef6fa43b5ddd02b2edb94ede1c1b27e6013432f3d4c21fcb45e2376

Download Submit
/storage/emulated/0/.android/mobclick_agent_cache/com.syezon.wifi/flowadd

Filesize
512B

MD5
a851097be64c43476b1985860235ff6d

SHA1
01aece54ab5470fcb1caa57fc022d746038046b7

SHA256
479cdaeec01d1e5ed83a2997d44035aa2e67907fa1b9118525f3289d6a5b76b3

SHA512
b6472a913e685a9ccc30226dd35fef23c12ea20a3a06b68adf8d9542d2797e3d8d058681ce113e52748730724a4b5b100fe9de9e54f88f1eee6a3b20b197023d

Download Submit
/storage/emulated/0/.android/mobclick_agent_cache/com.syezon.wifi/flowadd

Filesize
190B

MD5
4708d2d22a9a0f14f7401aa3f0529aa1

SHA1
3df9237276ceb5ae067fbc3efb5a5b5813134e1d

SHA256
97e91c1c02e349f7c1f54c1ded5d99bb82a5d34b98215e77b9d947157af3ac68

SHA512
99160f058fd46f6fc6b133f02a4d260cbd90194df046dbf2b0310bb736432d2d3212260abf0f45e6292577eb9c6b9530fedfef0afa31f4f77aff2b0533696631

Download Submit
/storage/emulated/0/.android/mobclick_agent_cache/com.syezon.wifi/init

Filesize
362B

MD5
d56668a51ea64aaedb5f76ce3b63f6df

SHA1
d4efc83a56afbb79f93821989fb27d2212bf8c23

SHA256
4c45cabdbbe07772574016fa9f929638973c4eee2e681ab8ec6b2b2e44d82ba7

SHA512
393b2e4b5a782f4c486a62e20345c50f01fcf4dd5d86a7f175112643012fdd68480bbc64aa671fbcebf07032b814fc89d356091e26c0d58d88e58cc7e58c75b9

Download Submit
/storage/emulated/0/Android/data/com.syezon.wifi/files/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/Android/data/com.syezon.wifi/files/baidu/tempdata/conlts.dat

Filesize
152B

MD5
054b8147fd56ee5611e9692a8cbc22a0

SHA1
68b20f2316a3e79853d38a61345875a056e85196

SHA256
26e631168b56222a6b7b925525cbf6decfe346c0a9d8447edd9d346b20ebd1c2

SHA512
40f8dfb54b8939f6a3f004ac5e20c1c505ca29adf841cbb7da771e1b5fe01535d224fadf0119f6ebf5c69fd911eb61846b7394089f6e6d24259baf57cc3fc9bb

Download Submit
/storage/emulated/0/Android/data/com.syezon.wifi/files/baidu/tempdata/llg.dat

Filesize
24B

MD5
161557b06b4a4d3ce095528dea370eb7

SHA1
8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

SHA256
f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

SHA512
96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

Download Submit
/storage/emulated/0/Android/data/com.syezon.wifi/files/baidu/tempdata/llg.dat

Filesize
494B

MD5
f8a08e083449c66e783001576e1ffc1e

SHA1
a2b6eaf4ad892b4265acca60be0b539698c1c582

SHA256
c820575c3c23936e8e05cf3cf428a08d3688053b0e224631fe85c92c138971a9

SHA512
dedc23db8557a0ea5c6ca1422b5ab1341f486d54e3f02649246b9b4d6831533fb6963e659436c2ceff64ee935c0aa395f8468660340c335d78cd87c3e55b0ac0

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid

Filesize
48KB

MD5
23fc7dc015aa37498939a6be71d1bebb

SHA1
f61319c2c6c55a5c07ef56f9c5fc34d95f51a097

SHA256
3d0010ff3720b7dc8cf97464a9b11797386e8ecaedd70f317795b64fc1d6dd20

SHA512
5efadfaa3f98610743eaefbe84f486362b0fb67dfbda81fca78045466885e45c4d835260d0a4af57e4b373e41c8351e55188d3a99b554595bbd7310fd609ba7b

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat

Filesize
40KB

MD5
5f916dbd5ffd3585d29bee68c5f2810e

SHA1
cad4271645229fe9c444e51ec4a61e911f6b87d4

SHA256
2eacbbd18fc246915d44df47840c804f2af456f86241a635f19e892e07db5ee1

SHA512
89500b1d97fec753aca4a9abc3f50e602bd3cc8c476256b3d5e9c3452ee2307885facbb2a9257ba2b0d32583fc753a31c3f2b15fa647571fe376d145c89b6c8c

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads