3237c385c62fefee099301fe134da02b57914d291b842c1b7c1da05268907199

Analysis

max time kernel
9s
max time network
160s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
17/05/2024, 16:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

50526ea8767a8411f67faab08854a27c_JaffaCakes118.apk
Size

21.8MB
MD5

50526ea8767a8411f67faab08854a27c
SHA1

66e43971a63329d13db4288e865416db47f9e618
SHA256

3237c385c62fefee099301fe134da02b57914d291b842c1b7c1da05268907199
SHA512

304f4bf83ffa5becaab2b5b5792433593eac5a9dfa01ac7b0a10f71001cc1c10d1622a1178bce3c2dce26382feacd2981c9e515ae36a3e2dda99ec8125341acd
SSDEEP

393216:G+urm7PnVsxgenY+dksslhbyI0Uln5wbbdn2WdEtduRmBWN07A4VQ1Yf5tjsT4d0:4mbn67dkjh30UeZvWtduRAa1Ytionud

Score

7^/10

collection evasion persistence

Malware Config

Signatures

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.mroad.game.uc

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mroad.game.uc

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.mroad.game.uc

com.mroad.game.uc
1⤵
- Reads the contacts stored on the device.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4279

com.mroad.game.uc:remote
1⤵
PID:4317

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

Lateral Movement

Collection

Protected User Data

T1636

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mroad.game.uc/databases/local

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mroad.game.uc/databases/local-journal

Filesize
512B

MD5
a9c4ec7b38df1c56c8496b8ef9805343

SHA1
8a6ca8601739144cf93804b7f799cc93843d6489

SHA256
a4f8e140608c2d418d1152e3e3f1ba819cb65d2bf09ed42ddbbbfa72bf901dd4

SHA512
05337b1b4a61385a0a8569c34a4321ebc135b71549d0a815bbf6d90d7f40ba9b776726a7aa0b3ed7c01c3aa34d1a1316ec79a49699b090dbf0c1eeb4371710b3

Download Submit
/data/data/com.mroad.game.uc/databases/local-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mroad.game.uc/databases/local-wal

Filesize
68KB

MD5
0c9f508bc564c9b3237983fa13ae8ef7

SHA1
6d054bd077e57a2d73085c8d03b72b02d7a9505f

SHA256
6862cf50451e397b2faf3917595bc08625929b4a380c11f8ddd086d983fd0ba9

SHA512
e96274efba6bd0bd31ca98b654585acf3b17213e6564c9ee5a2fa2ac0a7c558c814d069dc7ca097fa92e589c4fbf07ce3cd4f1fe437e3c89d860d4130eadfe2f

Download Submit