da8b1ecec30c9f67701b85703f988d7a42bf71e70aa457b53fce45640fd593b3

Analysis

max time kernel
63s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
20/05/2024, 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c6de39974a745a3c92a758dd00ba2fd_JaffaCakes118.apk
Size

20.0MB
MD5

5c6de39974a745a3c92a758dd00ba2fd
SHA1

358f5b38d7eb5b2fa9b7c571ecbc18547e72c305
SHA256

da8b1ecec30c9f67701b85703f988d7a42bf71e70aa457b53fce45640fd593b3
SHA512

8283774cc93ce08b18343d6b3e6272eab1e789658dbd8a78dd5531612b7436f00bb3327bcc237e618ac66ccbdbd50ea5f22b0fcdf6b3fa692bd33d49566d5cba
SSDEEP

393216:JscfAfUI974qRyD29LPYD84wlcOLwJd9X4:yUsvy6FAfnXh4

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.baiwang.instabokehhh

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.baiwang.instabokehhh

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.baiwang.instabokehhh

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.baiwang.instabokehhh

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.baiwang.instabokehhh

com.baiwang.instabokehhh
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5192

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.baiwang.instabokehhh/files/.FlurrySenderIndex.info.Data_FXYNKQW6PF8Q7RS3DBJB_151

Filesize
42B

MD5
d299e31af1518b11b9fd03e74646c5ce

SHA1
586bbf7c5594a9e77d471db97aea4cd2cab77069

SHA256
9a77a57d9a4ec5a89c20adeb5b39b3beec96f4553fd780cfa49eedecf6f59aea

SHA512
20d1064a662758bc0b0e84696e593edb63f177db6be29e2ac341db37234f7c4dabafa60f53d4a7e5592e99e7b8f8cb8f0418965885842b42d30e0453e15acac3

Download Submit
/data/data/com.baiwang.instabokehhh/files/.FlurrySenderIndex.info.Main

Filesize
35B

MD5
e1a2dca2f4c319869d2b00ecae21b88a

SHA1
0d95a7089ef0047e4bce1a4e5015d9c0440822f4

SHA256
4211c02b5d99ae2f9156a5c622960764c5942dce37c5ff02656b8a4d11ca70cc

SHA512
bd06c69115231d9f16dbf8ebbc49d21aee98205dac75e9bdd9d18d142056fec809476bab2b6caecd96c07a994561a819352d838dead009546320ae082b1fe3c3

Download Submit
/data/data/com.baiwang.instabokehhh/files/.flurryagent.-2b1423b4

Filesize
58B

MD5
de6601dff838866f7a56bb1f48e49f34

SHA1
fb797e822a18205effb4304d75fc7a7d09a69e37

SHA256
ce8f7c4c0acd4073665632586706739cc88f7bdb82d1b028d0d714904c956e31

SHA512
0641a701307d351d91c4cec166dc5a12d00d78d8957cf777c3ecdfeef6eb88a434915d4669fdde0b1a489ed0e30517c4ad1d8c2972a1e679b7c2dc143fe1d8e5

Download Submit
/data/data/com.baiwang.instabokehhh/files/.flurrydatasenderblock.144c759e-0b6f-4f49-8f5a-d9f004698879

Filesize
253B

MD5
0baca4c7059fec73fb4c21bf5e4e9c45

SHA1
9346a6b3eded14413fd17b02731ba5bef728842b

SHA256
2d4bf923c133194fe5a666606306bccd0a930e88c2f28702440b2b6e161f7874

SHA512
32f83496aa38d664aa6c07e382c191284dc45a56f8900d71387a252826c7aa05ce8dea2b88fe35b14bae263802f0cc91da0b4639614af19aa99664d1bf7d178d

Download Submit
/data/data/com.baiwang.instabokehhh/files/mobclick_agent_sealed_com.baiwang.instabokehhh

Filesize
527B

MD5
20ee44928f2d800239729fcbe2d52359

SHA1
7abde7da2a694575b42fc5c03db536bf39dc9c5a

SHA256
9dd7a80c3b50a405ae0cbc040bed632b46d4810d64ffa27f43ae2050f313e753

SHA512
6f7ecfcdd2a1acaf0280edf1d29e3c4ab37f5b94beb5eea8d85f72137848160d43bf21c5c1c3d23aed13ecb70803779a66f1d7c6e3f97bbfa623eabd4f7cac99

Download Submit
/data/data/com.baiwang.instabokehhh/files/umeng_it.cache

Filesize
148B

MD5
e70836a7c419e36250cb4aafc62b3979

SHA1
89c3c26cb03409bc1f73ad709998738e1109201e

SHA256
a990f644ae09a6b6d9483812c505a02f85f6b198a4a24e03f3ea70e476fd15c2

SHA512
42e34357032fbca0e9a57d0fb2126b1d790fd4bcec2fdd52ac3e63174119f001e62eb9741a64d883a80434cae5fb51cde04b4f5b62d4d7e18bc3374537b64cee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads