00c1851b4d6be5c70241c9c0268e1a623ab9ccd5913399a870a6c64bb65f608e

Analysis

max time kernel
9s
max time network
160s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
20-05-2024 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e5fba142b81f9a6bd10404ffcfd023e_JaffaCakes118.apk
Size

24.5MB
MD5

5e5fba142b81f9a6bd10404ffcfd023e
SHA1

cea2d35031731b97c4f9549bdb4c101eb40f2d5c
SHA256

00c1851b4d6be5c70241c9c0268e1a623ab9ccd5913399a870a6c64bb65f608e
SHA512

94613301ce630ca7bc8994e40a57efb4a7928f20dc45701ee2756f2ef5ba4eea0dfe55c94826974dfbc30988067ed1b64bc70c4f5d299b80b268befd8580082a
SSDEEP

786432:sJuvJLqZvnOt1PaqJOrDFGPKbHMhWbv9Be/E9lJFX4cws/xSO7HGZpug6f/Mhz+G:vvJLqFEerUqmju//e7

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 2 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	fm.xiami.main:pushservice
File opened for read	/proc/cpuinfo	fm.xiami.main

Checks memory information 2 TTPs 2 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	fm.xiami.main
File opened for read	/proc/meminfo	fm.xiami.main:pushservice

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	fm.xiami.main
Framework service call	android.app.IActivityManager.getRunningAppProcesses	fm.xiami.main:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	fm.xiami.main
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	fm.xiami.main:pushservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	fm.xiami.main
Framework service call	android.app.IActivityManager.registerReceiver	fm.xiami.main:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	fm.xiami.main
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	fm.xiami.main:pushservice

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

fm.xiami.main
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4335

fm.xiami.main:pushservice
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4449

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/fm.xiami.main/app_SGLib/libsgmainso-6.1.33.so.tmp

Filesize
539KB

MD5
eb913b5d92b796eb399b125ae87548cf

SHA1
dfb945d92b1311086f9b8edce92687cf694c0252

SHA256
d6eb1e7a24c2a9f893cfdf6d863498027b936bcb0f12edc2575031ee003e63cf

SHA512
bf9e1464d8e1e5fecdd2775e6b8956384ee7d3d7aa62d0f4515b345208d5279b51ba1c2c7108c4807b7b42624410b4b24eb1de6381c302ae4fd9f05b979548a7

Download Submit
/data/data/fm.xiami.main/databases/usertrack.db

Filesize
20KB

MD5
afb0fe03dd3c6285f687bd8eeac67bc9

SHA1
a4835ac3a1378963f9b8b9f477ef9c5d9e53c47d

SHA256
b76f6f58bcfbe88904beb38e06d4dead94fb5be46397d82d0e9c7fc8b5ed23a0

SHA512
d2adb89b9dcc26873b40632ac0958d175dbee030bda357f32da06954b8e7183dc2186242a3f4c03f1325b860c859f19b846c0c31ccba7e1817b1d4a9b85de849

Download Submit
/data/data/fm.xiami.main/databases/usertrack.db-journal

Filesize
512B

MD5
32f5a9440d7d31391ca8141f36599552

SHA1
218f0df27dff1d5704d677c9f4dbd82d3ce72a6e

SHA256
6f81fb33ddc2f816e5049a99d4a4ffb9f40bdaa80bb3bbb0fd3c7ee9078721a2

SHA512
d8811db7a4bd552a23ff043f117a65cf451c45fb0cdfa1bac6362f84754d6501198838d45edf7118fdb4dd1c384d1b30ed596bb30b1e9359f89b9e2ac7678180

Download Submit
/data/data/fm.xiami.main/databases/usertrack.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/fm.xiami.main/databases/usertrack.db-wal

Filesize
32KB

MD5
8c1836c3302e0070b411d46ef13a5b83

SHA1
c91e403a3fdd593964cfb50470ade99a637a5826

SHA256
a73a5790642c7e8ca9be9b569cb8e875b135e31093560fa3b7221061a0905e77

SHA512
e1ac21e9f27cf863a3443e554a254164c6ffbd7c6803ba66561cc77b1e088b6c7c1f236d9725561135f440ae0352ac9fb584cbf1e10265eaf3fdd847412b609c

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db

Filesize
93KB

MD5
0a21f11e7873c000cd3d984fabfb24f9

SHA1
b48d9555abb23635993539bb0dc3cf8740dd6f21

SHA256
37a578616e6eb5e50bf17b95599b177bb5de0728bad87b7bdc996abe965ac9b3

SHA512
22b9f0cc34ff0fcb47a322718f2afc6de41d796ed09546edf8cfebbcb6d08f127d5c5165f8bea6631475dcedca1dd2cc20a7faea030bc06b7f90373b1f2e351b

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db

Filesize
1024B

MD5
c99d70f662dd0938b3df317e8b6834a8

SHA1
5f13be92862aa0cc9c2d1e44e1454fd1bf903e1f

SHA256
17cc759ab10bef7e5f8a6eeb029d4fdd1b8016617ef847fbb1b12e538287dc3d

SHA512
f5458b3c168545b3264b2dd8b446f8f5aa217e977fd96378f23c8ecc8a51a43b23430a089b6707496e0f73b7362481e6d60972164bc2233dda948f687e3ecb61

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db

Filesize
94KB

MD5
93cfd529da3ac31d41bf57e4fe01100d

SHA1
064d2358587938bebd5a361efb565d6d75f9311d

SHA256
df9a7d2b2b9a852e2f33b2ec5c6f598a397fc3c3212b62b9981d950819b39cbc

SHA512
28365e924302c646eddc226770f318be385d9a7bf3b48ab9b8b17d367a808930e4b584c501cebdbdaa0f1dca875ae1c36fa4fe6175d95e8228abb5c8ff76d2e4

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db-journal

Filesize
1KB

MD5
23fac34d2dc851338aecadb9539e96fe

SHA1
5690253b466bee26751674e4ab064bc359e1adc5

SHA256
0462c82fbe414199d73d5a175f96410d4d156fa638870b7f4e699d568e56013e

SHA512
7c64ebe15238b6129b7bb1904d84ad1929315257c7cba8d9ff18ebd3d6c8e0ce098a961c9708a86215425bd769875ab687f0ce5ea1595c3a09802b718a317b97

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db-wal

Filesize
5KB

MD5
97d9887361491afe8696a12b6785b71b

SHA1
7f7977a64b2df4931d7e06571ce1fae177e7be57

SHA256
9d039e99f9ee276e090dd73e7dcef8759d682d40ed67ec7753169608a9e14fa7

SHA512
ef87e9a4d0ed3e99c4509e29f5c0afdb91bacd95c0754fc888a7bf90fba3098a7f9758c52ffc4d1a1d49687525ce91c551b4b275a029957b396e4eb88c6b9b18

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db-wal

Filesize
1KB

MD5
d1f01be8ab968df493fdffd6d5d6eae1

SHA1
01cabbfdadace20496fcba409330d48814f18afd

SHA256
8736e8ec52f87dda6b81c602ab949ef1a25f7d6287b6c56369981d25f925aae6

SHA512
32e8402a9a88ea9402ba17226c0ec865276286493c6f4cff05013374a49a2cea835d7a94a66dfb7fc58a52597b510007973a1ea697903e913fa080bd8106ba9f

Download Submit
/data/data/fm.xiami.main/databases/xiamimusic.db-wal

Filesize
15KB

MD5
0f11367fac4a6b0f4e365d6172fd61bf

SHA1
0f0b58749d90e29916aa8a6af7ef7e286b7ae64d

SHA256
c84b80450f732a794ac242a056533af7f4c865266354ab469a688117d23bbd03

SHA512
f39ab5cc23c4fc8d341a4df4e9ba9461a10484dbf8bcbed214e9538f9063ed91fce4e3aeb32d316b13dcea0df608dcca84300b0d61441347ca6dcd6cd88a8f45

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
167B

MD5
3e3360cd4eed9551e897d9ed8162720b

SHA1
940e3810cdab62845973330e154e26320ccaccea

SHA256
ebbabc90377a7584ca9540abb73cdf5e1cfa28308455db6b33a11ddd68ab6fef

SHA512
f236bf5bfc3d3ae805e56898f3ba8ecb5f01d1a8d8bed555939a1dc9531cdf57cd1e21bf5bd837764ea84c3a49619e8a534d54dbb3a0adebdb7f0c554401e2a7

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
7a6d6e53e8ea8048f945560b1543b7cc

SHA1
cc14ae9be43fd515661b9f25c89697a5307779f8

SHA256
46025e85d35923ed713f6deea429e7690e17c10e756f99a4fbf8cc356731d974

SHA512
1c962259fb95539c7455bded57ce1e8f461d851514544f72089d75af76b518b6fdd537968f3d7ba1c5d59caedf2fdc9c186aa562e254b289cb3044e79b10e99a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
a35e58c5128a2f9dc00a3424e141b324

SHA1
8bb932f84ee8da148063ed2029e32490f184fed2

SHA256
01708fd6137cd12c330cd4d11413cc1ea505b2e0b752e32d18180634113787f9

SHA512
e002f2c15fd05c37280d7f6382df54cceb1bc4089733c7f2cdd4f56ba3281b15ea8a6de0351862d8c49abab734908eb12f14024ab2d2d7b596edbc24b1b53777

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
cf3ed7c185a887daa41659d616f29050

SHA1
449018464e61697a32e0ef25cfd9883b3d65ca10

SHA256
9d00945452b48b1c3cc5ad62db9b244ac258427c44f7fef3a4a97a1c99a58886

SHA512
2276395d887fb588ca041ca810761bb6a229437f2e0c56d86d02a7cf962ed45cad40900256f82c8bbf3e59396e66b3e0acdcb6e811360279839635ca2812ed68

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads