7e0fcd58f062d6e063ddb2513fea4c2243faaf2df3280d102222d6cc9cd6a840

Analysis

max time kernel
178s
max time network
187s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
21-05-2024 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63a6cdbf449edc1a614257ccbb0e79d2_JaffaCakes118.apk
Size

30.6MB
MD5

63a6cdbf449edc1a614257ccbb0e79d2
SHA1

22db4a0ace4b9359aa21a0ec1f04f1cff07f1f75
SHA256

7e0fcd58f062d6e063ddb2513fea4c2243faaf2df3280d102222d6cc9cd6a840
SHA512

a645e549730736dfd4a9f4aa4f780881611925a866a0e93ba8637a4114915911b45023e2474ba72aea09dec0c0536afcafb2af079aab0abf7d817c17eb1d1c11
SSDEEP

786432:FZywWB0fEE2MS/2s5tlk9TabG5D9UTbvTE:XypB0S9g7aI

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.anzogame.cf

description ioc process

File opened for read /proc/cpuinfo com.anzogame.cf
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.anzogame.cf

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.anzogame.cf

description	ioc	process
File opened for read	/proc/cpuinfo	com.anzogame.cf

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.anzogame.cf

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.anzogame.cfcom.anzogame.cf:pushservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.anzogame.cf
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.anzogame.cf:pushservice

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.anzogame.cf:pushservicecom.anzogame.cf

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.anzogame.cf:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.anzogame.cf

Acquires the wake lock 1 IoCs

Processes:

com.anzogame.cf:pushservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.anzogame.cf:pushservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.anzogame.cf:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.anzogame.cf:pushservicecom.anzogame.cf

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.anzogame.cf:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.anzogame.cf

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.anzogame.cf

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.anzogame.cf

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.anzogame.cf

com.anzogame.cf
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5213

com.anzogame.cf:pushservice
1⤵
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5280

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.anzogame.cf/databases/info.db

Filesize
12KB

MD5
a6ca21341cc88adb04eb4527a56759dd

SHA1
191083a635fc4de7a5ec55d60fd3e9bdb92c2f9e

SHA256
6943d6e94a77b2ee5ed929fdd5f72de33a2fe2ff00b72b3a29acae41588580b2

SHA512
53c36feae84f69f41eb44098f58e8a4906db3f0d4744e68e9f975914038599409de41779f75a90d391bea9a290b509e0022a3ead00817bea0f3bbdd8dbc45bda

Download Submit
/data/data/com.anzogame.cf/databases/info.db

Filesize
3KB

MD5
5a6659180fc2dda02b72a6930b496afd

SHA1
8a4a22cf91a68792a4f4fa4be71bf78fa11616b0

SHA256
ecf71eb8611db25e6030650ac28db8660d6ed21410dd1a67f7c08f1a29db7ae8

SHA512
cca78abbb5c49192bcabff0bf31aafe2c3455dd81eee3eaab24837eccb3d464f15a4f8c1570ff85ae5db9f5fe50902346fab8dab3e8f34b98cc617145e88d49b

Download Submit
/data/data/com.anzogame.cf/databases/info.db-journal

Filesize
2KB

MD5
b58aad9bbdb053d263cb0fb0db8b41a5

SHA1
8c458784162c270f498d2ddc2ce8f0565e064dc3

SHA256
6dbb6989afbc58b352a7ed8af29665a2f43994b1aa01db3939c38eaaf4f2f277

SHA512
22321f2e0f78302e92b3c600a366ffb9b401aaec5836a6ee4ba3931e90d43fe8c4a8ef9900e9d97f5b681a0f9d04719aa9b58dc853555f5342739ccc0750722d

Download Submit
/data/data/com.anzogame.cf/databases/pushsdk.db

Filesize
44KB

MD5
41cfdb1c45313df9f0459c7a5de06235

SHA1
2a7b4dbaa87743d33f7567feb6cb21d201974586

SHA256
5e9d8b7c24add330e763e147ca3c083f6e7b041ed0771c1dc3edd839f23ca8e5

SHA512
315b93bb3cb682e73fdf8ca6b262e83609241313e59b702180053d0f570b6b8d9cae9a19cee1695b4d63ac17a2e5d1beb353339a23b376ca87073f2644af69aa

Download Submit
/data/data/com.anzogame.cf/databases/sharesdk.db

Filesize
20KB

MD5
c8641d1bece79d230ca81bf73f6a5710

SHA1
d28640aa528f3db6cb3817694acfa8e44b7010dd

SHA256
01bf85559a2c046235e6e4cf81cfaba6a6084f276a6df4d4e02e214828157dcc

SHA512
471e494f3e133e759b8dc08301725b971277cc361935819224560a429802d1b625d5882a8f5c33a75d2a6f65a4f853855019e7e91233f8c10e4716db6d041390

Download Submit
/data/data/com.anzogame.cf/databases/sharesdk.db-journal

Filesize
512B

MD5
d19f91e3b4e792901d53bdc17eda5f6e

SHA1
3d550d915e35b9719d367386c33c8ffe0f383923

SHA256
e93d76941c98c8e18a6a6ee0f73d839d920856e15d5a8b1417ca830f1a05981e

SHA512
f2431b479efb176cb22f23ded7f5b604886cf9df119967d631ba6d0e623843aba04d3f535c343c45a4e481faa55b9ae852c9d8209f561a26c214a2b1cd257f9a

Download Submit
/data/data/com.anzogame.cf/databases/sharesdk.db-journal

Filesize
8KB

MD5
b9a8ee570d06f37c8849f338c1b03b72

SHA1
78874cffe8472219c8d2bbed4670d3af6fecaebe

SHA256
b42ff6830f0809cb3c2300be4a6a3c0708c1a89b780493c60b8fbfa9ed82fe3e

SHA512
fcc27e2878bc86fa9cd416867953822fed62029de6eca543e3486051618a444db72e1daa5910fcabf07d855f6c6b9858c3b384890fff653077a52b4a17365367

Download Submit
/data/data/com.anzogame.cf/databases/sharesdk.db-journal

Filesize
8KB

MD5
64f5801c23574f67b748310710e4d88e

SHA1
12011610aec391397458c2510704994a3e0ff71f

SHA256
34804c96c03279933d3bfe49d9f44419f1875dba299d161fa1c848ef58ea1418

SHA512
437ce0245dc362c3697a46e3ef4e0f711c4c3b82415c28361ca27285ab487afd2acad731824302df72bbbacc763c6cc982de263923d5b931ccfe43d0dca8fca1

Download Submit
/data/data/com.anzogame.cf/databases/user.db

Filesize
44KB

MD5
f53c0b59cdd91b96fafdb9f447576cfb

SHA1
d762aeb707965598e664b3b17be6125d94444163

SHA256
859448c3a7975fac2dcde1f9eb1ee4ca1e3358c62cd0453fefb0ffa86ec74319

SHA512
b85421df63f3e6f1bc10366b5b64e650e9ec5113404fb283b82eab229a7e796af57ec1baeaf84be930382c3ea3940a8df0438f97e9adfa4d4eef1aa8273b2a9e

Download Submit
/data/data/com.anzogame.cf/databases/user.db-journal

Filesize
8KB

MD5
3af0db8e9dc0ea9acf205a0f7c2d371f

SHA1
9df821b7fc9523dbb6d3a62c05022f2a425d8681

SHA256
136547722d275ea288f25c5fd7fd08ac7cb37b41039e5826cfe3aeb26bb4b09b

SHA512
68d4d6c383ce4048509ea99a25abcb31251cafd3c43d9f89941a843fc28e61fd7648641f11daf2aba74b5b0864d1e3d53a81573335096b33d70b6666cdfd7285

Download Submit
/data/data/com.anzogame.cf/databases/user.db-journal

Filesize
8KB

MD5
783713e5616a5e517baeb1a29b4aa99c

SHA1
a3c9677c2c108f4d430cd2a6b7b2bb8a6cc11a9c

SHA256
ed19df8bf7ad01598fcc619811f2f9be1741278e5eff666496ea0cbf9c1b87fe

SHA512
e31c52ed84bce0316d1441b2396770c1c72b165757dbd8111026e432e9248f3cd06fe94fb638d85d2a3070d78da20f21f8b2e9e459fabb90ca136cfb11ebe938

Download Submit
/data/data/com.anzogame.cf/databases/user.db-journal

Filesize
8KB

MD5
70d8f44af0cadcc4490cd6cd4b22d15e

SHA1
2ee5b16b6ff1446ecf5148b7cf1697985cd4a4ef

SHA256
adc17ab2908d435f84a40dfd3c699e87a615661af3b75ea5e41c92e102996db8

SHA512
308e380120ea9d03471ee581521564b561ffa76dcaa394f2217bf4fa7caa3fb08c57adbd4d3ac40db42208b0934a178656fff7f39d8481851875216c3d2caae8

Download Submit
/data/data/com.anzogame.cf/files/mobclick_agent_sealed_com.anzogame.cf

Filesize
533B

MD5
fd596d84908c43d49663f6fc1a3679d5

SHA1
f381719be96bd30ea4a9e97677bad9d25650dea2

SHA256
a61ce9db199fddb58d0e718e9846346afb71766c24d8bc73cd7183e3babd7c4b

SHA512
9a9489c37acf9957899c55ffb1ebed939b80ef8f14ca2d406b986a924377d15a4f4331a6ad41f2e6b00b97556a1e4df04c3adfe495d38128da15c544d2a5da7d

Download Submit
/data/data/com.anzogame.cf/files/umeng_it.cache

Filesize
8KB

MD5
19950d2ed384abe39df98554942a32ac

SHA1
999e908ca44eac734b8e6d0f9a73cf3a67a9e770

SHA256
8800637e5ca601e20dbe79e74edf159c084cb47be49ceafe968dce13eb7113c4

SHA512
a26c76cb5c6df615ca3bed96498093445edaddf467932ffd6a4445bafd41e627db15985eb64090780aa71a1cb9ebfa1ae123fbbd6e37fb7bc9def8dae81d8425

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
369B

MD5
2014980a59fe7ea6cd0625db6eab9330

SHA1
ef746cfc3e725af8036347e8ae2eec905fbbc7e7

SHA256
30aa1fa1937f57b8b0b6a04dd747bc8eba8dbfca2cf0d75fc3c1ec37af0cdc61

SHA512
f12813845dd80d0d9fd8a19ed091b4d40129749ec21ab7c7372887d686d381c569c4bd734e16ab15fd72e2a48239ad55c6c65799adddb34715fba6722c185535

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
468B

MD5
ad2a33ab7a9df81776fb4ed8e919adf7

SHA1
769cd9efba3ee94e5131a621150a3490759939bb

SHA256
b6cadcae42e3e2cb303432ff5b5ff2a03a264dfdcb0633c70995ddc20a915c2c

SHA512
ed33eb54794b976cc9187aff772591a72b34b71fa899414a68c5fc186285e33145277151ca562c6fa97ce4b6b4a86d693bb681738fda8c7061f177f699281bcd

Download Submit
/storage/emulated/0/ShareSDK/.dk

Filesize
107B

MD5
893bb9930a6efdd3211826f4114b5a29

SHA1
57b8895adcc3bbfec87268d5f004cdaa6caee8cd

SHA256
45e6cf5549bc12c1150b2a10f20de32ec5b86fe23221536eca2cb2a43b1e2d21

SHA512
78f094bf00c6b440a57dc5b8edc10c3abf4fac63176dd64a54b2e7b03d9973485504d619ae80312fed1bc72db9f1617a990f37edc7bfdfa032ae47b054939010

Download Submit