cd4786950fae0716a406ae5f9fdaaa6f49dd41c6c799799639eff3ba9e082c20

Analysis

max time kernel
177s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63b37e63f437d66cad97d9a4aef0fc6d_JaffaCakes118.apk
Size

10.7MB
MD5

63b37e63f437d66cad97d9a4aef0fc6d
SHA1

467d8f8cd608b695e8c74874b6070111867b6e85
SHA256

cd4786950fae0716a406ae5f9fdaaa6f49dd41c6c799799639eff3ba9e082c20
SHA512

35c5735ed9f9cb355ed8b9f59603f21b426bd474bff0d2f9c2973d3ef823ba9e8b6109c2aaab662786ad4321285794ee9a8f8f35a0d24b657dc26cdec433fb35
SSDEEP

196608:e8H+0ocTkxAI12tWwN5AsG1LYBPD2mcAISI+lQgn9rIty+tqA5vw3eMX/0DOvkPG:e8H+tcTkSpWkisG1LAPymnTI+lnqtyPZ

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
evasion

System Checks
T1633.001

Processes:

com.yiwyxb.yy8764

ioc process

/system/lib/libc_malloc_debug_qemu.so com.yiwyxb.yy8764
/sys/qemu_trace com.yiwyxb.yy8764
/system/bin/qemu-props com.yiwyxb.yy8764
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.yiwyxb.yy8764

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.yiwyxb.yy8764
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.yiwyxb.yy8764

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yiwyxb.yy8764

ioc	process
/system/lib/libc_malloc_debug_qemu.so	com.yiwyxb.yy8764
/sys/qemu_trace	com.yiwyxb.yy8764
/system/bin/qemu-props	com.yiwyxb.yy8764

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yiwyxb.yy8764

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yiwyxb.yy8764

com.yiwyxb.yy8764
1⤵
- Checks known Qemu files.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
PID:4264

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads