77467805083c0906d71ccc4f1337b7a1e10a4ea2bbad071b1da38206c9b28511

Analysis

max time kernel
4s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68f2ea6ffd4679a6c58d7bc6c1ba89a4_JaffaCakes118.apk
Size

15.6MB
MD5

68f2ea6ffd4679a6c58d7bc6c1ba89a4
SHA1

33bbb52c2f4dac8f3abd19bb15a544b1348c0037
SHA256

77467805083c0906d71ccc4f1337b7a1e10a4ea2bbad071b1da38206c9b28511
SHA512

efbbd77e34e2af6c3d7366609625eaba09d0d4bc22f9b5342ccc29e58dce7550353b7486d37954ea64122ff4b5c8bceaca94a56ca8edf5615e65feced14825db
SSDEEP

393216:2Bb1S4F8FTFj48IzM0NDfbEbamndysUuc97Exg9TzjmqtzokLkR9:yb1S4IZIXjE+GysK9pt5svR9

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.resou.reader

ioc process

/system/app/Superuser.apk com.resou.reader
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.resou.reader

description ioc process

File opened for read /proc/cpuinfo com.resou.reader
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.resou.reader

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.resou.reader
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.resou.reader

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.resou.reader
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.resou.reader

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.resou.reader
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.resou.reader

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.resou.reader
Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.resou.reader

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.resou.reader
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.resou.reader

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.resou.reader

ioc	process
/system/app/Superuser.apk	com.resou.reader

description	ioc	process
File opened for read	/proc/cpuinfo	com.resou.reader

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.resou.reader

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.resou.reader

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.resou.reader

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.resou.reader

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.resou.reader

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.resou.reader

com.resou.reader
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4251

ls /sys/class/thermal
2⤵
PID:4304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.resou.reader/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.resou.reader/databases/MessageStore.db-journal
Filesize
512B

MD5
fc76b48d0594cdbfebed4fa78e6b89a0

SHA1
037c77e22fba6d2cd215f081f651ae3414b8b3aa

SHA256
c23101de2779c056f46e80beab3c8ca36a3d50041aced34348350b502ef629ce

SHA512
fde4f97d666d758cc56cc5dfc53e4e7d9a02a0a35671bba2cfd3769aa2d10579bfa06f2a1fa24a0a8590b6613a657870a5fb9179cfe33bb3f4576febe38855d7

Download Submit
/data/data/com.resou.reader/databases/MessageStore.db-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.resou.reader/databases/MessageStore.db-wal
Filesize
48KB

MD5
599a7f7970d783ed26bc8534b3d076d4

SHA1
81c88873fa4b73366bc9abd849837f36b6794b13

SHA256
3e5273e32dbf250fb7f8decaf3f93d2529c560a9d8c5220355aee25d25885f80

SHA512
60a6c9c51450edbaf0bc5924e8a3486b297d3612b2f9539de8f2deafc84bdc3628ed8f5f04bda531f0cd63f4156899ffa2ff17eec2c83c468a110863de3250f0

Download Submit
/data/data/com.resou.reader/databases/MsgLogStore.db-journal
Filesize
512B

MD5
04f05a71eb307f80d0637116416afc06

SHA1
929fedd6d039b9343649883edcd627464a10e4b2

SHA256
6e9035abd8129fd3ad4e31237cd41a7f26cff17b21e3fdb3960bc6ec56e90621

SHA512
079ce19beacef98b9fe40d7281397812fc66c68f9ee2205594e7b1d5399193aba2731fa5e85e70de9de5b0e4712fc9cc918e4884e79f707b5ca0d4d038c9a85d

Download Submit
/data/data/com.resou.reader/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
454b27a6e37e099d6433c039615601d2

SHA1
129642ae300d46ef8da0e6b9f7bce29d0ea861fd

SHA256
aa73ce530cda5177c2d2143dd641ca39092052ea2ae7a1ae45c10bb23c3e36ef

SHA512
336a453bc93cd4a21b11ab37a44f2db5e53e2c96cde1bb911ce029d38911f4d38c10ada726549c23e5edf37c6e83b2bc917e3af6886a3da9c300656a6354f9a5

Download Submit
/data/data/com.resou.reader/databases/ut.db
Filesize
20KB

MD5
38616785cca0600a03205f84fe330b4b

SHA1
6ac41a6bdcae297d56dac5fdde70be5faccf0832

SHA256
b05c698d5827005da5e04b4fbdcac53cfc83405247353f8e9e145969a820a4e8

SHA512
7ff2901c032607f5fa1f24a48056ae85fe8d67b6c5649233fdad7b66950d359b2fb933344bf1e2fe6255a00c593de7bcf959d201fe8b6ad214249bb31f855a08

Download Submit
/data/data/com.resou.reader/databases/ut.db-journal
Filesize
512B

MD5
bb3b881c302b8353661232abccfb74ce

SHA1
0d11e035446482efd8a87cd2ddd91218d8408f27

SHA256
dfe17cef2b31e0288eb3b61ae0fc2c723721ec50a0617e9c8cec375b02fc84b0

SHA512
7dc8c884c3605af2c2748d5cf996322d6b9a4d08a4694fcf3ef4ec900920fba4a9b53b2b5d969aea986be78ac5f212a859e723c75ac558c4e8ec60c4554d7a7a

Download Submit
/data/data/com.resou.reader/databases/ut.db-wal
Filesize
32KB

MD5
b111d720ee879bbc02c40a7dc57991f6

SHA1
c274284677c32138cc0db87531eeb4193f7518d2

SHA256
c786c99ead65cd841a31312d0dac8e020500c2c4e5499fe75521fd8809f2ece0

SHA512
acdd833586aae94f2e4aad34889b02409b2ce1c29372cac30feef370b188f27d9927da892a447400c64005666e24b92d33cbc05e9fd5983be73d69309bc11de9

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
a7c95148330d55d2d000340dadf93fa5

SHA1
871581d2e1d68b07062c94645ade07ba3a531c3e

SHA256
d4d7bddb22971d6ed8ca4f81121d521287d04ce7208735d3f022cc2c84920936

SHA512
de4e777c8cebf4961a7097c8a1c78a7785ff2d10e101cdb00f96f32f7dfa27760a7383456c4a96106b85afc2a9f74c927463f1770f56b70402d622b7528f7038

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
604d885317bd600a21047f8aca56d955

SHA1
a22d7c331e2af0cfc85d47741988ae350649de79

SHA256
061011866ef9e533bdd0e2ae90bc1f15d846af6eb678931af13ad1ea9ae36fe1

SHA512
6c7c6fa77ba75c416e5ab8a95f3345ffe23b6507f42fa0b763aaa2f73a8c1b57f39e76ebc1827ddd7ed5cce605c50df0e6ffd31191dd57a15508d48a20034a7a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
27daff9533318d9d3b2ae56955f6a7e2

SHA1
93e273663b4558aaecbece4f66f5af85f086b3dd

SHA256
98791bf7c8e252d3861cd91dc44a64cc9bb95d074b6e6526ec1e5c7b135d4f6d

SHA512
7b48bf631d313f87543f524f748bcfaa8fa512c0c20ea936fc2600a25d120b78daab29cc8a939d46065ddcade79f0540dec34fb210de161c2ee5b9d20594b579

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
976b9aa52502a75fd220c8e68555c69b

SHA1
ed600a0cc6eb2fd9f06c6cd50ac64fc333f58d94

SHA256
f25afbbdbce7990ff02d4d196a91347c6627807b025548896dfdceea5af59c01

SHA512
1bf879bb96179cb3d739c2e6f0a2272cf3cabe4c85d887590a7b6f164497b3aa97b11e7302be04fd053c59779d9e3cec4def98519948b169dfc75fcc42f7386c

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads