7855170b35f85a5f4e4a57650b571c2b3971e69da723b45390624251a8e95552

Analysis

max time kernel
175s
max time network
140s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65df08578599fa842ee409472574533e_JaffaCakes118.apk
Size

16.8MB
MD5

65df08578599fa842ee409472574533e
SHA1

efc21351b6b90383978e4d963453b099b2829e73
SHA256

7855170b35f85a5f4e4a57650b571c2b3971e69da723b45390624251a8e95552
SHA512

716ad4bb0debf7c898b87818e43b53b7d62258e49bbfccc75d61f14135a95f404ef2d3b526b3aff955d6d996a47946d09afcfc54ef544edecd8749bcd286149e
SSDEEP

393216:X7EOFUCuOhUOiop2hSnLZL3Qu1TI6LGZWzFSJlDQw8wU:r3FUftNygSnLZLgu1TiZWzcTDQ/v

Score

8^/10

banker collection discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.bf.WuZiQi_TV

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.bf.WuZiQi_TV
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.bf.WuZiQi_TV

description ioc process

File opened for read /proc/cpuinfo com.bf.WuZiQi_TV
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.bf.WuZiQi_TV

description ioc process

File opened for read /proc/meminfo com.bf.WuZiQi_TV
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.bf.WuZiQi_TV

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.bf.WuZiQi_TV
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.bf.WuZiQi_TV

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.bf.WuZiQi_TV
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.bf.WuZiQi_TV

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.bf.WuZiQi_TV
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.bf.WuZiQi_TV

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.bf.WuZiQi_TV
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.bf.WuZiQi_TV

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.bf.WuZiQi_TV
Acquires the wake lock 1 IoCs

Processes:

com.bf.WuZiQi_TV

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.bf.WuZiQi_TV
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.bf.WuZiQi_TV

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.bf.WuZiQi_TV
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.bf.WuZiQi_TV

description	ioc	process
File opened for read	/proc/cpuinfo	com.bf.WuZiQi_TV

description	ioc	process
File opened for read	/proc/meminfo	com.bf.WuZiQi_TV

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.bf.WuZiQi_TV

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.bf.WuZiQi_TV

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.bf.WuZiQi_TV

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.bf.WuZiQi_TV

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.bf.WuZiQi_TV

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.bf.WuZiQi_TV

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.bf.WuZiQi_TV

com.bf.WuZiQi_TV
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bf.WuZiQi_TV/files/tcagent.db

Filesize
32KB

MD5
55b1ecb662d75b01a036121552855cb6

SHA1
2727e84096022dcdb395b08ade601708d5f86098

SHA256
61d153719e2a74cc4f7b2c1e6bdff01cd5bcdcf9d9ff21fb9830907ba7568fc6

SHA512
02c106dff168a82a0c5e6c219d6e317f6bdb90a1b3ca19ea988b9a78f409fe9401aa97e475179bd99126f247380355dac432fd5638385afe531207e00abfc14e

Download Submit
/data/data/com.bf.WuZiQi_TV/files/tcagent.db

Filesize
28KB

MD5
76a7115dbcf7259cd18b3debda3fbf7d

SHA1
0190885ef8a4943f744db8014e778ac69134426f

SHA256
3798d995eef94d1efe6f90a7313844c13ca8743376cc722315ce8e79cea227c7

SHA512
dfc188eced787eddc19e920b3831b92a69658b2ddf2ac56b5c229e2c2a12b0f643d91b65c0ed1a3b7f669d347dbbaa3e3fdc390bccc40f824b6cee8f20526dd2

Download Submit
/data/data/com.bf.WuZiQi_TV/files/tcagent.db

Filesize
28KB

MD5
244e6fed19e875fa39bf99dfa0f0247e

SHA1
8b5857451d13f612650f1ed7fd49e0e492ff6fdf

SHA256
e736195ddbbe7cbd77505e84a06e4770f2c2aad1acbb710e779ebf6a7a0a0c67

SHA512
413cb565360586b0e2ea0ac014b63f1902002e55f0038f19e0879cbeb3da95d5dde27971c6ae8c92922b216b6b7bd182c299385ed79e809c09214bb4bfbcaf91

Download Submit
/data/data/com.bf.WuZiQi_TV/files/tcagent.db

Filesize
28KB

MD5
7be65b717d2a4df96e1f62e6af78bf12

SHA1
88950dff9e9bd90a027f8b7e6cc39839681fcb29

SHA256
e0df26becca25b74952a2461873c9a0cc75aa876957369253a10572339b387d5

SHA512
0dbf2e8897218daf64c1f0f3f3b3cf2a5a5c3c1546a949f4e67a46d579e98fc2649eb730a440c80f5d674eeebd224a971d3cb9ce7175ae6a27a67b0b2d7229aa

Download Submit
/data/data/com.bf.WuZiQi_TV/files/tcagent.db-journal

Filesize
512B

MD5
45c2bcca869d21c6e446cc7e7d30cf17

SHA1
c7e7c52757f8430764f016227daddcfc34d1b085

SHA256
4a12a3844054ffe39ff1a942eab0b8c4c7cf151f476f0c1c51ca538116d5642e

SHA512
4975b816268486e94909bf5321c85e28c504122e08b8970fb26088622acefb0ad166116cc0d6cf88c785b8871fe154169f16d794ba04766afe96eff93d3aa3f1

Download Submit
/data/data/com.bf.WuZiQi_TV/files/tcagent.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.bf.WuZiQi_TV/files/tcagent.db-wal

Filesize
8KB

MD5
60424d16c0709203b193f19d356d7575

SHA1
8a0e9915ed072297c1b4cda45cfc84ac03f7b437

SHA256
6b60d588da66c2bc9e3a3a034750078247e4a6c4b27f782cee8d55d5e4f16fda

SHA512
dbc1eda614caac5c9c94aa80984fdaf2a7a26f9d5b6d4568eca8be1bc0dc0dd17ff70197893c6b25a46e43242f3b34e61c2bccfa48df397891356e605bf992fb

Download Submit
/data/data/com.bf.WuZiQi_TV/files/tcagent.db-wal

Filesize
8KB

MD5
5c221e647449a49953ab575e4210ea94

SHA1
06e8c711327d725b75aa1f6dcc62653ef381ecfe

SHA256
f6e23975dd0dba0a1e95e4949a6408f4f53627acf225a3e3b095526cf9598d76

SHA512
042c26cada53e3b2e2595500042d9e827c51710ad7c188800a567a909dd63f368bb40086688cf40cefec304aebd9f8bf9fe250a98cb819ae16cd291e25094d94

Download Submit
/data/data/com.bf.WuZiQi_TV/files/tcagent.db-wal

Filesize
80KB

MD5
3643bb41d5afd24f2def25b48e58ab8a

SHA1
95de5d18ec3af19bf9c8617847f18d509ef5023d

SHA256
5e3b9e34182f26671074ab7b9972265dd37ddf25347c074009e7e3d3570d01b9

SHA512
d4f692a87cf19abefb80e9c28888255bedd71ecc8967a6b84552512c83f4c70b19c1f15438747ec7707cb1350468c359749b8c2e0ee6408e5551ce42a61e4167

Download Submit
/data/data/com.bf.WuZiQi_TV/files/tcagent.db-wal

Filesize
8KB

MD5
c13990101c879f6554465121fccefb12

SHA1
5f033b64ca0c9e5a18de2f7259351529e5d8cad0

SHA256
62571b1795e885db068507e171ae7aa53c41034ee92b3f5913a04ed70eac3369

SHA512
6e3e47c5702bee793575aefd788bb3b229fdf045b5c0c3948fca7da8e628443c9fd43fa68cb4e0cd4b14b0e83af88672873698b0c7d88de86222e677b59d83eb

Download Submit
/storage/emulated/0/.tidbf

Filesize
32B

MD5
7a48c36bd8334f16cbc6741f3b99ebb9

SHA1
348458e1fedcbe938fa22a7db6befe5d09e0d99b

SHA256
07a775524585cbc93a703bc2243c11412b68e5b173f4f98683cd5155b1b48ff5

SHA512
b5dcc2e07070fefed460a29504e2c0d05b10f24f8dd336d90ec29b4ce430824fa4956ae37eab260e7bc87e536475876b86f9b9534feccc0f900df5e8c2ec2ff6

Download Submit
/storage/emulated/0/bianfeng/WuZiQi30_channel.dat

Filesize
5B

MD5
65c8d0861c6fd015908867259c63cc91

SHA1
9bf20656c7951d10a3567a131e02adbc8880dec5

SHA256
3ebb5e9e2705d7df5d7a3bfbc47e835ff6b79ed364d413c5b2a36b479cb15996

SHA512
bfa1348e390047edda2293c3fdd97bef86ab7a72611ad148ae67a4ef81bba9938ee503e7b599c4215789123ac768b805912d4e58c9153606234c9a0899d7c836

Download Submit