4c71bc9c13d4556977a2074ade4e690f354e1a24beb48cee5616b1a3bb35e9ff

Analysis

max time kernel
128s
max time network
147s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65c6cb7a80baa457e85fd0954eec11f9_JaffaCakes118.apk
Size

24.5MB
MD5

65c6cb7a80baa457e85fd0954eec11f9
SHA1

991b63536c49709186c34c95e32dd579e27ebddd
SHA256

4c71bc9c13d4556977a2074ade4e690f354e1a24beb48cee5616b1a3bb35e9ff
SHA512

1be996da632b5adab6a76483dbbfba48b927475bed3a1f99ab85de08a76ba14700c71ef4bf9c71c6bf2559046e31e595afff5b9ab7c404dd16e6b3ff7cedf9de
SSDEEP

393216:G1XIUXCwlepA58W+CEyxKnK6dZGnaJCKXcBJtc1tAaCUS9pmB:mXBfltTEyxKnK6dZgOXcJmtAaUpmB

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.smile.gifmaker

description ioc process

File opened for read /proc/cpuinfo com.smile.gifmaker
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.smile.gifmaker

description ioc process

File opened for read /proc/meminfo com.smile.gifmaker

description	ioc	process
File opened for read	/proc/cpuinfo	com.smile.gifmaker

description	ioc	process
File opened for read	/proc/meminfo	com.smile.gifmaker

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.smile.gifmaker:remotecom.smile.gifmaker

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.smile.gifmaker:remote
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.smile.gifmaker

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.smile.gifmakercom.smile.gifmaker:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.smile.gifmaker
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.smile.gifmaker:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.smile.gifmaker:remote

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.smile.gifmaker:remote
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.smile.gifmaker

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.smile.gifmaker

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.smile.gifmaker:remote

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.smile.gifmaker

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.smile.gifmakercom.smile.gifmaker:remote

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.smile.gifmaker
Framework service call	android.app.IActivityManager.registerReceiver	com.smile.gifmaker:remote

Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.smile.gifmaker

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.smile.gifmaker

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.smile.gifmaker

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.smile.gifmakercom.smile.gifmaker:remote

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.smile.gifmaker
Framework API call	javax.crypto.Cipher.doFinal	com.smile.gifmaker:remote

com.smile.gifmaker
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4252

com.smile.gifmaker:remote
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4305

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.smile.gifmaker/cache/event
Filesize
20KB

MD5
e52f241c0db5477de81bc1d407c98f33

SHA1
3d55c5d7cc6e1b6677b74498a40c9c9079684810

SHA256
122d1a47b1cec5d6949a417c443f2ddd912ba4972d25a5353881ec075bced111

SHA512
72df83ee807790c4d3bdd88422b3e73d0613870b8f6616e1714f3de9e29bc1570d76694c1226b594c294f8e16ccbb852e048aecea27f58fc0796a8b4af4635f7

Download Submit
/data/data/com.smile.gifmaker/cache/event
Filesize
20KB

MD5
23378ce75d5b7e942324c02d7f65ede8

SHA1
301b7d3c87848779c53e96f76b143ee3ac3544d5

SHA256
1ff8dd4098f3a9603628149f9d199ff709b02ee4efefd09b1425b6b543bef790

SHA512
f9e5b40c3aaa78574434482f34e2b7bde1d82ea04232048ba352e96c8076a44bd18a8e5c84586a338105dfd3d9f1d19be386fd45feec29e2aeb83cbfb5e12ad5

Download Submit
/data/data/com.smile.gifmaker/cache/event-journal
Filesize
512B

MD5
908430b151c3e5fd327c63e089a6b8eb

SHA1
766e966a689d740b4c2d0d77cba06cf9244949b9

SHA256
beba4b9aa5da4d5426014f1a6d067e90e47308b0040854f21e9ae5dca0498620

SHA512
1a914b287dd8cb66f42e45b99826890705e5909206a3d08f32b1f51ef86b9d8379fe5cd026748800898c8f93c5964b69b5e27f2e9f72ac62a380bbedf2bc2b9d

Download Submit
/data/data/com.smile.gifmaker/cache/event-shm
Filesize
28KB

MD5
4808ec3e6aa23dde7b778672bcd0e59b

SHA1
415b31ba74b78fd83cfee68749aaa6fc98ada849

SHA256
0d6260d9b1dfff1d1b1ad70db60c91f6ef8806cb1ff33ba455e0eb46dc706e23

SHA512
1c5a8c3362a39cb120c01802da60ea59215b891b36f443d3d947da8260c6bf2afa6d5a49065b17330b27ce3e1e009bbfb4575ddfcf6d585b5c8f3a32c9619d4b

Download Submit
/data/data/com.smile.gifmaker/cache/event-wal
Filesize
8KB

MD5
1832c429304ac128c41b230036f2d7fd

SHA1
6d659b7fab0b532a9c9cff15c4d14c87093b3d1c

SHA256
fd8f88f172a772e807c21fcc127930bb95acb77f5543263fb545867bd1811d16

SHA512
19b81a1daff12c4d5590171ac5d96c4c36c2da4fb807a1ac00f05519722b34cd3d1e94397df49ef83b9e0ff9924d5ad6e61dfaf11183101d208de419cab6d968

Download Submit
/data/data/com.smile.gifmaker/cache/event-wal
Filesize
8KB

MD5
36a2e237675b6acdd88a97df9f78e769

SHA1
344c70615dad8046a6ad5a63fc336c646ee0e613

SHA256
286d144766ca1d794ac10b29cc4034a15b494c7fbac36045719524816d05d365

SHA512
3633e541117cfcfd4bdb04d772d9d15bd9536cd06bc3358a0bf5abeb01a787f14394622058f8c9f38c800c71db00721f55fa3efbe2976c52748c042bf4f6da07

Download Submit
/data/data/com.smile.gifmaker/cache/event-wal
Filesize
32KB

MD5
39e01ee121e256c5b907eda4f6051acc

SHA1
cdc86221d9cde8bb49dbefd2bb80a77470b446cd

SHA256
c7b7a643ccc2506a7b3c8087331a262d1bf7498b110e7f0acdf7f783bed171ff

SHA512
48859be9ace24724b7847500bd95a1685db2e2dc20452cafb0c22334f146a06afab9d5da3dfc0380dc88de04891c2bffe6a322501decb85c340d9c56b6f96268

Download Submit
/data/data/com.smile.gifmaker/databases/cache.db
Filesize
28KB

MD5
b588e2490bcce471506ee6753ce4bf63

SHA1
3420e6a0337dbe618b2c16c66b86c8f0f2237dce

SHA256
f5cf0d292b2f3327cb1d33835fe05fd9f805090615df7e22341b1a060ce74e59

SHA512
f66c61ddfecad4d50cc8a16a03ef09b71033fb9ae24368ef9f2c9cef34f54324471c67205244ed9b729a651ba5d23b814b9f0c23a10d7e4317425fa4f98b1038

Download Submit
/data/data/com.smile.gifmaker/databases/cache.db-journal
Filesize
8KB

MD5
7a3c3436dc80599e029e393abcf5b4d4

SHA1
3acd998d723a090f4f96897f581edd83cc994d75

SHA256
9fac15a72fbbee2f2be3e7afa30fff54286725e071ec05ef8f4b708de1139234

SHA512
db71e0628b002516a13da6270b7156a1d91f223e3ad880f9b087e8d0feebf5582b51d2d0877df362a9952a2a2eb34e0e191dae8d05dfa3dc1263b10a37efc7e4

Download Submit
/data/data/com.smile.gifmaker/databases/cache.db-shm
Filesize
28KB

MD5
c9260984f85e16aee623e2053d81ff53

SHA1
848500678566c68a28d4746af1a357a418607b3e

SHA256
c16d20dea646509758edf4d552f7ff1abc181c65e5dbf50aa3dbbf9a4a1620f2

SHA512
1e9daabe3713319d1ac3c5eb9aa575f40597d1de322d2279e4c40770515abaf1c93a8b276ec14b5ac2f84cd650d21bd47484aa43aec172678ab3c736ea14236c

Download Submit
/data/data/com.smile.gifmaker/databases/cache.db-wal
Filesize
60KB

MD5
5c91c606c160f82f5f5117eab13aa672

SHA1
995e17752ab0423352c780fbf165b1cf644803f9

SHA256
d20dd0c7ca11cd8a3a4d1e15b3b98f1bf063dea7bdc6d0e6505ea5dc7e31c94c

SHA512
3a73aa355c99ad4e61bb0fc884768af7ccf81b9c245ff99fbf19cfef554b1a403915329dce2019f4d916e5fb30bb116d77b675b4b49bdd7bc130ba26aa99eb65

Download Submit
/data/data/com.smile.gifmaker/databases/prefetchkeep.db-journal
Filesize
32KB

MD5
22a5f4a78d732fee4840bc77851c2487

SHA1
42b3398430ebc68b403bb302812903bf562e6e13

SHA256
74aad9c4bf8bd2067bb236386bf494292ad0dbff19d759674d3dd7dda54a23ea

SHA512
cd105c54bd0a1ee2b38acd5ef738ca044308cbf1f4c5dc25b157995ac79beb97d848c2cf1c45f02dd9aa5aa74deffb137a446d97307ae61cd420c0a8a79eaaae

Download Submit
/data/data/com.smile.gifmaker/databases/prefetchkeep.db-shm
Filesize
103B

MD5
8de4af16f42857f003945c8046781fde

SHA1
88d7b414ced1479fbe28d4f92582f5ec846ed4c0

SHA256
b8dae049f09cb377bfd9c9b9cf3e7fdee8eff93985da349d6f95a676d0ffec9d

SHA512
cfe57c27e6cbf107bb07e7b5d1d9290edab075370bd44b6f9a2952e4e2ed6b8b460872c904adfe085e564331d5d07b31dc6ef08749836d4a745860d14f6a5f8f

Download Submit
/data/data/com.smile.gifmaker/databases/prefetchkeep.db-wal
Filesize
60KB

MD5
0c96c855ac83826484dd7fcef44b5b6d

SHA1
3502a6aefde58776c98513e7e1549d5cd6ac449a

SHA256
f7cacec0910f9dc63a3d3894d7a30acc38e427ab4c8022af82ac5677975895d4

SHA512
0ee517a4e46d62faf11375f5fd8cbafbe3ce60c22a3e647416c749879beb51b0038f1476ce2d6b14e910b6e4f7708dfce5a06a6b88e4494db9afc81708cf9832

Download Submit
/data/data/com.smile.gifmaker/files/dex/filter.dex
Filesize
2.0MB

MD5
4ec6d7da775e7b593688e2cf38d1732a

SHA1
889b70ed766560fbe4e615af9a1a65550067823d

SHA256
f7cbae702916eaf613a4a6c8eac0bbca3898baaa733e42a30ce73d74c3262ded

SHA512
21912c17d169b5db60c443da4689b44378547bfde5cea0b6ad35dd150c3d7e4f9d1584fcce208166ecab4c832f288e6500618d7a516d819e98cca0e08a535362

Download Submit
/data/data/com.smile.gifmaker/files/umeng_it.cache
Filesize
12KB

MD5
669ceaf52f4feb1ba6c38c166cc9156e

SHA1
d09c18f1084212c51db9a1e90a1744e81b001922

SHA256
c1ae767af74997826c652f211e5a050ec2e52b0472cebc65604bfdde7669f576

SHA512
e274458e61fd778b4043897aec4d043611e59490753ff87ea248d558422f8cb77076880d29ecdab7e659a805f5d8e56021524ce21310dc32b264866b89f29dc6

Download Submit
/storage/emulated/0/Android/data/com.smile.gifmaker/cache/.cache/journal.tmp
Filesize
20KB

MD5
048c73f536f234f0ad0d2fa8bdbda899

SHA1
dba2e666721e0b0988807b8bb3ce0452dad3448c

SHA256
f1a64586ce75e770e2f36a7ef6f7419e26ebb9e9e786df3c5adce50a196d2d07

SHA512
6ae398c682724f0008ce47cfc790a7ad3dd7cc801fb3a8a692d28da5533ea7ed830ea36933bd3e3219fc8cbade90f073c2c418611921bc7d6877d94b6745c4f0

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid
Filesize
512B

MD5
f7a05ec246946ee9ef93d2cab1b51863

SHA1
2ad028d9603afa9fa040602340ba9424eae3453b

SHA256
0ae57be88f515dfb810a0cb6aac2616dbd7347f7900a2f5a29c362d936d677fb

SHA512
66a702f346bf978258296bd3049cb221276486a1a05d5ca8386e6cc39b2c99f0791571a8d93d448d5830a89640bcc6378ada2f6f21e75f09ff69cd9e9fdea955

Download Submit
/storage/emulated/0/backups/system/.confd-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
12KB

MD5
2f80db52797815551881161bc924dd8c

SHA1
90333affd1ffe2e98fec932ad94c7afa2b639501

SHA256
d40ca1fe7f907c557173bc746951d5342a5cdfd525d6e63a1f5f9cb4ebe10f20

SHA512
ad1d351b63fc04a06b22c15a510062c9a375ac04f21b2bc879c35ec09abe8f1e1f8e27f2ad0750e6c879bb6ec4bf938d674c97ac319f9c7f1df604dbb4067bc2

Download Submit
/storage/emulated/0/backups/system/.confd-wal
Filesize
36KB

MD5
33cd1ee7b23d8a1dc975a4738145c026

SHA1
ee3804a64d208e4478fbe09d8368cb2372b71ae3

SHA256
f1e2d4f98dde8a97512def38af6758fa6827c2637b78dbe02182264ad74cabb5

SHA512
ee1b27eabb2c92748a28ac0fdcb4353a97950cda114bfbe2286770c03512bd8a3268c96d1677f7075fae971b811c4580ff198b4ae95e8d2b96ad11c184693414

Download Submit