f31e7e71738780482ef9ecc0f597320688e1f5ff05d135b7f050e9cf8b079dfd

Analysis

max time kernel
19s
max time network
173s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66986182216f747b747bc856d9be2973_JaffaCakes118.apk
Size

21.5MB
MD5

66986182216f747b747bc856d9be2973
SHA1

6ec45f61465b0e2ef5b958d5f8bdbd4ccf79c7b3
SHA256

f31e7e71738780482ef9ecc0f597320688e1f5ff05d135b7f050e9cf8b079dfd
SHA512

d65ffdfcbdc92eea0feafcf9326c7858f68ff2877c9bda072a2a7b093921a895e6fccb9fc6d3c5a10f8905c7f322bbfc90a4d24579b203be355eeee23470770b
SSDEEP

393216:nZuHDN5pa2LZaiTTbWXhb4eBpXUNrB+4pfa1uz4gh7m985ZFLkgQ:nEDNzaGZaiTWRb4ev4BTXh7m6FDQ

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.tdmxcp0814.vivo

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.tdmxcp0814.vivo

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tdmxcp0814.vivo

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tdmxcp0814.vivo

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.tdmxcp0814.vivo

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tdmxcp0814.vivo

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tdmxcp0814.vivo

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tdmxcp0814.vivo

com.tdmxcp0814.vivo
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4356

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tdmxcp0814.vivo/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tdmxcp0814.vivo/databases/MessageStore.db-journal

Filesize
512B

MD5
7ddc6869a42b7a41a16ae06d70b077ee

SHA1
231a95f137437d031cea0d8678fceb5029078e41

SHA256
fef38af53dea7a38de19ef299c3a221bd4e1b12fa477efe0fee04792ce9a380b

SHA512
d4ffadf0a14a512a8b13ed0009a37d243a7e367d39667b7d3893c229fd5f11f5665a54b0870beeaf831b8e233f1d467177e0197948544ed393a0e5fb1b944505

Download Submit
/data/data/com.tdmxcp0814.vivo/databases/MessageStore.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tdmxcp0814.vivo/databases/MessageStore.db-wal

Filesize
48KB

MD5
40840885397d2761077a257e9853ceb6

SHA1
7489c5020cc76c858cd442adc5459cdd3f6d4514

SHA256
2e6e223731ebc73c455f9c2c0d653d418a277fe8f6466c1325a8764641e92d6a

SHA512
f840409da36a7940329e95ee0ddd02f3264d55585d179f1b0833e2d491c375af5c594ba3637eaf96c54ca3b3ba6ca591bfc179a130f0cfe18c9472477eead96a

Download Submit
/data/data/com.tdmxcp0814.vivo/databases/MsgLogStore.db-journal

Filesize
512B

MD5
9f4482e271bbd61aa9b2f1acb4c1eb7a

SHA1
2cdbaf2b7bee519ef823c0aff8199bff51820913

SHA256
f68d28caf3e302eb59fd90641940f6a1364f22aeb0e121bc4b2c6a9eacda4210

SHA512
53b831436639325b39d2a9a234650e95a2eca5efafe02ba5ffd8d69ca2cbd96e6d4f4ae81a5a5fe2a699c92bd29255c9fd6760519a4c520d77b1defc5f2d798e

Download Submit
/data/data/com.tdmxcp0814.vivo/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
2b177970c84b2f85999093c10ecbfd39

SHA1
dc6b9fdf57df9a031ff82b7eac976643603c288a

SHA256
ca2b7dffb84e5b2aabc058d895fc9db057dffe55d395acf6fe9e6c4d04d9fb90

SHA512
8512d01469ec629f9f9cd6fec09aca97bc8a9da1703bedadd2045ee99728045c5b6d90dbb4c31190d2f3184a94cfffc66ad68808c8555e798c071521bfe93d74

Download Submit
/data/data/com.tdmxcp0814.vivo/databases/MuseDatabase.db-journal

Filesize
512B

MD5
d62f3024cc16a068cd134c50e3fb5c38

SHA1
802b1eb4422f7a2f234c9547918782921719d5ba

SHA256
3e3fb851863b683e39d4c7e2c4d219d472a1c7f0811690864cef5f76b267de24

SHA512
a3359873215bd47d208e84464bda73b3eb7ad25461304ede269fd30e3f863dffcb13bdd2af87cf0ab2580f9a67c77a44b72ea02b14ff62d48a1ceb163bfebd07

Download Submit
/data/data/com.tdmxcp0814.vivo/databases/MuseDatabase.db-wal

Filesize
16KB

MD5
12491a0efd17663c8853235a761d492f

SHA1
8b0cebb9e9702d5932f1183d1c8ee6b69f800936

SHA256
86e9546a3c9bb5a4af7195d93ac231c729bdd1540b29f3246f89071c1cbc354f

SHA512
83cab28cee4075ad5d04da02e1268cdfaec3102347cc6b0249377b5224680e65e05b2f07a5a77b6063c8732910f8ea8eb53dde661edead0b5ecaee2f8a437209

Download Submit
/data/data/com.tdmxcp0814.vivo/databases/MuseDatabase.db-wal

Filesize
44KB

MD5
d208995b98380bf8dcd015db32d47747

SHA1
cdd3c85dcbe7405010bf0cf2d1561f16a757ad6f

SHA256
51a1058174abc855b7a07d4bba30c734fef68a7158de74dbc0b7c276a80c067b

SHA512
66b4daf2fdcbc85961764d55792947dda47d65649cc26e12dc206735a10e240300969abe4cd0ea7797f9e1bdcb18c368a54bd45509e429c27db93b36ae0f53d7

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
6072b31ef80b972e5c644880c65a6a3c

SHA1
b0487c23ba17e4088ae472d67e9363c262e6f140

SHA256
7f99f4ff72e82261ab3b6aa1103e767b982700a37c21d6e5220dcb05f661a514

SHA512
dbd01e35958cbf7a707fd2b75874a7b30162704274f1db30dcde019647452d7ed9d89db6fbff933aaa642e5d995f5442ad7e341074938adfb9a819db4c02f606

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
b58ee3243a3665c1acf7bee677a59dc0

SHA1
38dbe4d05b02b478293259ba768a0885b6f7665a

SHA256
26965976b87f3c2c025c60674047b45249e559115d0bd61eaacbc88a13677e8b

SHA512
ebb4de6f7cc62733918fb224eb1d97676eb248d4488eb60e70594d9f4028ff4b06e63c605204d889456e4446f977fcea66273e9c8ae7433da2d6193c11437f08

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
0c4a60c50ba8759abd2d78aed6f9642d

SHA1
56dbd41731458f5854d93caf0d797e820b36b7fb

SHA256
a62dd913164bd19634f988145f13e57df3b1504588e53899dc1bf964f3b8aaa2

SHA512
50ff18c5aa971a46863bea8d5da25f8031d32c55cfb22c12314367ad5e9b690549d40ae00bfc4186fceb5553937bef29bf922a26efc1f657567d3ab843316796

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
2e8f777582501e2ef70dab9cdee53e23

SHA1
500920820a4e124aa36795016e2762128e35a6fc

SHA256
e66cbc818613cddfe804a3c861ec3f98517122e3d8758e5de21c74cebfc1402d

SHA512
14b89ed8baebaa56a5419bbdf43d9bb4a5afc38ce429b25da9560db77a4bba8b77fbf3252ee7315426a99f046c4b99f9496ec8488647a8387359ded8ed955a73

Download Submit
/storage/emulated/0/.dev

Filesize
56B

MD5
3fedb2cffa7fcd5fc4099e28e95fd859

SHA1
6663ab4f8dba36a9d44e16613b66413a6f12fad1

SHA256
756d8e014c5d43ea0f626e6e015d391f955604a2d50c39841a50f0ae707a5880

SHA512
8318bc51d85a8a382e5f456d4f8d3d693e8101fbdf9124ed548225fc45dd06b39e77f3c077233647d6f68eb9cf27fca8fcd2db5dc55340d83459beefe949ab63

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads