Overview

overview

8

Static

static

1

66bcf8031d...18.apk

android-9-x86

8

66bcf8031d...18.apk

android-10-x64

8

66bcf8031d...18.apk

android-11-x64

8

Analysis

  • max time kernel
    63s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    22-05-2024 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk

  • Size

    2.5MB

  • MD5

    66bcf8031d4a4c701cf83bd9dfb87a7c

  • SHA1

    68224ed4acf9327a25e1f09e8612052be3bdead1

  • SHA256

    5e46295f5050d4dcd4f6da5c4c156addcc8280cea3aac7b3731e1e8d260da373

  • SHA512

    4f1d7ddad111e989f8f4c8cf41bf02fe131608768c927d58bd27489d82dfc2bdfc2c7596a4d8a033f14b6b42df89b1bacaf5ad761be3696d45fc53db192650f4

  • SSDEEP

    49152:FK43Ei2Lnu2S9xphxvrymYbW5EWBCkIannhfc3tBGAn2yf23IOYSF+mUnpnQH:4438u2SkmYyKWHnhfc9HSWkIY

Score
8/10
discoveryevasionpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.yxxinglin.xzid586042
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4281
    • ls /sys/class/thermal
      2⤵
        PID:4316

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4Njk5NTIy
      Filesize

      1KB

      MD5

      a7ed8a18168d2321a8e069aab7af6efc

      SHA1

      0cdfd079a0d6075aefeda6edba90b90306330e90

      SHA256

      e6b914d026b3af36ef8af044c5adab4cb14fe7b72f1edf4ac0a56826d300632a

      SHA512

      0b93d83317e4e57a5bf3410bdbe2a707dc50db044fc0d99202447caddd8f378298111813b019bcb4d16348ccb206f90d0e2afed823e1701928faa643bab5b72f

      Download Submit
    • /data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzI5Njcw
      Filesize

      1KB

      MD5

      5bb3b0d894f7abfbd0ae75e2c2657a31

      SHA1

      2e58095e9fefd9004757cb3cfcd841817c1c7113

      SHA256

      e72f560affcabc4492074ff14020c1983eb5c0dc8756248373fd52e6598ba6ef

      SHA512

      53b4ee6f09a9e4776e2e99bbbd176a079a452aed8f455aa61055efea28c4496f023b207882d5bce5363c0f43d66a1e2dc736bc65be9a5e955728ebbb9ffc1e88

      Download Submit
    • /data/data/com.yxxinglin.xzid586042/files/umeng_it.cache
      Filesize

      352B

      MD5

      c2441657adbb3c68f481c4d4264e8a70

      SHA1

      1f12676004a99422536ffe1f3370eedf76043d65

      SHA256

      e95529e080cbb5d5268e347d0e45374ce6e4ddc7535da17cbb1abf0979d9780c

      SHA512

      7ed02b8eb915176a4a4c816c38a8f9a2dacf2962954ee2cba0b0d6348affa3edd0545d1505e4532cc715b42b494a24de5b1e7c5091b2cba3bec75f8d408d9e0e

      Download Submit