4491465c38eaeb16a717db64b16a7af6d61885c08d86585e94a3ddf5f1eccf00

General

Target

66c7d95f35cec2e3040fc0c536e84e78_JaffaCakes118.apk
Size

7.8MB
MD5

66c7d95f35cec2e3040fc0c536e84e78
SHA1

b72345a2475ac0cd85a7172140bc67b1ec7d0229
SHA256

4491465c38eaeb16a717db64b16a7af6d61885c08d86585e94a3ddf5f1eccf00
SHA512

63b24cb55e3ad0bdc973dfcab0475433829b056ebfd27c2009c15755c796f46f8dcfffe42c532e50d04ed24b72a5f71d2f30f6e3c567709740e761de75f44d76
SSDEEP

196608:udGWsMs3d+WqUOaloQ9IRTpicYHnvGd9A9sjuPO1:GGWnmd+zMoVinH+cNPM

Score

8^/10

banker collection discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.lovebizhi.wallpaper:remote

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.lovebizhi.wallpaper:remote
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.lovebizhi.wallpaper

description ioc process

File opened for read /proc/cpuinfo com.lovebizhi.wallpaper
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.lovebizhi.wallpaper

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lovebizhi.wallpaper
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.lovebizhi.wallpaper:remote

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.lovebizhi.wallpaper:remote
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.lovebizhi.wallpaper:remote

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.lovebizhi.wallpaper:remote

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.lovebizhi.wallpaper:remote

description	ioc	process
File opened for read	/proc/cpuinfo	com.lovebizhi.wallpaper

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lovebizhi.wallpaper

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.lovebizhi.wallpaper:remote

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.lovebizhi.wallpaper:remote

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.lovebizhi.wallpapercom.lovebizhi.wallpaper:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lovebizhi.wallpaper
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lovebizhi.wallpaper:remote

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.lovebizhi.wallpaper
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:5106

com.lovebizhi.wallpaper:remote
1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5202

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

1

T1627

Geofencing

1

T1627.001

Virtualization/Sandbox Evasion

1

T1633

System Checks

1

T1633.001

Credential Access

Discovery

Location Tracking

1

T1430

Software Discovery

1

T1418

Security Software Discovery

1

T1418.001

System Information Discovery

1

T1426

System Network Configuration Discovery

2

T1422

System Network Connections Discovery

3

T1421

Lateral Movement

Collection

Location Tracking

1

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lovebizhi.wallpaper/files/lldt/firll.dat
Filesize
56B

MD5
df706a1365f129d262d149a1421505af

SHA1
869c822b70e5ebd6141411f693d660c4c1e034fb

SHA256
d8f6d6c0d36800437986b15350dd45e0870fc424b295b23fa7dbe57e51923b67

SHA512
1af4aaeb18e4f96886091ec799f60e47ebbf1677e0a2ba211f54d0d179896878c5d081502f66f7344c90ce9abf378245de62cd0af2a38214d97129f467b1223c

Download Submit
/data/data/com.lovebizhi.wallpaper/files/mobclick_agent_cached_com.lovebizhi.wallpaper
Filesize
512B

MD5
43658da1f4af6fa82250675fda60e85b

SHA1
a30eb7f992f72fbdb6601de583a06354f6dc158b

SHA256
efda5fb4e14cffa6dc06db9d31f150574e640a8ec00e78e7d35fdd9c7a02dd9d

SHA512
5151199b02344f95e52b704159abbbc940b6b45a86332e8259fc778cf5048f34d63df1cb242e17182b2af13e0f69bfcf057156d5b911329d96f2af0a6441ead4

Download Submit
/data/data/com.lovebizhi.wallpaper/files/wallpaper.config
Filesize
28KB

MD5
2cd47ada17ad7a4e3d5e2717cb2762c6

SHA1
7cb844672cec4a3bce75c8cf81e80e8ad7cc49e5

SHA256
5f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279

SHA512
c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae

Download Submit
/storage/emulated/0/LoveWallpaper/settings/wallpaper.config
Filesize
8KB

MD5
4dabef321bd17f1cbb94ae86462f5000

SHA1
26726c43733932336dd80f4fcbb8ebd2ccdb7d51

SHA256
881db778fdac2a3bf06aa8402bd666dec61dc43f180d071256bac3cd1c130f91

SHA512
826fad0e1a0f773c07047b999b43b9fbcb58dd3b64f3cedd5f8ddd72e6aa34b016684d5c83aebfbfe2e4d4b7a1e0972eafcb29ddd5dee05ba4eb3c4028640da8

Download Submit
/storage/emulated/0/baidu/tempdata/lcvif.dat
Filesize
96B

MD5
b9e93b724b9c2af4f7ec6186500cb639

SHA1
6137e0f3cae079df612f90f5575f4e91933ea074

SHA256
3b60e030498527f9deca3badbe794245f6aaee99c88dcd71c28a88ab1580219d

SHA512
c025c11b0a1c4c973a2d8c85988b10dd107818aa2aa7b51b637b2c741c7d5cab98c2548374a1d05837708801a8556110dec8e63e629678d7ca3fca2d78957b37

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
8KB

MD5
cdf58694b022063b045fef7350a16010

SHA1
638709c80f6284bb3ae5a4cb2839db597fd39363

SHA256
e2c9a8b342674844b7d1ea473354597bc3be04a37b61a805be8d92d94ff9ede3

SHA512
33a3e7ad64b960039855d3bc2d3f24aa062792e46ab35716234eeb8f17bd43308bb4ea40ffee3a6291c3bb9a69dec57da63c30a00ef069b32e66d656432e7e44

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
8KB

MD5
48d9d6c560523aa5474ddddbf4f90c7a

SHA1
252c265bf1cc2862eff7b6e543fa45850f9c3391

SHA256
e56da98cb4cffde027f77d2d464974dd32fccf7154b05dc64022019ff9bd42c9

SHA512
14189a2c1ec9afb82579f357f1eea49a8e736fbe581f46138ccc658e9f6a886bc6b3761dcfcf3bf098e15a3617279cb8e02ed53eab7e1fd25eb2cf3d2eb32200

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal
Filesize
4KB

MD5
fe280d63f1806d9035d36de31de4fa52

SHA1
7189f1b7040b34291af3492393a1d1f0beb0d579

SHA256
2a2c7f775066b4eda51c3729a289845b9c7f7af45c24c5db2c30406b6e4a6338

SHA512
8d1413fc9fb98d80324a6b26cd4f3b0ee0648cadaca98ec34c9291003b7b5cf7334a840f40a2f5e5eb00d5d4ea11d0d695a1e0d0011c8e581b4f2143c60e1663

Download Submit

Analysis

Sharing