eaf947806c84cc349435cdb8edbcdadfafe8eb52f49404fbed8df9ec11de6099

Analysis

max time kernel
131s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66cd32502d5122ec4b2d94364551485a_JaffaCakes118.apk
Size

12.2MB
MD5

66cd32502d5122ec4b2d94364551485a
SHA1

3da0bec0bf700f29dd5a7437dd38763bb516943b
SHA256

eaf947806c84cc349435cdb8edbcdadfafe8eb52f49404fbed8df9ec11de6099
SHA512

c12bca92dae8df7ab0c7bb293c8226a4cfa350eaa59d018982e9c9df3d9227d69e8eb7cacad38b0165a6232bf3b91bae12f785cd8662178a726092d7489ba144
SSDEEP

196608:j3zly1/SaO8dKrp6c0fuGu/qI+3gBBEAWJQRrcXV4+0wuMgFRMi2+3bAft:tu/dO8dKN6c0KM3gfR8QR/+0RF+iat

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

f5game.leidian2pili

description ioc process

File opened for read /proc/meminfo f5game.leidian2pili

description	ioc	process
File opened for read	/proc/meminfo	f5game.leidian2pili

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/f5game.leidian2pili/files/data.jar --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/f5game.leidian2pili/files/oat/x86/data.odex --compiler-filter=quicken --class-loader-context=&f5game.leidian2pili

ioc	pid	process
/data/user/0/f5game.leidian2pili/files/data.jar	4351	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/f5game.leidian2pili/files/data.jar --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/f5game.leidian2pili/files/oat/x86/data.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/f5game.leidian2pili/files/data.jar	4313	f5game.leidian2pili

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

f5game.leidian2pili

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo f5game.leidian2pili
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

f5game.leidian2pili

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo f5game.leidian2pili
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

f5game.leidian2pili

description ioc process

Framework API call android.hardware.SensorManager.registerListener f5game.leidian2pili
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

f5game.leidian2pili

description ioc process

Framework API call javax.crypto.Cipher.doFinal f5game.leidian2pili

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	f5game.leidian2pili

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	f5game.leidian2pili

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	f5game.leidian2pili

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	f5game.leidian2pili

f5game.leidian2pili
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4313

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/f5game.leidian2pili/files/data.jar --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/f5game.leidian2pili/files/oat/x86/data.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4351

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4376

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/f5game.leidian2pili/databases/license_data.db
Filesize
32KB

MD5
ca2bcc7a502ebe854deae37d6952b481

SHA1
29d9cacf79b5eaea6db50402bdb19fd17454ad1f

SHA256
b8c2639c6e290d8880b1ecc74cd61838439860efa104c9d68c578d8fa3da85d2

SHA512
0a6b1cb290da5bfc7641cf4df4df4a6b332f0cfc9db45a8bfe36379c8dbfb06ed6267792ef397be193d601e472b8607f441035e9a05b85546b626b90346443f5

Download Submit
/data/data/f5game.leidian2pili/databases/license_data.db-journal
Filesize
512B

MD5
56f99849c04a4921274018a5231378a1

SHA1
43f90a7f1bf71e1103ab409af9848b729f447a06

SHA256
532d1299f4c92619720784cea56c4a2a67cb040e4b31f00886810c5c546a8992

SHA512
a97c09de1355bb196bf03016ae4fcecac827b234e27f1c1f66b97ac7fc638b125778a599d24ecfb54b0596a8fec438c83ad87fa2fb7e43cc2d3860973c137ba9

Download Submit
/data/data/f5game.leidian2pili/databases/license_data.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/f5game.leidian2pili/databases/license_data.db-wal
Filesize
44KB

MD5
077869d9db5cf792e1f2a9ee176cbd97

SHA1
bdc75cd1895ce3f07a464adcd339f49ca379513f

SHA256
42dc915d35b986f2d972c1c105d52500e2c7618d3346e1d71cdb5872cde681e7

SHA512
cf2cad52d2b0f0091f1df670a57ac1f5a7bccf76fcf09a0cdb25a4b43e4b255376fdeefc0f79db067e27775c0d8659f966ac0803efd38db6a4489a66735b2c34

Download Submit
/data/data/f5game.leidian2pili/files/actlxd0
Filesize
138B

MD5
77844856aac7ad881bd0fabcc260771e

SHA1
8d081b1e8bae248984043b2973cadf5af5edd2f8

SHA256
d0639537f9bbeec15feef43e76dbb68e62f3482c2c75f345e8fb9e299bd16340

SHA512
5be8869a2df840112a06be5af814c9f46b556da5f7eed9e0d150628c1db9f4a0927883fa71ccf852abd86e85ef9827c666df281e408094a7a84879ec91da7366

Download Submit
/data/data/f5game.leidian2pili/files/data.jar
Filesize
97KB

MD5
43aa6e671437df7e21ada10b9ca9c76e

SHA1
21603addc58ee1aacd36fc5a065a6c28d8348957

SHA256
bfb16339a70adf336c93d4eff1854ce69ec2f23e8473743721bb83e6c2816bc4

SHA512
42e9caa35a717e4522bc4f2c69db219762338d66ae68d3b413e1c369952e9d05e5651d9b7c52e13f4beccb597c909c4d71884ec8cdb36323094cbeada9cf05e6

Download Submit
/data/data/f5game.leidian2pili/files/iapSplash.dat
Filesize
3B

MD5
c6f057b86584942e415435ffb1fa93d4

SHA1
8aefb06c426e07a0a671a1e2488b4858d694a730

SHA256
2ac9a6746aca543af8dff39894cfe8173afba21eb01c6fae33d52947222855ef

SHA512
bdc247a1a0e28a586ed40744d281993d519abe981aaef33277d4877d167e1150816e9723d068a59509991ed0cdd8c5cea0f9ecd0ef23664db7cb85db5a0dbe12

Download Submit
/data/data/f5game.leidian2pili/files/pay.data
Filesize
97KB

MD5
b3318d0f9efefa37d789745f55ec3b6a

SHA1
62794c6e107c5d6bd248fd1c883a5ab02da2d7df

SHA256
62e0bdbf50e5684c6ebf48c10491b662f1662d26c9594e852c34849bcaec856a

SHA512
bbbb19ed4c7f427e1399c2d18a4e104812514feea1bbdcda927c593e9d9d987a72051e133c94fe4c3d15d24716299dae53f172eb32b02c79f0d3c885fe748f1d

Download Submit
/data/data/f5game.leidian2pili/files/syslxd1
Filesize
531B

MD5
24fbe1dc41624bba1828f12bec240257

SHA1
7d493054c2afb39887c0a3921fe64284388c836e

SHA256
810c5fe44dd81b57bb1f1d9faedf33fc2c5309ad08f8148b71e669e822184f21

SHA512
8c3f42963cadbd05baec0df3b74d3af2e413718e9b184d450d3eefb728959f5608111279f8194bcde5d343d009e1ac0fdc512707f5336567add43518668daa83

Download Submit
/data/user/0/f5game.leidian2pili/files/data.jar
Filesize
238KB

MD5
7b77931bfeb2f5c8b0337fbba9a8b528

SHA1
0e6906a326f3921beedd676f7f0bd7c3eabaf2c2

SHA256
92b9752d6ae65eeb948653cf5f27ab83438b787d5601845974c976f492df21d0

SHA512
c97a3e2063c68103a5298a1a5d8c740f6ec44b60e836092438fe6295964955d2c99d1e4a113d3dfab7eff2fb8c4caca09cca6ea516f0be20b02c57e51767c900

Download Submit
/data/user/0/f5game.leidian2pili/files/data.jar
Filesize
238KB

MD5
1cc8518346734dd6224a76390abdcc47

SHA1
6b008b0bfaeb1f96b7e146cf90e6d5cdea251405

SHA256
f57bd8ca4cd7c881b8c304dad6e2530613bb287296888f5ffe1bdd39ad1d4f1d

SHA512
7c824d52c4ef673f437811315d2e2aab4fa9c84050a5814cba780eeca21ed2a82759e88d9bd36f9a402a53f64188ada8c78718d26919f14a8954624e9e939248

Download Submit
/storage/emulated/0/InAppBillingLibrary/log
Filesize
83B

MD5
ee67ca28676b3f3fce33a00cbdaab985

SHA1
3a1a1805646b358e5853df6bfdecf44ce723fbce

SHA256
e1afbb04c844615ad19947d796306d522cce8d8ffedb7875ee5caa7607707697

SHA512
7c700c87e804ae87dac9146f214a026f77e0c4b285344425002c47d2dcb0792e1a610a3885e011c17621ddf904a76542ba563b86b361532c3ce57da4730c77c0

Download Submit
/storage/emulated/0/InAppBillingLibrary/log
Filesize
80B

MD5
0d99b1332a1a86c359b9f329f8bea3d0

SHA1
2f76f2aa89bc00789973f14f1cf46b8f7d0c3194

SHA256
1458f5093ac468ed4b17f3dda7add28799e823ed423acd951453a918285f8b17

SHA512
35defef6873737809d716ec7afa2fe830905e93648e9edc96ff11f4207b4cd447605e84abec448db863f7ea4e4b008af4d05cfbf0a344afe97d208b63bf72f9d

Download Submit
/storage/emulated/0/InAppBillingLibrary/log
Filesize
90B

MD5
e8c758f5c1bda269905ec331cb35edb5

SHA1
45cef430658a6d8f2f223f077690cbcf8f772287

SHA256
386e26898ad649717635cdefa6ea89070182c070e9c989424fceaf0a95c40014

SHA512
445b36b5ef33daae5564b77bcf43d182d75c6d309d363050e94fad1a5cd9d77622ee3683319227be0fe4154f6ea68100f459add98fac6237950e74101979b35a

Download Submit