5658cf47393ce7001fe9c6e8f6c3863688e8b9f89218f64fa9e2722508dfda85

Analysis

max time kernel
4s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67025b82bba58968976d0411c56d7e9c_JaffaCakes118.apk
Size

16.6MB
MD5

67025b82bba58968976d0411c56d7e9c
SHA1

8609f7016f9f0f0bd326208cd7bd348d4e07746a
SHA256

5658cf47393ce7001fe9c6e8f6c3863688e8b9f89218f64fa9e2722508dfda85
SHA512

2429ba7fc18361ba81e076733683bbd2673f33f9118de7e8fe584ddb77253b960401a282aa40cb31f1c9ee3a7de2e1cc35a3722f782ea3d833ec680e519c97ef
SSDEEP

393216:Cyfsc2Ua+TiyVsbg2Sbm0f0NWnDklapd2KDLgeYkUSR/qoO6UAW3pybjVl1m1G3:32UBL6bgWsDdZgeYkDpqoO6Nwpyv1m1g

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.uc108.mobile.fddz

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.uc108.mobile.fddz
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.uc108.mobile.fddz

description ioc process

File opened for read /proc/cpuinfo com.uc108.mobile.fddz
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.uc108.mobile.fddz

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.uc108.mobile.fddz
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.uc108.mobile.fddz

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.uc108.mobile.fddz
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.uc108.mobile.fddz

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.uc108.mobile.fddz
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.uc108.mobile.fddz

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.uc108.mobile.fddz

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.uc108.mobile.fddz

description	ioc	process
File opened for read	/proc/cpuinfo	com.uc108.mobile.fddz

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.uc108.mobile.fddz

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.uc108.mobile.fddz

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.uc108.mobile.fddz

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.uc108.mobile.fddz

com.uc108.mobile.fddz
1⤵
- Requests cell location
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4278

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.uc108.mobile.fddz/databases/downloads.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.uc108.mobile.fddz/databases/downloads.db-journal
Filesize
512B

MD5
44a5341e84257a3c5620b783aec4c89e

SHA1
174e74a0ee067f2c66d76f651d768ecfb5557a1b

SHA256
fb11a6d0ed7a1c25631e28cdf81a9ede6bd8ebde67b903072e16ebdf118d973a

SHA512
de7e9e1a028065b70d5d0be962cbf62af8c8bb9b36de1c5aa979e5bf41c80ba2b7e1530f99c67158638241975fac369843aea255d6c6a03b4254630157385a50

Download Submit
/data/data/com.uc108.mobile.fddz/databases/downloads.db-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.uc108.mobile.fddz/databases/downloads.db-wal
Filesize
16KB

MD5
51d3310bf697b1068b18fd3ac4870ec8

SHA1
7b19f88f12b2425eacc37b9ce77f6ef728643f2a

SHA256
eaf46140b0273e8f9cf0edf2f49487106e10fc58a0537bbe77cf133e664dc850

SHA512
aa6eab646df5897fc9343a20a4d3926aa9ed735b7b2d3e46c5b093c675a83b80bc6718276884964f70297b48294733d1a0a13bd282105dce60f98b8c14262433

Download Submit