d004b19a9c60d13ab65ea697b7932499f4f510973d15f678bbf4a1be84c9f768

Analysis

max time kernel
175s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

670fb510cbcd5ce864020e049d5bff6a_JaffaCakes118.apk
Size

13.7MB
MD5

670fb510cbcd5ce864020e049d5bff6a
SHA1

f3c26ad3eae4825ab5b17b2e6b87ce781736f4f6
SHA256

d004b19a9c60d13ab65ea697b7932499f4f510973d15f678bbf4a1be84c9f768
SHA512

dba9b05935b4cb8cb41b7a888c80c98f8f0d296f78d58fb3f90ef6cd82dfb28aec400cc82b0893e2face3423c5d3520dc25f06124854ff26581f691242d1c892
SSDEEP

393216:zOfzI6WHGrXt+em3eRxZNjR7VQ+5cFXNXQbAXmlh:zOfCHGjpm3eRxPjRW+OXZQbAWz

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

Processes:

com.guokr.fanta

ioc	Process
/system/app/Superuser.apk	com.guokr.fanta
/system/xbin/su	com.guokr.fanta

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.guokr.fanta

description	ioc	Process
File opened for read	/proc/cpuinfo	com.guokr.fanta

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.guokr.fanta

description	ioc	Process
File opened for read	/proc/meminfo	com.guokr.fanta

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.guokr.fanta

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.guokr.fanta

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.guokr.fanta

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.guokr.fanta

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.guokr.fanta

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.guokr.fanta

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.guokr.fanta

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.guokr.fanta

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

com.guokr.fanta
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4274

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.guokr.fanta/databases/mwsdk_analytics.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.guokr.fanta/databases/mwsdk_analytics.db-journal

Filesize
512B

MD5
a440aba269a542847bbe37d36e7e8be3

SHA1
3e7866ebfe16f4e420bc6a0b39e32fa0ec72cd76

SHA256
ef994057c5913cffaeaa37e5d26d8c17e6c2380947dc4025e0fd17f104e50e02

SHA512
420e6d2b41791ada21cea94930a19d5dd3eaae63a89c51f717cf165da530fc4a4a259b88c17362439946cdcd543e271b6c66605c0d559286875f95510de6802b

Download Submit
/data/data/com.guokr.fanta/databases/mwsdk_analytics.db-wal

Filesize
40KB

MD5
baead9652d57fb81c027cea4d61299ff

SHA1
ff846eac4befbaff241108f265eba0780b0c2759

SHA256
020bc97e377b6e1ce84518c6729f958f1953c0c9c85fd841c6530ffd297473be

SHA512
0b287e8ccc155fec893e8944d60bd9c3eb6854d792e7a3e5bc2527a3149b146df3279df4dabde8f9fe43eccbcabffb7572b2c69b254fc1e86a04da1ef55b4989

Download Submit
/data/data/com.guokr.fanta/databases/zhuge

Filesize
24KB

MD5
beb107d9612bc13ab9908f8b545ec503

SHA1
005508d6d9d6ca3503e2d16a379b8f78f239349f

SHA256
7cac728babac9c868457af997221d5c87210bbc78623fcc3b861b9cc7b74ae38

SHA512
8bc7510081f40897821acb00d27048a6d616291a9a3bcc1342abc9cddaebb1037142f2176ca5998ab3c116626eaf93e05f365a82a32dcbf7de1892e0e90d35a4

Download Submit
/data/data/com.guokr.fanta/databases/zhuge

Filesize
24KB

MD5
11500bdd72933ef2d7abfaf0d960089e

SHA1
318789f44a67a2bd50e7ac0eb357b3c0183c05cb

SHA256
c3f140eb4803d437e66d4fc347d6973a8cef8cfb2a3ee8d40f0dd7da7a263ac2

SHA512
e17bc4372ec87dfe12256e233e29bd18aa210eaad16223ec265ca0d30d1ab2adae8228f75ce3e2839205d9c805570594afef362004d82667a2b81c42daa7eeed

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-journal

Filesize
512B

MD5
5c4295133aebea31ce3d468dff9b6887

SHA1
491499b559d93f3d50083af74e00a88280f78da5

SHA256
2a2ca03fe6d3e29c9b5462118df5e4be2bdc396dc2f1bbe0bda3d6359edfd93b

SHA512
4e5e6fd679a57dfe2185cac249e65a2c8f1570729165d0b65c466df92f75404ccd1c5eb2528045d651bea4bf31e6415891076caaeaa917cb12fed605968b1ab3

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-wal

Filesize
48KB

MD5
3fcd1f821b72f006d4ae4fbf1f076487

SHA1
d9bd4dad8ce4ba2c618603bf8dca05e28ba59559

SHA256
26151a5967ea7eeb64fd5b68b652fda0d932d9f524f403f2c35393bebf691b60

SHA512
a89f97c428d3e2e238f933198883d3430708b1bd6f9469c97b649c38920f139982f5ce6c2981017148e67de0422374a78efc9959930a8f8ceb0aebdde029882d

Download Submit
/data/data/com.guokr.fanta/databases/zhuge-wal

Filesize
12KB

MD5
1da37c30e9c962a38cb123be8b93624b

SHA1
ac2e36aa81c4d6a7bee64395c11911f3ede9417f

SHA256
3fb76c6afce3728679c5690a3c0b2b3e83cbaa8581d3b5fa589f19474df24539

SHA512
bce055bd0cff06052cc4faa3e4341eaddb794a5f3898b6e0796c021ae93e0af732d7809596fc2701cb51d608badf2afceb32f0bb2a7c543d376594dfdbd1dfd3

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD31E00D0-0001-10B2-76171847D857BeginSession.cls_temp

Filesize
77B

MD5
0dbc67532b384cda44da7787d7d7dac5

SHA1
f7f756fab80e03220c175c7961b54d5a672d067c

SHA256
4228a79feaa3e94c313af8b43b6c29f70995ba6b87ae0c50e0d3e5fa80a21735

SHA512
213242492be14a6f5312f6c090f45574baec3ab9d70a0e7581e12ff150387d7a3af05f8ff5344713deda505e43f44aaea5f8b3b8bf6ac77c3bf5e9ebb27bfc71

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD31E00D0-0001-10B2-76171847D857SessionApp.cls_temp

Filesize
112B

MD5
a55e4cc093d05bf7649b609f348ac0c6

SHA1
261e849a07ae87aeb59e5600ea3f66e5a91879f6

SHA256
76a2221c58701f1efd4f30903e878ee9923bf2f604143827c0a359f0fde7a793

SHA512
1e5b45b5dc6531bbee86d82bbb0bda273a5984c84dad575aa04afc03c8a6a18b0b724f26485d2f20305e388d9eb5481c7c702c23ce49313c304d22f4c0a908e5

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD31E00D0-0001-10B2-76171847D857SessionDevice.cls_temp

Filesize
88B

MD5
e08243ebc51dfd3001c846b35d622ebe

SHA1
cc7f89eb64c90e6a874492ff61ead4c5e9013242

SHA256
fcacd60b9e7be487d806fb23844c846d74a06f2231a9d2f086423797bdfc979e

SHA512
84c325fa848725b47c350d2a775d50b1ba309f9970b36b2685f2844e9db278241ce7cc72f824edd6cc94a3dfc0c070a32953888df9e961f13bb54e42bae40d99

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD31E00D0-0001-10B2-76171847D857SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
953B

MD5
371132de95d583f59588bfaf08712350

SHA1
1447de34bcad9e77b3d144111194d4d63439fea5

SHA256
4be1e39f4eb682a8ad5b7ab8cd80901c9a94e244ab4ec3211829366a73ce52a8

SHA512
8cca7e70fadc7493eb4d5a913b55a1dd767b62e7787b7884b7447d2090ffef1b1f44434cb463b3f1873d98c33d1df55ebbe7858f8007a121827bb1f681b3195a

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
418B

MD5
dcb69f5f79c23416d75029e75704f532

SHA1
fa40c3b7d7435bdf974a5b19c8c0235efb33259f

SHA256
5fce480b65865352b2ba06052924866cb7447e5c2c85d5a1baec42ab536c3cee

SHA512
4dff0c9ac94fb8db187725e34af1dfba6eb548dc72452e2cb39f869629ec6cb540d4d2c09f4ca69232bf7726b4950623fc40d1a2f13781fde4a6b6bd2a6d680f

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_6c92b939-b5aa-466b-8488-f780e821431e_1716376350509.tap

Filesize
340B

MD5
ce3aebc0960e5bfb9b527af1e50bb0f8

SHA1
ca8367e3607a3f0b750b84b5b812029d33dcb29e

SHA256
346f7333092aef1b3e4db4a1a186239510a777b40c69e9c9285f93b87f28c9b7

SHA512
9f2a93e83c2737bd4d7d8dc2e3fd1058f06574117f35bd528f28858d6c3f19bd602db0576da04a613ffbacd921abac319ee3d062776ff15beef547e62ad191a9

Download Submit
/data/data/com.guokr.fanta/files/.um/um_cache_1716376412525.env

Filesize
671B

MD5
6217d4f19c0f35dc88795d35e5edd1fe

SHA1
b6a44edf8228b1b4f8be5c4ea03b9552cc568502

SHA256
e76cb0ca9dbe0bb0c5dc3af06b3d28409961f77151fea47b02f2277a35cf1c09

SHA512
cfe365daef2806c38dde41e0a76a73d1a18c19a11872547f1636a070b9aec855284d8c67c5756d5488da7c545d41dce9533e89a17ba20a353a8acd58880df4d3

Download Submit
/data/data/com.guokr.fanta/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
a1379c2fe61dd4ecf36e4617b314acef

SHA1
9a8b53fcf2ce594a68e44a1e1fb315255c54b281

SHA256
4f72233e9f28de3a0eceb10b0556f14fa0b546634036bbd4c684953cd32871e1

SHA512
6a67855eeeb328753532d86742bd1a050ac09239f0c6bdbd6a20c91f142133478126a3f5d899cb18f289a8c3daba7d207b1d7f64cadce1be11c645acd4eb474d

Download Submit
/data/data/com.guokr.fanta/files/umeng_it.cache

Filesize
415B

MD5
22c56dd3a16ae5336f43c2869377b985

SHA1
a640470e3f4fd01d0bb03cdef328f2d0bc567747

SHA256
6832c259cbd4222f1fda65d2c99b22cd6d71462231f8b382a5d277a090899141

SHA512
77405fb80d30490f82505bebfa72ab2b84a661084437ffa41e2473b678adcd7a8033da9aa2327483e7ccbe1447aad11c5cfd52c7dda4780e5ab7cc7c19e67c55

Download Submit
/storage/emulated/0/Android/data/com.guokr.fanta/cache/bitmap/journal.tmp

Filesize
34B

MD5
c6cfedd7f0c75e730f54e9589d6abfe7

SHA1
93cd842fed00d466b97059781a459a3d5417f82d

SHA256
2670af997d01b27e5f81054ba5a0e83b0b2a0ceca4571b0218e08e7623c1d376

SHA512
35588e4d35ebb57758675efe0551f4c56cc073b320bc9ab492541875672f9d476b6443d2401c31575a58da7e0dce7c81f92d9c5427e17c18b0d598c36615f690

Download Submit