d004b19a9c60d13ab65ea697b7932499f4f510973d15f678bbf4a1be84c9f768

Analysis

max time kernel
176s
max time network
186s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

670fb510cbcd5ce864020e049d5bff6a_JaffaCakes118.apk
Size

13.7MB
MD5

670fb510cbcd5ce864020e049d5bff6a
SHA1

f3c26ad3eae4825ab5b17b2e6b87ce781736f4f6
SHA256

d004b19a9c60d13ab65ea697b7932499f4f510973d15f678bbf4a1be84c9f768
SHA512

dba9b05935b4cb8cb41b7a888c80c98f8f0d296f78d58fb3f90ef6cd82dfb28aec400cc82b0893e2face3423c5d3520dc25f06124854ff26581f691242d1c892
SSDEEP

393216:zOfzI6WHGrXt+em3eRxZNjR7VQ+5cFXNXQbAXmlh:zOfCHGjpm3eRxPjRW+OXZQbAWz

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

Processes:

com.guokr.fanta

ioc	Process
/system/app/Superuser.apk	com.guokr.fanta
/system/xbin/su	com.guokr.fanta

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.guokr.fanta

description	ioc	Process
File opened for read	/proc/cpuinfo	com.guokr.fanta

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.guokr.fanta

description	ioc	Process
File opened for read	/proc/meminfo	com.guokr.fanta

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.guokr.fanta

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.guokr.fanta

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.guokr.fanta

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.guokr.fanta

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.guokr.fanta

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.guokr.fanta

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

com.guokr.fanta
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4508

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.guokr.fanta/databases/mwsdk_analytics.db

Filesize
20KB

MD5
1ef198aa440ceb1d42000ef5c65927cb

SHA1
237969b226afd626c24f66b7c92606c5af11395d

SHA256
b378d7e460e59ef2c6bed29c87ea2dcd7b9960b691b5a1f37d3d3afb82e5335a

SHA512
1e147f44b88bcf3d925b72ffe62b8b8346291e6b5b84211fe8859f0ed10e89bd3be573bd3e5bfa6a1049b3c303404686b893053e3b206d36840d75e2c82fcf7d

Download Submit
/data/user/0/com.guokr.fanta/databases/mwsdk_analytics.db-journal

Filesize
512B

MD5
4f228e29b7f375ed0dfa62af8405ba55

SHA1
82824aa6a05cb1636b8781fdba1b3c739ef24664

SHA256
d7d19bd7d6ae47d61364682dfc4d50640284654b08b64219b11af91eb0a59114

SHA512
cff5faa8e294e28e46067bf87da001038a75ac71a87cba83894427fde5950acbdecc4bd7b3324ac8b2acff8d531ac5a68d508d9a2a634c6a8d9627e23c6942de

Download Submit
/data/user/0/com.guokr.fanta/databases/mwsdk_analytics.db-journal

Filesize
8KB

MD5
6fae6f4f4078de749ac109ef8a8c8b35

SHA1
d921619e3cdced9c2b95eff3f4130d443a2b33f2

SHA256
5c6682072cc4f6c0d5ba4e066a87f74140e9f8dfe8d9e3ebe3aa52ce17aede8e

SHA512
9f4d0d5406736620f9b41e6ed5693cf2327404657bc0ff50d546888eb1f45d9179f38a16e96d1240fb0a4d1dcd44673870b7eff00cb5d832e1b043ff8f02a6ba

Download Submit
/data/user/0/com.guokr.fanta/databases/mwsdk_analytics.db-journal

Filesize
8KB

MD5
cab9545158ed12a2dae5c3d4c06fe1a8

SHA1
567d348aca7c9878731f23f9f74c7477af0d3af8

SHA256
4cdf09ee6ff3119d798f1cca911d5bbc9b9f8fe36d7e1ccd779eaf4f6e2e8175

SHA512
39be1b3f738c9aefb6f6f91f604076f13d58858eab81a08f5b279839ce70b622a80dc325ddbbf645b706b3c9231ba0b194f657262906172c4405010e4664b24e

Download Submit
/data/user/0/com.guokr.fanta/databases/mwsdk_analytics.db-journal

Filesize
12KB

MD5
56769aa1509644e38a761f2f80939b94

SHA1
613ea4885ab513334281e1512ae9956d03c5bb0c

SHA256
1de1b32e2070b59a193898514eb4663b28f01fbed45e50ad0f5e37ea95450dcb

SHA512
8e01c199348ab99459dc1b10fa82c1ac86e463651dc8910bd68994f7bb86af89d552d640cbbaf9e594011a228883496a20066b27d780433443c7a0d00139e1e8

Download Submit
/data/user/0/com.guokr.fanta/databases/zhuge

Filesize
24KB

MD5
c6d4f044edcf5fe83d9ce2e2c0ba3069

SHA1
c219ff55a7806199d820c736efefcfd710594909

SHA256
0d745b0cce33827d92322154d43796bfad7c531e54fc6e9799724cfdf08a5699

SHA512
73148853e178189476b65e240465171a024bd5860c2d69d310ab6c1c687b12685f9e72ac89809ee93a4d69a00b58c966328984949eccb1da464c6b3e063ab00f

Download Submit
/data/user/0/com.guokr.fanta/databases/zhuge

Filesize
24KB

MD5
1d6c836cda2a2331f55930d63a664d03

SHA1
0492ba7b59eec757d9df3618897cae9d5a31628f

SHA256
741d794b60d73d69e23a32c782f05cbbd46ff3df1cbf9d8679c49435d025ae6d

SHA512
0a663f6fd2f366754d31e03b106fe581508e39f9458040f10bbf2618eb9a9414d3be48624f26a3ea4bbbefe02b6284fd44a0326bd8e690e041d5300f50e5e2ba

Download Submit
/data/user/0/com.guokr.fanta/databases/zhuge-journal

Filesize
512B

MD5
279c59fd4730d770c1c6f7bbfe49a23e

SHA1
7c78fffd514d76a24ccdcacb88f9627a5ddaf394

SHA256
d8ac832a6a0b125916fedb9af6fdb0fde62dfa13e287ac4c621f6e6f3672f00b

SHA512
81a13aad9f7346edf497985f9030a8df3d1c5ac08d59f7eae2855698d4db3f68b7c88d24690c886b9527aa1f1947c821fa55255517e75ea407c474bbf41756dc

Download Submit
/data/user/0/com.guokr.fanta/databases/zhuge-journal

Filesize
8KB

MD5
b61da64927e10a10d4ee9585541671db

SHA1
1cbb753b85b84ae1e7a8860c141f201aafa0da84

SHA256
af2b96be91934fc92234e482e16f3f0c104a40eb5d83caa2680c71bcaac3e8d2

SHA512
a444a6912ea31dfb86d48a931fcb03971e1e6784b76544e2dcb4a51dec48416017e4d20a636b0c0fb2415f653a9cc956885c2b3a437b6a4aab407b1519c59116

Download Submit
/data/user/0/com.guokr.fanta/databases/zhuge-journal

Filesize
8KB

MD5
9af4d9ea6d0e369e666eedf1e78da56d

SHA1
d646eedd822f77ebd973a90cd3acc151e71cd023

SHA256
0970e3379b6dd2ed8068955322ef6fcb15db7316c33d45e472ffa4a6a571682e

SHA512
198f82e8cd6c6341261275642460c7bafa3256e08367c5019ba202b5533ce83d636a7a9e6b98c51b665d89ef57a8f36c7b3c4648695f38a932905e6346e84e5d

Download Submit
/data/user/0/com.guokr.fanta/databases/zhuge-journal

Filesize
16KB

MD5
17c9d3ea798fecd9912334074cddbe50

SHA1
db369a7c0b5a307f889dc367fdda2475560aa8b6

SHA256
ea9e622eea1131925b9340ad1c69db80ff067a60194c55d52be9330306da291e

SHA512
b1b7c4718af70ed32c7d8f3fd4b358dcf9daff847b9a342a1f9fb5f0b4b569cd0dc30ef8699d12251cad614807791c74aba0545df27827144811265429f71eaa

Download Submit
/data/user/0/com.guokr.fanta/databases/zhuge-journal

Filesize
16KB

MD5
9ec4e5e2d942fbf3f66236514c0aeb4e

SHA1
3b4b8dffa703256cd5975352c7ec2c25ac72114e

SHA256
66866c8225c9c18679cbd7f6d24ab2c74f992109ca20e4bbd877fffee402abc3

SHA512
6b3c99e37816ad33d64a8779a302f1a16df742b3e4e529f04d8fe782428c9ff63c662bf1440ecd7a6e765e15667e9566e812461ad8f5c39345e57b2c13d4bc97

Download Submit
/data/user/0/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD31D0002-0001-119C-CB9A159878C7BeginSession.cls_temp

Filesize
77B

MD5
c0a133d1f9310e8932bbc880b9d9a2af

SHA1
4505f92f97d65908ad2f2eb53b98468c341345ed

SHA256
28f48da76ed20b86d836b0d44bd77b1ccf26ea889d748c350a3c7223cea82d07

SHA512
da67078e232f3a8a0c7841f286ace36ee08da3206a83eb8c55a9bc1d3a5e6ece98a508715793e16089ecf22b36ca06da604e5af4df30026c0e019f57511353cd

Download Submit
/data/user/0/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD31D0002-0001-119C-CB9A159878C7SessionApp.cls_temp

Filesize
112B

MD5
1e7c9ea11c5bd23969dd65b5f01efcc7

SHA1
05454aca8dec7cbaeafd143a47cfe677250504be

SHA256
5baab4bdea55950a858b679d8fc842258066e5318807f862e80879c7a2c7dda3

SHA512
e10797e2dbd961314e4cf4df3c92b18a0264b53182275a28a33f91cbc7c60864ee4e62b1e5e14fcad85a48a2129fbd0313aa064e3c113d77c7d3bb5e727fe6ac

Download Submit
/data/user/0/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD31D0002-0001-119C-CB9A159878C7SessionDevice.cls_temp

Filesize
88B

MD5
da7df2a9d8fde760584ba70225a08968

SHA1
1cd0c2fada37a5435fed17155921d717a4ccef41

SHA256
4245d8ba5e672e12c32c614756cfc9ffc209285aa6fd42d8f8673f0ecd7d4d4c

SHA512
7ea9101427d4ac749cda8fa1f48cff0be7109d9ccf0ab5ab9ff3ccd2818f864c37928871685348e03ed032ffeb06729098518a83adac0cd67345c37add50f2bd

Download Submit
/data/user/0/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664DD31D0002-0001-119C-CB9A159878C7SessionOS.cls_temp

Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
955B

MD5
5743fd306a5d0568e3ee99f0853fcaca

SHA1
447c1ecf679a973592f475377f010842a387b10a

SHA256
e224f7582d00c9cc2cae43d05a8dd2067cfaf62d285f1e25ae154e9e5618e6df

SHA512
ffcd4a72981248af9862154c94f5be662a7b61ea27a117987b775206c8ad465c784b2387db93f816131bf3ee03ded7a9c113fc57ee1d3cce3bd64d557c2b3d78

Download Submit
/data/user/0/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
419B

MD5
aa1e3ecd0d33354f85843774c974d97c

SHA1
29af86c535767951ee8976e672bf8abb36ce09c4

SHA256
288c25498dfe92039d262d166309e5ff74e2e262efcf625f861ef96940fcf8c1

SHA512
9df774acb01e5067edb5bdf0bf1798d89c10dc557d24212f976d86accda95bd7f364fd901df901e48df2e05a73e20f3f20914d32edccf0049ac02e848f2397c2

Download Submit
/data/user/0/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/com.guokr.fanta/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_e289118e-b151-4d9a-9566-969c4ffeec55_1716376349274.tap

Filesize
342B

MD5
bcda442223afd4c749a984ef0ac9a782

SHA1
849067b25a4ead21d80ed024581a8b4eb5df61dd

SHA256
1c5bd0d83463b82428e5306219519940436d17fa88f6c77d6097e104b7fb8764

SHA512
083b2b7781930269f9e61dc0eb6dfb9f02089f47be11083ae9571355e13c3e21e2800427b789bcc4a458b561a8a88350de8a0c3d72fbbe41278207965746acf6

Download Submit
/data/user/0/com.guokr.fanta/files/.um/um_cache_1716376411298.env

Filesize
649B

MD5
0fdf6e4ff62b2c4c7277f209f2eee271

SHA1
00e535af0ca09ecad744d7b1dc5cfb8bab2ae14c

SHA256
4d15743d1d463689891fc197afca462c0786f1a4883f3c80e777e65e1554f684

SHA512
1de50b76ad8f08189362caaa91e97dafdc6086669cdafed103e95cd41f0a4a3681dcadcffcf0f8693901b07d03be293b51732c805b6e9ebbebd9cb9ecfb519eb

Download Submit
/data/user/0/com.guokr.fanta/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
126f84554db1191e9e11873df9b698db

SHA1
d7cb47b285041e04a308d185c60836fdd8c72ed4

SHA256
0ab31ef34aa7f21f01321f3637cb779a3bc549a7ea95aa8d263b7f70b9218f6b

SHA512
1656428672273af4405bf7073d7d2870be558693784949523bb97e829483e12a6473f10b5bba6a52af5e139d08052b9fc6f6cc3b9e1e32c81b182e1a500c074f

Download Submit
/data/user/0/com.guokr.fanta/files/umeng_it.cache

Filesize
350B

MD5
6b4dbd8f731e98ea79e936caafd8b536

SHA1
304ae263e6bb6908c9ae2e663baf588a9219e669

SHA256
7e69caedda8e4734dbb4d678f68ca586f4b9d9be8ff01adc454fc03fb717dc97

SHA512
19985b42fb69b8b593f8d16f04515921767a94b6fc01bc689608b05875df8d233d90ec574d2d76b378c1dee57b3fa1c757d9fedbc98028df26683c04be1e9a29

Download Submit
/storage/emulated/0/Android/data/com.guokr.fanta/cache/bitmap/journal.tmp (deleted)

Filesize
34B

MD5
c6cfedd7f0c75e730f54e9589d6abfe7

SHA1
93cd842fed00d466b97059781a459a3d5417f82d

SHA256
2670af997d01b27e5f81054ba5a0e83b0b2a0ceca4571b0218e08e7623c1d376

SHA512
35588e4d35ebb57758675efe0551f4c56cc073b320bc9ab492541875672f9d476b6443d2401c31575a58da7e0dce7c81f92d9c5427e17c18b0d598c36615f690

Download Submit