6a52d3f3172cdf0f243c451959a50baf1c546012975b093f10ebc2f963c107f4

Analysis

max time kernel
10s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

675a0bfbd1e3eb249af20e918560bda8_JaffaCakes118.apk
Size

27.2MB
MD5

675a0bfbd1e3eb249af20e918560bda8
SHA1

7898f2b765fafe48575bb33d190aac08b196a372
SHA256

6a52d3f3172cdf0f243c451959a50baf1c546012975b093f10ebc2f963c107f4
SHA512

d7d916ad5db13fa35f87fe36077e32bee2b7936c71aeb573240ad1903cb17499b2ddcd4b3e06dec53d0241eeac101a31d8b74391f514359874c7b9685c43d232
SSDEEP

786432:QdCyufQtAMXNk4+Xxj3tR7eLIyWCAerN12Du5juty:QdCZMXN7KxjdRZLef5jF

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

io.dushu.fandengreader

ioc process

/system/app/Superuser.apk io.dushu.fandengreader
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

io.dushu.fandengreader

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation io.dushu.fandengreader
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

io.dushu.fandengreader

description ioc process

File opened for read /proc/cpuinfo io.dushu.fandengreader
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

io.dushu.fandengreader

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses io.dushu.fandengreader
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

io.dushu.fandengreader

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.dushu.fandengreader
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

io.dushu.fandengreader

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults io.dushu.fandengreader
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

io.dushu.fandengreader

description ioc process

Framework service call android.app.IActivityManager.registerReceiver io.dushu.fandengreader
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

io.dushu.fandengreader

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.dushu.fandengreader
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

io.dushu.fandengreader

description ioc process

Framework API call android.hardware.SensorManager.registerListener io.dushu.fandengreader
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

io.dushu.fandengreader

description ioc process

Framework API call javax.crypto.Cipher.doFinal io.dushu.fandengreader

ioc	process
/system/app/Superuser.apk	io.dushu.fandengreader

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	io.dushu.fandengreader

description	ioc	process
File opened for read	/proc/cpuinfo	io.dushu.fandengreader

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.dushu.fandengreader

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dushu.fandengreader

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	io.dushu.fandengreader

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	io.dushu.fandengreader

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dushu.fandengreader

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	io.dushu.fandengreader

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	io.dushu.fandengreader

io.dushu.fandengreader
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4266

ls /sys/class/thermal
2⤵
PID:4339

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dushu.fandengreader/app_crashrecord/1004
Filesize
232B

MD5
26d76687bf366438e89822cfde119df2

SHA1
cceb475a9ff0f256a925fa01469838b277c122df

SHA256
08c35b3bae706b24bb3f158c53f01e77a38ef615ba0c2cdc3ffb6030439d172a

SHA512
1b91d82cd4f2826372b09bffbbe14e0ed45af6e484f1140716d24413094463ebabad9918537af30c97da41c8acba04b687613d780aabf7a41101f48e54204be6

Download Submit
/data/data/io.dushu.fandengreader/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/io.dushu.fandengreader/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/io.dushu.fandengreader/databases/MessageStore.db-journal
Filesize
512B

MD5
b4ecce07354cd8800358967665537ccd

SHA1
c0cf30dcb14251a513056b153160f51ebff930c4

SHA256
b91893082dce190c27e990471cacbc0123181d7a1efb70271649aac36aa29624

SHA512
ee77807cbe078ae1bd8292b7b9c8a694e1be11307046710c83718e67ebbc21eee8fb26a3294fefe63eeb2c64bcfc388dd0b11a84852fee367d523ff9d07d5d5a

Download Submit
/data/data/io.dushu.fandengreader/databases/MessageStore.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/io.dushu.fandengreader/databases/MessageStore.db-wal
Filesize
48KB

MD5
f366bca3255e6a736d1c546d8ea637f7

SHA1
bd9495ca481b45515e5c42c4589d120cef1bf3a3

SHA256
d71883c957a7db1d8e61fbf474aebff44e7e98dc15a356c72d3ca07e99281539

SHA512
e6b376c94f61f1a5105d5bb42c6997261c4051c9f5e57dfb8e29d186efd6168fdec0859543427d6e69b7d339f63ad8b4444fcff215c5fc114b70a91e633d82e8

Download Submit
/data/data/io.dushu.fandengreader/databases/MsgLogStore.db-journal
Filesize
512B

MD5
7477bd6c2da7fabcc57767bb07572c47

SHA1
30538761d8a838b2e77c7319d5f389569c87783b

SHA256
c00c261087293955cbb90a41e87b971e4086c925fbacf96eaff939dacd661bb5

SHA512
42a4e59df66d37013c14dabd3b3ab86e94489d51bd86afbd6dd764da45c5261409abee9fa6cf1db24319c150ee087f6bea381c3422cf812f1f4f2607534a05a9

Download Submit
/data/data/io.dushu.fandengreader/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
e49f95138ef8fb7a9dee1e9f568c2955

SHA1
b7b7495aa73d0b3c42607e12eba9299db58c6710

SHA256
81b09a74a3dfe1f6b33d733479cfd9821accfb9b95f4928e8453ab619c03e4f3

SHA512
a076519c27b6678aec37d7ef403622e2635bbd7b6ad51088b571c4db96f1cde09b9ae8d0c470deec190131beca1e455b666af3171b79fabe1ed30550b8a2aaca

Download Submit
/data/data/io.dushu.fandengreader/databases/accs.db-journal
Filesize
512B

MD5
89a9f0efcdaa9fc76bddb6c0c909abd3

SHA1
b0f93dd6528bd5c42ce47e606fa5e174f1ea6bf4

SHA256
266369ac8c7ffdfc4b9d68e361c533df2c891ad8483e4d41597ad0e1637c3a36

SHA512
1e3f90bed394aef53e1f8b3e0298a2c1825203ae12b21ed05e4c53ac1ab326e49c6e2fc48967db1c9faf5d44e8d9656bb63f7ad7e801fbc1174b9d80f3cbc47e

Download Submit
/data/data/io.dushu.fandengreader/databases/accs.db-wal
Filesize
32KB

MD5
5b8b1b936104475c214d64de52f7f821

SHA1
904752c3b00fc5dcc54d68edd04b564b8d654172

SHA256
8f30ee4f6fa444a057efc91150b6b34ee832dca9a3dd10354068d8d24576b42c

SHA512
6ccd33cc11f770ea76e7c5e8fb4750da0892f6765ec4b0cad0fd8842a141b9b71eac53fe39dd722714cd041b3804f959f26f58fe9126bd2323b92dcd4dbc77cb

Download Submit
/data/data/io.dushu.fandengreader/databases/bugly_db_-journal
Filesize
512B

MD5
59679ea5ff6c8526c84bf183dd04e625

SHA1
117a0f5759ec8d07142e4b532eefa4de4d42691c

SHA256
09da28d3e6493abc341e9f45aa4ff7294d358da945ba894ef0bb0dd97302db32

SHA512
f00244758e4dce73d4e43880ea3dfd16c10527fe2a03b49dcdf3002edf66412e3b2a2091271d3a24958bc961375db7eabcf84b604ba677ee1d9ce3597e6a907e

Download Submit
/data/data/io.dushu.fandengreader/databases/bugly_db_-wal
Filesize
72KB

MD5
48ce25324bc2320c92544b0c0287b30a

SHA1
96080d9643af46f2f230ce026a8371967ebc406e

SHA256
540cca5fc67a1df765d636dfefed4617f1a5f7373e9c46dbe5540aa8fc4a6f35

SHA512
fe757fa66efd60b71a433e356321883f26318ad1f80093d1b5dfb96a35280b8198f8e6b5087b6a89da6ab8fd690a460e7845999cd5b78b9cbc1bd4942e39aeae

Download Submit
/data/data/io.dushu.fandengreader/databases/dushu-db-journal
Filesize
512B

MD5
aba275e3e77741e1b5284a0f8949a5d9

SHA1
46cbe187fb5d5e87fa2c4210622e498e9f4983b4

SHA256
4933994423949978f53560401a705a10b26b6b3bc50d7391ee374f055186c360

SHA512
ba0fe30009ae7587540114c54e16aaefcb9d0a9a796e293fd1da9b64ad3d413051299201628fb85afa62d1ce05bd86242a38e485846092e565deadc619e0c727

Download Submit
/data/data/io.dushu.fandengreader/databases/dushu-db-wal
Filesize
354KB

MD5
d4133e5b8b8f9b5d624e96931a2b0d68

SHA1
22f67a2161cf16948c22990e8c83921069f7d72b

SHA256
572979e3936a3b935b723b582cc870810b0752f15785b3796e3558494a6123b8

SHA512
c0ec259bf6ac9dece0a85a60d91872b03ed65e3048bda0c713a636cf949d6297532df07540e901697d3db058aae1d3964a07babf41c1150daecaf1a0d332ef69

Download Submit
/data/data/io.dushu.fandengreader/databases/fandeng.ubt.db-journal
Filesize
512B

MD5
f8750a875157c592bdf1b6541c7895af

SHA1
428064a208219d62b316ece1450ad0913ce51455

SHA256
ff8bb797dd03e4de742d56b86109295c5e22edb53c4888f7f3b08a56702a25ae

SHA512
e54ded87d9ef2def467a5163bf5c9247d800c0e913cf8f5da11d984e1191442ba8574c0dd108b1e8998a49abc7930ed3bb4ff2d0fcb96ab7b504109075ff25b3

Download Submit
/data/data/io.dushu.fandengreader/databases/fandeng.ubt.db-shm
Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/io.dushu.fandengreader/databases/fandeng.ubt.db-wal
Filesize
40KB

MD5
e76973d54ceb6949e7ee07ce1514a424

SHA1
0834feb41640902262bd282a76f5e576f392f327

SHA256
9670b4aab40b85aff2451dae3d7ce8326ffa63d6322085725cd98bbf0ad78e0d

SHA512
cda86e8f0402d8b5c8a69e4568f6cc56bcde09125faff8824af875ec3c4da7278c1da0933b7e253b7a9f8e2b0c6cb350dac73d72ba21d63b011c273b3e0c1f52

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
4f68d6cbf1f06da85e3d1f8b0e719adb

SHA1
44e6914227d7e58c1f4472bc0737123653ccae12

SHA256
62097f7014cc03a92c5a3615f0f569d1dfe0b430da7b5967e4bfcf94f3488ddd

SHA512
0f0012e0fab43d57beeb39727690045d4cb2b5d3f5c93343f495a3d9299f254c8a954dbf9cc90a7945a47f0285361a6ff2495c49cdb06bf8c3811dc81b4b6a1a

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
528ac30bd29534d7a5cf89613cef8679

SHA1
48feaa0df45218b51a1c2e4075a0326b0b03b2cd

SHA256
26ffd84df1ecd7c3139aa1001b930dfed5cb6a9a35890cb7c63ca3fb34a65042

SHA512
78b071ff98fa82ce163ea947728c3a6a575c1a7c6855cfc81ae49645034ee3f6e2bb600b9427f5005d59c74b74e6d6da4e3a30628b434633275ce517ed3f7eeb

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
59d8ba1ce4b7fe78ac2401bdab9c2e66

SHA1
dd956da0c60e4f8a721aa8f45388ec44d88641db

SHA256
4b32b6efd4e6f041025218bebb648dc81eeb1a7b5032f99753d8b014de9d3422

SHA512
bd844495b767ff145f609e82c65ab42095d54f05ca89376228b30054c27a037752a9f1d3d28a2844a346017d36d4c250306a10a2e355fff5bb2054e8cc4996d0

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
661ea0ebeece2990bd3c6317b94a5eee

SHA1
0f43f54fbde576973a651373e8c476fe2089b858

SHA256
5b96250e2421550bdc59d4ffbf05b5196b1e15a0195c34a494601e1ebdb2f09d

SHA512
9be9534412761011bcdeb726b3c3f256726e6eea157361fee77226edbfbf655704709e67a37ffc2af961e44972de2109cbe00f19006de67d8f586c18eb9f4b20

Download Submit
/storage/emulated/0/Android/data/io.dushu.fandengreader/files/tbslog/tbslog.txt
Filesize
1KB

MD5
1f6d8eb76e48f485a5b45fe9d965ad6c

SHA1
b039ec86773f171e26b75774640f17f46a62f0c6

SHA256
c1d7bcb8eb6827efbcbe748078aa3f8d26ca03723fe049bf4f5fea3944a192cf

SHA512
4165b9fa62e4f8df22e4d47f11c14fc34e3943f0831302c6727839ea59b0267a1f70cb7a6585bf66b9cdc378ecb45c24b5150cc9dcc891ccc18b5254533c1807

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads