deb998eff5c1f1c261559356ebd0af8a991258a73f3bd73089f7c9880490ad1b

Analysis

max time kernel
178s
max time network
188s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

676278f8f32877f7f2471ba4a130890e_JaffaCakes118.apk
Size

10.7MB
MD5

676278f8f32877f7f2471ba4a130890e
SHA1

042859d9d17c10f38d5f45e49d1bac8975a167c7
SHA256

deb998eff5c1f1c261559356ebd0af8a991258a73f3bd73089f7c9880490ad1b
SHA512

29463c33b8056ae0bb1acc44b55da5a3921231b51b8a40747a15bba461620b9ac9e51cce7306ab3a573e1b8518f219db54f6cf960f13c66656995192ca311c0b
SSDEEP

196608:ONNWUIilRbaCxGzE0yz2Uip0rtwh+XQI3/yHsiJo3gycM7PlQ0XzqAac:mNjlvBxGznyyU805wIXQu/yHs1fdQ0Xt

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.mianfeia.book

ioc process

/system/bin/su com.mianfeia.book
/system/xbin/su com.mianfeia.book
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001

ioc	process
/system/bin/su	com.mianfeia.book
/system/xbin/su	com.mianfeia.book

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

T1430

T1627.001

Processes:

com.mianfeia.book

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.mianfeia.book
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.mianfeia.book

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mianfeia.book

description ioc process

File opened for read /proc/cpuinfo com.mianfeia.book
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mianfeia.book

description ioc process

File opened for read /proc/meminfo com.mianfeia.book
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.mianfeia.book

ioc pid process

/data/user/0/com.mianfeia.book/files/torch/core/3.9/finalcore.jar 4256 com.mianfeia.book

description	ioc	process
File opened for read	/proc/cpuinfo	com.mianfeia.book

description	ioc	process
File opened for read	/proc/meminfo	com.mianfeia.book

ioc	pid	process
/data/user/0/com.mianfeia.book/files/torch/core/3.9/finalcore.jar	4256	com.mianfeia.book

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.mianfeia.bookcom.mianfeia.book:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mianfeia.book
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mianfeia.book:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.mianfeia.bookcom.mianfeia.book:pushcore

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mianfeia.book
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mianfeia.book:pushcore

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.mianfeia.book

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.mianfeia.book
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.mianfeia.book

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mianfeia.book

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.mianfeia.book

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.mianfeia.book

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.mianfeia.bookcom.mianfeia.book:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.mianfeia.book
Framework service call	android.app.IActivityManager.registerReceiver	com.mianfeia.book:pushcore

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.mianfeia.bookcom.mianfeia.book:pushcore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mianfeia.book
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mianfeia.book:pushcore

Reads information about phone network operator. 1 TTPs
discovery

T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.mianfeia.book:pushcorecom.mianfeia.book

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mianfeia.book:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.mianfeia.book

com.mianfeia.book
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4623

com.mianfeia.book:pushcore
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4368

getprop ro.build.version.emui
2⤵
PID:4431

getprop ro.build.version.emui
2⤵
PID:4451

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mianfeia.book/databases/AKTorchDownload.db-journal
Filesize
512B

MD5
05160d6e11f0a6a1941fe68b087f4597

SHA1
42dc9593d86c9146879c9b496ad118b52d0b5cc2

SHA256
332e425590fe0e221495bfc370513921eb009421acdee2b3374300fb1f9259bd

SHA512
73263b3557615b1e9b3323d30a9c0ee390a1085e133fad82d153467f1b538cbe32aeaf215217604a2e0ace43267c9ccb8fabaa780f43fea2988b85d4d125c87d

Download Submit
/data/data/com.mianfeia.book/databases/AKTorchDownload.db-wal
Filesize
28KB

MD5
c2c98edb4c334ecae67e562e01348de2

SHA1
a76f8e779303416feb726add8f8b673557dee89e

SHA256
10b1b071af4e7ceccc6c546ccc9710e301df353c804ac209ab954565dfd8f2cd

SHA512
5a22c1141e5244cebf8e341945d4f4b2412aab4147d4106c2614328ea43ec0529bc4c539b88fbeaac38badfc60eea8d917e50851d59c3bbf66b5b8f60abf5597

Download Submit
/data/data/com.mianfeia.book/databases/downloader.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mianfeia.book/databases/downloader.db-journal
Filesize
512B

MD5
f631f04721540fed2ee7b392fdeae58c

SHA1
a4cf5b0f8e91e877f6f102b45725b03e26aa331b

SHA256
4378dd85a17e7ed48dd3cef9c0bcef3e93c15dd55b1002d58cb19ac8a4f69a56

SHA512
31550420a01305a7cce3707a4608fdb644ffda6d0459bb5db5543c1a0396a0acd379ccb1727727dcb3ed99f0ac31e83fdaea893b8e261bd4e372f4fa23a38302

Download Submit
/data/data/com.mianfeia.book/databases/downloader.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mianfeia.book/databases/ttopensdk.db
Filesize
32KB

MD5
70414a9ce8617f8a537be51b3e3bbcce

SHA1
2f1c40d21068ba097fe2b2d05d60fe466d318378

SHA256
37baac5a04dc4e77a82d0aa1ca6f66f0b1528fab8881cb25420b41a9e7d17c8d

SHA512
e516eff5d59aa8a1d7400bf744a2a7714e53d5d688f902d8f62bb9be245b588ce0a571c737a5bd5022489768c7fe83e717a641b5ed93fc4d9f4c68fed9998934

Download Submit
/data/data/com.mianfeia.book/databases/ttopensdk.db-journal
Filesize
512B

MD5
74a65cd15c36b585601cb8fab15de9d9

SHA1
396655cf281ad7f3612dfc998622eb1f18317520

SHA256
739fb8810e1f31f9e7aa60f8ee0e436a35cd358d5392a78a3bce4f6d550808ee

SHA512
1bfb9c0c42cdb8ccb4ebf1d0c3af591ec5201466789420ff49d480dc01d16b1b4882c860aa906f37e9aef69dbed80b2ef2eec0c3d8ec9dd04683fc572544ad9f

Download Submit
/data/data/com.mianfeia.book/databases/ttopensdk.db-shm
Filesize
32KB

MD5
85991fd8af80bf5643a79000eb88764b

SHA1
8f2144d8690d26278f0267c676bce9a3d26a13a0

SHA256
a08c6c92c6484d30028ede9d4b057d1b5d01e8ce632de78e78093560135f9cef

SHA512
00ce3acf7a6852f5d02e27400e8846f069620fdbe92349639a53ae34993e63a09418d5088350d725a4dfcdbd06c546031569b8e41ea32c1d5da045e667190e06

Download Submit
/data/data/com.mianfeia.book/databases/ttopensdk.db-wal
Filesize
52KB

MD5
4943069234a86f42ebd630c7103b46d2

SHA1
0a0cdeb3d49b2940aabb20166a9668c693cb69e7

SHA256
57d729d7c5d7005bd3807fd396866b808c30793d326afa92c34f7d4a84858c1c

SHA512
3ce2c16c75bef7b5e8c446e9b9001b29c971277ec626ed394118fb9da0745d6e2ee84886de3525fbafad889c99422c2d8974371b4256cc146e5023f14314b4ce

Download Submit
/data/data/com.mianfeia.book/files/torch/core/3.9/finalcore.jar
Filesize
158KB

MD5
089de5b2d4ed5a8329bf9b24e64b1110

SHA1
32ac41c748f9d6862cc211e6fdea4be07dd02482

SHA256
4d367a4d3ec67192bb713f956f2150dace29bae4403bb017818b63050bf2e16e

SHA512
add1df18c6b6a03d1ee01ab9d2d227bbcf9242604eab52cfa612b1e2dfced544929149c1d5b6c31604ee8b8daa5deebbdae601d83d1af0532bc8921d08d69cd3

Download Submit
/data/data/com.mianfeia.book/files/torch/core/3.9/oat/finalcore.jar.cur.prof
Filesize
614B

MD5
448cb8eb13433cbc3bc349c34fef1089

SHA1
511aaa2501ac69c3998d8c3fc101fae3d36015c9

SHA256
fbdd7ef610d25cd366ecc93818d07e8dbdd4a20e16b9d713d4c0e6af8f352dbe

SHA512
3ecf5bc746910cca05b1e41ff600fc0d7248647179059015122d1187e40dd5cf4722973f01440b25cf82c30c3fd4cb78d266be3971677db25f1429c5f023272e

Download Submit
/data/data/com.mianfeia.book/files/torch/single/core_update
Filesize
13B

MD5
65dd71968d7003f3d5aeece96c3acaae

SHA1
167f6557fdf64986e24e3ff417cd5d4bf80185b5

SHA256
496053582e594bdc0ed7ea8030bc24ee468ae5923b5857ea3305dcf69908652e

SHA512
2be10471d533ca840360b1335074a47f5eb3f2ce570ca3cd857cb2bf4754bd93295f411c1a16b33313de6e637eeddab556178953292d3552311d9efbef95c1da

Download Submit
/data/data/com.mianfeia.book/files/torch/single/device_collector
Filesize
13B

MD5
d575fcae7e7206adf82a2d227e688ee7

SHA1
e2ded966045f981a3dbe28c1774ddb0f95d4d33c

SHA256
de99baab6e04948e0fc88033d04566789d8107a24da2ffd8e410959c1b3d7f0c

SHA512
bad6db97e2a7ea53d52f3906d643e619e06eabe455ae0c5987ea8bbc50078aa34223cb4848380bb6cc464dfac29503c6db062ef6ff66bc0acb3ee3a56ff1fe92

Download Submit
/data/data/com.mianfeia.book/files/torch/single/log_reupload_task
Filesize
13B

MD5
099148a0ecdac8e0f0e4b405459e9817

SHA1
0a8c77e3758779e17d24eff5c17128f7f7c4aca4

SHA256
3d7b0c6a6603aafc61db1baaadce5ae6e449be2a8b22c3077ed454228d7cee10

SHA512
9a16274a2c2aece9745c2d2aa81aadac00b22f6ac31be39a3f46db4acde15c28d7af404159a1ea6845904fc2289a0cd8b5a4ed75216e088c5973ca2f66f7e58a

Download Submit
/data/data/com.mianfeia.book/files/torch/single/profile_task
Filesize
13B

MD5
abb19cce260f6d5ea303165bd15e0967

SHA1
6a53132fdafc65f48fdd5dc95deffc5672f5b1e5

SHA256
46e8de8ca7149958b4b1d28e2c30c348d751a8bbd9845acb8d1912d0f403395d

SHA512
6d12f147e9d732cf2deef84c37d444f47ebd5eb6e22215d9a1602bcf3d19fbdf27a44eb33318dac22d48f8cdd7d9e66c2abfc19006e8f276d180b873b20719b1

Download Submit
/data/data/com.mianfeia.book/files/torch/single/uninstall_apk
Filesize
13B

MD5
2b1ce1a3db7243aacb1387748acad8b4

SHA1
f9ecf779eddec9c015db879a3e1c87e9cd8697d1

SHA256
8af454504b27790a7584aea3c216ff54d107df922b9754c65867b427449cf313

SHA512
4afaf92b2cb0aff1deb3ca6e40d04569934bc6aeaaf8a3068bb21faa3ff03ae86ada45717dbe36eadd6d07e955f17f6c98e75c3365597d290d8841eeb7cba5e6

Download Submit
/data/data/com.mianfeia.book/files/torch/single/waitingDown
Filesize
13B

MD5
02c01515329d6cd84e4a232018eb75c4

SHA1
a9d8d199af1eac80226cfe7176311e285ce85921

SHA256
7aa88cb19a86f16f5902e0bc20f248ab7ad318f30bab995fda7b1cf3d2eeff17

SHA512
b1c65474eca86f30e3a40cc611a58e08cdfbae2166b62b3cccaa1782a742b9914ecaf1172e372eb0ed886776592b3b32be966ea8b204ba7654008095e9b84612

Download Submit
/data/user/0/com.mianfeia.book/files/torch/core/3.9/finalcore.jar
Filesize
359KB

MD5
31e12ccc0868f8a4b82998429c7dda30

SHA1
e6601827d205900644ee0e40b4dea459675a360e

SHA256
f387434e30d0e00c2806e9192c852c2a3cfa30e982aa00b249103b808044ebc9

SHA512
f23f5cbeb60d14ccea92d4049aa387bd479873db1e4e5474010379e89b0aa8f5228e3bcdbc05629ab18063d7da830842423cc587c84c0d702d9d98a5d52ba6c8

Download Submit
/storage/emulated/0/Android/data/com.mianfeia.book/files/.sfp/.sfp
Filesize
83B

MD5
d26399306d8cc38eb5dcea814cf6979a

SHA1
31c8d56985af506357dadf8bd04314834b9237d3

SHA256
10fd9416854f81bf2968ffea3d8e5cb308aafc188cf1234245ca7d5ffa71cc4a

SHA512
b0f68cfdb057def11184b13400e497c04638f93ca09863759799fc1f410c696c56f1a4a887fff8cc381c995966a7b559b943bea64d06611a4310190ea92a1114

Download Submit
/storage/emulated/0/Android/data/com.mianfeia.book/files/torch/apk/uninstall_apk_list
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit