ac77596adbf545269ce85ae6b6ca17a4f79511c46b7750f3065876216b52860e

Analysis

max time kernel
179s
max time network
171s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67b75c86f1199e12530c45f76f12535f_JaffaCakes118.apk
Size

7.0MB
MD5

67b75c86f1199e12530c45f76f12535f
SHA1

f12b756a32305c1f2fa21f0e68d63a2d01f7b419
SHA256

ac77596adbf545269ce85ae6b6ca17a4f79511c46b7750f3065876216b52860e
SHA512

497ef14621d63f565c3d7769f68189bbeecea28be2b2cf7d9b572398319e6eabc5ac6fc0d0380604fb60b6280a0baecba2bb25cf8187803f225fad212224ff08
SSDEEP

196608:xxCQ+tCYdjwRzhNN91Hj7Gi5rJqCGCx0J:jp+tzdkTN99xU

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.famulei.famulei

description ioc process

File opened for read /proc/cpuinfo com.famulei.famulei

description	ioc	process
File opened for read	/proc/cpuinfo	com.famulei.famulei

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.famulei.famulei/app_plugin/PlayerUIApk.apk --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.famulei.famulei/app_plugin/oat/x86/PlayerUIApk.odex --compiler-filter=quicken --class-loader-context=&com.famulei.famulei

ioc	pid	process
/data/user/0/com.famulei.famulei/app_plugin/PlayerUIApk.apk	4311	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.famulei.famulei/app_plugin/PlayerUIApk.apk --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.famulei.famulei/app_plugin/oat/x86/PlayerUIApk.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.famulei.famulei/app_plugin/PlayerUIApk.apk	4283	com.famulei.famulei

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.famulei.famulei

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.famulei.famulei
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.famulei.famulei

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.famulei.famulei
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.famulei.famulei

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.famulei.famulei
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.famulei.famulei

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.famulei.famulei

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.famulei.famulei

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.famulei.famulei

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.famulei.famulei

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.famulei.famulei

Requests dangerous framework permissions 3 IoCs

Processes:

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.famulei.famulei

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.famulei.famulei

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.famulei.famulei

com.famulei.famulei
1⤵
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4283

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.famulei.famulei/app_plugin/PlayerUIApk.apk --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.famulei.famulei/app_plugin/oat/x86/PlayerUIApk.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4311

getprop
2⤵
PID:4381

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.famulei.famulei/app_plugin/PlayerUIApk.apk
Filesize
677KB

MD5
d842f98af4013129deb7ed4ed311efc6

SHA1
0a0f14701c53dbf726ae7550a917cabfa22645c0

SHA256
416a3b1831dae77a816ab251fac9dc5215b4300b0258cb01c8e92ccb76ec6755

SHA512
a701dfaa4c04f65503d1f9ef25450ddee8169c29be21bef72ade0c1733f45439935c9eab079c6d35d5f0e9332be72130a6774243ae70df01d121c5e2c861d3af

Download Submit
/data/data/com.famulei.famulei/databases/sharesdk.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.famulei.famulei/databases/sharesdk.db-journal
Filesize
512B

MD5
3bd6794a9b7abeb27ecf58fa889a7907

SHA1
4df662817a9adeda89da0adf9b24b988dc55ceae

SHA256
8302f9ff51c7678a9f7ce245b58ac36b5905b2356f37629a5f1d2e95cccd7a52

SHA512
64584397ce8c5fde3a7b07aa56345babfbbbb7131931c8b0f67b2944b577acb0367c8f38aca4d7626be13b5a7b7468d079e3938ffee890fa85b523fc42591981

Download Submit
/data/data/com.famulei.famulei/databases/sharesdk.db-wal
Filesize
40KB

MD5
61af35b56934fb91b7f9c9525378f0f2

SHA1
ba8957bcf587421029bf17d9222606ff23e3d0ad

SHA256
8b918d88da880175437334ef64a487e800ac4fb912f75d893d835e9051dc53fa

SHA512
a1e51db398cf11798dfe4d677bfa0b9ab850e6e23633d934df0ddae870adb6f1fa4c57f318948febfb5692d97471dfdab8f6298a817eda0c1b58a131b9e3b02c

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db
Filesize
20KB

MD5
16df6b6080bf59058785fca8199a6337

SHA1
5f68fe976e3e175bcd62880d2e88713a43fc3a3d

SHA256
5071759cdb248d8a4d7422fa72cd9709c3aeded2ec2e6d899819208b8052889b

SHA512
c782ab9477ab6be43f2ec1966e0ae69e401bdcc9cb5c64f73fa23f0060d2a15d5f38fb80832cc623a807e160ea9ff19c8a8397fad91472862385000c97381a01

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db
Filesize
24KB

MD5
060391e8d07cd87123b08a3a75413d19

SHA1
8454805c83494d11608fb51ee6e4aad766470738

SHA256
0ffc95dcaa912b5a1a47e23436b24da9785b97520c7183bab8d9f07f6b1f3adf

SHA512
6ee7022cd641106a1f0c8d75e5cf5e9822387296003cbc4f27644a487cf8a8bf5b326a2de8ecf0756c67fc8e063a3569a4eb58ade14c7902af4d2366c52da73f

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db
Filesize
28KB

MD5
09c2b6365e27a9fb746b320f6189befa

SHA1
fa7e90ce93c407d832178ca427fd99e01b0aea7d

SHA256
12d564b41cc7619fda0c19b4671326aa51a7a6f0aa206dc3b6e7265d2cf5c797

SHA512
58af4944d11372eeb4836e9ff9a54c8214dd8d52800a368df5423d7ef4a29e35506172be6d17c55d7ee004fe2bccfc3fdf0e49a2ff4e34a9d405dcd0dea76839

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db
Filesize
24KB

MD5
fc22df87baa65cb65d52cb4a6ef6f230

SHA1
4b6069ee3155bdb74d0c2df849ba0fd4cd5ce649

SHA256
7602282785820d1d3843ef43d499c39e8eda3d862ae49b53c5a85e059d8c8ab4

SHA512
0bef41eeba60764527fd500cd5efbfc20c2f27de560a51771bfd1d5cd1ceb64fb3e002103bb415b2a9b90aae69e4a86a5c0502ba30e20ffd643d1b3c1a60c5da

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db
Filesize
40KB

MD5
f01f974037eee6d858e27e700d69bcc6

SHA1
9189971e0c21df690b63122e1529a6cc39977da9

SHA256
8fcb6df0f6d24894dab2c60a2f6cefbb41a508ff35f0462b83640a9f4a3254b7

SHA512
1b7dc09f50bc65fbff3be7bc66afbac318c948c38df63e99b79df7a8bda7ac9c6e95215bca669413a27654a254171d5e3479ff5b228549fc1530cffbf2bac96a

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db
Filesize
32KB

MD5
0fcb31920c258bcb52a89d3acddf2d4a

SHA1
dd764d611e087ef4e43f0a5cd3f3be85e062eb17

SHA256
b455bb6d9ca4b802054f6f1e72d66184b37897ba60a1e5b5de456454ddd07828

SHA512
009f5d30aedf58e5c88835cee9a6b87a073660627beda8a09070eeb9139be05f78d11677ce31152f57a988ff132a469d9231140fea3f4c7cb078d39fa55509a3

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db-journal
Filesize
512B

MD5
267059fe4fcc80bacb7aa063b4d89561

SHA1
af62281071c3900b30391a4dbf9fff503a92303d

SHA256
4925456a095ae6f9175fc84164183410012d31dbb2385a4ec235afba098a05c4

SHA512
587d7ecf9ff6d201c1b2a13679de20425fe1ab6017dd0516026a4430dbea1efe49d73f1179b6b1fe6b1d85dbc2cade8d9d43b83e7351406bd308fd7e0f6a2072

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db-wal
Filesize
72KB

MD5
89c1bb732326b897f49e5da826e7a983

SHA1
1cfb7724037dd134e765c24639d5dc6c4c39cf52

SHA256
95ded3ed1e7e74a645c3b810cb51b3418c4cb7ac620d842ef760569b35571e1b

SHA512
bec76d15ff2c57133348095971d0493bcf2249793ae9ee13bcdbffcc70d3b8b1eea4e6f0473bcf2cd9fa255780003bc20f5635a02d07c2c71fc08778d9b3efb4

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db-wal
Filesize
8KB

MD5
5cfb4c1ca1797fc5bc6aea55cf1afa98

SHA1
286a988bec5bc92374215bbf156a8171e9512974

SHA256
ea4637c434d4366aefd1d68c977b9b5a94824880cb8c074e3b131b23c9095a07

SHA512
d1cd307e99b3fc78959a9fa4e3fee70fa3486b0c5de2c0a3858f2480b4908da091687f33daabe558e55ba49992a68162d835521c328a376efca8d6e487ac2699

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db-wal
Filesize
8KB

MD5
9c5519fba7d84f93024afc25cbfcaf89

SHA1
4680201a56883739d222756d9749606092f189d5

SHA256
405e6723f4f13e31c57caa92c49fe4cf36830b613218c45280dd4a1d110e8efa

SHA512
87770ce3244892c123807389617144c298ce6f79dc3bc468a08cb254327ebbf6ffbfe2d0a97219ad0e1f534737ee9ae8cd2a616fe1e30537f37695a01bc7c27e

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db-wal
Filesize
8KB

MD5
2b21d5acf0dceae9e9bda7654d7cee18

SHA1
482b7368252b35cdf7d6a683c68c1efbed1314c1

SHA256
79a42ebdf9a9565c6c7c5b934ce87a57454244c91d248ac40527fd7b7eaf9862

SHA512
5063ad72a4cdfc5e1e0ea4ed7d743a5658a85be22cfb8110783ff307054dc7fdc1181a8928da3be5044963e09e7db60a00a53a933fe0caede0b28b5d2232cbe5

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db-wal
Filesize
4KB

MD5
7a274f40183b4ac1783d81181aa77679

SHA1
fc0e153830e679d1a9a1343178f1b348f85c8a92

SHA256
b766cab4fba46b41fce41f977186ec84a6a7c5d6ca89d1c6d56ece831687c449

SHA512
f3fd8948d56199f96161be543f92f37e451bb1bad94257acc8cc6bd124db60e6bb2ad77c6ca2fcbaf1296d135aaf565ba9e643e664ab58baa75a18390667aeb1

Download Submit
/data/data/com.famulei.famulei/files/TDtcagent.db-wal
Filesize
24KB

MD5
8adf01fad9ef508c5663a98412509522

SHA1
9789b57f2a55f9c00ceebebc9c3393c50889655b

SHA256
22cd9628f4c779ad0e4995d096e090537794b26e8281f7856d2c33d4328defca

SHA512
3fdf09a87c5f1776a38261b8afbb75b7ccee5d7f896230ba1a489d48d1ec5d5c8ef574a3666f75b8586916faa55d89addef5cd52f25ccafc839bfc6e535da98a

Download Submit
/data/user/0/com.famulei.famulei/app_plugin/PlayerUIApk.apk
Filesize
1.9MB

MD5
5c259cf3fa454d3a26b28776d1f166c1

SHA1
6e42fd8c2775c1f9fdce3478cff33c777d608ae5

SHA256
9e500ff6b2ab942d639eaaad3754b38117d544aa4b54ead54c4b38cb6a67f66d

SHA512
b38bc09f8eb6dcb51fdb7cb1e34fcb4f40d76789571b0c1880c456a4415ef8fc3141a1a9fd6b43d74fe96a5684533be65c4f8950b772110d063bb4efcb871e5e

Download Submit
/data/user/0/com.famulei.famulei/app_plugin/PlayerUIApk.apk
Filesize
1.9MB

MD5
dc434752e38e8b2b6a7ceef0fc585971

SHA1
52c4c2b1633e5de3da1a38626a0f91d29fdb099d

SHA256
7c4fc28de1e66e699ba717194d3b5f7bc5aa4a0607fe9acdc18bd9ec92502216

SHA512
3d3d8166372041e18ae8fd91784e223630a11d52ab462bb077b9c45755b3159c0f21e00e3722b3f150bf0305fd887754d393df6d4ce2f47908f109b89ce2b5f2

Download Submit
/storage/emulated/0/ShareSDK/.ba
Filesize
369B

MD5
6983d437a41ea0456a243b82bdcee839

SHA1
8d624fb524ef1367f23fa3d0edbdf9a6ffbf1c26

SHA256
0f2302ee45dfb1bc4dbeca48787e1d0ae183c5b0c861926a84244ae07795d86e

SHA512
c8c04afefde29e1d33047a622fa4b86424c75558d40e90dbaafb5b52b11bd8a64c8b9d5a157c363533ce1db95d35f896abcc92fe51ec0edf62c8af099cb79d36

Download Submit
/storage/emulated/0/ShareSDK/.ba
Filesize
468B

MD5
b30e4089f5998d82a6143ac0af5c59e7

SHA1
10208decf9acf70dc1abae49483d9347eecb1533

SHA256
15b7f0c2dc2120e746e1c216337dafa5f9e3f25884506b6c9a4f74512ac87fa7

SHA512
2f3279c44fbab8a6298314c7a9a81373c2fe4b57255b80c5b88d4b94243e99f74f2e6ee2c484422ec88165dc5ba0c6f29d37609e42f0dc3d0d4ba4e34f00c22c

Download Submit
/storage/emulated/0/ShareSDK/.dk
Filesize
107B

MD5
c9383021bd97affc44be4db7018c4d7b

SHA1
7e680409d1c86e35149bebc22f2cf8c484f0d23e

SHA256
b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65

SHA512
7303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81

Download Submit