030736bd4310dcafc3e6c2322797b5ba842409cd8b28e1e35a5eb1de452ec2d5

Analysis

max time kernel
163s
max time network
189s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67bbc053a511d4218be918fa1f5f24f6_JaffaCakes118.apk
Size

11.8MB
MD5

67bbc053a511d4218be918fa1f5f24f6
SHA1

4bb366aa59b5c51c87536ddba261c098f1750e2e
SHA256

030736bd4310dcafc3e6c2322797b5ba842409cd8b28e1e35a5eb1de452ec2d5
SHA512

b4591749751bb1c63ca335131869d7d138dbae46493d970192858e061caec1bf270e2bf910a335c480baf78c92ece9625fa2d090de248c18585355d501399d29
SSDEEP

196608:TmZJWbK31F0LeKC1XEGjrY4XNfjteqI9dMlnJD5L6ixobxJrPobxJ8v:aZJ6+1UGjrY4XNfjUqNlJFeVzgc

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

ibuger.kejileyuan

ioc process

/system/bin/su ibuger.kejileyuan
/system/xbin/su ibuger.kejileyuan
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

ibuger.kejileyuan

description ioc process

File opened for read /proc/cpuinfo ibuger.kejileyuan
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

ibuger.kejileyuan

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses ibuger.kejileyuan
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

ibuger.kejileyuan

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo ibuger.kejileyuan
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

ibuger.kejileyuan

description ioc process

Framework service call android.app.IActivityManager.registerReceiver ibuger.kejileyuan
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

ibuger.kejileyuan

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ibuger.kejileyuan
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
collection discovery

T1430

Processes:

ibuger.kejileyuan

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo ibuger.kejileyuan

ioc	process
/system/bin/su	ibuger.kejileyuan
/system/xbin/su	ibuger.kejileyuan

description	ioc	process
File opened for read	/proc/cpuinfo	ibuger.kejileyuan

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ibuger.kejileyuan

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ibuger.kejileyuan

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	ibuger.kejileyuan

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ibuger.kejileyuan

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ibuger.kejileyuan

ibuger.kejileyuan
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Requests cell location
PID:4279

cat /sys/class/net/wlan0/address
2⤵
PID:4510

cat /sys/class/net/wlan0/address
2⤵
PID:4529

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ibuger.kejileyuan/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/ibuger.kejileyuan/app_crashrecord/1004
Filesize
243B

MD5
82b75322a6ad07bde5cdeefd5869417e

SHA1
e8d3a938556fd778b38ee6c6adec55e508e6b3cb

SHA256
2ea26e5b07d3ff8cb189de98d95ac0633b568b30abc491f8a1b71c94354fdfc6

SHA512
0180dfcf8c20fc5ae120b300ceb19f8047e6dc04ae84bc5c4edb75c7fd6441823965be9b6247a11b3884eddecd4e1caad48e8a80c61c1789c860802046fd7c6b

Download Submit
/data/data/ibuger.kejileyuan/cache/HttpResponseCache/journal.tmp
Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/ibuger.kejileyuan/databases/0M3006CS7U0ZC2K3-access.db-journal
Filesize
512B

MD5
381934eaf675013f769acddcff654708

SHA1
6bee75c3d40d1312932fc3780754ba5045cb5ea4

SHA256
0acaa83e7cf44780424a8bbca4628b1469b26aac261a8b2af33ecf9059a80e0f

SHA512
fc225636e3999b17335bcbfc1a209f4234cf6726b240fac5b61ee543238f1978846e877c08b8d31c1e7ee0d13805ff2f5851d1e3c529e72fad373fd014a66c5e

Download Submit
/data/data/ibuger.kejileyuan/databases/0M3006CS7U0ZC2K3-access.db-wal
Filesize
32KB

MD5
aecf737b5135de72a93de39d4fc4f666

SHA1
13ee7e57391063ca001ac91637552ed7f558e919

SHA256
ce0fab2bcec5f00f83897938c23b9191c5d41bade3fc579cbaa5740088540d2a

SHA512
20d3f00a753bbcf5178d4a8178d75d91b1215963212c48e5399283e048fe89ee5642573f018bc0da62c78b68b92bbac3635dbe524e8d6315746b4937d823d3a1

Download Submit
/data/data/ibuger.kejileyuan/databases/OpenComUpload
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ibuger.kejileyuan/databases/OpenComUpload-journal
Filesize
512B

MD5
26deb864901006d4bc560735dca5dc95

SHA1
0c695b3633fbfcaa006cdc44de34ca365d001106

SHA256
6b34154c0fc49da36bf75c53c6c8603d29e761adf1c333f76a711b3364d041ea

SHA512
23e1e8e13b4509c39a8b2f6c92cff736fa5b0c69ba49024f1e8ea91ed4371466b16450033d179a230dec0006a17d4872447a172662bbf2ede423bbf01bde7ee7

Download Submit
/data/data/ibuger.kejileyuan/databases/OpenComUpload-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ibuger.kejileyuan/databases/OpenComUpload-wal
Filesize
32KB

MD5
188554f016a19ae8c80b534dcb5deddc

SHA1
da1c79a4241f3e33c1b5388dc219a35c5c70b9eb

SHA256
4a1bc281eecdbb1cd423d7e77593ff8e5ce1ae36c78b2041f77996cc340ec7a2

SHA512
8a7206f6dca26e7f677b5b518a8031d4f734c54f70724b67708a8052e97276e82c57afb13e81fa989f499cc34462c300f1156db1b8096f4cf517c278044d6ed2

Download Submit
/data/data/ibuger.kejileyuan/databases/ThrowalbeLog.db-journal
Filesize
512B

MD5
94294c687917d95d94904cae998b6eb6

SHA1
7cc3eed7c75d26a1b2fac5a2d58d519c754c634e

SHA256
bc8477f7f3fd1800008cdcc40896c4b06b41c2906a9f636f3a3f7b6509f6ad74

SHA512
7a46bd3d8d8c8e93f6a2beca79009cfe90072923ca3a2f9bd8963db5031395b501c68202f375f7bbac47007c8819f09c9411831945fd53b2326978c67e635174

Download Submit
/data/data/ibuger.kejileyuan/databases/ThrowalbeLog.db-wal
Filesize
40KB

MD5
ba9e74d88d18f03cbd8f30cf678e7439

SHA1
85d401ffd4be9bbe9834ce5b8ce56d9138e24f45

SHA256
5be20cdb0051fe1c0e00eef44248378d13495ed0ff101a333d8ebf7b15097956

SHA512
f0964369cb5b9c2c0c007a60adf9898ec98e38d2a66ae0ec78b9d09dcb20d44727d58f9777c061f6c6fe85af07f4dd0f5e9608b72791b7fa6a5a71e5c9b4fd6c

Download Submit
/data/data/ibuger.kejileyuan/databases/bugly_db_-journal
Filesize
512B

MD5
aa23a2c11eebde60c534a0a4b31df3a4

SHA1
8034694454d6b7567ddfdb21c5b1030e5b891aa8

SHA256
6508e2de3ea0293258dfa2607188675e4dfe81ec354fb930d8ec345bb33a13df

SHA512
a470f6160d20c0e1923436ab95a81d32969ba915ecfa201f532b7d3b29df40fb19e02b4f4fc5b751fa10b27fea639ec990c1f06978b4a958fc7d41bf5dc41059

Download Submit
/data/data/ibuger.kejileyuan/databases/bugly_db_-wal
Filesize
80KB

MD5
36f4bc64a696cded0e8fb6a99b4733f5

SHA1
e3972a84a7f304c50817119a2b829d551531fbd8

SHA256
d28bfb85b672082de01b60b5823c169f8b2151b7f917b67f2fc5cdf7dccb04cd

SHA512
8c2d5ed1a4fbe2b3e0934525335a5126a01eb4d690e2529e929853d7b83430efbd42e7b8a6fc211503d181fe340de9812fb67b2daeaa6ccce61cb46e3a7a2e3b

Download Submit
/data/data/ibuger.kejileyuan/databases/pri_tencent_analysis.db-journal
Filesize
512B

MD5
a7f27c6782bbfe0c2600ab2845915d75

SHA1
c5177e032da21aa6313b594f66382ca5d072a4e0

SHA256
3332f53c9b117a745be33be0d557512806584a1f36fc9cd46c5c74bce450eb14

SHA512
e09ef76c04151937d45879115b5132cf5c6e13a37023e9256ab8d6eb3ec73982482d8886da268eff9654ec2bd107c82619ca11967664a4cc6613e14fd334e634

Download Submit
/data/data/ibuger.kejileyuan/databases/pri_tencent_analysis.db-wal
Filesize
52KB

MD5
e8b837a5eb0ce23e6c3f70590b6217a5

SHA1
452fea7e292236b33749e8c8864abf96efce67d4

SHA256
c2bb682067c2bc66dd36020e841b8e5ae8fae149f993dc54a81e3aee4830a0f0

SHA512
bb23eb2d4916f79eadf9195ae487dec1dca5af47b8c4c9fa9c49f451969282e9120333b34b01f6693614d1cea9c97b64788ec9d1ad916df9fa981f5bf9be473f

Download Submit
/data/data/ibuger.kejileyuan/databases/tencent_analysis.db-journal
Filesize
512B

MD5
3ff4315d45982ddf62b3cefdf9242c2b

SHA1
d4e5f28cc2468ff0f3c8b310b0a6d51256070d62

SHA256
b2ebed73011ce03c5d41e1d6899fd6ac3e8e88ffd78a27538f5ba6612c165973

SHA512
f61c305ca879e7b0082c693b583bdf5194c03cd7a515eeeb171cf6e96e0e4d2f7e3de58c7a4bef00776a6984924f84344d18d4ec0d70b2f3da6765b2b0aa3db5

Download Submit
/data/data/ibuger.kejileyuan/databases/tencent_analysis.db-wal
Filesize
60KB

MD5
c2e464346c563c6c52737a1916b91bb7

SHA1
284189910e1e348a44e80aba444ad1ef66e2029e

SHA256
161522cc440bae7fb5265088e91c67384d83dbad8065c81a356d200f85d7bb25

SHA512
37730d9bfdff3bfe484e337c601ed4357efc931a24a2766b8802c38e196b55206b42cc4d05c84d96c5c0a62b538e5ba5d46b0d13c7e351126856bd041e3f4e09

Download Submit
/storage/emulated/0/Mob/comm/dbs/.duid
Filesize
496B

MD5
3040fd56cba5f52fd986dc99ef57e22b

SHA1
09207ab0ae4a98e15a371f054484487f034bf41c

SHA256
2cd1f62daefb0a5befbcd66d5cbaa06e0ed437ccc44d4b49b48e97df7f318cba

SHA512
d91e3147c21814ed5de0a28bfe2a607c9df4baeb5dba346518bcfaaa8f753fba36f161fe48d11ebe3d0072eebf557ee58a11f13dc9786a1903e23b144372f54d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads