b88c39332d613ffd26bab2956b3a3d62e849dade997a6fc8150e9abcc38e9101

Analysis

max time kernel
166s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67f970ca675155ef32b991ec4dfe05ab_JaffaCakes118.apk
Size

13.3MB
MD5

67f970ca675155ef32b991ec4dfe05ab
SHA1

52fe9c41155c04fb32a12b8bb82e9366c6422002
SHA256

b88c39332d613ffd26bab2956b3a3d62e849dade997a6fc8150e9abcc38e9101
SHA512

195ebde871ffda5bda22d65e984027ad3d3b3ac13b8c94e33a204e8c07d7a1a067de10153f21b712bd5337fa91f52a594adf1e608ec25da9f1d09bdedd332b70
SSDEEP

196608:HJ2hdTHQdeedXNnVM5SvTj0QCOWR3Of+KelA+9xkEytBB7DYqd3sfiEtUI1sdau/:YPraeOM5SvTj0QWqjdw6BDvd3OVtOdV/

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.iyuba.music

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.iyuba.music
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.iyuba.music

description ioc process

File opened for read /proc/cpuinfo com.iyuba.music
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.iyuba.music

description ioc process

File opened for read /proc/meminfo com.iyuba.music
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.iyuba.music

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.iyuba.music

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.iyuba.music

description	ioc	process
File opened for read	/proc/cpuinfo	com.iyuba.music

description	ioc	process
File opened for read	/proc/meminfo	com.iyuba.music

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.iyuba.music

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.iyuba.music:pushcom.iyuba.music

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.iyuba.music:push
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.iyuba.music

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.iyuba.music

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.iyuba.music
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.iyuba.music

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.iyuba.music
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.iyuba.music

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.iyuba.music

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.iyuba.music

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.iyuba.music

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.iyuba.music

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.iyuba.musiccom.iyuba.music:push

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.iyuba.music
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.iyuba.music:push

Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.iyuba.music

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.iyuba.music

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.iyuba.music

com.iyuba.music
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4323

com.iyuba.music:push
1⤵
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.iyuba.music/databases/UmengLocalNotificationStore.db
Filesize
4KB

MD5
43b964295b803eea1fab45ea2f9d4d7b

SHA1
0fd2682cc8c05553b0082d45cc08376892b99822

SHA256
7489864918646ab265510f789bcbe7ec005c4007c4aeadf9a3e6d9749abe0944

SHA512
ea42aef595f0e46d7f998593461e6b86a0b8b51b72e9b0b95808c243a5d9bba5c330ba7ef64c0bdeb753bd22cd174eee5b4f19eaf8c851830aad66169921499e

Download Submit
/data/data/com.iyuba.music/databases/UmengLocalNotificationStore.db-journal
Filesize
512B

MD5
a128df77d46a8e4a3cd3c03e5e7b9442

SHA1
52bc09c0e502d3de7147fc09a35b24576172d172

SHA256
b65394524e0f8785407b2a7640db689ed2d7a106191fb2de2dffb5792c41b71c

SHA512
a7225e91f89d9df2e8dbe9463461a8cdcc7018fc60403fd4c0a4d5038e9ae480ff9b3c95f33b02a06fec61b94471b0300b1e1506af93e73b031b31dcbeea600b

Download Submit
/data/data/com.iyuba.music/databases/UmengLocalNotificationStore.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.iyuba.music/databases/UmengLocalNotificationStore.db-wal
Filesize
40KB

MD5
01f93c5d2f6f29c68199e014f9b7d31b

SHA1
e49bfa524c0396bdf26b188e5372ede24d0e5f86

SHA256
b332ffbc1ee57e214e68f7c71d0580bea181540860b909902b00ab8ca220a89a

SHA512
9b4abf2c87493a17b7fe1a85de6b4986813e1e78e75c3847b7901096e163dc6ff17a24dc989e55fae144b1f4f3cbe26a3773a7728ad07b06107c1ee6bcd52e0a

Download Submit
/data/data/com.iyuba.music/databases/cc/cc.db
Filesize
36KB

MD5
985cd72dcd0123e16de3591ed5b86b35

SHA1
815d6f3e9e5b58922eb57578a29cce4a471e2c93

SHA256
029fbe6ccea0e6d7676f5cc9c5ce7e1be127884a4cc705a2cd4d6a59b3092821

SHA512
d9fb29aee81f7bde7084ea27b3c0a5f767a3e219dc3b25136e7ab27534c86049ab6fa561ff82a1c7887ec58cb7e6232fdcee444a706b6949d1e9a383a29c9457

Download Submit
/data/data/com.iyuba.music/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.iyuba.music/databases/cc/cc.db-journal
Filesize
512B

MD5
6ecfd04e75872b40359e0adb2e04ef5a

SHA1
93f33b07845371ba4342837251b2d3b35c27fb91

SHA256
77b44a44cc1a34ef86290e88ddd6710f0b1cd4889b509c515c059ad438d628f6

SHA512
0b063bff8d5abfc1fb84514cdfd2446c35e4672ebe6139ba409907eecac98d007551c63a25002d92378762035b25335777e1e6d7225cbe0614c58a5b55729569

Download Submit
/data/data/com.iyuba.music/databases/cc/cc.db-wal
Filesize
48KB

MD5
0f9322086768c607762bfdcd75807407

SHA1
4ea1f68ee783c985624925449cb44584b01b3b3b

SHA256
6a7cb9f9c25bfd975f7f5460e80516b029168e152438512db43af88486df376a

SHA512
7548714586e5c473ee4ffafa01dac4d685077b1fed8ff882a9b19f3d32e7078f885b181eadeed6f231f101ff6bb96ec0878607ec8a4484de15ed33e863ce57bd

Download Submit
/data/data/com.iyuba.music/databases/cc/cc.db-wal
Filesize
16KB

MD5
cda627281817997f197b63d1cc8ac8bd

SHA1
7bc1eedf56c139fa06b7c2fa70ba28b6b22364e0

SHA256
54a060091a34e79bdd5511b5b75387ec48f9ba229e3ffdb8a9258dad6f7afb3a

SHA512
fd29af4c7d63f2f2e161583769c73fd476018f4a2e90f92a14859e0fbcd124f461d1866d625211393bc8c6dadbaf39ba79f2343ca7af52ce1dad42aa862b49d3

Download Submit
/data/data/com.iyuba.music/databases/music.sqlite
Filesize
6.9MB

MD5
10501a83c351d31d6e21c961cb5dd97a

SHA1
3ecd80f91cceebbce2015d870767aebae3f2abae

SHA256
42a3e3718bdc3f8d0dd1b94dc130e93ad2b5e4b7abf68d74371e6f2a62c520ea

SHA512
ecd4e73e1031c9615bec168ceaf9636650f224cb2541806e991b9fbc62cd3c21da8ddad17370e144d95c8ae0171c3894574e2b23b57dc7985e7e25d2992e7d82

Download Submit
/data/data/com.iyuba.music/databases/music.sqlite
Filesize
6.9MB

MD5
4bde9fef07c193b26c44ee9209e319bc

SHA1
727fe269fc8a69763f4b565feb8634698f7d86d6

SHA256
478151dbbdc2d47c4c6d561db679133a7fdb8841de842a4725a899d8703dd185

SHA512
88f4918e9f12cedb29f3ad62a143e4c25af94a702780e0f48a13ee9bfb3ce116b75927fba8a4391420818f00b117fc1eba7de6553e96ae63f7e9c996be0ecce4

Download Submit
/data/data/com.iyuba.music/databases/music.sqlite-journal
Filesize
1KB

MD5
2ee4bb1a8d44a8a615e59b3b1d669491

SHA1
7e7ea193a592e02ba33aecc34a33a6a0a6609c24

SHA256
d34cf06c8e8662f9309aa8883d9065b1d3dd7f3f9bbfd71a4a99f0df6e72c42a

SHA512
9d668bbc165ee7c71ca068e7cff972b316c1e37319b8775732abfa39283cf54260609cdbc4e54d677bdb2567879bbeb862d54dfa443ccd0e0adb4a550efd317c

Download Submit
/data/data/com.iyuba.music/databases/music.sqlite-wal
Filesize
5KB

MD5
f53cf9ecf28526ab51fd7a1f7e7406c1

SHA1
95812f2fd5a2f73ee6bd925f182119b6ee21ecfd

SHA256
88ca90f096795189c51eab15da37025cae7ff0c11a306244d7a8fab638ce6b25

SHA512
016937a823a41e9bed9a2e1ffb7cc7bea8c3cf458bfd899219caa7768ed83c0bc6f195277d77b1aea631e5d849f2201700fe96a93a4df9f73581742a85eac4a0

Download Submit
/data/data/com.iyuba.music/files/.um/um_cache_1716397559927.env
Filesize
1KB

MD5
5a38cf6b1e6a6b0a982db7656e7fce76

SHA1
43509a3f369de16ce01256ef60b9709910fd4c0b

SHA256
d7c7d3e209a08a8016969bba51576174518dbb0832eecfe695e740b5bfa0c7bf

SHA512
dea0b0c99e0157dbb921687a29914bb233545d3d22457867e8cfca80ff3efff6df92aa1193210c2e48cf92548adc8cfb022453c886380adf23e920ec23cd21fc

Download Submit
/data/data/com.iyuba.music/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
fa1d58fae621c3e0cb5e0b65086beada

SHA1
ba5decd176e0bb92a65735200008a4dc732832da

SHA256
211fcfdcba686ea6eba79440cf8f71755e1f1b0aaede2191c1c307344c3e8fcc

SHA512
85e5f264253801e045f6350ca73192deef9cad2996eae83411ce7a6ec3edfc94d1660d1992ff86537ce12defbe3c70640839cf8c10ecfcf17a704ae0c37a0b02

Download Submit
/data/data/com.iyuba.music/files/umeng_it.cache
Filesize
498B

MD5
73b3a7ba255e13aae28f501c960fbe8a

SHA1
910d41beeda9ab1e192485bdfe26c62f4e1ed3ff

SHA256
2a1fb1e3fc5c4cc44baaf5c9c4563d39da6af863aac203e1ea115b62919b33b6

SHA512
d1cb1934df3e358e389b384927272e81b6e9704eff2d570b42ce345e03c456d8f06cb412ca9f0ad77f710d3066742d5b3d8008d61fd243650767c6955d5a0c70

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
93e42c37f0015d615853e0ed0a2456f7

SHA1
bc0f7ad38063e0519c18330c6e1285c8519b7d9d

SHA256
06de0a158096d969a6374d8cf19964177d384a3f590856e9dfb43861a9402bfa

SHA512
ad7cc7a6fcd1c420e53b436a94952eee85c356b56437a2334c9379a3caf6c391aa66c68eb3253fc18d12c1f0846f5bb2ef5ba59d68f8821bb275426f7ba137f0

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
2ff21f229b0e82c245395657d9bf616e

SHA1
2c350f477d7a48de103d52230805452ce6cde724

SHA256
d15bad5c94fa604ca25dd95ec6f10e1a686ac1380ba9a5a917697c6633087d5b

SHA512
3549abcb648f993ad6d278a2dbc20dd73a5034325df442d05a6b98fbd9167d3e9863c888a726642880182087aa8f14fcd9902deae71c5ac7e39fd9bf0837bab0

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
36e30a34576a62d66adf37756008c484

SHA1
ed36e4237e3d6307aba3cf3f2c44ccfaa3785f15

SHA256
6b0b37e660fde11da33feb4da5a62b2a1f69757a249683108fe68d56cf82e8c7

SHA512
3d73f0849e23198db7de0b1da85542fa30e82410cf928fbf85e3195ca2d8e761ea51ddd16d7f527b6bc71e9ed1890823e5fb2c5178eacde6ddc4fec220accbf3

Download Submit