8bcc0ecd8b289cb8461fb063e77833677f74a85a359dc6f956184de6cfd17232

Analysis

max time kernel
177s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6855375e420163d98f37b072226a4702_JaffaCakes118.apk
Size

12.0MB
MD5

6855375e420163d98f37b072226a4702
SHA1

10a02c5f2333568ee46b1e82be426e567c5dff54
SHA256

8bcc0ecd8b289cb8461fb063e77833677f74a85a359dc6f956184de6cfd17232
SHA512

22b2780127615013dc7e4f5b343f7b7fe1acc4a9655085b31d96fbd5e7c1f17c2f31262af14ca4607f58e10fac23989c3d62b2dbf3206c9a6b4edc58357ea71c
SSDEEP

196608:BwqR/KjnEW0PO6sd5GaFo53igZ4AreaNKGKWx6s1dE/nMqlldE/nMkpdE/nM/:B9R/0EW0W5d5GaO53R3NpKWx6s1y/nl0

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.aibaimm.b2b:remote

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.aibaimm.b2b:remote

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.aibaimm.b2b:remote

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.aibaimm.b2bcom.aibaimm.b2b:remote

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.aibaimm.b2b
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.aibaimm.b2b:remote

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.aibaimm.b2b

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.aibaimm.b2b
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.aibaimm.b2b:remote

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.aibaimm.b2b:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.aibaimm.b2b

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.aibaimm.b2b:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.aibaimm.b2bcom.aibaimm.b2b:remote

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.aibaimm.b2b
Framework service call	android.app.IActivityManager.registerReceiver	com.aibaimm.b2b:remote

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.aibaimm.b2bcom.aibaimm.b2b:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.aibaimm.b2b
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.aibaimm.b2b:remote

Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.aibaimm.b2b:remote

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.aibaimm.b2b:remote
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.aibaimm.b2b

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.aibaimm.b2b

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.aibaimm.b2b:remote

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.aibaimm.b2b

com.aibaimm.b2b
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4279

com.aibaimm.b2b:remote
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4343

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.aibaimm.b2b/databases/aibaimm_db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.aibaimm.b2b/databases/aibaimm_db-journal
Filesize
512B

MD5
7c3757d9daf26f4438059f31a3892d03

SHA1
447ad4f2dad38a4a024ddd6f2a6e5697e17ff2bd

SHA256
f4dc943b8e9223629a027ca23639f8d338a2317fa6063ab68a2c90212e70f007

SHA512
1099b202ecbbea8bb29cdfe006c5d2d6411318ad235b5ee734436c47f554f32fab0670f27a637d32d11ce096964ebee614cf9c0b70c4c31db58dcdaf0972fa2b

Download Submit
/data/data/com.aibaimm.b2b/databases/aibaimm_db-shm
Filesize
32KB

MD5
3bc1f072a0de0314dc3d8d1dcfbc992b

SHA1
00745aeae33221dd2efb9d34e647777460c7eecc

SHA256
622784ebd10f0b38785cb07f23fe16a578d41b5274486458b346ad7af6b3cd64

SHA512
422d5b1e81685f1ebdbbc256d7170f2c7ca84e0be08958bc0f1a0ab38e17f32552d025a99222cbca07da7a58a7e59cbcb07daec49737fd07dd57ecc075f5f5a8

Download Submit
/data/data/com.aibaimm.b2b/databases/aibaimm_db-wal
Filesize
48KB

MD5
35ef99aeead6a198c8e824fb416c50d5

SHA1
c8ad050f1847aba2152570e3e398edbb4d4fcd2d

SHA256
b4b83b0bb5070b2f9913808bad7d6747a5ac06fcd0e56328290f9703b06ef4de

SHA512
42e5e01a20b779fbc8cb725921ff1dce5f91c12210b4728690d6ce8f4586b6a5225da784b0379753d73d088dd56b02cf610409aefb822071c8098cf6fbcbcac3

Download Submit
/data/data/com.aibaimm.b2b/databases/rep.db
Filesize
52KB

MD5
1ff615330cd82851030ff4da349c5c1f

SHA1
ffdeffe15be076fd26e562d2e7f8dcf7c3e4d8c3

SHA256
f1b8bb2d639979b91ecd0238f4318a92c260e36e1e274f83074a1bd79bb7ef9a

SHA512
e3e90b53d9c78a40818ac8a68547483b39161d5aa24b269956b418ff119b185ebfab456f9310e62f693795d2fc18aba18d8b525fea36d4a1ee835819f9630db6

Download Submit
/data/data/com.aibaimm.b2b/databases/rep.db-journal
Filesize
28KB

MD5
d6229d72c7c77068ff836d9c711bec5d

SHA1
32a72b3c1317cfe1e5f75f387f12a96df065e676

SHA256
83aaf0840f7a6dec8e8268979e3fb167d64fcf35e816e90da2761794456a11b5

SHA512
b8695389cfd5529cdb7c02ba674ee1a9602d6ed749d9c78bee86d866b96bcedbb412826c26f6a8b3bdecb0e0a7714d2b9ee92d04c9c6b7a2d510dfd4a885ccd5

Download Submit
/data/data/com.aibaimm.b2b/databases/rep.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.aibaimm.b2b/databases/rep.db-wal
Filesize
36KB

MD5
20aa7066ea54e0bd25ff2d7d51891761

SHA1
e1aac94e188447adb6ce8ed69f38e6ce1d85bb44

SHA256
6544481911717e08f10045445f60e181ca5900f37beb383d422c0fe2d1bba77f

SHA512
b3c21392ecb3eae5a6b1619a469cacf7d020c89f091309976bb467b9fb8cd785f1f653b5a4dd8785731fb0734eb791f371f9904721d58c586c9ccf67dc1dc8be

Download Submit
/storage/emulated/0/baidu/.cuid
Filesize
89B

MD5
81234d06cbaaf19ee957aba3ad352630

SHA1
75a06316e04b1d84e5f795c7de006ce567ea61ff

SHA256
52121976ed8883f15e032b99490c28fabfc2dbb9144cc9692a65c9365937fd86

SHA512
6d4c5f9a19f1135d91d03829c14e86a0bf9ca46671dc69801f36334f65427f5be05de8eeeabfe3ee2ecb6835cd47bacb0c404ec011e3407bc22596be6a6992a0

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat
Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat
Filesize
152B

MD5
552cbed83b9eb83d9d4e33bf7dafb900

SHA1
c136ee8ec0427b30b6aff1e6b1ed2d2b17703e45

SHA256
1e62d81d9109b77ca41f38e5c5f8f9022e264b328debe6d555bff544fe5ad361

SHA512
726303ebcdd8a4086c93bdbae5df045bf694be27e00c5610cf16c89b3d524d451e710f808a83e9acc51fdff7f08b8d3624cdebc8bc8f9a7a8df905020069465f

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat
Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat
Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit