785e5175737757b9420b400f830539a567284048a7dd253386e4f2e3cc869024

Analysis

max time kernel
8s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23/05/2024, 23:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ca94bf4856b884c17a90f6c66482c43_JaffaCakes118.apk
Size

5.8MB
MD5

6ca94bf4856b884c17a90f6c66482c43
SHA1

44354803188f8636e995ec922194e37f75e95359
SHA256

785e5175737757b9420b400f830539a567284048a7dd253386e4f2e3cc869024
SHA512

1b5a6935d99202894f49ad4bc7c21e802c87e9786e861803df72d231f00e5e81c4f44fcdae7f0bad9eed3be00777e7aade1cd078a1f525300715f8060cf20a60
SSDEEP

98304:QOkFMNOsP2bzGGI25Uw3kS7M1ZaYZIdQk19sK3V5KabmYQwv:QeN3PafUwFMON15KyX

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.fandongxi.cf

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.fandongxi.cf

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.fandongxi.cf
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.fandongxi.cf:push

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.fandongxi.cf

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.fandongxi.cf
Framework service call	android.app.IActivityManager.registerReceiver	com.fandongxi.cf:push

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.fandongxi.cf:push

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.fandongxi.cf
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.fandongxi.cf:push

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.fandongxi.cf
1⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4280
- cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
  2⤵
  PID:4351

com.fandongxi.cf:push
1⤵
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4422

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fandongxi.cf/databases/rep.db

Filesize
4KB

MD5
f54c4a535a890ce9c1d83c842619d306

SHA1
1c965eb6d850ddb1817e03ae4bec1717a6df4263

SHA256
021d7b6faea62622edf140d0a3326aaf01f861ab91ea50d739d585696fb5da63

SHA512
c6d70616fb261381aafce7ff8099d7b5208be333adc7e1359d25b5d7c3a16836064058659150675f2456de4459c852902fa010b7db03e3614511b4ca38eaa411

Download Submit
/data/data/com.fandongxi.cf/databases/rep.db-journal

Filesize
512B

MD5
a7c3be245fcf862b042937dbd8687024

SHA1
616247d988a50e2476a6da08f34896749c5336d5

SHA256
3672740d7cedd3f0f36d6e46198482c35bcd548c0518cf1222b21dd1c66d1b8e

SHA512
32ea6da24f7d039a2c6d15a00ebe57fee0096fc6ff5e3e2138cafe0c1287a2267da6eef45f273f80500e4913d8c6e63c1dd31925b14d2a2a277443a1fd9f93f1

Download Submit
/data/data/com.fandongxi.cf/databases/rep.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.fandongxi.cf/databases/rep.db-wal

Filesize
36KB

MD5
db162418d3deaf32495854dcd877bd08

SHA1
a0dd9ba9f8f07fbbb3d929f61c609541e1af64d9

SHA256
a06ddca92bbc2dae9bfad60f0e391ffd21fedfb4ec9464cb8442661eeee612be

SHA512
0a82fc71ce079a32fd235f525934bce06a34eae275289b29c4e850e388dc537fc6bb4d46621baf6d070d918314be10e58572276958cd87c9070ee23af91df6e8

Download Submit
/data/data/com.fandongxi.cf/databases/wbpalmstar.db

Filesize
16KB

MD5
4d0f39c017c92a869389cd2293be44c7

SHA1
08b3c16fef7375898304f8f176fb48d0a17f32ba

SHA256
9a0b6fac7b831119b44a3e082ce641b32480520ba56f6d7832bbf728682936ee

SHA512
8b1438a6acba258983ae403130e52d1cc41ee65f2ed4144a7cb5034218ad9b6fde31f24a1af682127e13bc2786a6db4ab7c6207a702834bfcc549db1b345f0a8

Download Submit
/data/data/com.fandongxi.cf/databases/wbpalmstar.db-journal

Filesize
512B

MD5
d0fd5b3af7a5004d3ddba3d7c014ccad

SHA1
e8a408bcf0c094174c8f6e45feaf57757b317f39

SHA256
5d100244a6387f13b8af0c6902628a67c92881a3f6a58a923a617403a413d562

SHA512
b949897d0a6948cf4ee4f2ae19468e9917e4f40e357909eaeff58d61ee82a132cc826e9b2a911c42a3f259b2ef4acdfb0377b7999e75eb8eca971aafaff76d13

Download Submit
/data/data/com.fandongxi.cf/databases/wbpalmstar.db-shm

Filesize
28KB

MD5
a98768feedf8fcfab00a40167d09322e

SHA1
89eb399c6d34bf3755d0165b08302d86b81887d0

SHA256
d99ae0a0f0f6f4dd30cae7b01a383bc159fcade843faf7261f2d9eb68bee5b66

SHA512
769e4c89b1cff9bf2b0218b6e6332ee851fcac60ee4accac0d1af8019e11e0d1ac6c8379898c56839b899c811b7197cc2623bcf30eddac75b921542e62ec5135

Download Submit
/data/data/com.fandongxi.cf/databases/wbpalmstar.db-wal

Filesize
32KB

MD5
1b01b834b2102b2c8a10c4c0f82ba521

SHA1
0741e6367f3d9695a21971db8d831a6318e3eb3d

SHA256
33a7bacd024f2cff18753286e8eb9de5b48cce26f0ae66774707cdca17d9372c

SHA512
79efd71424e605563bd69394ef8e79d6c65ad7a1fda9feff14782e6a48c0d9999df19b927b9279fc5fec4a584eef92fec180d2ae4a8b3c6b9b4db0bf3b72c4ac

Download Submit
/storage/emulated/0/widgetone/log/mam_log.txt

Filesize
103B

MD5
728a822e8b2f217677da4d4b0be4bbd0

SHA1
7a0dd519f146868aeaefb2dba3cdfab0babf0326

SHA256
7e3b205357d07d4c30bcbdf20737c1ba22087a77213801bb243f43fc537b18ab

SHA512
dc6b5a86fd5d242b12f1d4bcf6718a53960c3b44aa1934fd46b80dd70fdfa3577a1712e08ef151177767b79a2e13974b796cb215170eb5783270652f9ab3ea09

Download Submit
/storage/emulated/0/widgetone/log/mam_log.txt

Filesize
163B

MD5
d03f997434125942395ea6fa09ae5e85

SHA1
60a8d65c25906a01a339a37294d82271eec4ba1b

SHA256
0613dc1cfe9bb0d153f05e86482e93e3e8d4b17a7003dbec43182e5e94f4f847

SHA512
5afd26c76041247d900732fb1b6c48542cd753ed111566c787392f3067715a3fd053cce58fa8732ff134bc5860fd018ebf3ee2ad9d0bf1ebad16eb1fc34a548e

Download Submit
/storage/emulated/0/widgetone/log/mam_log.txt

Filesize
76B

MD5
a7f7b37de308a512fe5686ee3a0bd5ad

SHA1
95e250988ec24b034ca934a6f49613dc4ea9edc3

SHA256
13bb43217c6e981ef599772a1324d53b6465cfe7a729217c920dfa563328a16e

SHA512
bc42bc1b87d2cecb396e329b02274921bc3b14b4a9c11f2755bad45f200df327213f096cc7bf4c4b9e7bcf5fd6ced19ea3fa34ef5cb43737a9216078e1db9281

Download Submit
/storage/emulated/0/widgetone/log/push_log_2024_5.log

Filesize
97B

MD5
8d6d992cd96529241b2ae8304b8f46b0

SHA1
2dc0e7d973feb0401574d8882cd1359d12423e78

SHA256
38a8c5eb55c7ec7038bb4770f1b1ab54802b3a8e0516948e09754a4b5e2c40d7

SHA512
0968580161c0f6b6507284c4c8860065814e5590ba473b6e97a057b8fe5dbba72e5d6666f98bbcbb27cfa8cff50916eb3fc1690d39a374fa4382eb37242ab4d4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads