9839252678e14aaae4b2a6a9c73c03d20567c9064ea6c87128d83c90b3b8688d

Analysis

max time kernel
20s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

692f0b74d1b32af24f14771af3bb43d6_JaffaCakes118.apk
Size

2.0MB
MD5

692f0b74d1b32af24f14771af3bb43d6
SHA1

30c4e2237022adb32ce400c08678923c72b59fd7
SHA256

9839252678e14aaae4b2a6a9c73c03d20567c9064ea6c87128d83c90b3b8688d
SHA512

2418a423efe0ba218752bbe1243e0bfcaa77310e75d724a3549bfea94837bf9cc0f44137a9f145c0032d9eb8bd3fbc87fd46eb2d27e7e11f767203a5f6d8a635
SSDEEP

49152:QgY1VQ8tzgrdB5p2cIJNN00Nme8IdzyQfG3tdB6hFkWbuvWd+O:NY1VQ8tzedDp2cYN00NHyXdB6hFhqvpO

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.game.cy.kuuhjbk

description ioc process

File opened for read /proc/meminfo com.game.cy.kuuhjbk
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.game.cy.kuuhjbk

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.game.cy.kuuhjbk
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.game.cy.kuuhjbk

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.game.cy.kuuhjbk
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.game.cy.kuuhjbk

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.game.cy.kuuhjbk
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.game.cy.kuuhjbk

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.game.cy.kuuhjbk
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.game.cy.kuuhjbk

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.game.cy.kuuhjbk

description	ioc	process
File opened for read	/proc/meminfo	com.game.cy.kuuhjbk

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.game.cy.kuuhjbk

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.game.cy.kuuhjbk

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.game.cy.kuuhjbk

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.game.cy.kuuhjbk

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.game.cy.kuuhjbk

com.game.cy.kuuhjbk
1⤵
- Checks memory information
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4292

getprop ro.product.cpu.abi
2⤵
PID:4322

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Android/data/com.game.cy.kuuhjbk/files/tbslog/tbslog.txt

Filesize
14KB

MD5
0f952f803263411e9acb4afbec4fb7a7

SHA1
6545cee14a2e2fa429c61d5d8f7374e27ca51b3a

SHA256
ff662b45f353e00059d20b1441962e89d57f5eb55908278673b29f88ddbe361b

SHA512
988c8e0f6eb2c3f0c97eac863181ccd0fcf4c76e40e21947e5c48e3e841ee62e1a8728adc43254c7207fbcf0ee36db6af891e433e43cd3daf6a822ef4496699f

Download Submit
/storage/emulated/0/_ATOKEN_QYCHECK_

Filesize
32B

MD5
395e0bb0876f4fe7c8287fd1bb63d351

SHA1
77d5f6ec3af5edc081b4d30b4646b89368618708

SHA256
afd8373139fb47562dd88b217ac5bf626c70383a8ccaf97693bbce5bf40a34dd

SHA512
4b048f236f5200941e3192d23c058829fdc995a8a0606d47ef6f895fc56b42d2877e7f0363693d26149552665b31ab6057ad7b9e5aba3f44c47093b4250ae033

Download Submit