21c4469424993833e2f63772cbbd0c91862f9a3956259a4c2670a2719e13acd2

Analysis

max time kernel
3s
max time network
167s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

693d8f7a7d6dd8bd802ed773d9e381d1_JaffaCakes118.apk
Size

21.0MB
MD5

693d8f7a7d6dd8bd802ed773d9e381d1
SHA1

bb92e7a538eb30610ac6e7fde9a2bee2abc405a9
SHA256

21c4469424993833e2f63772cbbd0c91862f9a3956259a4c2670a2719e13acd2
SHA512

cbd701825658c3f594694b84beb810efe974913f09c6b47f8c2f573c41cf46c84ea7fd4e1db25210b9651418cc9e8fccb90607228be79c40ed6e835bb4486951
SSDEEP

393216:emWWAFZEWaTPy/p3OPYhokiTLoki1zuBMbJYEL9gM8BMYb:empCE9jqc+opoHa7

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.tudoulite.android

description ioc process

File opened for read /proc/cpuinfo com.tudoulite.android
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.tudoulite.android

description ioc process

File opened for read /proc/meminfo com.tudoulite.android
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.tudoulite.android

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.tudoulite.android
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.tudoulite.android

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tudoulite.android
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.tudoulite.android

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tudoulite.android
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.tudoulite.android

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.tudoulite.android

description	ioc	process
File opened for read	/proc/cpuinfo	com.tudoulite.android

description	ioc	process
File opened for read	/proc/meminfo	com.tudoulite.android

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tudoulite.android

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tudoulite.android

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tudoulite.android

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.tudoulite.android

com.tudoulite.android
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tudoulite.android/databases/tudou_lite.db
Filesize
28KB

MD5
76e654404667ac1125170cdb8f6d2317

SHA1
a12291eab6965591bfb6b4d4250ae6058818fb40

SHA256
0ad7439d464dd0ccf85f81c81c975e12a354b36ea3ae6dc323c477610f53e062

SHA512
fc4cdd24da2afd840de13c9c112236d3fc8f4bb8d4e83cfdf5297a03ab6c9c4341d99548438669e1459cb21e698b9cc78e5effe6c243f46e39258fa28ac517d2

Download Submit
/data/user/0/com.tudoulite.android/databases/tudou_lite.db-journal
Filesize
512B

MD5
a9d3c56c5d78dc39cdff9e536edbaa0f

SHA1
058fc1b84081a6f9184449364283d7a82f86e614

SHA256
53bc74656a7bfdfe905b654b2b53bf54c8382e8c2feb688e0546dfd693b87c17

SHA512
edd3bf0992a4faf20f3b87b309c0a477a7cbd22911533e6722fb217b77b0d811ff1d070e5c7548232b4c1d761c962fb06c58ab99075fc51a7e890799eca9b4dc

Download Submit
/data/user/0/com.tudoulite.android/databases/tudou_lite.db-journal
Filesize
8KB

MD5
c50eb2e4b86aa7b2e831bfd3d9d04865

SHA1
8d1fe768a8b6aa48d11c07d4c55e46b76d2fa83d

SHA256
76529b22ce11d4f7a9932e7a849a1118c9bd979ac805fc046f6a2d7060d31041

SHA512
0f5e68878f905fffb96b5c3d9d1957279f33f44f77361e5660258f6dec9e03d24f4a39a31eba3c72760a1f0ec3fca1eaec848892142709c53cad7c298cee3c3b

Download Submit
/data/user/0/com.tudoulite.android/databases/tudou_lite.db-journal
Filesize
8KB

MD5
2e44298fd1f4c55dca722e2eefddb4af

SHA1
e5cf7f483465f7762b1de5ecd1c7c814d08477b9

SHA256
c733865a9271d8b96d72039b633edbbb1f81bc889386ff5a01983f02115a9d1f

SHA512
b79bc8b54294edb98cedab97f1e210e1de2eaba84ed49b227b72f45b5a836f29e5d68f898dd4955a717f56803b52b286b4fd55d007427c86afba8c26a181694a

Download Submit
/storage/emulated/0/.stats/stats.file
Filesize
48B

MD5
cdbae27d374e1a45f9f17fb3379e9ec1

SHA1
eb9ae712ad868c19c6cc33229f67a85eb7240e3c

SHA256
6554867a30e206aeaa4c1cb10887986d724e1f7f7323f65b71283289b97c8bf3

SHA512
47aa257fa2a1ecb1a1922625fbeee0ca4986ba92596c198a6bd31531a39bf46a6adff318031225979d6aa58d5dee32b530e0efbe10d1197471bf061a69e3c432

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads