2de760a7bde3dc6228735b7b45e19b4e2e7ec517515e9be76c55e3b074df1a02

Analysis

max time kernel
173s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6940a315d81024fb3a2d0acf6dd4a7be_JaffaCakes118.apk
Size

30.2MB
MD5

6940a315d81024fb3a2d0acf6dd4a7be
SHA1

9c973a68428b0ac9996e0533d178f95f3329757f
SHA256

2de760a7bde3dc6228735b7b45e19b4e2e7ec517515e9be76c55e3b074df1a02
SHA512

fffb36fd01cf06c7c5b2804f68f35b276fa4a4a695095e4f24e8ef5cce08f5ab980122dc3e103177bdb36fb7020dfa7afcc6b02a33ff477e958a0d3c26dcb621
SSDEEP

786432:Nt2T5wiAPqHGLIE/9oW4B7iZKeKdIlT/kEmUx:DEdAPQs14xiZsE/kZm

Score

8^/10

banker discovery impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.netease.cloudmusic

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.netease.cloudmusic

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.netease.cloudmusic

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.netease.cloudmusic

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.netease.cloudmusic

com.netease.cloudmusic
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4272
- ping -c 10 music.163.com
  2⤵
  PID:4459
- ping -c 10 baidu.com
  2⤵
  PID:4529
- ping -c 10 m8.music.126.net
  2⤵
  PID:4602
- ping -c 10 m7.music.126.net
  2⤵
  PID:4645
- ping -c 10 119.29.29.29
  2⤵
  PID:4703

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.netease.cloudmusic/databases/cloudmusic.db-journal

Filesize
512B

MD5
2948d9375f85bf4be56986525deebf39

SHA1
5ad62a846d8b64cddefc2016bbe03c4b353fcbe9

SHA256
ac3993435f99ab641ff4478a80ef7e5bbe7fbddd4a92b91a1946cdae0a10d696

SHA512
e665e9b8b7e8882e0e372ac14b7127af59925788ef6172a0ed4ce8f4e87a1ae31d41cdfdbdf3feed00f8bbc433f44dd1f531f7bb3acd5d31e8faa74279ab182e

Download Submit
/data/data/com.netease.cloudmusic/databases/cloudmusic.db-wal

Filesize
181KB

MD5
2ceecd1350f971545ac8a1465f57bce3

SHA1
926774d1ba3db7509eb6a85d07233d0e7a87f813

SHA256
ff373d58be02189509a786b6892e4b155fa51249cc508e7465d7d7d3492d7112

SHA512
9b9a5cbb021be32602fff8cd7ee235d22475eae89bdbb6f7cda916db3151ae502978e5e4c8fd8bf100fcdcc386f6498bd508f663f2c4f154ca7efbad55cfc103

Download Submit
/data/data/com.netease.cloudmusic/databases/mobidroid.sqlite-journal

Filesize
512B

MD5
b08d110060e23e794a4b2554fafd2bfb

SHA1
ddb3022243fda5423b6df5eff07a4c636b19371b

SHA256
a5eba1166ced0813a0ee6c6d2941957311d10d92d925d8de495cc5d75989809f

SHA512
3ed5b4b9377ab85f396ddbd970ae6f1ef6693e662255166ab23a246351ae2753310ed02c79acb3c6e5001d4355c108c4f505ed2898a768640ea4c167ab992458

Download Submit
/data/data/com.netease.cloudmusic/databases/mobidroid.sqlite-wal

Filesize
84KB

MD5
99a5e33542faa08a211e8c3b655366ed

SHA1
7cef63ffb5ba90b30b174908826d037a4c19ca53

SHA256
7f89fbc61bd91bc1f56a5216a7f07c153dc3f99239c30264da3212b5e71da413

SHA512
24096a34aed6771492d4b36502843bf452f2c43aab447aa7636b1f7a93c43351540050a1e6e2c480f07aa890ef90e24b87092e80c2c79bb9aa5969b5b40d84db

Download Submit
/data/data/com.netease.cloudmusic/databases/netease_apm.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.netease.cloudmusic/databases/netease_apm.db-journal

Filesize
512B

MD5
f0f6c528c88eecb1ea22bf4d6770016a

SHA1
f6922d6a6d8065aad50b6dcebba34c7ef6246d98

SHA256
eb64004dc7938ff3e007a1906505ad23a312f8486667b16bd27dc4d155c45850

SHA512
6974ccc50d493dc2b76222a208f6707126590ce94ec29ec68e3a994b7d54a605c0964f159e85de5ef6bbdaa8fcdc7ae3b243dbc8a28157d69ad470144f6080c7

Download Submit
/data/data/com.netease.cloudmusic/databases/netease_apm.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.netease.cloudmusic/databases/netease_apm.db-wal

Filesize
136KB

MD5
6dcc3a23b95dda972017005146a691a0

SHA1
5663b655ec21420c114484b32cffe9dadc0de596

SHA256
0408e38e37764bdcd32683c9d6467b320e8921bf29c7f55f70770e29fd560d5b

SHA512
756189641402f937c624ac2ee47f02072e79895c2b595f4198a5ea42c1c7afd76bd6864dbe384ad6f7479e049c4ad9fb5890aead38fe2e37da1a12f4ff4dbac9

Download Submit
/data/data/com.netease.cloudmusic/files/MAMStatistic/0

Filesize
4KB

MD5
f96d211baca8b345975229af7ebe4e43

SHA1
ddaf2dc30e3328c8b60c54b100b99bbe8f384609

SHA256
c598b63e4b3763471ef9a6f2ca2e76f1557f59a45eec4ab8faed7911942032d0

SHA512
59b654ca3caf1d39e2c808b666fb06655d5267db2d62a831df9fcf5e7e0a8043d281e8b885601309896982418f9a25ad22730f6b273089f4c8ed8493b9a498b3

Download Submit
/data/data/com.netease.cloudmusic/files/Statistic/0

Filesize
1KB

MD5
e4d858c98b05c72a0739870a9143cb22

SHA1
d59dbbe9cc8ccae9882e4f597e6dd5b60bc484b3

SHA256
3d623c3da285cfcbcb2f75005d87171ba625b69c091bbce73cabdbd7cc9a431a

SHA512
972037c40ef771ae4bffa3d83fc2a7e01e63140d3c5cbb9695e163ccbea29c87df53f9f382a35f4a260359a0257ca7b0a884f7da8547999cd022c16c7d67d449

Download Submit
/storage/emulated/0/netease/utils/wu.dat-journal

Filesize
512B

MD5
499d5e6aa45fc85d78a106b73839583b

SHA1
c84ae9dd22a5b8cb82ef1b149b4c091a53705b01

SHA256
3097602d7db7f96e7e4be6475eaac8cdca9ed0ec18d1d05a55011175daf580f8

SHA512
e477875c4d9f22b97a0e07ca81ff24ec2a4ad0b26a7798284a1310af24bbec442472e07ed5a0e9c257aa8c92cfd0abff368d214a2e29d924435c698e370f0203

Download Submit
/storage/emulated/0/netease/utils/wu.dat-wal

Filesize
48KB

MD5
5db333bbd33ec6bca7ced07e3ce5510c

SHA1
1df2d3b611aad52fdadccf2d47d9a4506857bcae

SHA256
dde654d547bf05db1c29043bb8e8768f5e7388146d67ef8ce1e4a6357ba6ced3

SHA512
7161fa116abcabcdfa1edff58a3f6a9c73ea85f02ceeb98e19fd389ed1c3b14c6540ed1e521e1af6a82657dd4f93365f92e35e904403f409b7bfb1499c1d2e1e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads