Overview

overview

8

Static

static

6

697d19745a...18.apk

android-9-x86

8

__pasys_re...er.apk

android-9-x86

__pasys_re...er.apk

android-10-x64

__pasys_re...er.apk

android-11-x64

__pasys_re...ds.apk

android-9-x86

__pasys_re...ds.apk

android-10-x64

__pasys_re...ds.apk

android-11-x64

dynamic1110.apk

android-9-x86

dynamic1110.apk

android-10-x64

dynamic1110.apk

android-11-x64

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Analysis

  • max time kernel
    179s
  • max time network
    187s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 02:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    697d19745a4a3d762f0186621e081369_JaffaCakes118.apk

  • Size

    14.3MB

  • MD5

    697d19745a4a3d762f0186621e081369

  • SHA1

    932f140d20135330cfdbc928e713d915cf46b642

  • SHA256

    3ab044cb0fcfa748afad63aa102ece83c2ef60e577ab4028db00db7036b3b685

  • SHA512

    b51e37d6540222245d5431ca84cc0bf3e65fd3d7e59043166efbdcfe7491c2c284cb054050936d7b0bdbc3d5a867d08c79ad984cfe3783e76a3c4b79ca31c4e0

  • SSDEEP

    196608:e5T5JOh2JKySyebXFNx9R4rVkB0nOTSbJjk9pn26lKJjGh6O0DKBUvP/a4wy/Sr:GJOioXFNh4rLH9ipNcJjMIe4pc

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 3 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.funshion.video.mobile
    1⤵
    • Requests cell location
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4332
    • chmod 0755 /data/user/0/com.funshion.video.mobile/app_bin/daemon
      2⤵
        PID:4475
    • com.funshion.video.mobile:funshionnotification
      1⤵
      • Queries information about running processes on the device
      • Queries information about the current Wi-Fi connection
      • Checks if the internet connection is available
      PID:4463
    • com.funshion.video.mobile:funshionnotification
      1⤵
      • Queries information about running processes on the device
      • Queries information about the current Wi-Fi connection
      • Checks if the internet connection is available
      PID:4601

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.funshion.video.mobile/app_bin/daemon
      Filesize

      17KB

      MD5

      9e064de090c030ff0a029a7aa1b92a41

      SHA1

      0ac929219364054be42290807e059f120f29afd8

      SHA256

      b9acbf4ce5333079bc355d68889aa195f56c9c222acb342268f7b18c256deaaa

      SHA512

      e17ddf4c11426d06ba344734f3dd5b2d792494de7cc18023cc9e913ba24c0be2763c78ab9933904dcda8b1226e3bc7e55f1af3e8d7cea6f93d8c198a674b8b21

      Download Submit
    • /data/data/com.funshion.video.mobile/databases/_ire-journal
      Filesize

      512B

      MD5

      c30c0858c5368596f38652f933c25dc6

      SHA1

      72db726e3a578827ae6a7f4a650b65aa68ef0c3e

      SHA256

      4b2e96cc722a79e2565006f160f957186ac6392c47d533e7c41bc7a7602a364b

      SHA512

      5f2c12c38e77812cbc34c06f221dc606d4b2164edbbef945813236227f679d0f973ddb275535a93d137890ea036668dde0f221117d1c2f0e884a1d4cd2ee2bea

      Download Submit
    • /data/data/com.funshion.video.mobile/databases/_ire-wal
      Filesize

      20KB

      MD5

      db8c5baf33a0da874e1abc5a3cfd32a1

      SHA1

      888ade62ba05588b60215ca5bcf5aecf3d32c64c

      SHA256

      8860a578138dd474b27b5c6dd88b75a5f99c88b36fb09d7d5b40e55445ce5a32

      SHA512

      d0f00fad07f87a84bb314e1d001229f632673092298ca57d457be067d8be91e2ddb11fc0b328952423e5a5f9cb04a3567ada6c036af14baa335fa7ed0d6b4654

      Download Submit
    • /data/data/com.funshion.video.mobile/databases/funshion.db
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

      Download Submit
    • /data/data/com.funshion.video.mobile/databases/funshion.db-journal
      Filesize

      512B

      MD5

      af15e82cff5b04b97e4bb2e6f08a957e

      SHA1

      b9bf8f2236f94099f8a6237280a114565e1b937e

      SHA256

      a7b17511c77476e6a438e544bbfffc6c65b3efc65f9f822ce4bca9a794670443

      SHA512

      22ab49bc056ff2c9f15b6f96bd6b78de3163310962d48b803aa77a980716a382d69ef7772e493d6f78d7e1897641358a2efee72e2d318144841c1323ec09e9bd

      Download Submit
    • /data/data/com.funshion.video.mobile/databases/funshion.db-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      Download Submit
    • /data/data/com.funshion.video.mobile/databases/funshion.db-wal
      Filesize

      136KB

      MD5

      e9ceba35272683cdd17e9b7d1a64f99d

      SHA1

      53345c24291d638de039a07fb4e096e709ecef90

      SHA256

      af3a3744942afbda47d16294641fdde10915386365b07c1e3325ca32348eff46

      SHA512

      5af3e892731e4746396ae2d5a66c98455837f6a785b4ba3ecc8b7bbd247d35788f10ee55fed5fa7b79c8db419181bc24e1aa7776af7910368acd4b96e9af6b61

      Download Submit
    • /storage/emulated/0/.fudid
      Filesize

      127B

      MD5

      9e977ff2f0706006307434327d77205f

      SHA1

      d862c3aa81d4abedcd45c571aa6e4d29166c83ec

      SHA256

      0362542e0284e7211062553370edc85a5a0fcc1cb859e2864457122c22e441c0

      SHA512

      8ecfbcf1666d57f746d8e0f5cb4466c6cdb3742cebc581e9998b5e465b3041137b9af686bd347f34bd35ea39a3ec9a88edd80acb874ef1fef5e0928628890f21

      Download Submit
    • /storage/emulated/0/funshion/cache/img/aimg/journal.tmp
      Filesize

      31B

      MD5

      8c92de9ce46d41a22f3b20f77404cc1d

      SHA1

      8671a6dca00edb72be47363a7071be65cf270373

      SHA256

      68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

      SHA512

      30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

      Download Submit
    • /storage/emulated/0/funshion/config/funshion.ini
      Filesize

      236B

      MD5

      7c77152e7fcbacc9a78c6ba5237d9fe6

      SHA1

      56b73fe3382c63a59b6a4f0412feaf485239cc65

      SHA256

      8bbab86d741a0eef2179fc9202dd47ec7e3c18ba940fa8fea92aa174f7c8199a

      SHA512

      133d58c4d921577c931f1acfd90b8080f5430f78762fbd774373d1f149c2fd38ecaea04bc857baca0eb0b24e9f1a04c48b2a9ae80d1d8236379b9aa8774a44f8

      Download Submit
    • /storage/emulated/0/funshion/log/funshion_aphone_2.5.1.1_020000000000_20240523.log
      Filesize

      293B

      MD5

      190912070eafca5393cc9b2444bfb104

      SHA1

      e0fa604506053080dfbe89630a6869c6408e3857

      SHA256

      21fd2a5b8319e97fc5530887a1d2189bcff5c0fd19b1001a237f8e26a7750f29

      SHA512

      a19c52ebe355abcd06505d990fa39e82be53c34dc76d162d987cdac7765bb1290f2ed7d698d3f43522d4ef4ac81db89c48f4dab9edb9e38d3cd4a84953ccefdf

      Download Submit
    • /storage/emulated/0/funshion/log/funshion_aphone_2.5.1.1_020000000000_20240523.log
      Filesize

      4KB

      MD5

      b17747bfdc950230f85c6266615ad830

      SHA1

      302d4b77960130a487e9a75b59b166dcaf13fe9e

      SHA256

      67cb15cbaff93246c369e48f537d64840eaffc0bf50d5dedfed2096ede182712

      SHA512

      b310824fbf2fca82ecdb19317b54aff66afbb0788d530ee0b10eaa9185fd591b338e8c8221aa172b9a14a231c1f07ffb214de40c816c64be36077d650d66e756

      Download Submit
    • /storage/emulated/0/funshion/log/funshion_aphone_2.5.1.1_020000000000_20240523.log
      Filesize

      6KB

      MD5

      011efbcbb2317a4206dddcf06942a2ae

      SHA1

      78326769707893a857bf10ab7e2b8c9466f1e676

      SHA256

      35de3afb76ef89129156ae9485f2e144038855a30bcd875e642ae2608a9a9e6d

      SHA512

      4768d1aa315e116c9aa0e824e5627b760cdf3e6bd523d5d2a82cb9050cea42124d1d681a113e365457d7c1f276cd0d2d5b7e67796ef1851403b5475e000d0921

      Download Submit