91701b36f80b624f6f3d3f56da70bf451a55cdf56597e9efabf61732779437a7

Analysis

max time kernel
47s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69bdcc1040cb8ac4590250a1c7f6cfbf_JaffaCakes118.apk
Size

31.0MB
MD5

69bdcc1040cb8ac4590250a1c7f6cfbf
SHA1

582b38850c92d1177a1c0a97e3810b4a028d81c0
SHA256

91701b36f80b624f6f3d3f56da70bf451a55cdf56597e9efabf61732779437a7
SHA512

befdf670fdb8830ad4b7ef3aca1dee3bdde6ced1845d254f8e502b543c91eb554d570746ae9b2b3a81bf9f10228842a49486feea697ea7849b5b059d14cd3627
SSDEEP

786432:B3V7EV68dumNt8lgJuDQC/nHYm3f7ubcycIAPIyKrVo1Zfnx:LEwKuAsg+HYIfIc5Ib3rVcZ/x

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.Weicai.Tower.uc

description ioc process

File opened for read /proc/cpuinfo com.Weicai.Tower.uc
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.Weicai.Tower.uc

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.Weicai.Tower.uc
Acquires the wake lock 1 IoCs

Processes:

com.Weicai.Tower.uc

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.Weicai.Tower.uc
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
File opened for read	/proc/cpuinfo	com.Weicai.Tower.uc

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.Weicai.Tower.uc

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.Weicai.Tower.uc

com.Weicai.Tower.uc
1⤵
- Checks CPU information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
PID:4336

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Android/data/com.Weicai.Tower.uc/files/DB.db

Filesize
200KB

MD5
4844e5dd427042569e8406b0433928a7

SHA1
1d385d35a56c77eed20d362ece4d1070d2515a20

SHA256
c75fb7886a674928ad2f87d9c4067efcf3e72f26498aca8de4db63d85de19081

SHA512
46145879af5716b7c45bad6172e4cda4b85c887e95aa879200155a3a181119398a932f3acd9c54963041da8c57f6bb666839e25b7caaca66d45ba13b3dbccfe8

Download Submit
/storage/emulated/0/Android/data/com.Weicai.Tower.uc/files/Info/PlayerInfo.info

Filesize
696B

MD5
05c1acad0a965a9ba0a56262e99e5625

SHA1
2612088f15df892478d581f3c470786771cd88a8

SHA256
783fb0aecf8d7fccab5a30f0e9b6fa36d443074c1eab70a97f528d87bb1da49e

SHA512
e37f4f8afee32bbb1057960a5b719b879819dbd55319d5f9c2b4df341ab1056fddb1ace8fa82f78936d3317ea6e53b1bd0903762b180946b72959bff41384e05

Download Submit