6d3ddd9272e8a2c471fa811df88590a4a5dabd526fa0a969a9001f8cdadf1b50

Analysis

max time kernel
176s
max time network
188s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a4d929d062188a4cf544d3b94da9bca_JaffaCakes118.apk
Size

14.9MB
MD5

6a4d929d062188a4cf544d3b94da9bca
SHA1

aea054d5f23140ec5e861b9c585f9d35d48123ae
SHA256

6d3ddd9272e8a2c471fa811df88590a4a5dabd526fa0a969a9001f8cdadf1b50
SHA512

42a26debc633d90680d7247a9dd85e2f1d73cd8481b072b1b390792c1c9f87d9db1dcb6840f0223e95f9c336f9be401c46c8167fd72f7c14ff7f2779bb1f4e3c
SSDEEP

393216:mFk+JjKwmMn6ymlb7pqd9djgYehgzyUNw8wzaZD8mQIo:2k+J+wmM6ymlb9ijveqOFzax8mRo

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.wufan.test20180311938799690

description ioc process

File opened for read /proc/cpuinfo com.wufan.test20180311938799690

description	ioc	process
File opened for read	/proc/cpuinfo	com.wufan.test20180311938799690

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.wufan.test20180311938799690com.wufan.test20180311938799690:lebian.base

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wufan.test20180311938799690
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wufan.test20180311938799690:lebian.base

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.wufan.test20180311938799690

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wufan.test20180311938799690
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.wufan.test20180311938799690

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.wufan.test20180311938799690

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wufan.test20180311938799690

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.wufan.test20180311938799690

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.wufan.test20180311938799690com.wufan.test20180311938799690:lebian.base

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wufan.test20180311938799690
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wufan.test20180311938799690:lebian.base

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.wufan.test20180311938799690

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.wufan.test20180311938799690

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.wufan.test20180311938799690

com.wufan.test20180311938799690
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4294

cat /sys/class/net/wlan0/address
2⤵
PID:4401

cat /sys/class/net/wlan0/address
2⤵
PID:4531

cat /sys/class/net/wlan0/address
2⤵
PID:4550

com.wufan.test20180311938799690:lebian.base
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4326

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wufan.test20180311938799690/databases/ThrowalbeLog.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wufan.test20180311938799690/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
266e9270cdd6815d5dafbe8dfe3d30c6

SHA1
af5485c004324d5b221f6355eef601dbd9eb403b

SHA256
04eb821bf4d992109f1f1ea8ca0cd5ca285780f91d58b3fb9e4c52d42794f2c1

SHA512
19d3517d1f1333eb10e58ad2078847fc21933c68a066ead2decc69c65fb0a96fd6e0c981d3c91d60ffea8722c2d3b7a9d65aaa907877d33b7fa696d4061ced6d

Download Submit
/data/data/com.wufan.test20180311938799690/databases/ThrowalbeLog.db-wal

Filesize
32KB

MD5
4551b45591c27e0faa6bab1a3a21dfba

SHA1
daa4cc8db7371632ae547c9fbf14bcadc416b0b3

SHA256
ede1c617c98be6c807f81e815d3d20364e685505992b33823e6a2bbea9e8508f

SHA512
3be9220132b914634465a8325b97622fefb3168a9216d3e195529ccf43df0228f33bb4f670f7e032b99b9f902548de77e4f22ea37613120fc498aa3e0a412274

Download Submit
/data/data/com.wufan.test20180311938799690/databases/mgdb

Filesize
260KB

MD5
f19ad37702199ffbe9ea075d2e1f4418

SHA1
bdb621263c6319b387602e9f758832f02d7e49b2

SHA256
456d1dd37a67a3ec9c9373078b4a05a50dc0efff725da5ea9c8e24ff9cc0ee80

SHA512
ecc51c5b72c235899de2a3e3648b5c5de8c6c4ee78a9214c938a2a60baca39b8f8256f53a975a10208abecfc6b37454f2eddacbe1389f1e7d4328ca31877e8c8

Download Submit
/data/data/com.wufan.test20180311938799690/databases/mgdb-journal

Filesize
512B

MD5
6b8b6097505bb6e88a8654bd2b111dd2

SHA1
a7754b3de0c8be20e937c44179a23da669806263

SHA256
97e62f49aa99bc9012d5df6d3de349753317981ed044402a22348b3ca8eda8ec

SHA512
433aa4944c1baf80d44d39cc685035175ea32b116b507a6585726bc3d0d2a88bfda7ffe3121cbbba65176417b32fc3c3af79dd66d14fa0a8c34dd79d63b0d2fd

Download Submit
/data/data/com.wufan.test20180311938799690/databases/mgdb-wal

Filesize
402KB

MD5
40fbebd72cb0346b788c00f77a71f520

SHA1
f7e6b261ce0e42957172a85fad81d6317e4b09de

SHA256
c020d6ff79fc5a94b1628abd880f19cd9751fd7609b0061a13c56e5d32f7fe24

SHA512
6311087f1c37c243b65f5c95b02bf365fd585947fa7fd1e2fdc4106f2551fe76fd05d2d08b9b827e994e533fac196da692749a68aa1912fff42db52e9eb20839

Download Submit
/data/data/com.wufan.test20180311938799690/databases/papa_stat.db

Filesize
28KB

MD5
a7212f1f60f98afc53ebb78dd01e4401

SHA1
43915f57d31995cb5451fcab898098fcccbe937e

SHA256
e4ca1f33e103e90a33716a9c5e24a4711f3dfa36084f1db3c2944eec30ea9690

SHA512
f58e0894288cc44e1249a9541406835578c24f2a6e815de4055bea44d05c5331faa57b85c4dc973c74d6fb007546f1bbf18bfed3b47e67e3a00a4d14a41cd9f4

Download Submit
/data/data/com.wufan.test20180311938799690/databases/papa_stat.db-journal

Filesize
512B

MD5
c22f39727ef7bbf307c70a3f9616af80

SHA1
31ecd2bd5c9082b3193d3742ab1e7a32173cd7e4

SHA256
033f7c498032f5d3548625a0070ae15d289e75b9923a2e1a7e9ae3e05d412495

SHA512
c5b722e3adfb1f6ed608dd302c61ae20e08a74b4750526984c1b0c085df5dd4e08c756096b7dbc09ae4d13fb36f159beb4575378b4b91a11ab5d097745f8e2e2

Download Submit
/data/data/com.wufan.test20180311938799690/databases/papa_stat.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wufan.test20180311938799690/databases/papa_stat.db-wal

Filesize
406KB

MD5
aaa4f9afcbc125012ec9eecc8bda10ec

SHA1
8d9a368dd31bea2d638e898602ef6fb3c26a27e5

SHA256
568283ad65b7a9154f6b9c1d0c93ce86cc406bf9ee3b791c6bab22351b712938

SHA512
a1929202dac9b028cbeefa5f5ce5cdfe6038eaa30b7941973f3fe7a3da735c6b1113a2f64eefbcecfa968c5e6a1bf2e19fa9365b340561bb11a957aaf9dafbcb

Download Submit
/data/data/com.wufan.test20180311938799690/files/.imprint

Filesize
1KB

MD5
37240ee48f39c1c8e592f4b9bc2f96f6

SHA1
dfabe1586b6f69fbc1cb3ec5177749dc419b1113

SHA256
338ef5eceb39a6f7b926e7b9703af62ea68c817665d879b6cdb3aff352d5a2d9

SHA512
ac9aae254159017d781e0be42449d9f2a2ae82280d3e22f3af387d425535f84ff958bd7acb378598a55f439f483f1c4f0537425dba3409f95abc1440b5f712e5

Download Submit
/data/data/com.wufan.test20180311938799690/files/Mob/share_sdk_1

Filesize
23B

MD5
8e24e79baab91c4d0604eaa9006a0cb3

SHA1
e427afc94a4b957a7096f73e395a10ea404c076b

SHA256
65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

SHA512
45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

Download Submit
/data/data/com.wufan.test20180311938799690/files/Mob/share_sdk_1

Filesize
62B

MD5
3bda845971d581f71ebb62471265c49c

SHA1
95b5259991d4a36f14c1939b7a30b194cb8d496e

SHA256
0df0fd6fc281fad947e3247a4e622b1ca27263467f46019ee9b8e72b6dcb2128

SHA512
298e4cb0f1033da681dc8d33eb629778f52f8c480079f02dfb1eb073d204620e80d74e8c71715b187cccd3110551268285c266dde494e1a8d82edeecfcbf6f34

Download Submit
/data/data/com.wufan.test20180311938799690/files/Mob/share_sdk_1

Filesize
86B

MD5
8cc42ecdf90a2493dfa02523385da57c

SHA1
9aebafd31d9cf13167341ed1f637996e298b026f

SHA256
16f41b255251fcdc71befd49b950768c45301d3bf1353e2d4e11a769d2784f4c

SHA512
9a393b218ed7e996bf9dd6db8bb7401d3b65d935b826e9f976c7bfaa1308b827857d411db1dcc71b8eecb06097c54a4dc69ab76699668d1cb57add05a0ee100b

Download Submit
/data/data/com.wufan.test20180311938799690/files/umeng_it.cache

Filesize
310B

MD5
986954de334c42e3c18103f825ea22b1

SHA1
e1657051074c00b486d885950b11db4264a66df5

SHA256
9ca9df69cc95d683109754a57d165b6d1d4fdcb9f678a0e2d61c6020aab13db8

SHA512
505918b23639db8aea76b6344f53f9b12323237e36c660ee255d948276428a28e612957aada749b26ae3fba0b6331738fb4290eeec9f5e920ee8b3867d5533e0

Download Submit
/data/data/com.wufan.test20180311938799690/files/umeng_it.cache

Filesize
158B

MD5
f82f9aaa595a1db0bafa750a457a3cdb

SHA1
2d6dfcc7d14aae4eef67263bacc31cf35607122f

SHA256
7f38cb3b83e4610b310abdf10f6fcae2b7b3b56db30c710a57c8550dd3765909

SHA512
80f676f1303e9263378958563c148c2acbb8ae4a7a2fbb1eb3fdbf6973cb46a26cfc460c0ff2d1a4983d7f7daf80e36c8e84e02353c538ed2eb9fa85e1c5965f

Download Submit
/storage/emulated/0/.papakey

Filesize
36B

MD5
348533b333ebc140178c1c24346f146c

SHA1
467e0f9f4d23e55cc2ad0ed3802af81f7dfe687e

SHA256
10f42f7ff9fc116ad36dc2fd3aa7ef3d826bf7ac0690430e88432f3562a4c8d4

SHA512
f9ee02c1d3a9937f8e58d6f53389667f0981d2b025067c1b14c6e708bc5217923ecfb8778804d146b192705fd4b31a199feecd3c1b32cea4e6db0dab52194399

Download Submit
/storage/emulated/0/Android/obb/com.wufan.test20180311938799690/sdkinfo.txt

Filesize
6B

MD5
c7c8d45e0fc1a2ac188f9b0a62f1a797

SHA1
ffe2c07fa6f7f6b99e9be07d89c766dc029b846b

SHA256
91bf44d0a10bdb192c372abd8362e5089b7da61c9dbb2dffc0d936b0f33b5caf

SHA512
6abc5570f847c76a8f091301c26679321be9e27ea4fd07d067227937b3ee7d1a4c6e0020e4bffa769ea0d9355604e390ca29d2c998c2ca49a9341cec57a54755

Download Submit
/storage/emulated/0/Mob/.iew

Filesize
64B

MD5
d62b25791b9f8972176645601373ffbf

SHA1
03bb840c1867ffda55c486a53fc36a9ad95ef4fc

SHA256
2050f5a0e4bce2cc95fedb74e8438f87814131057ba93f8b5e175be144bd5ae9

SHA512
21de1d2fced190df5709a7444cc2300c850537aa91a26a2ddb6d87fe59321f54e1b96e616ad1462f41a1d73db837beaa36333bcd6b7e2be29dd25c261e29c112

Download Submit
/storage/emulated/0/Mob/com.wufan.test20180311938799690/cache/comm/.mps

Filesize
26B

MD5
840eaa01e5d03fffee257ed5ce4fba9e

SHA1
886bd732b29f6dbdd94b890a2b203c5a276ae773

SHA256
7648e772307acf936c331c4ea9d92872b1af6367cbf83f33f569ac204df65595

SHA512
b0a4f9238c4b60bec0cca9c72e551a702a95210a735bd8176c1d5ba741e264d2f1e885d65ed07a88086afd74f69c5e02a92db8068b222a62c6f56762a26b7d4d

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
/storage/emulated/0/aray/cache/devices/.DEVICES

Filesize
32B

MD5
c072ce1b736d4ca7e0e49a3aadff8d4f

SHA1
6b6831d2856d1304d394cd07974fc232a9eb1d3e

SHA256
72beef565bbde6d8249b058f1db778de4b3943e4fe66c989a1d0f2fd8186d526

SHA512
6d4cc561f068cee7a382bbca92f7aad1c495f37d3d8d9923df0f9c636b78f889dc925f7f4f65ceb7e968759271e2694efeedec04f91e94b2548056a27beea54b

Download Submit