3a27c03db93c30ce802e18a0c781065019812ab5e00b4de407af68304f9bcba4

Analysis

max time kernel
168s
max time network
155s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a3a8bc64204c4c3d95e814a7f72ac85_JaffaCakes118.apk
Size

10.0MB
MD5

6a3a8bc64204c4c3d95e814a7f72ac85
SHA1

59dbd4442ccfdf44ff54334b8afe7c142d7c4d97
SHA256

3a27c03db93c30ce802e18a0c781065019812ab5e00b4de407af68304f9bcba4
SHA512

26b4c37a8550b37e5c77a1e364accf375e983d7a2665d95ea2507a32eeaaa17dbb7056cc000a81ca2fc441260332b44c8ec4dfe54814efc92a6baece5e8dace0
SSDEEP

196608:FbatedVTtYVTCpe6xtGv4CXo3dweNDKxZ2MYl93Ql4CN:4teXtMTb6CvmWeNDeZsgl4CN

Score

7^/10

collection discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.wangwango.rockwar

description ioc process

File opened for read /proc/cpuinfo com.wangwango.rockwar
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.wangwango.rockwar

description ioc process

File opened for read /proc/meminfo com.wangwango.rockwar

description	ioc	process
File opened for read	/proc/cpuinfo	com.wangwango.rockwar

description	ioc	process
File opened for read	/proc/meminfo	com.wangwango.rockwar

Loads dropped Dex/Jar 1 TTPs 9 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk --output-vdex-fd=131 --oat-fd=135 --oat-location=/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/oat/x86/5.odex --compiler-filter=quicken --class-loader-context=&com.wangwango.rockwar

ioc	pid	process
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk	4580	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk --output-vdex-fd=131 --oat-fd=135 --oat-location=/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/oat/x86/5.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk	4341	com.wangwango.rockwar
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk	4341	com.wangwango.rockwar
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk	4341	com.wangwango.rockwar
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk	4341	com.wangwango.rockwar
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk	4341	com.wangwango.rockwar
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk	4341	com.wangwango.rockwar
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk	4341	com.wangwango.rockwar
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk	4341	com.wangwango.rockwar

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.wangwango.rockwar

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wangwango.rockwar
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.wangwango.rockwar

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.wangwango.rockwar
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
collection

T1636.004

Processes:

com.wangwango.rockwar

description ioc process

URI accessed for read content://sms/inbox com.wangwango.rockwar
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.wangwango.rockwar

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.wangwango.rockwar
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.wangwango.rockwar

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wangwango.rockwar

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wangwango.rockwar

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.wangwango.rockwar

description	ioc	process
URI accessed for read	content://sms/inbox	com.wangwango.rockwar

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.wangwango.rockwar

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wangwango.rockwar

com.wangwango.rockwar
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Reads the content of SMS inbox messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4341

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk --output-vdex-fd=131 --oat-fd=135 --oat-location=/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/oat/x86/5.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk
Filesize
14KB

MD5
c7a4fcf067f62af7525ab714a0e21350

SHA1
32e87b00e02d77d28f3c673c9acbe8b915cef733

SHA256
d46d6b675f5d79a954c75641e7387368df6a7ca5c459583f6460bd954705c4b6

SHA512
6b97ae6b2d58c047153cc89c2da67b3794954eaf9cf379cb964f1041ff6c25f832d642dd705ea406577997dd0b124e02f69ca5fd519d0466f638e9b225e48663

Download Submit
/data/data/com.wangwango.rockwar/files/mobclick_agent_cached_com.wangwango.rockwar
Filesize
120B

MD5
04d0a254f6df59f9fd8bf4a3b3624382

SHA1
d241121ade2322986a3434d50305f4bf7508fd7b

SHA256
31e62b3323d63f10b853fde564c132503062b33d5b1cae3a660b47d5c4caaeb6

SHA512
5e8d5638d7961b5936607930ac087b17921eaa99f32369caa2b5feceb5c37639cc1e3429fa769b38ff6db9d417c547a0c75f47d7054bc7e7a752530edc01a276

Download Submit
/data/data/com.wangwango.rockwar/files/savegu
Filesize
8B

MD5
050b04ade5a54bff55b034e3819c4e08

SHA1
4da2b424da3370a0d556b2a7d74d8088e0ad9903

SHA256
974ac98c386379a71acfccd999e77dd85cfef13c2b391ff58f3970b5f71ca1af

SHA512
8549d985d71b1567a91d247bdc3d0b2a14de0737160f0e3507661a7c0f15676a1b779567a1d9f85ba6a9c373560c6c0083e079e2b0b5119f7b945618c24e4f08

Download Submit
/data/data/com.wangwango.rockwar/files/savehr
Filesize
8B

MD5
b8e4b9ce189f02685c1431ae7dcad2fa

SHA1
9100c987daf532867c67c6c549f425e881bf874b

SHA256
e38246775570112b0bdde65049fe4bdf711bf8a8eae6ed049263b5901bfc3d70

SHA512
021934353e9ab121b7b42f2f8de5630ff9484afd4c2be9be43f844cfd715fc452cf0658dfbcc2e4494dc2afd1c20bc8aa934ba78e76225ab426cc58ca90a8b2c

Download Submit
/data/data/com.wangwango.rockwar/files/savelt
Filesize
4B

MD5
4352d88a78aa39750bf70cd6f27bcaa5

SHA1
3c585604e87f855973731fea83e21fab9392d2fc

SHA256
67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450

SHA512
edf92e3d4f80fc47d948ea2f17b9bfc742d34e2e785a7a4927f3e261e8bd9d400b648bff2123b8396d24fb28f5869979e08d58b4b5d156e640344a2c0a54675d

Download Submit
/data/data/com.wangwango.rockwar/files/savep
Filesize
36B

MD5
e0b7ca711f11dfa3ec33cd19bb5d32f9

SHA1
ab8e5b91f834386105713580bca75e5a807d8d7c

SHA256
2e72ee903f9aba91e65702b58ee0a65628853c9510d30db020a22c79d79ffaa4

SHA512
fbde97ec1a2120acb9c8c32ccdc3e40a63e76b929d839e175910ce14092e0308e2e9b302aac573051173adff91d7255e570e824a62d9cabcf443586a2a2ea7f8

Download Submit
/data/data/com.wangwango.rockwar/files/savepex
Filesize
12B

MD5
a3ba9ef8d25788527c04e30796c18c6e

SHA1
07af41e4bf937cc8b718937d92e9b431d42467b9

SHA256
be756a136d1293d6a1c14cd7b79f5ab3391e4a89c5fa32569feb7b00dcc4880e

SHA512
69d771a9d8ce534a8697ddf4b76949c94b4a48cbd23fe05006b047ea2aa983a45f24804d949e51ddc72b0d0ef8fd13fe01ee2c6a0c39e5d49ec6f7d19cd6839d

Download Submit
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk
Filesize
24KB

MD5
75b8e74722c0c16d5a9660390315cc5d

SHA1
c54e00c5cb2c9807c98bc6eb235baa8ec1a26150

SHA256
7fcd74209d8afa8f20fe7ba0498aef32762c62a255668cda0d3210e1cbd5b2b6

SHA512
93d4ca8c02e2a2bf74a04550b6097c9d53c6daf0a80d5d74a40e4e6e07fbcfb3a13a06b501383015f3cd50c406e3d8f77d52d5fb236d3e647f676c8977c4a630

Download Submit
/data/user/0/com.wangwango.rockwar/files/bx-sdk-libs/smssdk/5.apk
Filesize
24KB

MD5
ae7a3203e0a092938888f5c4c4ac568c

SHA1
fe1bd422ee222f2d7dcf0b94b73cc9f98954bc8b

SHA256
af0d34292e22ee2b7d9e8e574f076c5f8ebcd11c924f37fc963beb1eb83ddaee

SHA512
29f2946ececd7eff6b35c40c431e56a328fe7df15a6ae27175e9eb7eb58eda7c77e52a73b3b46f82b3aa09e408456e719b509ca6f0814316cdb15cd5a1eee5a4

Download Submit