62168d31104f7e6f73e365cedce8d39cfd7faa196ec1715de1a1cf046035ef62

Analysis

max time kernel
167s
max time network
182s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a657f43832956d6faf4c4ca136808a0_JaffaCakes118.apk
Size

3.5MB
MD5

6a657f43832956d6faf4c4ca136808a0
SHA1

537f7a5c273ea07e6ae3d669948a6c8e8cb6f32b
SHA256

62168d31104f7e6f73e365cedce8d39cfd7faa196ec1715de1a1cf046035ef62
SHA512

0cc2ad69e11e1adc7c6c1adadaf8c3e8288d06bc375c8e1c3235938e2f6ac11d557483d5e197ca6fd207f006ca582d6daba82e7872a2e11bada89eb20d022e34
SSDEEP

98304:EnCrgeyu15BtPxE/bMZMoUWb8ekleZviYKj5dHJwJwLKroJIPASMIe:EM6/wZBTYekleZLQwKL0ocAS6

Score

8^/10

banker collection discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.simiyueai.main:remote

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.simiyueai.main:remote
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.simiyueai.main

description ioc process

File opened for read /proc/cpuinfo com.simiyueai.main
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.simiyueai.main

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.simiyueai.main
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.simiyueai.main:remote

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.simiyueai.main:remote
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.simiyueai.main:remote

description	ioc	process
File opened for read	/proc/cpuinfo	com.simiyueai.main

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.simiyueai.main

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.simiyueai.main:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

T1624.001

Processes:

com.simiyueai.main:pushservicecom.simiyueai.main:remotecom.simiyueai.main

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.simiyueai.main:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.simiyueai.main:remote
Framework service call	android.app.IActivityManager.registerReceiver	com.simiyueai.main

Acquires the wake lock 1 IoCs

Processes:

com.simiyueai.main:pushservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.simiyueai.main:pushservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.simiyueai.main:pushservice

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

T1421

Processes:

com.simiyueai.maincom.simiyueai.main:pushservicecom.simiyueai.main:remote

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.simiyueai.main
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.simiyueai.main:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.simiyueai.main:remote

Reads information about phone network operator. 1 TTPs
discovery

T1422

com.simiyueai.main
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4268

com.simiyueai.main:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4299

com.simiyueai.main:remote
1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4347

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.simiyueai.main/databases/___yuanfen.db
Filesize
68KB

MD5
f7082a8c9b1cb134900f1f3c32983e07

SHA1
50e0f2a24686f8e3f0c1822ae3ff27cbee40a32a

SHA256
15d1afaad95bf2aeb35b079e318fe06446fda90f6f39874dc5092364081f182b

SHA512
d33d43091afa7c4b57bd405eb17204b9c87bfcf4954978d3fcadc33a10c9f50456f91dc8d16b54b0185c340903b2b5df40edb51099bf5055958fa1d485aa5b6a

Download Submit
/data/data/com.simiyueai.main/databases/___yuanfen.db-journal
Filesize
512B

MD5
f6268cbb884acc9a4374b6130b21225b

SHA1
ce10f12f18b886f3be4bcf1c78e154a17ff8d908

SHA256
7fda8c7513e95517d5dade4aaaabdb6edd990d1c946a89f81917684fbcf51d6f

SHA512
c3565ab9600d93aacde4d82509c2ca65fec60798282a79d2bc514c19cd58f5da98a671eeb7fe0e3f92a11ff35e69d55ef6406434466f565df275d6f873bddd1d

Download Submit
/data/data/com.simiyueai.main/databases/___yuanfen.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.simiyueai.main/databases/___yuanfen.db-wal
Filesize
80KB

MD5
01dfd4be5315a91b654573a9f3b37e9e

SHA1
82534160772da9cc1c7647a4f96318696f5505b1

SHA256
d9802b6097ebefaee9c94b4e161e3d26610cfa97028c0d54b9e974744188d50a

SHA512
87a45bd1e316b5584bb147cb8c8104ceed8e82a1ed348872c4c1fb9a3b0c2ffc58e0c9745496e97e14d0786e52bcffdd725f7c17d217905f937359729398c89f

Download Submit
/data/data/com.simiyueai.main/databases/pushsdk.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.simiyueai.main/databases/pushsdk.db-wal
Filesize
80KB

MD5
ee6431e65d3f78af1c40b4f54ddb7be8

SHA1
c9b67a3d3d6a8e97f484b80ae16f46fe94604126

SHA256
1f663631ab838c5b10e5b4d7c867ae0451e9a9aabe3062b26a36cbb8bb96e1ee

SHA512
1a211c07274d7cbc519d91befa92d2d139d9c276932fcb203f5ca37d3231c966ad19b7ebb83fc212c6d18f64b927c57ddd57f147e1dfc28d67b08655b70f1eb7

Download Submit
/data/data/com.simiyueai.main/files/umeng_it.cache
Filesize
32KB

MD5
7272a72405396e1484bd43d042754ce7

SHA1
1ddee049e7d8f6e8a8ab02bd08ec437e8bd20e0f

SHA256
78ce38b59f806983e3611679830db6e8c0b8fe4cfc944791af72b05a93df82de

SHA512
d017361fb53cde827c51cb4203a4cb63703046b3914d1fcd788b908330308f1e40b829f56da9fc5cf265ef5cc43579645bac6e44c4473267a3a449b8e6ed3e50

Download Submit
/storage/emulated/0/Android/data/com.simiyueai.main/cache/uil-images/journal.tmp
Filesize
512B

MD5
a9fc74ded70ef81209323a67a6cbda99

SHA1
c248272591316dd0001133bacdc34b136da1a709

SHA256
068d8dd1ea0e3867b6cfeacab453de25b0855e3e537aa116707516f2c010a02f

SHA512
dcf1f47193ec39f2232322a8e01b133cda3debf941a33ea0462f5721dd2dcf4ac22d1f4cbf6189eebd5e250823fff5618e78451eb8f8933d17af66f34e9f389f

Download Submit
/storage/emulated/0/baidu/tempdata/con.dat
Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/baidu/tempdata/con.dat
Filesize
155B

MD5
96ff1fc4709a608470e28c76edfc2b04

SHA1
fd163d8f0e539012eb7905c075ff3b6485f3233a

SHA256
b970dba735703eaed1c9200eb64c61fd16ed7b1b3dc0d4ee98b93d2cb2ad663d

SHA512
1fbde7ed87584621530d37cbc4d58b2e6447eb2d80222d3ec92e566f01ee1f13e6291e50ee9b11903bfa47d5aa72bc5f433cc9f4bb11d2f184d54e6fa770a5c9

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-shm
Filesize
28KB

MD5
64eb7531fe5340eb0990127c29ef9a35

SHA1
885d5a5de02578c75322ee32be511480be9bd58f

SHA256
0bb361626f0fc08e7ce8361d0111324504bede5269b5029ecb8bfbd041fc2d49

SHA512
a5b4f82759e06f110b128d441687ee2558843db5e59aec3586af2b062ea23588437771127b7d8f65f92d766e7e2392e1d82d299c1f3c8b93101e5c290fa6e20c

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat
Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat
Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit