ed7b7ddd175c43f780b91e9caceb1ed8d5f4803d7e0de05bbceb350042e9dca7

Analysis

max time kernel
173s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a9f7d8ab25074a2d7fa4f720d176088_JaffaCakes118.apk
Size

31.1MB
MD5

6a9f7d8ab25074a2d7fa4f720d176088
SHA1

d2289ad41b46055364ad5c4814d57d7d2af2b4ee
SHA256

ed7b7ddd175c43f780b91e9caceb1ed8d5f4803d7e0de05bbceb350042e9dca7
SHA512

6fa701daf9d8e72c46e0f8b4dab6722ea4f5c3de7886092e18e2ce12902ee63817ebd98eec81a075a79aa28ea38b0153110d53522058d200dd37f9492e99b463
SSDEEP

786432:3Q4tP1ol9abYSL8X/p9OqaE5PMm0aXbPgB4wmsugDvGVntEa5QUHhte:B9ol9TSgjaE5tXLPge5sbSpCCQ3

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

Processes:

com.cgjjgame.fish

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.cgjjgame.fish
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.cgjjgame.fish

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.cgjjgame.fish

description ioc process

File opened for read /proc/cpuinfo com.cgjjgame.fish
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.cgjjgame.fish

description ioc process

File opened for read /proc/meminfo com.cgjjgame.fish
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.cgjjgame.fish

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.cgjjgame.fish
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.cgjjgame.fish

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cgjjgame.fish
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.cgjjgame.fish

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.cgjjgame.fish
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.cgjjgame.fish

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cgjjgame.fish

description	ioc	process
File opened for read	/proc/cpuinfo	com.cgjjgame.fish

description	ioc	process
File opened for read	/proc/meminfo	com.cgjjgame.fish

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cgjjgame.fish

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cgjjgame.fish

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.cgjjgame.fish

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cgjjgame.fish

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.cgjjgame.fishcom.cgjjgame.fish:pushservicecom.cgjjgame.fish:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.cgjjgame.fish
Framework service call	android.app.IActivityManager.registerReceiver	com.cgjjgame.fish:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.cgjjgame.fish:pushservice

Acquires the wake lock 1 IoCs

Processes:

com.cgjjgame.fish

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.cgjjgame.fish

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.cgjjgame.fish

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.cgjjgame.fish:pushservicecom.cgjjgame.fish:pushservicecom.cgjjgame.fish

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cgjjgame.fish:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cgjjgame.fish:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cgjjgame.fish

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.cgjjgame.fish:pushservicecom.cgjjgame.fish:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cgjjgame.fish:pushservice
Framework API call	javax.crypto.Cipher.doFinal	com.cgjjgame.fish:pushservice

com.cgjjgame.fish
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4298

com.cgjjgame.fish:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4592

com.cgjjgame.fish:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:6473

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cgjjgame.fish/databases/logdb.db
Filesize
20KB

MD5
e7d255916984067a0c39533d2e7f0d02

SHA1
5b0a0aa4ffee47a2633ec93bd3a09c283423990c

SHA256
7dfb75f8997946b3a554773a6bc9723d3637e4928d051b76b69e17fe0fea1c8f

SHA512
468d405d8158c35ae82b2dfd9f57542a1932adecc29adda1004eb2208ca6e1296065bdac362fbe8b12c58aabbcacd644f1cf61f66e072c48780ab1d6b58a2595

Download Submit
/data/data/com.cgjjgame.fish/databases/logdb.db
Filesize
36KB

MD5
60e918a66670488ae5e111bdcbcfa95d

SHA1
ee81e2f5ad9a7301adfce5999095370e532a43d9

SHA256
0126f776c2c01bb621001c4d80787b706902fa8fdd89fd1f062d063ec74d5313

SHA512
1abb9311fce204649d299a19efab820981c427a8f3778a9848fdfe99aac19fbb3d62bdc4f5fc93bad66c090d198e9db33c23066041207272f2942272167796d2

Download Submit
/data/data/com.cgjjgame.fish/databases/logdb.db
Filesize
36KB

MD5
e84e2d5ad34599d9a6a2a791991e0d50

SHA1
46bd74965a588306ff4f7079db86bc51ef68e217

SHA256
07baa278537178b70f8f0bfa13d6aaec1ce90dd2c1fd5336676c4db695be5620

SHA512
bea25c44374cef544a0e4acd82edf6aad5c243aadd7556e7c78216c45688d9861874e8ccdca05942c0219877770914fe476bc142a6bbfcb0a74422dd2bc506d9

Download Submit
/data/data/com.cgjjgame.fish/databases/logdb.db-journal
Filesize
512B

MD5
a9bd2aeab22fa660270802d343363f42

SHA1
c032542c4d7125a7d9271de55d20fb6d664ae0d0

SHA256
4e5ba9fb1c0a9a31ac73096b17a81d660247e398b888b617c5e50ff7484bc591

SHA512
734a1ec236460fbc44274bfbe43748a8e4a90e6586191ccca0811dfc2699d1a7712c07560bc9f3bbf3a4ad46e127eb5246e48c53f1b6601f12983cbe7f0cb115

Download Submit
/data/data/com.cgjjgame.fish/databases/logdb.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cgjjgame.fish/databases/logdb.db-wal
Filesize
8KB

MD5
c8c16a4f95322c551a5bc7db4010dc7c

SHA1
8505161c4c1e2e9a4ab29bda4339c1d79f04be3f

SHA256
e5358f83c0f39a723a2a4027262282d157a15db74e2f31f0fa2b4dd7a408ec81

SHA512
210ed6d4e8ec10cfa8ca5e2a2383d5ec4592680edb1cd7e3e8c28607cadb80dfcb211cd7967901cd3c1fc87d1e0fb7822654359c84a9bd55eedbb54d36247124

Download Submit
/data/data/com.cgjjgame.fish/databases/logdb.db-wal
Filesize
48KB

MD5
e0956ed57fac0682d5bdc91b7fc58434

SHA1
2446944af60b53a640136ebebcbd5945fffe7436

SHA256
f2ab39d40b5c53acc6be93aacc8ffed946f521b604228095ea04201c4a654b17

SHA512
a2d219940a156da0126423c19610de704a815643bbaec8888acdf2024f70645ba3a34c9ff0111d1fbf42e068595d9b3a730b7e4ee2cfe1182ac80d570af67ab6

Download Submit
/data/data/com.cgjjgame.fish/databases/logdb.db-wal
Filesize
8KB

MD5
47e1ac629bb16c7b0fb95f26b85de8a9

SHA1
5874c4eb21bd64f7f93047b0d745299ce5cc99ae

SHA256
6ef799d0c10b3f3015223e38cc248aac2f73b831d834f4e4b577e474a041ab8e

SHA512
8f4a59f576bc697bb3877024a8297a17d447021e3f1de3b7fa5108e2393afed8a3df7b7b7fda27f3afe16a78ca2d626f7819d2b99b87f6d18825c2e8ae73d14b

Download Submit
/storage/emulated/0/iapppay/statistics/com.cgjjgame.fish/event/1716459592005.log
Filesize
122B

MD5
9eefa4cb639192884f5acad965710654

SHA1
21ac77d15b1e1321eae0588e6abc281618d67df8

SHA256
fc2b864c4967e8c635c08cc4d512a318dffe2cb7365b2bf7a91ee157bfc63558

SHA512
8c8e2fc1c57f79c744ae5344fe74da0eaa18aa2d14ab7e8af02c018a87fd90a242251badec4644d62f4fa742880bbad20f28fe6de31bbf1f7e2d5edf11423a65

Download Submit
/storage/emulated/0/iapppay/statistics/com.cgjjgame.fish/event/1716459592320.log
Filesize
32KB

MD5
e4ac27d5d7f3b85639f91c47999e22cf

SHA1
3d7113955fa18cf3e5b5f9df3f0aa54a1e50ba85

SHA256
9b31a936fa882060ed7f5b7bdb82d2c87f1f713effaba44b78988f92db684d01

SHA512
b20ab1da3cef0d4c6223406d5ca0aaf16cbcc4d502cd882e1ae0538b7fba49640d3c7f3b11c38896ae6530f1429e552d8bef3fa7db42eb97d6cf8b2d344ed86a

Download Submit
/storage/emulated/0/iapppay/statistics/com.cgjjgame.fish/header/1716459592005.log
Filesize
205KB

MD5
10d8b6aeb86a4ea1b6ffff3253a242f6

SHA1
149842ce94f4f6140a065319de049367cc85779a

SHA256
9d66d26fb0044d300d3c271eab6dc6f19f7be8922dacaaf0f46f2d1ca3dd2464

SHA512
d6f44a23bfa68af09d81781f995686262b1352e217f8ad20f330c1744bb611062dd6ba42243ba17a1aa2c891ab24d3fd37d504e8e20e8ec5903448cec79a1820

Download Submit
/storage/emulated/0/iapppay/statistics/com.cgjjgame.fish/header/1716459592320.log
Filesize
124KB

MD5
2d60495e5b2c758fa84b056e3dfe477a

SHA1
3990f18f9643442b6fc085e7cac3a9b737e431af

SHA256
0bea978eaa9f6e3d35e577633814782454d0969a26bb95c8437cd74aa42e3d0e

SHA512
e933ab6de2b69692b591ef2637139ecfc37599a652a3b381821184545c0fc75669751cf9ca8063ef25d5794cbab83f5faa372cc0711de6f3f7e50b27b5310827

Download Submit