b4f4617cc72f7446c045ef188c366c94dbb14c159577d7369654cf13da400992

Analysis

max time kernel
174s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6dba3325b8afae8a78cd55bfc1940091_JaffaCakes118.apk
Size

28.5MB
MD5

6dba3325b8afae8a78cd55bfc1940091
SHA1

c54aef124e682f441e8cf02f261d98283062d344
SHA256

b4f4617cc72f7446c045ef188c366c94dbb14c159577d7369654cf13da400992
SHA512

a8b7d532993bca1a7eeb4272e2352f93f1cc86e92299ce00a1b2870c4c6cb9a5b4de4100a71e5799a4d7096466d81818be0c939c2efe0187599de6d0f2f24fc4
SSDEEP

786432:xwCvV6e/ZcnU9RZcXh58YFTPu+oFFbrf0PD:xwCvIOZ/9wRfPOFFbrsPD

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

io.dcloud.UNIFC7A87C

description ioc process

File opened for read /proc/cpuinfo io.dcloud.UNIFC7A87C
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

io.dcloud.UNIFC7A87C

description ioc process

File opened for read /proc/meminfo io.dcloud.UNIFC7A87C
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

io.dcloud.UNIFC7A87C

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses io.dcloud.UNIFC7A87C
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

io.dcloud.UNIFC7A87C

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.dcloud.UNIFC7A87C
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

io.dcloud.UNIFC7A87C

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone io.dcloud.UNIFC7A87C
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

io.dcloud.UNIFC7A87C

description ioc process

Framework service call android.app.IActivityManager.registerReceiver io.dcloud.UNIFC7A87C
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

io.dcloud.UNIFC7A87C

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.dcloud.UNIFC7A87C
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

io.dcloud.UNIFC7A87C

description ioc process

Framework API call javax.crypto.Cipher.doFinal io.dcloud.UNIFC7A87C

description	ioc	process
File opened for read	/proc/cpuinfo	io.dcloud.UNIFC7A87C

description	ioc	process
File opened for read	/proc/meminfo	io.dcloud.UNIFC7A87C

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.dcloud.UNIFC7A87C

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.UNIFC7A87C

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	io.dcloud.UNIFC7A87C

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.UNIFC7A87C

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.UNIFC7A87C

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.UNIFC7A87C

io.dcloud.UNIFC7A87C
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4283

/data/app/io.dcloud.UNIFC7A87C-nA3OvId9IkOAK4mv3ZMESg==/lib/x86//libweexjsb.so 47 48 1 /data/user/0/io.dcloud.UNIFC7A87C/app_crash/crash_dump.log
2⤵
PID:4318

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.UNIFC7A87C/cache/image_manager_disk_cache/26ba1c691fd236724a400dbf691999f57ffde2cc29d42f90d45d395ae494dc68.0.tmp
Filesize
850B

MD5
babfed7a3565bf27308679ab37bdf494

SHA1
8d165d8a422c035d3078ed61af7b6c364addca29

SHA256
99cb84a571f25f646f5323dfa64cebdf3494ff0da52e74398883bbc48aafb2fb

SHA512
07aafdc34b8495af86a4e3067db82f0bb8d724d8214297a795f6efceb73ab874c67b1e3b35d73356461ac1a879f9f0937ac3e3fde201451ae26528a85071ecb6

Download Submit
/data/data/io.dcloud.UNIFC7A87C/cache/image_manager_disk_cache/299ff6f997c80bf9f022a1ba7445e4dc8176d2b509c35de1176f5b05548702d7.0.tmp
Filesize
372B

MD5
e61abfd05048c434ed2f42bb1721d645

SHA1
2467c76027513dfa8ead95156ab196ca2861dbfb

SHA256
3164a42d503a4f74c99b8ab0e5cc496239c5cde57cf84a5ec988737209cd6abe

SHA512
4ee1e4b377b71846869606e7348d08fe50349530a4d72bbcee17689f131a2bc0a764456c825bc7986834506a56852822c1135788a74a28f7b8d2c0f60b7a92ff

Download Submit
/data/data/io.dcloud.UNIFC7A87C/cache/image_manager_disk_cache/885ecc071eac3f00aa88d16a791675cdf3ee4047ffd263c8c2a2090a0f491436.0.tmp
Filesize
419B

MD5
f64302d2a0bf07d8b2fa260d5c8cab7b

SHA1
d7e73c00d03a1f6f1093ba6f02ebcfd737242045

SHA256
a8a85fbff9a7b437aa1b0407bd686672d85f5f06c8a657cae8767a561f8667e4

SHA512
0f6fd7815ac62a7dfda914d52f693e7fd24fc4d7e1b4402b5cb6638d3221d13e1ee2f5b55d4845ff17b991f056b2f5fa950d3808ef3497ded48af79e15bb4110

Download Submit
/data/data/io.dcloud.UNIFC7A87C/cache/image_manager_disk_cache/9b20f0036f4cda1c666b164407949edd246a4382efc77b34c835af2d1e56e673.0.tmp
Filesize
418B

MD5
d06050e32f6685ae7e925c139c428caf

SHA1
976b1e3e72fb23624fe0ae4e08b5181fd779e02e

SHA256
b54a9f1cb989e9d9afd2eb722dde348f55366400dda6d55b0f9251462075eaed

SHA512
7b0d5ab2f0058af399eb05fdabb2cdd3b181eb9ced03ccd3be00b171925b148e57423af29532932a2010b1319138047f179f2d19c38a23277d57a2d311f45bb6

Download Submit
/data/data/io.dcloud.UNIFC7A87C/cache/image_manager_disk_cache/d8bc85b04a1a7dac2bbf0b193c47a90a8537929fc6b4ce6f6cbc46eac55f9750.0.tmp
Filesize
524B

MD5
88c2b9ebe8d3d5be70aab22ff99fadc2

SHA1
aaae979e4f625e0151629410d931fbda199f022e

SHA256
d53a8420931ce388939b71700fdf14388e8ff24d80fcd7264175c4714baa2be7

SHA512
1d645a5464fc21df86c139b5080edd31fbee7c8bf988e85ab432d9f90c0e21fda467e1786174fdcfc3ff1a2fda7251e5b704017ace4b516450d2e3f05c33b2f6

Download Submit
/data/data/io.dcloud.UNIFC7A87C/cache/image_manager_disk_cache/journal
Filesize
761B

MD5
9b677005e26cc40c9100d68e4bb9883b

SHA1
f271cb25611adc6b451b6fa4a3287a3f161db158

SHA256
40574558dbb45724d760112ff41518edc363f8de5c4af4775d0ff84a8fbaf1f6

SHA512
af6b55d9156cc9d55875c8bbff2170c0c6558352a1e8fb2cbd5d44cfa6d50e71406fbe96c055761f380d8f29cd7fe389fd91742085885aac2bc77344359226cf

Download Submit
/data/data/io.dcloud.UNIFC7A87C/cache/image_manager_disk_cache/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/io.dcloud.UNIFC7A87C/cache/weex/libs/weexjsb/x86/libweexjsb.so
Filesize
6KB

MD5
9bb067cd33b490d30f2c88054c732574

SHA1
d95a11e2be5c7a1fab9820e34cdd9e482523ea86

SHA256
fb993dc086feddf19af9700c7428386e3e4a5c67f273711c371ff4460a830ae9

SHA512
0b721c51332313c50ae466fff1b4bdb48a71791bca67ee83d2882a19e8abb59dc1406ed15d6dabbcd3ba922167fbf68a3828fd82edf4b2270ff0191b8fed0dbc

Download Submit
/data/data/io.dcloud.UNIFC7A87C/files/.imei.txt
Filesize
32B

MD5
dd3a87921a3fc4737e1ebf67c1779fa6

SHA1
cb2671a92a3c6487ecb66875a038986422358a37

SHA256
36ab653425cb588e1fa3375fb0d63483d65e882b9a9e7588d0a79431abed672e

SHA512
2cf4a35562a87b91fb62b79d85487dacb5881d5050ae9a85d3cd0d82e1f33e3168f8a7584f4b600f318882562911fc36659dd946f13912f18ed617ea97790d1f

Download Submit
/data/data/io.dcloud.UNIFC7A87C/files/cnc3ejE6/eje3cnc
Filesize
39B

MD5
7769d4507985f59116153463f09235a2

SHA1
b081e84d14300ac7a7947aade9c025fa83bc17fb

SHA256
5ba33c69421ad27727832442cb5939d5bc853acecd0d8162d7c10a6b96757dcf

SHA512
ce5bb431a31eaba24c0cf467bedb1abee2205b74c4533067058b09ce7e8f9480b8baa01866e3dc89d1800d07da6007f36c1b4fea811e3da164b187903480d29f

Download Submit
/data/data/io.dcloud.UNIFC7A87C/lib-main/dso_deps
Filesize
296B

MD5
d75c1a75b3a1cf9b2ed5137b2727bbb9

SHA1
720ae13755c79c67711f06eb9a1054b12043e4ba

SHA256
cff5170bea75df0b2422a59e32f65b5af635fe68e3b5bed109ce19c5e69bbd9d

SHA512
84efefc6f1d41b5d72d5bb28c08a8f14ec5943695d6ed058113f498c6584f9baf5a16fc664b739edd746f0fd2c19ca1cee1c84f61ec9861bfdd6f3c7fee6721d

Download Submit
/data/data/io.dcloud.UNIFC7A87C/lib-main/dso_manifest
Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/io.dcloud.UNIFC7A87C/lib-main/dso_state
Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/io.dcloud.UNIFC7A87C/lib-main/dso_state
Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/io.dcloud.UNIFC7A87C/shared_prefs_ext/test_app
Filesize
29B

MD5
7f5fcaa4fc899b29e91d6ee40350c361

SHA1
085542a784c2074a4e4450a8c30e237818dbaa07

SHA256
2aaa3434a86340a69c3b12f81eb67b27cd31b4006d932f5ea79ccf062b8e2fdd

SHA512
9a5aa9f5f5404016082026fd53be03edd5063d0b49733b1cd544646b3cc48ed59f9f0c73bba9af14ef3b3d5b8692e98d3cdd689c44438098e7f651e54e815569

Download Submit
/storage/emulated/0/Android/data/io.dcloud.UNIFC7A87C/apps/__UNI__FC7A87C/temp/1716535311458
Filesize
875KB

MD5
ea36ec1a5ae942fab20f58b5a255f155

SHA1
4b45c6b5e5dc98c2b82cd783ffab1e9e87518b6d

SHA256
a7e168ba74508d00a874923d910de09674d117b07449d0efde3c5ad6b119c609

SHA512
3f3a8ec33240dde947b0d793a0e741fa7d74053ea511a35d6a35d317f113ad9ef7d2aa3f1d5a908d15c1e7db91ff5ada7e54a7837463536cb37cf24177aeac79

Download Submit