f64cfeb0fc942a179f7a9ba0aed293e58d56f5c2f783721170c5d627d2ca9415

Analysis

max time kernel
58s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6eb588b708b81556387977dc88f2d3f4_JaffaCakes118.apk
Size

1.1MB
MD5

6eb588b708b81556387977dc88f2d3f4
SHA1

c1efd8ac135b074891e04be0cb0da519fdfc84fe
SHA256

f64cfeb0fc942a179f7a9ba0aed293e58d56f5c2f783721170c5d627d2ca9415
SHA512

8dcf1c181e5afcf621170f55366e9adb89fa8a3a74568126445f2980e15feb2f968ed028f955e40a1c34d5e205696e0f855a026ab0fb7f84a4953a8f76b116b2
SSDEEP

24576:ZLQox8CBf4QUGnZcSYeUD2/ER3fLEJIuZINrLztqKoHv1WfpNs:ZLQRClA+JNUDV0ZYgKotWzs

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.appmk.book.AOVNXCPNJHCQJRLN

description ioc process

File opened for read /proc/cpuinfo com.appmk.book.AOVNXCPNJHCQJRLN
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.appmk.book.AOVNXCPNJHCQJRLN

description ioc process

File opened for read /proc/meminfo com.appmk.book.AOVNXCPNJHCQJRLN
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.appmk.book.AOVNXCPNJHCQJRLN

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.appmk.book.AOVNXCPNJHCQJRLN
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.appmk.book.AOVNXCPNJHCQJRLN

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.appmk.book.AOVNXCPNJHCQJRLN
Acquires the wake lock 1 IoCs

Processes:

com.appmk.book.AOVNXCPNJHCQJRLN

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.appmk.book.AOVNXCPNJHCQJRLN
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.appmk.book.AOVNXCPNJHCQJRLN

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.appmk.book.AOVNXCPNJHCQJRLN

description	ioc	process
File opened for read	/proc/cpuinfo	com.appmk.book.AOVNXCPNJHCQJRLN

description	ioc	process
File opened for read	/proc/meminfo	com.appmk.book.AOVNXCPNJHCQJRLN

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.appmk.book.AOVNXCPNJHCQJRLN

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.appmk.book.AOVNXCPNJHCQJRLN

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.appmk.book.AOVNXCPNJHCQJRLN

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.appmk.book.AOVNXCPNJHCQJRLN

com.appmk.book.AOVNXCPNJHCQJRLN
1⤵
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4260

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookConfig.db

Filesize
20KB

MD5
b5a2997aad47f0569a6c28b4977fdd83

SHA1
49f943561804401736a1e2783197ed13b4bc2ad2

SHA256
fe2dd235712eecb5ff767da22977c92f27b11658052487370d0f8d605a7ca44a

SHA512
87fead75bd7869903b412270809b924feeb953fd0969bba6d1e7b9f0c4ff107191016a9a182135231f2479fb2ab88174606c09a1ff8a4c6e56204de82d123279

Download Submit
/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookConfig.db

Filesize
16KB

MD5
b75c233d6a8fa4f42f5c6cb38a657dfe

SHA1
fce4bd3a0e5c878a4f9d59225245a0a3ad5af4e6

SHA256
99a396bcdd75cea9a40e6a170447fe593f41dd1b8365bc2b44c8d06fa92f1c6b

SHA512
abe1945781a6f639cba8c41ca0fdc8cf1ac4581ab365d4965e145f27d7510a6725d01b4e522470e2c9347cbb5b87c21245981f33cbb75176c45c44c116e0727a

Download Submit
/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookConfig.db

Filesize
16KB

MD5
6c7749cdb8658e220c9d90045dd5f376

SHA1
ca70b0b70bdca6eaf8317453a3f823da3a22895e

SHA256
35193864fda23f3178d2756c14b7cd71162836fb5950585771d1f21a590eb0c8

SHA512
4821d330aeb91df085a343af60b37fec46445f9da67b8a1bc552d426a59469b48af631df9b31dd707af68b3089b5affaffdd1bbb6859a84ff0f0734292768218

Download Submit
/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookConfig.db

Filesize
20KB

MD5
860e7cac30aa1882a769a849dd417ad5

SHA1
95578c10f8863f0e18ab4416ef61471d9a72333b

SHA256
86fd4fa856b93d7477ca143b458b8ff0ce8074ab4fafff71b187e0716c97de85

SHA512
769da84b3269f9c586bb5cfbe86ebc8d0695530a71d033fac6c42a7449c195b60b375caf8e1200ab27e1ecf7ae53dc2c01984d4abc7cdd5d1e81ee5a1f65fadb

Download Submit
/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookConfig.db-journal

Filesize
512B

MD5
18b313c0a78975283036940e0451ef50

SHA1
f51b08dca1806c268eb4b9fdbf39775e851df05f

SHA256
5861b23a960653ed6a2f70640cad20beccc4f1f8ea279923a70236785d778c74

SHA512
77d9c41570f8c564ca4f6926bf72255560d370704c6bbc4fb21bca75c80961362c5fe27c321e0fc6ce5965e7cce94f0c02788013e1fcdace4e862d592edc128a

Download Submit
/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookConfig.db-wal

Filesize
4KB

MD5
c6955ec5f2b47a00be23909606aae3f3

SHA1
21ed3f8bf960b02ab6bfe03a95e18b71bd974117

SHA256
b21073266e6f4f8466fc0145aebe9af63341b6e4eef8ca4dfab5459d3248ed2b

SHA512
89780f2c62f83dae76b3c2908388612f6d964ec841f9c795318d84e33174380e1b6b562cba0a36643ff29694925f1b16ed7590913462a2ba4c4b5f3052fa1a68

Download Submit
/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookConfig.db-wal

Filesize
4KB

MD5
9930784da1822b200e533e1f6d0ae9d9

SHA1
1bb066308bb6a368400c4a5e346dc064557b1187

SHA256
baa83ac6fd9715a759f52ab91c77f7f2c29c8317907c954af9db1ec006bbe92b

SHA512
97f282811ada6ebba2532a23454f4c3af0ccc71f880e23fa26b1260de616fce26cf6b7b2bfbac42f93779efb4c7f929afc6a07e7ca8635cde14b15fc8e782726

Download Submit
/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookConfig.db-wal

Filesize
32KB

MD5
cf0dc3692dbcb4b9ac0cd855dfda7c39

SHA1
58109ab7f26dcedb8c7040fcd6fe9cbef2434fbc

SHA256
5d55862ea14bb78be06249dad8493075d9b55d55422a2d724e81bb6819826c66

SHA512
288fa024b07b65348ede4ee52f4131035f451510321c5c04c057b00320ad6c102c051fe7ddfdf662a87fd6944a8d21ebfd510ebdac8cc64103ce58756e37b671

Download Submit
/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookConfig.db-wal

Filesize
8KB

MD5
d5dd6471a107d8dfb88901653058b423

SHA1
8570ab3f9386315135f02409306e17c295860675

SHA256
155ee94ebbe01ace4bf253b2ca1274ea389cb4f509f70cbd6fc098edac219d3f

SHA512
299c50fb06f6ce38231b920be791be98c65e697cdc7fd5b5ca0d01eb0834accfecd9e421af3c9525ab85ede08c171b20a3fd61a5943385d2239d2a9eb937b8b3

Download Submit
/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookMark.db

Filesize
20KB

MD5
2be7f7e0844bf8e3ecf98a9ebe0b3c9e

SHA1
a15ea61dd7d8866e95bf5102051a0be789fae952

SHA256
787114429f0d3ff01956b94c8290e9f1bcb29e364faf46e02f99b5f9b0aae6c6

SHA512
ec7229b38be445b4fc746fd6a3bf306e9df39cb4e55ec024b52bf153b2dc9ddd237dea7649253f055d510e6b29ad0181940b071e2f67974784402de4ec2e1dbe

Download Submit
/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookMark.db-journal

Filesize
512B

MD5
d5e65ece8e1e735703521d6fbd2ee2f7

SHA1
f1f899f2ec0d08be674b1536907efae834e7fc80

SHA256
3e6c8fa31405dd88ae0e86047abe04fcb9a2b8b73f82db1ea59bce50c30c5b14

SHA512
238a5b11ac487c4c1940617cb8014485970ca08ee747b7ecd2b772849e982cd5bb24f01efdbe865bc2fe5867382dde1ae6331405cb3afba96c5ecc6389e798ad

Download Submit
/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookMark.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.appmk.book.AOVNXCPNJHCQJRLN/databases/BookMark.db-wal

Filesize
32KB

MD5
3045df0ec72b182065eb5e69d2f7f445

SHA1
6c5a1162a7043844b2e800bcad02403ba00a5f9c

SHA256
8c65e40defa40f14df8e880a436de945dd729ce6d255a788e96d36741d5f8f00

SHA512
0c2397bf1a0e4a1fe5696b8cafc057124cea3a1b10e3105bee19f5d38c119ca76303668caee085cf01ee33ba90d958385cac4cab7ba413b76308a33da37e3783

Download Submit