d6eb30788ec37866a3b9251ed5a2014476b13b487f1f1b992454be4927b584ac

Analysis

max time kernel
179s
max time network
185s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ef0f189db953491fa9e2adf735ef50a_JaffaCakes118.apk
Size

18.4MB
MD5

6ef0f189db953491fa9e2adf735ef50a
SHA1

60cf47212f5d3b843492d0af660b587ab6adcc8a
SHA256

d6eb30788ec37866a3b9251ed5a2014476b13b487f1f1b992454be4927b584ac
SHA512

5c7416113bb266823057ac64464a4b552aaa327800381d354bb16fd7decb505983703c4ff3c23281cbf52d2ca03eb5dc7ad3f3f69563570c1fbbee08265c24ac
SSDEEP

393216:oaG2rFXJEnS6br+DofqGzrgnp7c0+oqNhpaGXZ7:oM5ES6brEoffUNc0+owaGXN

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

an.app925.text

description ioc process

File opened for read /proc/cpuinfo an.app925.text
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

an.app925.text

description ioc process

File opened for read /proc/meminfo an.app925.text

description	ioc	process
File opened for read	/proc/cpuinfo	an.app925.text

description	ioc	process
File opened for read	/proc/meminfo	an.app925.text

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

an.app925.textan.app925.text:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	an.app925.text
Framework service call	android.app.IActivityManager.getRunningAppProcesses	an.app925.text:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

an.app925.textan.app925.text:pushservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	an.app925.text
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	an.app925.text:pushservice

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

an.app925.text:pushservice

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults an.app925.text:pushservice
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

an.app925.text

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone an.app925.text
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	an.app925.text:pushservice

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	an.app925.text

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

an.app925.text:pushservicean.app925.text

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	an.app925.text:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	an.app925.text

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

an.app925.text:pushservicean.app925.text

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	an.app925.text:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	an.app925.text

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

12 alog.umeng.com
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

flow	ioc
12	alog.umeng.com

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

an.app925.textan.app925.text:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	an.app925.text
Framework API call	javax.crypto.Cipher.doFinal	an.app925.text:pushservice

an.app925.text
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4285
- /data/app/an.app925.text-wFetdyW7I0_Yro7hBeJN9g==/lib/x86//libweexjsb.so 44 47 1 /data/user/0/an.app925.text/app_crash/crash_dump.log
  2⤵
  PID:4316

an.app925.text:pushservice
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4441

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/an.app925.text/cache/libweexjsb.so

Filesize
32KB

MD5
48547386f7ad27fa37d2a972f009e22a

SHA1
655752e0350504cfd73495a16019c54e3b097854

SHA256
d1f8197d3768600438fd40c85a35b584d62d14297ec1e9819bb1a98a3479a771

SHA512
3d785a9d03907164e504d7b059200831cff4ed756ee43f800e57d1ef33d7798b0068d3d4337e98a7e929ac21abc09a052e90a084158b7254026d1972a364accf

Download Submit
/data/data/an.app925.text/databases/cc/cc.db

Filesize
36KB

MD5
d8ad42caf3e14ceaff8257ea09196562

SHA1
19e5b97d6a989b0af60628a0a6f805db3d9c1adc

SHA256
fa56b41f3286b705cfcd4dc827d2fc044a0b37663581e9696953ddd875abf396

SHA512
63797fa6b07ad0361dbb9c515da6d09339ea778d8741bd829ac18ee263407b7487b53a0afeec992aca202b50ff15d04a8b6ad2489449793333fb825c52f3d91a

Download Submit
/data/data/an.app925.text/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/an.app925.text/databases/cc/cc.db-journal

Filesize
512B

MD5
43531b829507fbeef901e10c7cbf5732

SHA1
3915b95e7e69043b3221de8e9c0a7c05c9bf060a

SHA256
84b38f2de8a8e01847949463400060ac8d46335073c99ac516997ea876338059

SHA512
ce0efb1b416439d980f47915213fec0f8295b2232f9a81f82d749405a1194e26c1e2c76321bf98369362a7ea7f5066d24e1a644019865244e1828babb8b530e5

Download Submit
/data/data/an.app925.text/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/an.app925.text/databases/cc/cc.db-wal

Filesize
48KB

MD5
8d46acc59a763c511c855c34c6e7a614

SHA1
faa3f5a569efe69225b128f9de381752cabeb938

SHA256
3dba861444e30c1654dec695d3b1beb0ee2778d4e5c6b8d0386aa077d54e00b1

SHA512
79ebab76f04f046a0232456569387077357fd0390830a3fbf8a5548a9843861179e92c8b40480259050b62823fb118f83c05248370afa588fcc6508d1d5d32a8

Download Submit
/data/data/an.app925.text/databases/cc/cc.db-wal

Filesize
16KB

MD5
a220eb3a0684c2ab85221a9c759a807c

SHA1
a09582789fd34b42736bd9e24e43c1ca969eae29

SHA256
6a5bdde25cfc316ae6c03a2a2b981e2364f9d301ffd688a52ec342eec799acf7

SHA512
8fadd612a844d97bb5b0d44ed12d89535d7000a03480bba07e81dd38082a761a5258b2c9830476b10fdb7e6aaaff9ea9e2a4c6d1302844fb0970e477b20fb552

Download Submit
/data/data/an.app925.text/databases/pushg.db-journal

Filesize
512B

MD5
7682d81cbc693262503daff42fbeb6e9

SHA1
25f772e362fa75a043c40d2e56c3c9e204889edb

SHA256
e04aac7efcb489ef45b7286d33854af4f375c9dd6e5ad783f479e4558864d0ad

SHA512
79d310860dca467b484437074ba85bf94db4afe59658df8b0f215a3be72e4a069eec43de5156ef1bf105bc0302c0b9d25c966720abf6f8c49b48eacf3ac73445

Download Submit
/data/data/an.app925.text/databases/pushsdk.db-journal

Filesize
512B

MD5
afbd2a8ab12c2bf5da0e515f186d1c36

SHA1
f67bbad42a5cc99a966b11503e3055d7181a7f98

SHA256
d4f21c777ff5289f6c0e603a243c4dce62d91dedfd8048eb6ba4732a6632d0b1

SHA512
7921a8211fab5b66016aa6393570b7f73186450d15454bb851489b13338c1fdb1f0616f06803e2bb8a52a72f826446caf9e7bfcfd96c32dd079961be9d918ec0

Download Submit
/data/data/an.app925.text/files/.imei.txt

Filesize
32B

MD5
73bf9c9d6b7324ee8c88a6630ccf2f25

SHA1
0c65bd566fde03a540a3d746c20910b9fa09a8c1

SHA256
aa00ea17d67dc8be3582923ca0317de16d08a17ef2ce7cea44136a6029737e8f

SHA512
1e61afc2dc71935de1b6c7f5fe342e2822051a2d31db86551db0cbd89bad02e51ea1105eae63effc919b08d0472732cce39d1f2730289ac84261c29d4a219253

Download Submit
/data/data/an.app925.text/files/.um/um_cache_1716563676700.env

Filesize
1KB

MD5
c783e0f62c80c638809f43b409214f8d

SHA1
8b574492653005842c45b08024e66e6841f89725

SHA256
5b1167c8ddcb3cd18a53e83e2f3373b9bff75c4040482a4a5aede908407f9b3a

SHA512
a3b2a93c969e399fa394b3fd4f6caa695b1ee79812bf39813ca6413bf5dd88738c789fe2b5ebd60cef59f5fd397a08bba5bfa9f485b1f5e51ec00a89f597e184

Download Submit
/data/data/an.app925.text/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
599192fafb135085e1bbcb7652229fe2

SHA1
1a91a799fe2e7ed78ca7079c7b119e4bfb728f9b

SHA256
0cbda553c781a67e72f11580444a2596586577b3e9351e767a5e181b495ef893

SHA512
5a5b5e7a643d98e1ef59a7cb60a6def807b1d1918c555ab3bf17efa6aaef8f21e0fc8e4ad45f4d67a8ebf2a2ac2eb05be11ec63613ce0ea689d0f2dc9ac52b82

Download Submit
/data/data/an.app925.text/files/cnc3ejE6/eje3cnc

Filesize
39B

MD5
7769d4507985f59116153463f09235a2

SHA1
b081e84d14300ac7a7947aade9c025fa83bc17fb

SHA256
5ba33c69421ad27727832442cb5939d5bc853acecd0d8162d7c10a6b96757dcf

SHA512
ce5bb431a31eaba24c0cf467bedb1abee2205b74c4533067058b09ce7e8f9480b8baa01866e3dc89d1800d07da6007f36c1b4fea811e3da164b187903480d29f

Download Submit
/data/data/an.app925.text/files/init_c1.pid

Filesize
14B

MD5
140c7b2bf19d55212d56c766f8549c0e

SHA1
1d488c0219fba9978611b4d388fd5188a730aef4

SHA256
dff4e436dccf9604537bfe539baa6f8931a1fbfbb5f5b4f5a0558960c190f875

SHA512
2020540967ca2ee1facd13ad906f5cbcc6ef53787cf5ced8992649046be0654733b05f9300c36b66b1ee736a8361a3b840146aee32cde60df373be62e498ddad

Download Submit
/data/data/an.app925.text/files/umeng_it.cache

Filesize
498B

MD5
58a313ef6bdc616351da4cf9a8bcf879

SHA1
229af704a950bf85154a86ebc46a1556d2bbdaee

SHA256
83d7a1585dd4527230b6a9d076f7181afdab6c9a81edcad9fa79453af6dec8ee

SHA512
d0b7fe856946a3351f7c0c7aa96822435cc655f3275c1df5b6503d2293811236e7024e7bc92ffe4234f45f05c8475367f7f0ffed999674e20ec77862546d4d93

Download Submit
/data/data/an.app925.text/lib-main/dso_deps

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/an.app925.text/lib-main/dso_manifest

Filesize
512B

MD5
4f34eb0c7b8d214d29d3440f3253c860

SHA1
64affeff0549c67e6f75cd00fc553abc912b1217

SHA256
7b431929d510458d60b7d97ce9ece3f8b96f1e965db8c3d4014eccd08cd2567a

SHA512
2c7637cb198f5687c2784b0962ed02503807eb1d40829a503764324702ab349e7b63e6b7f5374947de9f6e3da6db6e37fddcca38bb529b055edc5745f2395408

Download Submit
/data/data/an.app925.text/lib-main/dso_state

Filesize
185KB

MD5
33f134266e95a5187c5a2bbd7c363a7e

SHA1
8b5350424131ce3a3279a612d2c803a3f024887d

SHA256
76e1ba5127ec7ed6229e54ed3b7a54a1663182084d8a8198c2e67a1a6a9761a9

SHA512
713ba31067115212f42d7063da0af3658f958cede7a29ed096f4683e0669b4454135605cd67e7366102ac33306f97dfb411bbe6527036e08d1666717d3bb73dc

Download Submit
/data/data/an.app925.text/lib-main/dso_state

Filesize
52KB

MD5
ba6b0cdf295c63f26a588ee18632d9e8

SHA1
2ca8ad3f01452b3e39600978d57a5f637cd18fca

SHA256
0107bdcfa3b336ebb5f88faa078c877e771b8391565bfaf04ca09e7ffdbd10de

SHA512
bca30486c2f08e9347290bf7634515479d39cf084a4984a2d6e7d844951ce1f6f781a93b95831c6e6b1dd596712187ec48ab1d527a473669cb8baa0d7b1b0707

Download Submit
/data/data/an.app925.text/shared_prefs_ext/test_app

Filesize
29B

MD5
f1413f66fcea5bc38451da5c290ab998

SHA1
0ff50bf3c6686497d40211343495af9ad6ff44b7

SHA256
ccdba99c398a2a171b4465a656bd65cdd5d3c444946a15c1e94caad13a18eda6

SHA512
34a894ab5e4e2c6638d745de76b4d054872151692da039405e6b6ce1c35b65c64a026505396945aac0a4b25fbac3d0b5b3377c09d86df91e20306dd55ae7157b

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
2daf62e2244207ccd430e01a67b492b3

SHA1
60e1363f8bcba523b48837a9c07ea056813955a6

SHA256
73179161e37acb5c1efeb354722de491c56f065fbceb0e7eba04b4a6c71252ff

SHA512
5c94ec90bf227ebcceaa20cfd114e08ddba384cc96c2324a453d7d34ec984179bc1d1ca2156a4ba9ad998ad83e47389a9fbaa6e5e0692e6a3662b43bb5ebff1f

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
3f3b28113a40c871715459c50865194d

SHA1
c820f737ab88c34884321505636594dd2ba68f7b

SHA256
00cb8dc22c89f39ca22fea15fa096b9c038db9fe932ebe53f5245f3245e29bd6

SHA512
2e29c173f1cb2f35cd8b1cfa362ea4880750cbf2de29f17af78ba0d67e9ab236f8a2f2b402785c607140e885d17d656499aa37a5335deeb752b96b2dd2f67dfa

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
c3b739063077932510a8493632c25d64

SHA1
7f913d5185f5f06f25ada5e2f24b52f1d3e11666

SHA256
33f6e25cdd63bfcd968f8833e924e8f0a38d688c857768cd94949ccb2052563c

SHA512
25a7cb956fa277bae28ad998f461698b4e1fb4ecb9852b4cee24ffd917d1621adc46caed76d4feca8eb6d6a2144a7312b714a16c85880878d0c58e118a7291e5

Download Submit
/storage/emulated/0/.imei.txt

Filesize
72KB

MD5
80780875299b08c3a9db3f8fd5d7b7ca

SHA1
ddcdcdf18a99b51225a1c83a5b63dcaf5fbcb537

SHA256
730df4be403b941b5469869d2aefedd92a616cc9e510903f9b3ee79dd167136b

SHA512
0cefc456866d962a7220aee48222b989b2ace26f58baeabc9a8887c8dffe730c4f2f73f0dc3a884e496ccde5c4ff4dcb0882d7285054efcb8870e93e3c78884a

Download Submit
/storage/emulated/0/Android/data/an.app925.text/apps/__UNI__999E9D7/temp/1716563613744

Filesize
491KB

MD5
48a7ddc3409bf12eab7bafabe6674966

SHA1
e0b375d8b94d796e05538a4dda5b52917d4168d9

SHA256
a207ab59168a5cb3b7102eb697380766b6c52c6c9ac49f8d784cabd0bf7db32d

SHA512
c71c5c4edb065aff82de3f1ceda82991b76501a9bda7c8da0a171395a427e0cb6b4a61518c97b51d989445da4c6eba2785d1b8625741b9fb860b21a7aadf1478

Download Submit