Overview

overview

8

Static

static

6

6f2be42123...18.apk

android-9-x86

8

6f2be42123...18.apk

android-11-x64

8

Analysis

  • max time kernel
    174s
  • max time network
    190s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6f2be4212311fc50209283f37a6c3181_JaffaCakes118.apk

  • Size

    31.9MB

  • MD5

    6f2be4212311fc50209283f37a6c3181

  • SHA1

    0f6a03cb579e55bba38e086825459cf2856d56cb

  • SHA256

    84425da2f58b0eced3f8146b811436451a7fecf0ab37065f8cf404dc927ce5b0

  • SHA512

    e26e1acdfa994a8265ef22eeea4d3d2dfe8a0bd0a9e30121e297cdf4200640e11998d3893c109cfae3d12599a18c3aa61c9939d762e9315d76fe6907fc854608

  • SSDEEP

    786432:O2xREudefS3vVZH7xRpMhY/DSHAkhtZkdJBVMpKYwcz:3Kyvzv/2HAkhtZkfMp3wcz

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.beidu.ybrenstore
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4259
  • com.beidu.ybrenstore:pushservice
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4321
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4413

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.beidu.ybrenstore/databases/pushsdk.db
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

      Download Submit

    • /data/data/com.beidu.ybrenstore/databases/pushsdk.db-journal
      Filesize

      512B

      MD5

      642fa2fc5ca8715a8764eb63a2ad3a1e

      SHA1

      2d959142399013181333eddeb88fef38c4bab243

      SHA256

      afef0cd2a41407740378c20ebf9ea8ebbcfa8491cb9ef11135670a321124a215

      SHA512

      9ca0ab1622ff696031d61ad794eb8d687c3e254b16ff4b488dce37ad92cb99f99a8808e4ed4d78a99447160ad19a495adb4c44e5f57dce79c0dd7cc14a9b9cb7

      Download Submit

    • /data/data/com.beidu.ybrenstore/databases/pushsdk.db-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      Download Submit

    • /data/data/com.beidu.ybrenstore/databases/pushsdk.db-wal
      Filesize

      189KB

      MD5

      740817d752f701514de04da56d0bb531

      SHA1

      4602c6702957831939b3716daaa3fd41f33b0b40

      SHA256

      88ed36d95637878e442af04b6be912ad3a77e3edaa3b3a6cd3aec674cb885d51

      SHA512

      e17a47f6a6ff88f89cb65f92cceeadcd1fd910b6b6d2972408dcadaff4f5d013661eec1491017a64a830a2a571bd2f0dfa21f8fd7e046053bc28c5eef16cb274

      Download Submit

    • /data/data/com.beidu.ybrenstore/files/Mob/mob_commons_1
      Filesize

      2B

      MD5

      99914b932bd37a50b983c5e7c90ae93b

      SHA1

      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

      SHA256

      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

      SHA512

      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

      Download Submit

    • /data/data/com.beidu.ybrenstore/files/Mob/share_sdk_1
      Filesize

      23B

      MD5

      8e24e79baab91c4d0604eaa9006a0cb3

      SHA1

      e427afc94a4b957a7096f73e395a10ea404c076b

      SHA256

      65ee797326cb9d94a4c8b13fb114a7273d80af9ae547496bf56556c479f75e4d

      SHA512

      45bde5e1b5da5e54f7f5baf24cf4d9158ccf5813f0babc05677437bfedf1d54c4707090a1c425089e8f9582a85fed80b25c1e1f30ec2051afc6fe68bb8a76bae

      Download Submit

    • /data/data/com.beidu.ybrenstore/files/init_c1.pid
      Filesize

      14B

      MD5

      c39b72f1724c844159c917cd201fe3d3

      SHA1

      627bd3c14f451e728e9233aa91eb90250ef9d938

      SHA256

      80db186f3725cd9652d097a0f32f44bb17c5c4b27b8fd2589bfde7da81956dc8

      SHA512

      07833d3afd41e0c13f286f1939d5035eb02e3b8a78888ce959b481464619b30eeb6af601048fd16eecbbca071bfb565b09ab563c771af4cc0321c589079f760a

      Download Submit

    • /data/data/com.beidu.ybrenstore/files/init_c1.pid
      Filesize

      14B

      MD5

      c118d7050836931d86bacd498380ff7e

      SHA1

      91ff87921abb86ae5deb6296af5b07e215fa4b52

      SHA256

      418f11531b9f977379876efdc161fb3c876f8a869b1fc39210e7e5c1fbfc03fb

      SHA512

      bd68d97775ff71ac41dbd19e2bbb1736917686bace8ec30e367651ca77dffbe0ede7815dfc3e1577b3fa535a8a2531304f979b4b7895490799becdc4433d7708

      Download Submit

    • /data/data/com.beidu.ybrenstore/files/init_c1.pid
      Filesize

      14B

      MD5

      e8d2a90b76e25d79c6b65cac0ed0e2b2

      SHA1

      f7e6d058d4e740eabd0d46d55fe0adb458b9a9b4

      SHA256

      e10e0ab3beb4c278ec4e81205a258d18517adbd7d9c9082c66fb978e2904e3b4

      SHA512

      58a139c50041eac9e31d56adad8829f1b2675651de7bef49489d782814dddd5b70b5e07627a093d37f3fb0b45a4d0b897147545e64ac0763aabce890ce53ea4e

      Download Submit

    • /data/data/com.beidu.ybrenstore/files/init_c1.pid
      Filesize

      14B

      MD5

      c6bbac2ab2f85f25dae8e1195bbd1428

      SHA1

      92d6c069117fb76da6bf99fae78ac96cc5ead7b9

      SHA256

      eb4cdf6eec9327b81949e9c92eafb9b25642b4ef3273388da20aa3c9006d59a3

      SHA512

      8b26dd6f6567304a575fbb97cfd37e1adf7bc3414ad64be4b79e1b170cedc0d3266f50e18fa2956b4dd0858b1e1c50d3ea5a9ee95535c16cd28d13c8a876da32

      Download Submit

    • /storage/emulated/0/Android/data/.mn_410185822
      Filesize

      146B

      MD5

      8eae0215eef27ee35e13765382c9169f

      SHA1

      7e1e60bd77df4009a02d03e54bd339958551f557

      SHA256

      1fdeb393f21ffbcaad08f6ee498dd72e9ef516a409b95e2f8938a9a0da6f13d4

      SHA512

      ee3262cb9ca921a2c2ccd7b6a4d459631bd923a46d3ac2d5a75b42c2565046dc37605ba477b937fcea3ad21a4a037ce75214a4c795d85c7d41e6dbb709a8e002

      Download Submit

    • /storage/emulated/0/Android/data/.mn_410185822
      Filesize

      130B

      MD5

      f321656a466363e5192773d92000e401

      SHA1

      3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a

      SHA256

      53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c

      SHA512

      fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d

      Download Submit

    • /storage/emulated/0/Mob/.mcw
      Filesize

      80B

      MD5

      f8c4d8955f69864e10965386f4fba522

      SHA1

      e6bc7af49f9d9c111e0dab6109615a7baf58ac62

      SHA256

      993cc8cd5e38b0bfd7bfb20059f36d3fc75cc1bb496ac61b66a961b251acf128

      SHA512

      5ccaf7fe71b83b1f67c87c6953bdf994911d5b7e81afa95f45d2d58a9658adc38670b0eb683018d226ccdb283f12e7ed4beb30eccf4f5a2805abc72a45732a5d

      Download Submit

    • /storage/emulated/0/Mob/comm/.di
      Filesize

      57B

      MD5

      70a42cba408700f9a6c01c7941a8829e

      SHA1

      eab01cc2c0671538795fb0b1146017dc099d0984

      SHA256

      499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

      SHA512

      8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

      Download Submit

    • /storage/emulated/0/libs/com.beidu.ybrenstore.bin
      Filesize

      71B

      MD5

      6acd677f4a5849d78b8fb8bab7bac306

      SHA1

      d0dde59c4f863134aac98655678c36ac434d1174

      SHA256

      5a9c25753f18044ec4149db97f26125fb06ad7e185a04ff4423ae2168a95cef8

      SHA512

      67a81bf0a36b23fd4e1f2e06bb353d64a9673be23dcb90324e6c07308f5db72025c6c703bbfb0f655603166cea24e0316fd950b2cc9f3c8394ce16da8a539dda

      Download Submit

    • /storage/emulated/0/libs/com.beidu.ybrenstore.bin
      Filesize

      71B

      MD5

      8ee3ea45c9212ad4bbef33ec6cfa40dd

      SHA1

      dd8eba7dadd6d2e2ff69f65c0b0b0db32eb7a93b

      SHA256

      f1ed3b47763c4d0299536142d290eb540f195a5d721e7597772c433946cb2338

      SHA512

      ac3313c03731016bf9d98940210d7bc316e534c4c28723a0c6ca4d13a804cff7b8caefa5bdafbd9557209cb2509cb253fe486fcc47c88e0a905c8b71617a1a45

      Download Submit

    • /storage/emulated/0/libs/com.beidu.ybrenstore.bin
      Filesize

      71B

      MD5

      6848f950a0e0ca8bc3ea81c4df2735b5

      SHA1

      1facd529770b2b996ad9d14d0a54ed3739009a9f

      SHA256

      608144326561780fa508e8ef462b44c73f3f47fe93ae6e4a5b9128ea5b132b8d

      SHA512

      15c417fae912dcd426f05343d0b386dc558ebdd0a6e09136c5d46b245da94483d268e41ecde4294e25bee9ba34a4a001ec842fffef65434dbd92281b2e465197

      Download Submit

    • /storage/emulated/0/libs/com.beidu.ybrenstore.bin
      Filesize

      71B

      MD5

      a14ce00631c9faea6e8f60356f9cbc4b

      SHA1

      108e386af3332257ed06bb93f9402689fd2bbed2

      SHA256

      3f535545e6ee8acfb93d16f257ab176e3fa25bfd4b84edd32dc58fc3c39259ce

      SHA512

      b6dea21fa5f63711ca08e8d530417e391643c4f80b7a86e62f39d9e80a92af34a226e49dd3dbf5d64aff96ef11520f8c80f077964941b7afa60b5ec4d90fb229

      Download Submit