133e9e2bdc827e07dafabb606f80a410496f0bb6708592bad4c8e4bd08117adf

Analysis

max time kernel
179s
max time network
182s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
26/05/2024, 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74354e9e9baf96d4f9707700fbe52443_JaffaCakes118.apk
Size

8.3MB
MD5

74354e9e9baf96d4f9707700fbe52443
SHA1

f96cc12aef1eb68c36909b9c8cbadd9a7d1eecd5
SHA256

133e9e2bdc827e07dafabb606f80a410496f0bb6708592bad4c8e4bd08117adf
SHA512

82775978b58c8ef6432446cbc9f6120b56df918792458e2d25dc39eb26f9dec50770dddb47f2bbf6df953fdc653b0c3804ba5575542e6ab86bb9ebbafb5e9aab
SSDEEP

196608:/JYOE0tQc2Jp0R3xukz+QdgBz0XwWoO1jieKsaQHhHB:/u0tQcI0REkzB40X6mmeKsaQHhHB

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	tv.danmaku.ijk.media.demo

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	tv.danmaku.ijk.media.demo

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	tv.danmaku.ijk.media.demo

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	tv.danmaku.ijk.media.demo

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

tv.danmaku.ijk.media.demo
1⤵
- Checks memory information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4250
- cat /proc/mounts
  2⤵
  PID:4401

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/tv.danmaku.ijk.media.demo/databases/rep.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/tv.danmaku.ijk.media.demo/databases/rep.db-journal

Filesize
512B

MD5
264bb9b54dd942ea69ca085fa33c7267

SHA1
5fcd1728727472099ec8b66c9f44206f45b0f5df

SHA256
0b129d5e6996f45ba6eb86160e92782fdc40d18e796c3549ffc804dbb1076ee7

SHA512
2ac3bb0f6814490892a6c4418d432a14431f5ffd191fcdb1d702139eb2930cbf9c01f4e5f84ab8f57884b5fbc2ea2fa94680ef657b2654c71efbdaca5a721c2c

Download Submit
/data/data/tv.danmaku.ijk.media.demo/databases/rep.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/tv.danmaku.ijk.media.demo/databases/rep.db-wal

Filesize
36KB

MD5
362763664784f5c96ede4f33f297d74e

SHA1
cae0b97900a51efac14fb7ee43fa4caa15cd2ccf

SHA256
00866056bd8a7b7a5cf7d07be1c4a768ff07427a6aa1ae4f1c8782975a7905dc

SHA512
baa2af95497412398822bcc4587290c691ead2473f0f8e5398c798ec545fe794a5e2ec2828d713f56510aef25d9129901386b1dd7bd76871e295c50c5bc7bb87

Download Submit
/data/data/tv.danmaku.ijk.media.demo/files/.YFlurrySenderIndex.info.AnalyticsData_Q2DT8JD4NF4MJYZXF4VP_202

Filesize
88B

MD5
ed25c009593c2ac1438cec52bca354de

SHA1
4a64db6fac8445264cbe7e784e56e2b6d0139ed9

SHA256
c59e0efc815227efcc575d083040db25f235e05277d70e3afd554da5673f7d9a

SHA512
05b511fab6f34cf9e7ba98474756cb5f6259b2b83a035c1ca64e5f210d3e637e4067df846e85c931ebfc2e9129aaeb60f1e74d86a694ba9b48fe2a56e2e280cb

Download Submit
/data/data/tv.danmaku.ijk.media.demo/files/.YFlurrySenderIndex.info.AnalyticsMain

Filesize
72B

MD5
74e61f1216e789eae1d96d883586c580

SHA1
dac98a6fc437d0de77d5859f8d0e231bcfe6c87b

SHA256
ea6f72d4f7fc762d92817903db81d5154e2b8360b8898bd4e4e1e78f013623eb

SHA512
46e3bd9c9993a6193750e3e5bbc766db6d1fb68d882f953ea1d1eb259dcfa8f2847163116b6974f5902334e20039cf8ac0598884629389c32cac80208d2a1d4b

Download Submit
/data/data/tv.danmaku.ijk.media.demo/files/.yflurryadlog.4a34d974e28b1f3e

Filesize
42B

MD5
3ad28140d946b661ae86208940c6b7f4

SHA1
3272925d39a983f83269a5f9427ac5fc33c9c479

SHA256
fa0366b816b8ad81a0d80b367e07c60b4c63a3ebbe32c494ce5dff4a2aa82e7d

SHA512
66b0587999a0aa6cae2dccba74a17f23e173e8ecfd3cbfc767220ae71fd77e166c39042466d36b445bb5dc2c53511c839c13823c659972542e0b15a59fd3f72e

Download Submit
/data/data/tv.danmaku.ijk.media.demo/files/.yflurrydatasenderblock.520e2289-fc6e-4013-94d5-80b76c8c74ad

Filesize
301B

MD5
998511db293040447b053fb797e8b6f3

SHA1
eebf7127b68f744ab66b88cf8b2b577e83fd9fcf

SHA256
c7c82521c1d5c9294425394a36b68413cbb0b994106913f2d24acbacc2d6c3a3

SHA512
9f130470bb7167bf10d308b7b764814b9c06db3a71786e4f9d7b39eacb69ab76e0967f54b4ac7f826ed27ccdc0ca2712f9b6bc9b71e1e1d3a23645a1992b741d

Download Submit
/data/data/tv.danmaku.ijk.media.demo/files/.yflurryfreqcap.4a34d974e28b1f3e

Filesize
44B

MD5
c45b0ed4a5bd580098a5cd89bc641c6b

SHA1
673da3922941e27a91290eca05125e6e93a4fa1a

SHA256
2916a226a97f05ea7f9fefe9c0c63cac34ca856a68b7805d739f16d98f8699e3

SHA512
53cf0453db5993b882d100df23eb3026a050f055993e5d22024974d2712cbc76982509888644dfc1154f7b4ca6b08f69546dda8123480c47df5dc1258135c613

Download Submit
/data/data/tv.danmaku.ijk.media.demo/files/.yflurryreport.4a34d974e28b1f3e

Filesize
360B

MD5
ce692b4969856be288d3e7919b48ce73

SHA1
186f4df0c98ae88cffde298bea52e1c00f0d783b

SHA256
d0a182acc7d21a1784c765ee30725a21e38a3207724c2312c8e265c9c030a2c7

SHA512
f387e17e5f54a4439ab44f0648a9c13c630ac8263837ba831c5e8d25e93019dd0a694d961f151537a4c150cc8a7cf071c235925764eeb49789158e792907d183

Download Submit
/data/data/tv.danmaku.ijk.media.demo/files/jpush_stat_cache.json

Filesize
142B

MD5
d564366f29604036e7a2f8841cb0c7d9

SHA1
a648635fd92bc9dd0446c15059072f041077342e

SHA256
969b1ffdfc5a0c31b15f5709ea753f6ee9c5bd5801ba7a758a2d2c8b26aa3a1e

SHA512
1024fcf2fa18d442b0ece7d4acce80a12bba8467241681ae2248567d321abf6430788caeec4d18ca23087224d17c08ad9fbb0187e73f214509f5328451d97e96

Download Submit
/storage/emulated/0/xigua/Config/LocalData

Filesize
1.0MB

MD5
8e3b4f2c69d7f35c8a3082d2fd455bb1

SHA1
316c87f948db5570be77cf4d576580ff50b5bec1

SHA256
e44d6565e2740ee0cbf2ee4abc51d46cf86dd866bda1785f1a9d5f828a217002

SHA512
c8378bb210225031e30042f98cdb6587f95ae498dba16da5473eb00ab84eedb20607a1bfdebae1fe53907b7498e1948156bd2933852713647cac73f0f3ea2aa1

Download Submit
/storage/emulated/0/xigua/Config/xiguaData.cfg

Filesize
3KB

MD5
fdac0c53c4fdfe42ce1730ecd5059518

SHA1
6a6c98bfc0bca372153acb6c444166ec81687874

SHA256
848cdc53f6213308cfc8571490c7698419088387ae69d7d164c621e5eaf7f905

SHA512
81fb9ad2f3e335d0c38c1d25ff0778ec72e2d548f0d7d1e39212fb454286addcac5bc8e44dcca4fcda4fdd1279d544de77e97c111afe6ab8cd814398366869f2

Download Submit
/storage/emulated/0/xigua/Config/xiguaData.cfg-journal

Filesize
512B

MD5
b3dd6232d8d187f207b5b1ac6ddc35c5

SHA1
7b8b938a437d721598c2ce81717d365002aa297a

SHA256
a456b830ff2c63e46a2d57e303ec8d00179f419f656d21ca30d67ca7933a944e

SHA512
15820798f894cbf586ba076d8594171a710b5ae922a2748c790b965a3926d80a978c3bcfe933eb87133618dab54ab1efdeaba8665f7fb59beac619dec0e1a681

Download Submit
/storage/emulated/0/xigua/Config/xiguaData.cfg-journal

Filesize
1KB

MD5
99266b2695693cff56281d923ca73e03

SHA1
6e560d4e2715244ebc244b4a728ae2f0cbb060be

SHA256
2339fcb461e8f80791c4e5f48e5913d3b9bd28906da042dc02eb3c487c9062a9

SHA512
720e1b4baeee059cff2545b5db01827371f548a58d6d60b4e8ed4dd8072d8316af68b88f57367a21ed6ac5e4914bed4ae32212f215256b1dd0e9ffffd03152f8

Download Submit
/storage/emulated/0/xigua/Config/xiguaData.cfg-journal

Filesize
2KB

MD5
0f80426188a51ecab8957e20b75c5750

SHA1
a1bb5330f30501e0116293b501876926cf954493

SHA256
a8b70979feacf1b945bd6f968dbfb1a73983c710736c2f630fa93558f16c8edc

SHA512
880fe1073fb0b06b4ac3ecb5cc639e70cac0d1d2a05d50ced84fa27b6538de7afdc3b4c0fbcc803779d610013d3a811da135d54d73c7fdbe2d601b251aee26d6

Download Submit