1f3ee226e3d67ef68719ac62074b31b95af97f373e6b6fed4a4629630d04cc0e

Analysis

max time kernel
34s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
26/05/2024, 15:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75fd40bcb35e9e5b99cbb270d5dd0201_JaffaCakes118.apk
Size

20.0MB
MD5

75fd40bcb35e9e5b99cbb270d5dd0201
SHA1

444439bf28031317f3f3cdc900599b3acb455488
SHA256

1f3ee226e3d67ef68719ac62074b31b95af97f373e6b6fed4a4629630d04cc0e
SHA512

98f8b69a5722754c7f4d5cc5ea7fe9553f4a58d10e1900b990f990bb22f53f707371d22039f01680819bb58450e88b204a304eb7e82a5c791b92725eb0a00d77
SSDEEP

393216:QK1LL6jar7jnSfeNQicOw0IMJQOFFk5XxkXLEqFWnvOSJXsrOy4jR0g:Q6LL7rM4RhPJQ2e5XlqAnv5J8rvgr

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.video.online/app_mimo/mimo_asset.apk	4322	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.video.online/app_mimo/mimo_asset.apk --output-vdex-fd=72 --oat-fd=73 --oat-location=/data/user/0/com.video.online/app_mimo/oat/x86/mimo_asset.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.video.online/app_mimo/mimo_asset.apk	4272	com.video.online
/data/user/0/com.video.online/app_analytics/analytics.apk	4272	com.video.online
/data/user/0/com.video.online/app_analytics/analytics.apk	4454	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.video.online/app_analytics/analytics.apk --output-vdex-fd=89 --oat-fd=90 --oat-location=/data/user/0/com.video.online/app_analytics/oat/x86/analytics.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.video.online/app_analytics/analytics.apk	4272	com.video.online

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.video.online

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.video.online

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.video.online

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests dangerous framework permissions 1 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION

com.video.online
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4272
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.video.online/app_mimo/mimo_asset.apk --output-vdex-fd=72 --oat-fd=73 --oat-location=/data/user/0/com.video.online/app_mimo/oat/x86/mimo_asset.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4322
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.video.online/app_analytics/analytics.apk --output-vdex-fd=89 --oat-fd=90 --oat-location=/data/user/0/com.video.online/app_analytics/oat/x86/analytics.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4454

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.video.online/app_analytics/analytics.apk.tmp

Filesize
545KB

MD5
4f6ba7835b8b8aff7f7c7a97bc262b34

SHA1
2f9b2433c46ed5ecd9c1d8dcf708d07340eb146c

SHA256
5a0062937d99f0b85e6fcfdb162ce6224ed0635cbb8cf6e3ac253d57fd8ef97c

SHA512
14a0ab2048b3366bf3893eeb3c8f978deadb1d28bff5c1918976db49dfc62307eaf7fcfe843d0f3696d175df7710defe120273cefb6221ce2612b14839536f40

Download Submit
/data/data/com.video.online/app_mimo/mimo_asset.apk

Filesize
300KB

MD5
bf0be21e40885f5f682349db415ba2f8

SHA1
823bcad773983ab798565f7b64b95783dce14d80

SHA256
aca4c8f0522c09a77bcc790b10c772611525456cc88da97b0240ffdfe1c4a2eb

SHA512
3c837718ddcc19885e00d54f9b7c336d83406571affdf64411e85a1ca317d67399e1cd56c5472a725568897dcd45bc5d94b87747be72b15e37e565034544be81

Download Submit
/data/data/com.video.online/app_mimo/mimo_download.apk.tmp

Filesize
400KB

MD5
3e86b24cfe8ea3644e3a6bb2f3bc75a1

SHA1
7881136fb412166d04ad5b6c4fdb9550a66fd99f

SHA256
1b01837a2b9004309bff95248adc60d39ffdadc90e52ebf645b2c5ce76f28bc7

SHA512
40ec714867b4a3e0aaa920abb648f331ce43e8bef442e782eff5ebaacb1052785e681c23b85f6ec50bc4e57e5b9924e61ca4fd72589f810ce8c670b5094b612b

Download Submit
/data/data/com.video.online/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
62256582925ea7250873779c85eaa939

SHA1
47b11bf76596bb85123150b9e9e6ca355c7844fe

SHA256
c6a30b608267de09495a7d8610cc4273c3ae25b8f0eaf9561115647621ef3771

SHA512
9686b1bbb4387d313b33475cf6a4041e88bcb596eeb6476b925ee940e33fc2d089d4840e5d38a3f44aae9716cc0cdeb1c1dd057086156fdf0ffffcc954b74424

Download Submit
/data/data/com.video.online/databases/ThrowalbeLog.db-wal

Filesize
56KB

MD5
cb413ca1cf742ac75495a929343369e8

SHA1
7cd3c729029224520c91032a2652691ad8152f40

SHA256
50cca128db48bf0fc550bd7efc8e55c77b5e7e7cc16294d5bbc1b8bc240dcb37

SHA512
657fb866e166b180ead03c21e172b173ede4af5f5ec93d2d57b36793c98d28af957bc99e1a0ec9a2fa8ea10358c892e51179f4e72f8dbcddf57115e95752dba1

Download Submit
/data/data/com.video.online/databases/analytics.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.video.online/databases/analytics.db-journal

Filesize
512B

MD5
a8ec4c9df44623c5b547d288ce9c1624

SHA1
e62bfb9f740603e31af4ed2411d9420872c92cb8

SHA256
74f54d4a7f73ad8d5d8558b74054480f82c2e54e643f9d35a05bcc68bb20cd0e

SHA512
5b45b18cb24d75718f3ac6d7340939a5aaf9aa1456829ceab6281ed210c5f6e2311a1a19087b91cd21d0bd3c4e07f7376122c6b3e692df4eb62e025d8623007d

Download Submit
/data/data/com.video.online/databases/analytics.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.video.online/databases/analytics.db-wal

Filesize
32KB

MD5
23a036dde7ad40ad28ca64c4c9c87994

SHA1
626da19f5d575ee50b67aa092714a4707088ed90

SHA256
09172aca5eda53e8e8c47cd5ac7a328a0f1bed4ffb169726c69fde4f94d36d30

SHA512
26f876d0d7a5fd9e557ca7008f3a29e8a36d8d89d53a552dbb09d21af0ef30ace27f514e8b3c29b9a681a51a71b1b919c18a67253585a646fa3b331c3590cac4

Download Submit
/data/data/com.video.online/databases/analyticsv2.db-journal

Filesize
512B

MD5
0d8e49c41535d35665e4e62c91630af6

SHA1
64aa321749f4b0b177e4135287416d02b139779b

SHA256
96a99f4c6ff2e3f5a3acf6bc3e7f517abdfe8dcd5c8824a957cd2cf2ac6d5a20

SHA512
4acfb63fedaf2993480b70f1e7fc317ee4446c6957525462ce8eebb1a793aee64eef9b63f97afdc0169bf3d4b8b83311a1a4e78d076d5c0d0d9b72bb91430f14

Download Submit
/data/data/com.video.online/databases/analyticsv2.db-wal

Filesize
28KB

MD5
a0b51062e2b35b755f6ecaecd474d8dc

SHA1
74f2fb15610b9bc2b2d96d45368327dcdc6aaea6

SHA256
daf5798a848bfbe58b2eb1c20d4aa8c1a99fad23f2e6e66b7846bba248a3a82e

SHA512
354ed3ecd536fc5a42f024a9216c71ad172212067a2184dbdc890050825f3f4a1cb8bdb9312fbad9f3476dc37be574f0d3a709a4ca976c29a6b227e555e4b2e6

Download Submit
/data/data/com.video.online/databases/reportServiceDB.db-journal

Filesize
512B

MD5
1aa9036d1ebefae0655dd4a3f371a97e

SHA1
963cec4d480cc99f73df088fce3df8cec65cabeb

SHA256
45b49c2ff0c205dcecc1ccff65c8219dc9d35e02cf81787aa8764402291fd7ad

SHA512
b6467f8949051cd02d44a88c2f52bf168a0b3bdd41e1dc32a1f97ea4dffe19e4993d3cef97046f500fd152ea8d464db87a221b9ab3d0b2d70b103945fc548852

Download Submit
/data/data/com.video.online/databases/reportServiceDB.db-wal

Filesize
48KB

MD5
228b212e1f7e86f52d53ed64141e728b

SHA1
d948fe074193c93efa0660545240d3eea0f8aba7

SHA256
56e2ac7e1521012d9587987e874e638631a2c52b0649f2a87dd5470d797ccb05

SHA512
aacea067039bdf256de223cd0fd779eb0d7e11402354e193abafdec12abc94d1aeebf171bfd35db0444ad725a87764a474b413cef968cc1b1e1eeffafe777db8

Download Submit
/data/data/com.video.online/databases/requests.db-journal

Filesize
512B

MD5
3b96430987ea666a1f96499fd916cfc1

SHA1
076db814270783b54e3e7ece832a84366ee14c7d

SHA256
8b46ad6d522a4289c91d63ca362c1c29c54335356368ff938b53b4d5d5dcf3e0

SHA512
1df82a23733c8890c2e593915a0e17754db72ed1d9a3d2fef30901fd271051826bb99ddbbd8db211c48e22e4e692219053c46ca6d69f6c1b82e7af80544940ae

Download Submit
/data/data/com.video.online/databases/requests.db-wal

Filesize
28KB

MD5
d6b3e784349b5642fa6533c41b4fc274

SHA1
338f69fabbf1fbda252d698da7a2b8c757d6c6b0

SHA256
147009a59153dc2d64b33ce5678ea20cd57d6d10c4d3bdcb2fa2c350a4e70213

SHA512
bd2ea4b6c75946aa73edabf916906cb787e5df789797faf5e49f9accf0100b6976b08c37cd7c9962fef01e9131a6690355dc2bf6544674b333cfcee36626f711

Download Submit
/data/data/com.video.online/files/54db829f09424caad69f7fb9350fa48d/policy.cache

Filesize
12KB

MD5
f0326dac3bd2b30f8d216ca46622eb2e

SHA1
e34cdf9529a96288d206b07c5078afb012be5b7e

SHA256
c59de2f2197323aae35f444e18f7f5d7ae2967cc486b0297bceaf329ef8dfcb7

SHA512
b91250a4e5cc4c2464657d7d625a3d19144b321fbc091041bae340dd8f7a27712dbc0c5961d50bc039471014c568fb06df9b8305f20e4ad08c65894e56b4c49b

Download Submit
/data/data/com.video.online/files/a194a0a7214f6cbda0672045c51505d1/policy.cache

Filesize
13KB

MD5
04ecedd182ec514d1a60d8d2ac199148

SHA1
3cc41071881e11ef4a5e8500ba83eb91e0502aed

SHA256
690fff1587a5f29c71dd12bb95f7c8d0d25518679ef90c9a9adf8c69ff5f18bf

SHA512
27a2e1ea979a0c3568064028558da583b72cdb5133442cbd5434c497ba0d2ba7a0a0445dee5657c4ec277af119b820371e03ac4c799eee93731b12379c491837

Download Submit
/data/user/0/com.video.online/app_analytics/analytics.apk

Filesize
1.1MB

MD5
36e6ce6a5a4e2b31982e3f8208a1af0e

SHA1
a7418ca9cdc61749e4c39e55cd4e74a0871ec196

SHA256
ca10a9f91f5246c09ab701368126bf842e33e62c0559328b34fc91295c13d298

SHA512
ee5022a46bc98db4be250a219a805073d5e558e5f3377de5d5becc5c3584f20988667af5e209dd2525c40c9fa70c8c7fac18eaaee98957b79d96b20a901ff100

Download Submit
/data/user/0/com.video.online/app_analytics/analytics.apk

Filesize
1.1MB

MD5
72c04a897494749e924a5caa8a679a99

SHA1
ef67bff3cfb96c8640bbc7745290a2d5eb59d504

SHA256
cb2d909918b2158dd9073b65d2f8ab203349ed3d4720e1bbe280165dc6272a23

SHA512
9e49285d9ae9d9ae8f2ace24c8decb48b079037b53acb0d969005a87b4d5e82382258c00b3998a2c518f659adbcc77897d8ec65e54461593aaa45ea9230cf489

Download Submit
/data/user/0/com.video.online/app_mimo/mimo_asset.apk

Filesize
504KB

MD5
373141c85a02e8dbaf4f18ce2a1f8ed4

SHA1
aa9afd7a48a9764edebedc6b990a66fb00128b1c

SHA256
836547e33cc5bd9c234b62cde28d530929c49bbc396313d136c4ef3e3661f9b3

SHA512
8b26e87b818b9369d18a1914453a6af4540dbcef22401b07d71e309f805aa7abf3ecdc9344895e1d807d663c03a095927979beabeea22d4680028e72ad72f77d

Download Submit
/data/user/0/com.video.online/app_mimo/mimo_asset.apk

Filesize
504KB

MD5
5a15af670a78139158914e6c23a74dab

SHA1
86ebd3ce9d7b325aaf25daa601b79ef10bdc0ac4

SHA256
454d49ed08121de604effae547020357ca79798a558451b688481aea9c7383b2

SHA512
b8b6e18f68edeb80ddc14ccdac1ecc8e0523083f55da52da4baf86a75d255cab1b47e25265e5e5668c9ba583a18feddffcd41db1dc2fe0945e2c1b723421ce1d

Download Submit
/storage/emulated/0/Mob/.db_accache

Filesize
329B

MD5
c011d59343b4bf785343321f88816f71

SHA1
0b30c1e0bde8c4a97751ca7284a6c70dfda27a62

SHA256
039c9631ad7a831e7e505dfc2b9ce1a3a1e7fcf3800d1d61fefdcac45b3be1cc

SHA512
3eee156b2eca71111a8c0b87104d20ab37db4628f0dd29cd22b05d75840e64f0ae3712630ac88e76f2d955494c2ca8fcf4b30842d874b47d10cd4e5d47b888c6

Download Submit