4cacf28cfe177667521015cd6c1eabee62922efc78a77df509df491691f5cf4f

Analysis

max time kernel
165s
max time network
160s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
27/05/2024, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ab47a8138f0d59a6088e165165c6087_JaffaCakes118.apk
Size

11.0MB
MD5

7ab47a8138f0d59a6088e165165c6087
SHA1

1551a18945b49d48ce610ee244622a823b08675f
SHA256

4cacf28cfe177667521015cd6c1eabee62922efc78a77df509df491691f5cf4f
SHA512

b01b5c6861f187b0dcc7f2a2d5f2d5699d1927b4d70d819e4c8e0ba74d92a3e947d3f484afc05bed3f4926ab2b27e5acb8f32203d30294a0b14ebdbdf75ca2c7
SSDEEP

196608:l5LuKjlAl1kyEHWVu0hA8hRZEF9lr4csJNyyBlcHR8dpGbhdIuGADl8PEtLx4:WKjlGSyc0Ir4XN3cHR8fGbhdIq2EtLx4

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.uhspace.feiwa:remote

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.uhspace.feiwa
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.uhspace.feiwa:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.uhspace.feiwa:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.uhspace.feiwa
Framework service call	android.app.IActivityManager.registerReceiver	com.uhspace.feiwa:remote

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.uhspace.feiwa
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.uhspace.feiwa:remote

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.uhspace.feiwa

com.uhspace.feiwa
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5127

com.uhspace.feiwa:remote
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5218

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.uhspace.feiwa/cache/com.parse/applicationId

Filesize
40B

MD5
a689895f98eeba3ad54c857fb7d3d491

SHA1
7b4bbe717287a91a5a6ab19a0bfd0a314fcca556

SHA256
898acf5a8ab518b0b83c6df22462def9085de719e0f25dbe6097acf4fd140206

SHA512
6e3594e8dd35521f5b8aea180ec54b6a09365a5f418241a0eacbd131cb41883b3a60f23fe0cbaa216ade13b29e73a35283ded1c5c4330c07e85068af0e17b803

Download Submit
/data/data/com.uhspace.feiwa/databases/ParseOfflineStore

Filesize
32KB

MD5
9c4fe3ac5aef41c782e3529bf023487c

SHA1
a72edb52c19da5da2c6a1fb03d30ca9f0e881189

SHA256
fc1f4ba7b98bdecaf55bf0c7ce6ae77fd50dbba28fb49cc4a2fb856de0fcda31

SHA512
c59e3a119f4df7c5bdbc54b0831d1ca7ede0f7df69c7627cc0a035f416d776aa2926b7f5654e5fdada012a241e769b2537704dd7fb5ba6c254314e5de12e35ea

Download Submit
/data/data/com.uhspace.feiwa/databases/ParseOfflineStore-journal

Filesize
20KB

MD5
ada4bb502d28f75c6c5627b82f6b836a

SHA1
03f6827885f29b782095f475dde67b2a391b4e57

SHA256
9a53dd56f32b4abce786e8af6397d9a5b9319f204f03669e4c68016b0ac55f5f

SHA512
78daa788a5b8f9111692026f8f4ee57ee3efee61130ec5ebf8a3543090a0a661ef45159f11b9207cac1f04ca0d70f66e9d4ce941ab3facdbfc7afd27314fb477

Download Submit
/data/data/com.uhspace.feiwa/databases/ParseOfflineStore-journal

Filesize
8KB

MD5
045a9283979bf6fccf159996f55ee148

SHA1
c8797520d300fe425f91ec63d1856d56c3cce219

SHA256
12d2cbcb0b4fcafd4f659bbac846053b97e7998e83cf3cfdb226d1af5aa33017

SHA512
16cb9f419ac39940b1825947b240de3ab0b5689608905405e8aa35b0d64ca7404374c31d018fe727b8c6be5104a3fb8246418a9462fc6337ddf2abccca422c91

Download Submit
/data/data/com.uhspace.feiwa/databases/ParseOfflineStore-journal

Filesize
8KB

MD5
e4e604a2d4dfd463a01b2928310a94ec

SHA1
810f5b664978cc961194bda75c64491ca973722c

SHA256
6220865d76b65af40581ba3d54cc3519883ef622ac7399a7e9ab4e7bf5120436

SHA512
51840c6a6bf907b0a3a6fd09e8d3a79684a2c4de7d4463fd3ebc866238ad1bf4a5374d6d3fe92da350357e867577039949b40d83ef10a6a8d41ccdedffbc726e

Download Submit
/storage/emulated/0/Android/data/com.uhspace.feiwa/uhspace#feiwa/log/20240527/000.html

Filesize
113B

MD5
48612f60b91f274a61e73a7cc7b64363

SHA1
653868d1d9481f567f3fc9f2577aa9e47565ad2a

SHA256
cf09c5cd29e0d5fc288067c33d75e415edd0439a650c9f7178b5365f21c6064d

SHA512
b76a8be564ea70f9cc60211838a15bea57ac08c3f134ca52fd2fb46f8b9904cb146f8b98d8e4e87bbe86efbede14177218da4db468bbd6974ad5ab49f69abdea

Download Submit
/storage/emulated/0/Android/data/com.uhspace.feiwa/uhspace#feiwa/log/20240527/000.html

Filesize
905B

MD5
81002e32f1adba5db37d38c897302705

SHA1
524607d7e4f47fa564face1c4b20ce367306a711

SHA256
64eb06afca6bfdbd57f3624cb92a12fadfa2bee0f027001ba629839a04af31c9

SHA512
76995a2e863951d43508cc2f56becdda3654963fe31b346f29d9030e32d8cf5dd29baee91fe9e80383de206f576c9e833b1c5e15ffb33a36d2340622ba7a35d2

Download Submit
/storage/emulated/0/Android/data/com.uhspace.feiwa/uhspace#feiwa/log/20240527/000.html

Filesize
8KB

MD5
8bb5d3b16ad92185121ee4e0bca8546c

SHA1
f5dedf18dc92c1618ce7a27f0f1884e60b1e5e06

SHA256
c409b764562eab8a1f1aec4a956d46db7215cdf2e451555500d853351932b107

SHA512
7f58ab63989a868f5d0b31f811fdf7e2b4d1d1d2f318bb9d7f95474e9577caea2fbc16c0feed5ebd33a94d6273e95314fd79f343f56fd9806b7780d6d46cdc0b

Download Submit
/storage/emulated/0/Android/data/com.uhspace.feiwa/uhspace#feiwa/log/20240527/000.html

Filesize
85B

MD5
861849237568cbb729a961d146ce60e1

SHA1
e0e11c1b97149e19eb62a3e4ea64720d338a1feb

SHA256
1875db41cebd2e60d0635a7e717cf56ff35ce6febae1e5522e5aa21269432270

SHA512
33530effc6ceccd49723861d4c5404955c98bd1b500c977ad50875b993d948a3697f00324881ed7a60c5a9527416a6fe48072bfd9d3f2b74e3b6f5924878b21f

Download Submit
/storage/emulated/0/Android/data/com.uhspace.feiwa/uhspace#feiwa/log/20240527/000.html

Filesize
82B

MD5
656521c160e4a03e17c5bee84a204be8

SHA1
59135441715f591015df7e74f16e1bf93ab85a52

SHA256
49b2249ea571269b5f0b306b46787892599233511acf400100912cd53edb76f5

SHA512
fd129d2c64e170a58ee3f51310ba083d92243ed354e5b0d803e79564d36ee317d08a8909e556fecb926618c51247af51a05475712cbe118671db4a1805457d87

Download Submit
/storage/emulated/0/baidu/tempdata/ls.db-journal

Filesize
8KB

MD5
6003d25b810ecc8bf5d5c29ee70f7412

SHA1
fdc78e0aa272c065f7d6ba0987dd74930cb96e41

SHA256
997589aef5694aee2ff51662dd3a8ad5c33c5816e7c1b3138d4d2f90f40791e4

SHA512
cf33c4449d01e5fc0c5f7b055ab9da2feb6dc0a741a6971e7708ad53be0e1eec462db65b210a58cd9208a73e1e7e3780c848c92afae896a8afc3bce2ce64d92b

Download Submit
/storage/emulated/0/baidu/tempdata/yol.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/baidu/tempdata/yol.dat

Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads