266e44fdfd4e89a79f7db14fa60ea9b84f16c7c866ee9c09b22c9971a37ea106

Analysis

max time kernel
156s
max time network
185s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
27/05/2024, 03:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

77d68d24040b6660abc375e05c2ea6af_JaffaCakes118.apk
Size

4.3MB
MD5

77d68d24040b6660abc375e05c2ea6af
SHA1

9375a06caff0c19e8d20ab35664e54edf406d80f
SHA256

266e44fdfd4e89a79f7db14fa60ea9b84f16c7c866ee9c09b22c9971a37ea106
SHA512

d0d2cbdcc110509ba95612024e9cdf48e8728a471e8a3f14f1cfb9cc93592261f7d3b68640e81ba8e74f7fc93a796c38306ca6caf8cfadd45696aaee543967f4
SSDEEP

98304:YHrQWllqi5hh95RCDLd9G/yPPfYgRHkm19V+vU5rSEVz2E2L:GllbZsDxP7lJ19V/n8

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	kuaidu.xiaoshuo.yueduqi
/system/bin/su	kuaidu.xiaoshuo.yueduqi
/system/xbin/su	kuaidu.xiaoshuo.yueduqi

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	kuaidu.xiaoshuo.yueduqi

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	kuaidu.xiaoshuo.yueduqi
Framework service call	android.app.IActivityManager.getRunningAppProcesses	kuaidu.xiaoshuo.yueduqi:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	kuaidu.xiaoshuo.yueduqi:pushservice
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	kuaidu.xiaoshuo.yueduqi

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	kuaidu.xiaoshuo.yueduqi

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	kuaidu.xiaoshuo.yueduqi
Framework service call	android.app.IActivityManager.registerReceiver	kuaidu.xiaoshuo.yueduqi:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	kuaidu.xiaoshuo.yueduqi
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	kuaidu.xiaoshuo.yueduqi:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	kuaidu.xiaoshuo.yueduqi

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	kuaidu.xiaoshuo.yueduqi
Framework API call	javax.crypto.Cipher.doFinal	kuaidu.xiaoshuo.yueduqi:pushservice

kuaidu.xiaoshuo.yueduqi
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5239

kuaidu.xiaoshuo.yueduqi:pushservice
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5297

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/kuaidu.xiaoshuo.yueduqi/cache/http2/journal.tmp

Filesize
512B

MD5
e95b6a2d0eac2526318f00fa4278f58d

SHA1
9c35b4feb20018ac193b6cfebd35736a55e9e590

SHA256
1730ae4192638c17c0310fdb5f66b02f643dad5cfa161a52f0080cdc51225075

SHA512
b5a5d3c5318a961508c650e5920aac58ec48325f1a6d3fc8183e59149a5f43501b4050030b77fa8016956ac4d3d83a5e9c92e3e15d6407c6ab2c17114ecf37df

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/geofencing.db-journal

Filesize
8KB

MD5
5055334e8f36824c5f2eb5ccfcf5dfbd

SHA1
bdd28e597715a4ca4b23f09dafd5cb88859e3c1c

SHA256
8a113e96927d862fc170f24f7a40737c844302598766cd5c5d0547416d2af6fd

SHA512
93bbc3bd1e354a168b0a8bd0ba1dbe136ceac195003bc38bad6f27b3dd769c8d2daab2ade5eeab9518cbb3d2dc221f224555170b3abbe6976a89e03eb1ae698e

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/geofencing.db-journal

Filesize
8KB

MD5
647777f0114ed8d184cd1728e228f58f

SHA1
f0f0ae515c6888dce1449ef88f1d20a812f2e97e

SHA256
42047043754cf3c99d611ba888870894d0da189b39cc07be54b12eeb3ed39917

SHA512
90786f9fad7ba86c6bb6c834851864def284cdcfcf86c2454d7719615784847a74daf879c1eea8609b602849f33b285c2a94a91490c5dd278f72cebbb955b341

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/kdqb.db

Filesize
96KB

MD5
9c364ea0b20ce78325e555092f0cf784

SHA1
08b2500e28926c057d7a399324b7f0890a73cb7c

SHA256
c6435c16439d300fe4603ea642dccabd42844b994a947e7a15b11321011ff8cd

SHA512
8471438f5c97e7ac64c00076350a6d3216aa71e60457e1bd05165b2e5c53e928bc8878f578ae17de957af53eae6c0d2005c825f9be477029055a0bdba670150f

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/kdqb.db-journal

Filesize
512B

MD5
3f4c3f8b11fadbe8badaf2824dfd2c1d

SHA1
a8889df5de53f2db5fa58bed6561f96e2df52b22

SHA256
3f6511de12526662ebd644cb424760bbdeb0071f0b3e7a3a9636d19bdbae4f5c

SHA512
bbeeb43e133c8a1edbea0c7eb6760194a0d600061b0a7e2de61a45e153440a49a4b5e27c0c1892f6d5264f635f3a06f33021986f23372ef1e6d07f1625c7cbb3

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/kdqb.db-journal

Filesize
8KB

MD5
51bc344e6bb4b6d730552231891bdff4

SHA1
050487016d82e558c9b3cbad7482591debb053a9

SHA256
1c4483cb14d491cca2e47bb3d9e717723e5031c71cc682c69b9d648073a586cd

SHA512
8d49b7903453179ef82440d5ee883b25054e0dd322acfd72f317a0f5da5d4d02c123be40cc56c2c9c8505690def8ae8309c1919a3ecfd6a16a2b885f161e462a

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/kdqb.db-journal

Filesize
28KB

MD5
cfab1313b6bc4be5c38f024fba1d7195

SHA1
bd3988e3c05d66889d311e06cd577c05a88a4cb6

SHA256
bb849c39f9a2c72b4b34520ff09d1eef151a053e7c9b3874ca80e8d378a12b9c

SHA512
60394e4bb665c2c629bd5ba938858e896355de7850f958b9d9a1bb9beae3b17b281e937cf8868ae252f6dcc46d10985ffe00d2b7bd3adc8a3c30c2052db52099

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/ua.db

Filesize
24KB

MD5
8d9997dc30a494779719778936266dc0

SHA1
b135bc137ae0d51c1de5c4f91030dadd4f19b3c6

SHA256
70eba75d55d7cfbd7aabe41b153168c108e1a0f5acb888523f1531af80227704

SHA512
e7fd074cbd90025ffa1c3c0441dd48328d87e03ac73613b02af08d2676bdcce127698da1aada5cefe114bb1612635d063e047762cf918101ad79678538a6bba3

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/ua.db

Filesize
16KB

MD5
6d15bf029e94b57408a02fcd38d3a991

SHA1
69a71599a6b946858e16b66b4886e9a5653ea650

SHA256
17bcf5fc234a87792960fd81bf762f1b5fe7a8f8938da912ce0c28539479daf2

SHA512
3f3b155ed38980619c9d183f88b219b2883be0789bb29433a54df6c062b2f4376363ce9e3cbb17ca61d3ce9040b12304035a5b39aab864fd2884ed3b233a446b

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/ua.db

Filesize
16KB

MD5
94ae05cb65d262beeb671ec5f5ea58ea

SHA1
98dfaeb14245840bba22abc4c9c3ee96a0333076

SHA256
bbe007641627d9167d7e913f75b2a5c7f356b6772161c32f3abb631a4e9745f7

SHA512
91363656a9e316fdc1c213889f506cc76ef29283d4f332e6d546562dbad984363753fc324fc1f6b2262802eebec632b430558677fbc88044208f4362f84a958a

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/ua.db

Filesize
36KB

MD5
b7036131b84bdf2b66c67fde18d62308

SHA1
18b1e5a358d68c846495cab5cfef7c6679659093

SHA256
c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295

SHA512
256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/ua.db-journal

Filesize
8KB

MD5
4520452f17aa5bbc4d9fa2d71c1d1a51

SHA1
caaf43f4be0133fa49a386f4a66ae815227be573

SHA256
0fc28d0812926caad8e86749fd0dad980d5156a5a438ed212502712394cbb3b4

SHA512
193e2af00084bf6f16cdcb730ef5d082eee6719aab2c3f01b99321382e4eef85e733e8561d9165190f996d20848fe19bb8251f7537153ef21c182427a35b056d

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/ua.db-journal

Filesize
8KB

MD5
b46f8ab8102c2890cbe6bcf82380d1c6

SHA1
92fca350e7f6b7afa1418e96cf44b22686ab82fb

SHA256
1d0c78ab32d5a037436510a086528c3fd8927500c6972edbc7d6db84f9d90a34

SHA512
972df19a39146d4c73106a05ab117e406f1aa75e730295f0fa6bf9e48a6e355f9933d8e88eab7af8666d733d0ff8edb51bb93a6017f5943aa8f9b59ba614de1b

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/ua.db-journal

Filesize
16KB

MD5
6c7a84355ea94f719b5c147e0a1ab354

SHA1
da0e213b3b85ceb6720d107f8677cc9612339dcc

SHA256
071e1b7cafb9c976f2d7dbf20446aa0d6645fd23ba836c53e99072d0086437a6

SHA512
d7380e10673487964e9433ecf5a97154852032c61761612a72db1bd08c40e8e0f7460b71b2a7b124c58f6fdb13514b16e39717aff79e3bfaf49fc17d154814d0

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/ua.db-journal

Filesize
8KB

MD5
3acace25033444a7a10403eb1128c85d

SHA1
ff5b7a5619989cace87552691a6b336db83119d4

SHA256
984d4288619cc679dae809e28dfea8b35e00e6fb5717ea5f1f6ff0cdf3e8ff55

SHA512
228926a4790abff0f699c974433aee9141e55f4d4c7cb9cb9c3bfec7922eedc95f7131ef83adb28cbceae187f6e233b15c9ac381255e8b9b432c5203ac248aaa

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/ua.db-journal

Filesize
8KB

MD5
5f6509b35d8b994525b9e551342b0277

SHA1
0a5959d264d533ae3f4978e73b80cc0fe62b3325

SHA256
7d22ef265526dcae8e5e23582a2c95c5123461c01005c4cd5b3eeaa76327f13d

SHA512
b3375d08f4b858a00bd1dc1a07175c2201bfd9756a53c6ebcb9292b9191cbf72455968feaf4b46fa4c4c0537e8bb119a7570e5b6fcf54a23a8776e5eb9049000

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/databases/ua.db-journal

Filesize
512B

MD5
d465d095f6308938e51c3b364bf08a26

SHA1
194ce241c4ec7a95def45177da99d9f9fbf51213

SHA256
0a57b3b4d013ce1adc193db63744e625a12f35c3f1eb349904dac09d6dc19faf

SHA512
c77e9abc2dc12c58f17fbb568206a948440c971b44081cdba703959eb128b35170230441bff754c1f73e6622d5b278ba13b3f8e0ddb1b3a6e8ce576cc8c641ee

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/files/.envelope/a==7.5.3&&1.0_1716782369148_envelope.log

Filesize
1KB

MD5
64f33938dde9bbe732808bf4d3f3b713

SHA1
f2c9922c51932ee57f29f1e5e656bf61cee982d7

SHA256
076a9ce781081466a481d7b5d633ee34d7d7af442b5d2ca0d2de86ead07b3001

SHA512
e66c6e739a57285135965646017957a1b3eae58008f3dced2b2509aab63a3e75e9003b81eb5a2cb0da7294ef80770cc299e50869a8a3a3512a745a7a46d4924f

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/files/.envelope/i==1.2.0&&1.0_1716782370146_envelope.log

Filesize
2KB

MD5
bbfd177c7f0cd521ce2c100ad0024038

SHA1
35a3f33a1460b23bcfe4e64b084b6f226dfe97eb

SHA256
8a6fa123501aeb2c12ec50a7442c1aed09eda3a16549ee66f9f12d6451d0157c

SHA512
dd34fa4013b0c9452e1212609d0ec8e1a10693541220d2b9f71ea8b5342ffca1edf82984f3a60cb274154cf6d7de0527cefd74cc6dd1d8bd8c9a3105d3da3c6d

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
f642c9a9d215bfceba8ac0f5e408dfaa

SHA1
c437ee82b1a5c653bef6ecfe677a948e7c5b088b

SHA256
b43deee07049578dc73c79309a557ec08a83ecb6cbc01df0132722ee796c0fca

SHA512
cc711d1903d002df1a5f17f601868f4f3f80160ebcb43e81095c63e470ac2e9220e5683078942267bd71ec2f6bcf87123d2433cefcb347cb845796b91b822055

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/files/exid.dat

Filesize
58B

MD5
912e4dd4a3b925806788ba950e73655d

SHA1
f51e818ca9b5d1273fa69f7ebbc97c86ddd2830e

SHA256
5979221bf92d3154fd22aa125549fa5f8378610721c84dc306c276c3f6fa28bb

SHA512
68770852f1900d6fd6462d5a1d88f46acb786d8e3681c4a9ca113261e95b5aeafed346f2c7638c5d2d8f4a1ce4fe3e5918d39957ec4516fb27279bd8958fd1a3

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NzgyMzY4OTk3

Filesize
1KB

MD5
ef80d08e04169971c2d918d97a81859d

SHA1
61121c360730e6c438b4920153dbf9c01449f58b

SHA256
f4f3d0be4ba0f81150484586739a1415621a42d9ffe89e8e88d1062030a1ff31

SHA512
c3ec8af199944d9adfdb82f20578e798ab4b768100587c1680c728d31358ceb6f827e302c506824c3317df163597e5d3a84730dc057df40a9f51a2e674a60b4e

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NzgyNDI5MzY3

Filesize
1KB

MD5
bfd915b45dc64f82e8d1e229bc91e6df

SHA1
4767320ea18fe2fb4076e55fc3c570a5b4a83e9c

SHA256
d9d601e78088876d38abae2862b170d87f99069b5df45d67a23f5ffb2af27ab6

SHA512
0826705afb5250e08cae85a71cd877eb22b41e7e86bb945309ec7e62d994314d85d9d92143abf89b5b93e9f97c778e12f80a0c9e19eb49b71b0d37880c911669

Download Submit
/data/data/kuaidu.xiaoshuo.yueduqi/files/umeng_it.cache

Filesize
350B

MD5
517a136e8bcea4ad3ddb94dc0c9a94d9

SHA1
345b395a9976bc0ecbcd8068f6b76a20a72ff2db

SHA256
9afcaf4f6caaa93f62d7b120450af2a7706971fcbaf2cdfebcc5711a677f3d82

SHA512
5b0b9a458c64c69d48ca9c33a7df43c3738cbee2583f35fae8b5d2cf78a4777a9fa70bfa05da8845d23621ea6ff229fb59b2ecfac593f2e2675a454448d8adfd

Download Submit
/storage/emulated/0/mipush/lcfp

Filesize
41B

MD5
9c66c2106f0078f5f7cbf3a2ba9d7664

SHA1
922b0c08fc98891a1395ec45360abe91beed615c

SHA256
8185874675aa25df7b3ea2d473d2a297f1e1aeeec793aaf6e6daa7a9585d3d7f

SHA512
2c9e5505a7e41c9f8520ef9ad3e4f7ac559b2a9afe765b9820d1a7afd9b15e1958233ebc2a685c4b824f408ca8cff4a98ce4d075737a71e66835f5b2dcb562d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads