d8f82c7beb7de24101b510e7bac9ac526b4fee6c5cfb7e1992f17ac99fa68048

Analysis

max time kernel
24s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
28/05/2024, 05:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7be8987c93c61dfc4c870439bbf1f154_JaffaCakes118.apk
Size

5.3MB
MD5

7be8987c93c61dfc4c870439bbf1f154
SHA1

a05aa0036cf35468af16dd1826151dfb718343bf
SHA256

d8f82c7beb7de24101b510e7bac9ac526b4fee6c5cfb7e1992f17ac99fa68048
SHA512

fc8a09abb8191b84752bd62b16fd75ab27e78ac84afe78dbb293cc7a96248ec66f55d50aa82316f8aac1fc8511a0546efe39d7794ce5d80ab449099475524237
SSDEEP

98304:h0D0fbtl624dI4UdPwh689eSYoZP4ret3HAhz/aK7AKg/ZzIouCpb:hPfb36OtwN9xl8z/aK7ARZMsx

Score

8^/10

banker collection discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.qunar.dangdi

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.qunar.dangdi

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.qunar.dangdi

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.qunar.dangdi

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.qunar.dangdi

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.qunar.dangdi

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.qunar.dangdi

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.qunar.dangdi
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
PID:4201

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.qunar.dangdi/databases/MsgSaver

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.qunar.dangdi/databases/MsgSaver-journal

Filesize
512B

MD5
effde1bbf5412b988bf204b1bba243ad

SHA1
85cd909f9845b40b15b060bc84e16cb3641c83bc

SHA256
b799ef5d5e6261c7ffe8ca1c1c89bd01eeb4d7740734c1825377436f813c0b33

SHA512
e9e6143a4ccb93dcb3ba0974749b2ab08e8ffa066f5e30733951f8d69bef1362aaf86d83174dc74a74d23fcbaf1d3dc30b9aa9228bc71ad89a69d490b2ea425f

Download Submit
/data/data/com.qunar.dangdi/databases/MsgSaver-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.qunar.dangdi/databases/MsgSaver-wal

Filesize
80KB

MD5
10145ba6f309d011ac556dc74a20ac41

SHA1
88e1771120e413a01b590a0c838ce7bbb7b39da4

SHA256
b0700e8943d7e31c4818720b9325e3321a22611afa07358fb3a23a3ddcebe555

SHA512
5d97288314d1a0e5c751dd0998f8e355097ad353eec375ccf80bd30e807065fb35e23dd7fc0f001418664c211199ec8e19970e17e7f623fdad6f815e3c132c44

Download Submit
/data/data/com.qunar.dangdi/files/tcagent.db

Filesize
24KB

MD5
c9644810431ee16b84d05f385420b6e1

SHA1
9e00c13086da9dbc17921e62bafcd8a27e28c3b5

SHA256
f0374ae49ebf5c2b741d80063b70f107ef42566d780849ebf8344d1215e7ade0

SHA512
f611595f1bbd7297cf42a5da36c78101512de1b4035e383664727d259459ff11a8d21eb740bc2513b1cab5cf8f603ce63613077461e9567ec37a5bf18aa5d95d

Download Submit
/data/data/com.qunar.dangdi/files/tcagent.db

Filesize
24KB

MD5
8b6ebb73ce4d2a801062101c11b3e367

SHA1
212c0e37a6cf720e49f9b0616052221b8ada4e51

SHA256
fa3cfd98c6747fe3485edcdad75f126da84456b31e770ce27b43f813771b4690

SHA512
02f0fe18890ba0e5fef8672acebb51cabc4c6016518e42464f8b281e62d671833a76b904d257f1cc6c995077c67003bdcfea3f9579e9550375b9116167954c43

Download Submit
/data/data/com.qunar.dangdi/files/tcagent.db

Filesize
28KB

MD5
9ce579c068323d3f684a6828f76e683e

SHA1
2a76fdf4249c62b494fd474363c298e45a5f8f1f

SHA256
acfe8860a426c2f24de962908571bab7468f052fe32d8b77503564e9da04a199

SHA512
8ba594b85ebb99868f36f16298939de29dcd42e7b04ce6b61137dcf17f388f02d10df5194983726cd08eb13878d5478d28b2b8703be6770333b0b86c6ed17765

Download Submit
/data/data/com.qunar.dangdi/files/tcagent.db

Filesize
32KB

MD5
02d25e19fd396f6face007ae2d4a1989

SHA1
c24946e3f92b25af293d8cad1471fe068ff220f2

SHA256
0222ba23412c95d82ea527600c4332b063c57039fc6213d95acc3bda78530e92

SHA512
bf9f4fd53d23e84704d93773d7c37999cda60eee689d93a2df9d50ae87890d926ef20f6b3904ae0f3a63de42dd35987608c9f4270f59491faf0f18c2745dc114

Download Submit
/data/data/com.qunar.dangdi/files/tcagent.db-journal

Filesize
512B

MD5
6f3c75eaef8619516afc22fc69a4e2dc

SHA1
402757683a1af0a66bb6082e00f659faea78063e

SHA256
adfb2ea38cf8b00839b5efa3036aa4834417bd9ceaca3af8cef17b04a1deab4b

SHA512
8713a72e2c9c4000201dc2e1f51d658d66e6808e4558c2ee9a5105987d31f33ab903ba6800979bc51189f1426c75cc00a8c38f0e94b3695a6771b18c3bc4971c

Download Submit
/data/data/com.qunar.dangdi/files/tcagent.db-wal

Filesize
8KB

MD5
1baba3847f9f017b76a8fb90d29c954a

SHA1
61b02e87d0194eb650b7ecc180de7b9de8c488e4

SHA256
fef155fd520f7db3b34f0108d90b639f01715f8c50055c524f4f8d28ee19a901

SHA512
627db582766d5dbbbaaf09b502a84b87cb06fca6fe3a9c5d8aefe97fccbcedb4552f50f0404088a77fe18054e963deca53acecc1b0eac63a83d70ad098a2dc8e

Download Submit
/data/data/com.qunar.dangdi/files/tcagent.db-wal

Filesize
8KB

MD5
21295ce142ea42435b3ee389a1934633

SHA1
13f8df65418c92c5d13b69aab26aaba5de713c8c

SHA256
b906691ff2a7438ac543ccd651538b6b7b11c12d27a64198d7624cb995b18e7e

SHA512
4549f8cb674923683a89bca0abc04b5e684eac02afe884560beaa5fc6185daf2b057ca410b6fea63f453f31862495b9454c0275df648a66eb9d6b18bcc64167c

Download Submit
/data/data/com.qunar.dangdi/files/tcagent.db-wal

Filesize
88KB

MD5
e0fe3a6531d41e598a7045e73af24e7d

SHA1
13850c403dc1373ff9429dfd23a59c6178799028

SHA256
86d5b362741e7b9926fb86b760a1280e5581f783b33445e25d1fa6a19081f950

SHA512
632ebed5200f8695a12334426964bb23a3666462be0e5590e9e4669202afbe43ba3205bb9175d97cbb2c20d868cf3e9df2f9efb6bb3fdde237b9945b2c34f896

Download Submit
/data/data/com.qunar.dangdi/files/tcagent.db-wal

Filesize
4KB

MD5
413c206017fd8a8510178fb6821554d2

SHA1
703f9de6302d3b273b00f3bce7ed859136db87ab

SHA256
60a92cba6ae2de3ba3294b57de8a8c8299413a6197abee6dabd53932ad606fde

SHA512
832130dd0d113dff466cd8b7f3046524b26b4c57414b2626bec74289b6fdda79a38fa09d2b3cf553ce9b3c0a2054e4c8cfb187c7ca0b46ebc8da80edaa754222

Download Submit
/storage/emulated/0/.tid

Filesize
32B

MD5
7101cee15d2f913695d77b112cafa081

SHA1
aaa47f4516feee27d3b8f267bde669e4835da6c2

SHA256
95efba4b752480bebfb18a77c05be19e63b00b3badf1a19a00a60a27d21f3877

SHA512
0c0e48a2cab25ea291a19842c4f0185549f9d147ec22cf976ecd8e9acd9661a2bad6c8ef2f748590c8f0e7f1fbaf8c6320e83e523d5f948df440ecb4b1125b9c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads