Overview
overview
8Static
static
690f3a0c50f...18.apk
android-9-x86
8MiGameCent...ce.apk
android-9-x86
8MiGameCent...ce.apk
android-10-x64
8MiGameCent...ce.apk
android-11-x64
8unicom_resource.apk
android-9-x86
1unicom_resource.apk
android-10-x64
1unicom_resource.apk
android-11-x64
1mimo_asset.apk
android-9-x86
1mimo_asset.apk
android-10-x64
1mimo_asset.apk
android-11-x64
1Analysis
-
max time kernel
9s -
max time network
141s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
03-06-2024 07:27
Static task
static1
Behavioral task
behavioral1
Sample
90f3a0c50f9c37701e6fec5bb19c1ee8_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
MiGameCenterSDKService.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral3
Sample
MiGameCenterSDKService.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral4
Sample
MiGameCenterSDKService.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral5
Sample
unicom_resource.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral6
Sample
unicom_resource.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral7
Sample
unicom_resource.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral8
Sample
mimo_asset.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral9
Sample
mimo_asset.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral10
Sample
mimo_asset.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
90f3a0c50f9c37701e6fec5bb19c1ee8_JaffaCakes118.apk
-
Size
22.2MB
-
MD5
90f3a0c50f9c37701e6fec5bb19c1ee8
-
SHA1
0f4e2789a0f56720d450c8be203783fca1b225bb
-
SHA256
56d786fe29aa7bfe08663e684fb12909996164a2872cb5563f2d9dc1d35ae23c
-
SHA512
8671e8b92868173ea047ffa4d8167507b92e76b3607cbf27d180f65521f5f08ed23486d65ce0e1f43701707f712fe26ca3dd444059695d573d96504678cbbed5
-
SSDEEP
393216:/lC2EQNzjTMhtoz10lqMPRRJXFqBfavVdDRAMDJlHsUPMppA/3k8wgJgX1ngl:NCvQNIInQPJVCiVdDRAMtlMtAMCgXOl
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
Processes:
com.yifeng.yuanqi.miioc process /system/app/Superuser.apk com.yifeng.yuanqi.mi /system/bin/su com.yifeng.yuanqi.mi /system/xbin/su com.yifeng.yuanqi.mi -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.yifeng.yuanqi.midescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yifeng.yuanqi.mi -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.yifeng.yuanqi.midescription ioc process File opened for read /proc/cpuinfo com.yifeng.yuanqi.mi -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yifeng.yuanqi.mi/app_mimo/mimo_asset.apk --output-vdex-fd=68 --oat-fd=66 --oat-location=/data/user/0/com.yifeng.yuanqi.mi/app_mimo/oat/x86/mimo_asset.odex --compiler-filter=quicken --class-loader-context=&com.yifeng.yuanqi.miioc pid process /data/user/0/com.yifeng.yuanqi.mi/app_mimo/mimo_asset.apk 4338 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yifeng.yuanqi.mi/app_mimo/mimo_asset.apk --output-vdex-fd=68 --oat-fd=66 --oat-location=/data/user/0/com.yifeng.yuanqi.mi/app_mimo/oat/x86/mimo_asset.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.yifeng.yuanqi.mi/app_mimo/mimo_asset.apk 4280 com.yifeng.yuanqi.mi -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yifeng.yuanqi.midescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yifeng.yuanqi.mi -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yifeng.yuanqi.midescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yifeng.yuanqi.mi -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.yifeng.yuanqi.midescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.yifeng.yuanqi.mi -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yifeng.yuanqi.midescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yifeng.yuanqi.mi -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.yifeng.yuanqi.midescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yifeng.yuanqi.mi -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests dangerous framework permissions 1 IoCs
Processes:
description ioc Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.yifeng.yuanqi.midescription ioc process Framework API call android.hardware.SensorManager.registerListener com.yifeng.yuanqi.mi -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.yifeng.yuanqi.midescription ioc process Framework API call javax.crypto.Cipher.doFinal com.yifeng.yuanqi.mi
Processes
-
com.yifeng.yuanqi.mi1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4280 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yifeng.yuanqi.mi/app_mimo/mimo_asset.apk --output-vdex-fd=68 --oat-fd=66 --oat-location=/data/user/0/com.yifeng.yuanqi.mi/app_mimo/oat/x86/mimo_asset.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4338
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
545KB
MD5771fec16708ba01a54092a540fb0c2e5
SHA10692bedf423d86056187fbd9a399111d7988265a
SHA2560d3a196df1b7c5d0a7c0e522fb72527a4463872d68e58d339f0e90606336a745
SHA512f2f799a838c4fa869ce350361172ed5f925b8b94b25019913c899feb4ecd671fffd8cb5a9eebd63722a28d537223622bbb83c65675ba425bad2cb0b8c3823445
-
Filesize
300KB
MD5bf0be21e40885f5f682349db415ba2f8
SHA1823bcad773983ab798565f7b64b95783dce14d80
SHA256aca4c8f0522c09a77bcc790b10c772611525456cc88da97b0240ffdfe1c4a2eb
SHA5123c837718ddcc19885e00d54f9b7c336d83406571affdf64411e85a1ca317d67399e1cd56c5472a725568897dcd45bc5d94b87747be72b15e37e565034544be81
-
Filesize
221KB
MD506626378889c5130e9d7657f7ce4a7f3
SHA10d99220fbedcfec9e054148a4b625be148007931
SHA256474eeba2e6e26b8711e8210af60f45374697781cadd4e57653ff41a553ef9ed1
SHA51224f117e8afdff4547b83b4bb6bcadefa7e83402f4f63906b9d36623f0fce81c83aa098ae3c2442dc9fa85c9ec9a008400f11ca8c37ed1d9e2f20b6481ca16c46
-
Filesize
24KB
MD54b39ea438e5349229ae0310b37cfbfa3
SHA193e6ce8ef35e92eeaeab98cff8f0fec0d70da8ee
SHA256724e9a265dc9ddd600661fdf1d4ab5b24f717bb17b2d1c0bbc31a59eace6f15a
SHA51215884d119371ab9bf82c708a12633f9bd3f603f0023a55f0b1bfbb9db18113034cef7b954c5c579324f7925cd7c56cb75e5b03f85c142f9cc0d808fde62b2f83
-
Filesize
36KB
MD50adda9c85a5e4808f5b1b74c0a8591a5
SHA15048107883ab1e345af9cf2e6849ce46e0e612bf
SHA2561e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1
SHA512646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1
-
Filesize
512B
MD55a474a860f670b3d70cbd28125b2369a
SHA1fa342677a3686f002fb7b7a2219e647f4bb2fa80
SHA25652b2077f689bb2b61a548e53fbf8a7120b9c7da5f942921462d55d4fe306e01c
SHA512187f625703c866fb310d971ab0d54f8e86b81ee05aff7e800cfd3d98da2da85127fba4eb4f90049b99490570d5577bff76a63aef43dd22a29e237ed6c608ac0e
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
12KB
MD57fd7c2146d04c2d92b37f21a9e566a71
SHA1f268b2e4a512d7a28593bec295cbfbf794ddf6e6
SHA256bb2e834334aa2d40f28890d541b7bc8c19905cc7d4d0aaed9bee3715a67855e9
SHA512f75efb27675e5e4037571e9fbefc18b85e4ae9ec0406b3d7f2e63cc424fd75ab03732f8c6248715fbacc06b4e5b6421c4d92dd6d57aaf868dff4aa163b1ff520
-
Filesize
48KB
MD5c821d5d4205c6a7c9ed1955fba34da3d
SHA1448a22d9a993b97dcb35db4458eb8fa278811c9c
SHA256551a3d1376b0e2c5742b7790b776696815e7d49f3bb3a69366660e680f51c903
SHA51295fbf1e056ca8d2cec3670d9d6a278933367f75a5e53448e36121564f9e5bf0300e8984e58b6ba58899c05aeb6aca2056808e1a8d8f59a9d13d68f877a86abfe
-
Filesize
1KB
MD5692dbd8d4a8af68879137bd7785ec55f
SHA1efc30ca553fa6b4ed25ad4b68b0c1cf3d256a7e7
SHA256ee02aae4efc68234bd06c0fdb6c46e6322172f6db8811c2d15201fda0410168d
SHA5120e579d9216107977c31af884645efac79e3f5c382aab8d7a5e0b3bc9d720f6ddc9a8a66eb436b9048ff34f00baf0d26c3c981cd4092fa85643c6056277c631d7
-
Filesize
162B
MD51953b0d4981c7ac399aeaa0abde1492e
SHA13f9d8fed76dce79f804e950ff0cc2628d446a5e1
SHA256307811aa81c4038ac8f8a326950da056d9ece709b11a3f504bf8a5024eb6f376
SHA5128b9559a10874fd2923b1162e08bb9b3314f9e434aa42df23a383295b8492b9eed0ee56b76df01bb771bbb138e3c3551e7292ba2439abaf92c7acc759dfb7dfe7
-
Filesize
52B
MD5c4efb87cee38ff9e750412df0b64a89c
SHA16b39b84e499df021723438d0587792b0ffc8f0c5
SHA25610872683c206448354ce45c63bfc38a93f5fb03cf1017fbce9276a5188c1c133
SHA512d78a851930e7d78d06dbc1293b83f8a5242235624ab901d59e34f33fb7829783b30f61d6e0c07be94be2e391ea404733dcfa1d5003a4377da027f29b94c61dcd
-
/data/data/com.yifeng.yuanqi.mi/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE3Mzk5NzIxOTM5
Filesize1KB
MD567655e2686e23465a76a23c865af1d94
SHA17b076e6f05ffed7a469090a8a5bf80d8d5088df0
SHA256fac56dd572eb6b007ec3ef6c83880c2f28f4290a523c201d31f570561fd87709
SHA512d23f657707f10e99c6434d9d1d0671de572fca5320eed165f736d9a8f29c0e434b3c7f60d5800b4230bd7d412869c8505080cd5f23115b258ba7acd0710585ad
-
Filesize
415B
MD5bc2c1eed988ab6707ae8f1483973d563
SHA1a8e2e53113763972115e2aeb8814330b39aea20d
SHA2560f0a421df355dc9b67fb88ef933d914cb09ecca23e02c93f3166eb77081bfa02
SHA512a3980d305807d4285b665e7f6274a5b0611ba2b7d43fab43105cea7a4fbad891197fdad124d6b240fbcfe80754dd78ff6fda7e1a478b34cb3c49ea06118e15e7
-
Filesize
504KB
MD5373141c85a02e8dbaf4f18ce2a1f8ed4
SHA1aa9afd7a48a9764edebedc6b990a66fb00128b1c
SHA256836547e33cc5bd9c234b62cde28d530929c49bbc396313d136c4ef3e3661f9b3
SHA5128b26e87b818b9369d18a1914453a6af4540dbcef22401b07d71e309f805aa7abf3ecdc9344895e1d807d663c03a095927979beabeea22d4680028e72ad72f77d
-
Filesize
504KB
MD55a15af670a78139158914e6c23a74dab
SHA186ebd3ce9d7b325aaf25daa601b79ef10bdc0ac4
SHA256454d49ed08121de604effae547020357ca79798a558451b688481aea9c7383b2
SHA512b8b6e18f68edeb80ddc14ccdac1ecc8e0523083f55da52da4baf86a75d255cab1b47e25265e5e5668c9ba583a18feddffcd41db1dc2fe0945e2c1b723421ce1d