7b6be6b7aa437aab2814a34f8a680b83f316f93d533d6ba504d03f3aa43d01cc

Analysis

max time kernel
177s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
11/06/2024, 21:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fa43fd208db904f12d5026d4b748c0c_JaffaCakes118.apk
Size

16.4MB
MD5

9fa43fd208db904f12d5026d4b748c0c
SHA1

b3df0451225dbd1e048919a99a16f44b56095434
SHA256

7b6be6b7aa437aab2814a34f8a680b83f316f93d533d6ba504d03f3aa43d01cc
SHA512

e2e2b7a5df687388e9e873d17a9df1bc70142b915e8c288e2b8d6f91f77ac3f2313265ac7dfb259b1c4f8eafa7ce2f634234aaa117df085b08148cd72fbd4017
SSDEEP

393216:R7rv7ESFC3vBp4U3it1cmE9dl2uFPV2TTVPEgkbQUhM0mDdp7XrWtsvHPMWAd3:R3v7EOQT81cnPTFPQV8gwQeLQPMWAZ

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.wps.excellentclass
/sbin/su	com.wps.excellentclass

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wps.excellentclass

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wps.excellentclass

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wps.excellentclass

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.wps.excellentclass

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.wps.excellentclass

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.wps.excellentclass

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	/system/bin/cat /proc/cpuinfo

com.wps.excellentclass
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4277
- getprop ro.product.cpu.abi
  2⤵
  PID:4314
- /system/bin/cat /proc/cpuinfo
  2⤵
  - Checks CPU information
  PID:4389

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wps.excellentclass/app_tbs/core_private/download_upload

Filesize
84B

MD5
17860b583061f0f4d7f50df5b4dc6fbf

SHA1
f3f67823231bc3aca92bbc2acb2730aaa29cf1f0

SHA256
e1b48b088df5e1870fcce182ab505dcc402c8d8ac2f338c44c8013d569fe0d30

SHA512
175bf21edf1f605ca2e846855b77a31078feb99a77610fce9db22a13e6b1aa8efdbc58ddd01ce709c423659f725a0c6cab1001c3114ee2790b4daef1d1d40d43

Download Submit
/data/data/com.wps.excellentclass/app_tbs/core_private/download_upload

Filesize
56B

MD5
219f4e10958b687368c0723de3fc1305

SHA1
29bf6b91b2fa3c0620b1ebffd382961f3224c76c

SHA256
c8481ba5a39637469e358c0bbe2f5e2e080b87bd5ea569aa5e2012de49057a57

SHA512
2897c687dd96968948b139f19a1197b10b60004d57825f1cd1daaae958273332781e4d961526c9bc7a5aa6f5c36644e2cc8b164fd75089afde74ce8236815cb5

Download Submit
/data/data/com.wps.excellentclass/app_tbs/core_private/download_upload

Filesize
56B

MD5
6ff7b05197b8ea91b75a5aec21763640

SHA1
853514182e64139505c341882fc722d0424da767

SHA256
d099e53c45c5a7fef5e332550f7e6bb4ae21d7232fcbbf7073687d23b34694c4

SHA512
23453dc0f2aeddc8216cbd06cff2a025016a435f6cd6345eb582796ecbf5feec8f82a3782348c3ff308d7b270c650687a472ba735353d671e6bf207c2b0cc630

Download Submit
/data/data/com.wps.excellentclass/app_tbs/core_private/download_upload

Filesize
84B

MD5
2ea5923f6bf861018d0bc832f4c3569a

SHA1
cb2d50d09f1e5e2f3222f5796acf0484556faf40

SHA256
524c73fe25f35d0cb0024fcf71004fea3944f5cb7ba8d3d9bf6db6fbd719c34a

SHA512
30d7d1537aaa0f10a7e62402f10db1c6c041f64a7c16f21ffbbc35c3e0e31293c9839cd0f8fed24c5e49292d51c9a89d0af94377b73addba3d033f38865f49a3

Download Submit
/data/data/com.wps.excellentclass/databases/StatSupport.db-journal

Filesize
512B

MD5
3ee730999d2d2348555f50c6967fb528

SHA1
a59bf8c1e813636c9e0b1cef7c27b746b6b28d07

SHA256
aa0dd9f7e3bb3ee218e4894282a7033ac54aaa9213529ac03838d2332587df11

SHA512
c84fbbe28373bcab478c4a5d73c954e993b798f1a6351e93397e4f7b18587795c5c58c181215c42718dc718371cc880128187fd5250c8682f3141685b1f55f10

Download Submit
/data/data/com.wps.excellentclass/databases/StatSupport.db-wal

Filesize
48KB

MD5
f81edf752b3887f340e15d79e45f06db

SHA1
c68aacada2bc4110ba1542c8e87f01b64464e716

SHA256
b3630127565ba70b87db5c75523403a736d6b64483d87248320686ed68aca4b1

SHA512
2b92275f60ae14fc4d9f9f6e57083ee8a12bdb255500d421f9d092b747fcb2489849c803a63bdf5248269d7115cef9dbcd484681a55fe6ff83ea48ee442465eb

Download Submit
/data/data/com.wps.excellentclass/databases/gis.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wps.excellentclass/databases/gis.db-journal

Filesize
512B

MD5
07f4d09ae6e81b50eafb07d5cabe0ee8

SHA1
5100c9360491c986f0724861fbc94f5600d1e48c

SHA256
ca561661c7418f98ae03ceec0c5fe649a9b6888fc1ae3dfeee2689318bf4d8c9

SHA512
5a51cdfe6a56a3313cf8256a8c8c96b895d01a4551aca8c855361e6d6ee618b846d7973389a40109354bc926549ae4afd184c7b3be9c5d6101c8a3cd03829afe

Download Submit
/data/data/com.wps.excellentclass/databases/gis.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wps.excellentclass/databases/gis.db-wal

Filesize
36KB

MD5
7566bb76573db8bbf02c062479e7596c

SHA1
59ccaab9e4ef5e680f3c905140af42a54bd03626

SHA256
ba4564c752c56ef618b2258fdd64c6194306ecf8d962ea11ea68a253995d087a

SHA512
5e043ed3445d0249a45695a25356a0a672c1f7952da4206ecb593cc5ab7fe106780a0b35210725145667ce8b61d9b9868bc430b6c256014bd3ac2b7e8eea5afb

Download Submit
/data/data/com.wps.excellentclass/databases/gtc.db-journal

Filesize
512B

MD5
a3d46ed4cd16f5b9c16ef34eedeca561

SHA1
7f208940309f5639bc92f2e4cb3b0830f4d60e12

SHA256
28a49ad3854b69cd41ebf944765e1b089dfdf63f054f00d848849fb23a594a9a

SHA512
b6223e47eb83603c93861e9cd704a304b4ee9df8dd4224443056cbcce855ef37900e3444725deec7100fea39b2a994d24dcb4f90a3c74fccce496e3eb1d2eee7

Download Submit
/data/data/com.wps.excellentclass/databases/gtc.db-wal

Filesize
132KB

MD5
1bdb7c9babefb6753dd00b8f692ff26b

SHA1
0715529cc09c0f12d1716ab17b906b0be58897de

SHA256
73ca6a5da5be6aee04914be9104086a26a39516a09618b9db49dc5e48cfee8cf

SHA512
d93ccef6f086840850a7efd6343a679b7ae78cbc08a1fac830f8cf48cb9c191556aba9c72b6ba58948056015fc539328a5fb724b0e33e0224f961927611f2f16

Download Submit
/data/data/com.wps.excellentclass/databases/gy.db-journal

Filesize
512B

MD5
bd6091665830c75a2979e6c50aa9315d

SHA1
a0cc80fa33b57d7cd5105f745c4516b3e0628615

SHA256
f2b2048c66b883329e77d27fec2ecc9b14b1e3ab57e426c1d36a79f6755d94cb

SHA512
1ff2f0db89da9ea600d86b122f4bcce50c21c819fb914bd2033a635dd7981f7b3cddd6e55cb84e5e45f8282ff6a97c90328019dfaeb7ea8254de138ca9db6e31

Download Submit
/data/data/com.wps.excellentclass/databases/gy.db-wal

Filesize
88KB

MD5
13c16f6ba96e5b244f45a7b4a9754d56

SHA1
3f313ce8a4d0a1c9615458032e0c98d02db44452

SHA256
2bd99c9b9f50636f4275ec93f9f48bb0035f5781d22879576ce0179ab7356206

SHA512
55175c19e9d496dc8c27d925c17a6c39ca27167cf72cbe1197ca33b59a79f671755bbc3b7c003248bfae8710ff5a95088b657736dfb48acc90cc0767f319e71d

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db

Filesize
20KB

MD5
3a5423fc3becafee53df8e7abc1ec632

SHA1
4b189f4abef2fd3b430f339ca0d7f91b536470cf

SHA256
47591c097bd57f129a8b43adf9cbca15cbca1218cf961af26c8dfe8ea1cafe10

SHA512
165149584913721afa2c693f542a98634e9f1d9ec39c5525eb5f6d0e18fea7d42761e491431c8cde156e0333dc46d3f5fed9a6e890c33af2cf086345a6393cec

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db

Filesize
20KB

MD5
059a2cc42b99c81eb1fddd36a08169b7

SHA1
9a10729f28cc766148bcbdc107424ec6577c8267

SHA256
c369ae6b3cb86f5942cf571f14ae23bf30880bd5578821f23251ae7dc244a60a

SHA512
c5c67e96da6c34a4465201a15bcf045c2ec805ea6318c09cacded57d08b6ab014ca2034b7a4a8d701da5fa909792020dff646a4d3f73a260b86bf928c9290dd7

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db

Filesize
20KB

MD5
4b4a36b13de1c5882b9c41c5ddc2d622

SHA1
337a7eb047b083f0ce652328c43430726fb26d89

SHA256
b3f0a6fec5bb89ebbdd33be681c11a5f1a7f15961729247b6d66291c1544ba69

SHA512
282de084911c29f2462bfdf0b9fd3083c00782cc482fe4ca23d2a777f904e78c124e025187e1579c443f2fe5344b0253e5f428ba94a5501648c730bdff19b9d3

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db

Filesize
20KB

MD5
9c6981ed1b14cbde4c0a2c2b606c4888

SHA1
088f0be1e4f4dfcc0b74d3e1b86772d34e9cec44

SHA256
01ba355349627b63da071efd16fdc35bdde1a2101edb1e6e0c03b04677555764

SHA512
8c753204b06c7dd372f317f2b9df23b2836db19975eb68e1d55cf04cf55456a63032e86a201bcb3b2c122be0047e54d84a3a9bc949a478350411ed5835aa5c77

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db

Filesize
20KB

MD5
faf0c23c150fd39eb25fee7c784b1f7a

SHA1
a94df075f572c890d765e3f62115a911c4100c19

SHA256
58c0e53e82481202efa16ff246495d6b6eedf6e50b5d5ca3cefa086043ae479c

SHA512
a273f0c590242c084db0aa6bd7dcc6cb455cf804b65e4899be4137f04a6bb1b24803b30b1833b14c83faa68d1db41b7f9abbc283231964b04d6d4e13be5b80c2

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db

Filesize
20KB

MD5
8407beaaf224a8bff5f96ac14dccc777

SHA1
98b0ace8fe2535dcb39b33fe9149536b84fce0ed

SHA256
3acddd2b5f213503c6581508b194058a1ffb54ba202473d56584d815f9f05780

SHA512
fe77542efda1a3fb6b34c08a14636c8097ff63fcfac7cab13268391f494af0b7702f2b1e21a58f546b3345afe99ad076dd662029ad177598a2a568f27af185a0

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db-journal

Filesize
512B

MD5
10757277f4dad8f9e1ebee8cac529c27

SHA1
80bbc882b71076ce75e3cb936441da681de9e641

SHA256
73d21b2b80853793d754ff9f798cc4819f01b6d015ac31940ceccd0e11cf46e6

SHA512
22b98e073d21577209c646bc3d1c044acb25a849f5e06786e3e6027435e0272484871276442df5b9fd759f3cc42dfd07b99260004936befc439d35a9473b7262

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db-wal

Filesize
40KB

MD5
55a93e01f6202b1c52ef030d711ee503

SHA1
424118a7bc99307cea85bcd597a7572bdae443ad

SHA256
aa21f929764cc91aa98b18f78f7d60b6107330186c461af820b6a9e140bd5a42

SHA512
88bf14b3294cc55a335a66e1851b6c4abbf33574d49d260e5fdfe5a8ea09622e34b1a1333e9a3959a3f774ca5b4ad76ee8f659deed23c683c4f41f0ce8d66b94

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db-wal

Filesize
8KB

MD5
e1544c169331dfcce41da0b220a40d30

SHA1
86dd721e6766f70888545d7f1e45b0d5ca634eb9

SHA256
3eac04096eef8fb6bdaee3a40ef660e2278e0d37c599782c751515e848a9b2a5

SHA512
6b86ddd24638a8b7e4961d2bf95f167f3402c8916883298b8fc378f8026bcc11d093141e86a2ee7261ba20acce9a14ae6cc7547d0804252ef83b8e6ce73beb6d

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db-wal

Filesize
8KB

MD5
e5e7988a9069b90a2238ce99880c6050

SHA1
e36e3e78bd6ad7c944921f2ecb3fd49f218a8d36

SHA256
749d3ba8cd56b892661d63772c07cf48f9ff0a4551192aebecc0a8df2cfce519

SHA512
e25fb281c76abae163ece2ddfbc18438b11f0cea12f8a29cdbb037ebb9e5902a9b6daea6faf5df0134bf6044abb0ee76e7511e0c86759d6795c1f8328ae96874

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db-wal

Filesize
8KB

MD5
bc42afca4cb35f030d6ebab341fb64f5

SHA1
0e43dad70b6ec1767e2c2b9bdcf3942c3370046e

SHA256
3bcc75bf70380a370d1c80acf024c3e365e3d3328d814a6d789463238a6bdae6

SHA512
30441a71f8bdd76b55324e1b067a7013d673e287a8c26fc98933be7d1b1c3dd1657cb824b8b7a0e8af11d094a78f3dd38a101d1a373349943bd1952f31acf22d

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db-wal

Filesize
8KB

MD5
08982cb84657d2539afafc619361cd5d

SHA1
b18a09314c2eb7b13ad2bc5b000447c3dedfe95d

SHA256
c04679d7dd00edf6f751543e68c392da16c7c2f87dc4de5c0e161bee03ac8fe2

SHA512
917904b387ca79aa8f2f8d807ecb5a9970710407029856233b58318dad338ceab42e4809a0527e3ed398ca689b55663a639f1b0d1104f706a8829237721f8db1

Download Submit
/data/data/com.wps.excellentclass/databases/mistat.db-wal

Filesize
8KB

MD5
812d6a94898257d09416e05aaa9287ed

SHA1
25669a495db3d46ffc441d3ac83af542edb443d6

SHA256
adeedff2980a9b65980703200c720e2fb4c3738879ea67aa9786727d3e153321

SHA512
80268a26f73e5053328ca13af674dbb8e3b1608b14238852e2404b328b1feac3c804e2abeba04407cbbe15ce3e276285e2f41ee4e34ec2c38321f925ff36c77a

Download Submit
/data/data/com.wps.excellentclass/databases/wpsexcellentclass.db

Filesize
56KB

MD5
ca6d25305d248b23c221033c9ff82a71

SHA1
56bf08d1b57097686e52764fc9ce2b49ea4d5cc8

SHA256
363032039f499836dfcd8fd60df645764dee0086a8e2dabaf8df700bb45dd96e

SHA512
509bbf28be291472e4e4f84f79c5de10d3d26f8a7cf101a4bce1bb960967fa163f25474ca5f02f5c489b078e84a208a55338099b7a4e8b7ead6d4018fedc699f

Download Submit
/data/data/com.wps.excellentclass/databases/wpsexcellentclass.db-journal

Filesize
512B

MD5
a71088363bf3757a726138a1aa57f495

SHA1
c40d6de58873c7577111f4811be9ec6ba3c2ef21

SHA256
9e9e64dcf3c34814e3109ff05fe14aa29799d367a1352f7f0c7519a675516e59

SHA512
8f0a7b8e94bbf9e9e1e267b5cac77fe8525d6349c90bf2ed6e6952c6b7b75ba3453fa5fee589f9ec637e5d1dd251b656144f387dc52030a8c216174fca7233cb

Download Submit
/data/data/com.wps.excellentclass/databases/wpsexcellentclass.db-wal

Filesize
68KB

MD5
8a5e9d62c8987869a4ccdecade24f110

SHA1
568a294510db1545d8d030ab096ab92e7b7913a8

SHA256
63ec1fe813223392081557abbfe798bbe2b6d6bd29c4718bcd6e0650f79550b5

SHA512
8f307450ff0c7960276af0e9b10bb330500c0d14c1c5ea86b1bcfb2d30dedb19b765f23d8bea506e69596854616db0939e359ca6f9659fcb0a3f99f5c17d7271

Download Submit
/storage/emulated/0/.GidConfig/gtdid.db

Filesize
115B

MD5
7eb1d9f8beb0a7eedae8c6cbe6cf7a50

SHA1
9963d11532eda1ea099224abac05658524fd5bb7

SHA256
c331a4ef3196af48dcb74e3bb28d169d236ef17ff55a6c72d0b90768776fe5b6

SHA512
668d2e8822b968123059f562cbebc4b96de4cf0d0c856b740b08441cf76513a34996cca02ddfa7b75ddfac254a374a9a2e22dc5a14ad6492fdada0f73c0313be

Download Submit
/storage/emulated/0/.GidConfig/gtdid.db

Filesize
264B

MD5
4abfd444556be574fe227cf3f9fd2bc7

SHA1
d59058a3b83be41f603fbe579450bfab70eff4b9

SHA256
3283e07c8a99aa383d0df1373c82308af62bc282a6ed694ab96136d74ec87915

SHA512
6f1394d41c7e2160f9a635f9afe9f22cf94a51f20639c8360063a8596fe959d6e1814f8938a467bb9ce4bca9b659f9587d4956290471383a80e02fd4cac379ad

Download Submit
/storage/emulated/0/Android/data/com.wps.excellentclass/files/tbslog/tbslog.txt

Filesize
8KB

MD5
fb5459116ecc11b277af6c78090cb48a

SHA1
d3e766aeb8298ff2174bf6e7e3d703f492ca2069

SHA256
6bac8e902a2692750d3b9701d06ab8969031bad0f15cdf6cb05572b59a2ce354

SHA512
0b0244f43e15b531dcbb1f74cf4e29a584a7981374fc8826325513f51d14d2a51d31c72ea1c54cd6d9f5c6cf179571867415755b04a18084b207f2d93ecd11e6

Download Submit
/storage/emulated/0/libs/com.wps.excellentclass_.db

Filesize
68B

MD5
f2bf778b5d689c5353003bade57b891f

SHA1
6f7a80f919e1255459a0183fdfbe24156f8dd2ef

SHA256
7ebc22cd8b94138bc69fe6067abecf725f3b2a1e778a6c8f0b6e0bb799a83e4b

SHA512
387e44e4f9ae62eecd72e9baf368a70e6093ec2442333263184fef29a3eea84f125a886918493889a3327d38a332e0439a5041755069ce174b1e012a2ec3d2f7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads