28291d3743e9d41cf7a991c2d84c815bd491b8e71039de62618d180ba6d39adb

Analysis

max time kernel
63s
max time network
146s
platform
android_x86
resource
android-x86-arm-20240603-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
submitted
11-06-2024 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9cbad43839fc84b1afd2e51bfe825ffc_JaffaCakes118.apk
Size

8.1MB
MD5

9cbad43839fc84b1afd2e51bfe825ffc
SHA1

3311d2e2bb7368a9dbba2f1cfdd313d917fe14a6
SHA256

28291d3743e9d41cf7a991c2d84c815bd491b8e71039de62618d180ba6d39adb
SHA512

c0afaaba30d48df8ce3d2e1d8179aed695ac3e45653e5dc964c8e80fa0b1ed06dab837f4c986c39987ba6d0762d2802969962e9b345c5d233f23678e1dcf93ac
SSDEEP

196608:OivN/fOLIglltkhWIlocYZDnHwpjDZSQkvw10/4hZ:OGKjYocYFOtSQJW4Z

Score

8^/10

evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.ismaker.android.simsimi
/system/xbin/su	com.ismaker.android.simsimi

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ismaker.android.simsimi

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ismaker.android.simsimi

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ismaker.android.simsimi

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ismaker.android.simsimi

com.ismaker.android.simsimi
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4325

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ismaker.android.simsimi/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
6f44b1d4dbb8a9ef74b7b8f96f73e31e

SHA1
ed3255ea5e27d3430dcf681c9c9f58db50016f63

SHA256
1c8116280fffbc3647bdfe291549401519dd88d7dd89d3a680fbf485e2ceef0f

SHA512
e188105d87c78f27cc2347d25330de3b2487b7c71e6453c6cd3e804d47303090bc9416ab3ad8ffbbce8aa6eda1308fd76b59b84fe788257a2b39c37e18ddc0df

Download Submit
/data/data/com.ismaker.android.simsimi/databases/google_analytics_v4.db-wal

Filesize
60KB

MD5
b4033548e2554a07c57eb7c22960d06c

SHA1
05ecb440880a993f880609a181c92fe9f73e1f5a

SHA256
4f410b15ab9628435b703a69d880a96f8b310793b7eb10276524bdde5a374bc4

SHA512
d3611d336a83f6b9a5b1daf218b74373bbe5f24f10827fca7159eabaffab249ae35585ad3646bf2d0f96d06bb8bfebdc6423cc43cc0d391ad89ac7eddfef4732

Download Submit
/data/data/com.ismaker.android.simsimi/databases/simsimi_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.ismaker.android.simsimi/databases/simsimi_db-journal

Filesize
512B

MD5
85f67915a0af565fa7a3fb6c12ad0d1d

SHA1
346a928263dd53438586030c8e615bd14ac04a4a

SHA256
64462be3c650d2ce0372412c5f50d09f3626c86b3e02fc169fcdf2893cfb050e

SHA512
97d3e9421f784664753ae463fb0d45da661168213ea3520d9d5b4bcf4c5e89506e9cb825b2d4c1e4365a65450ea6133e40fe82d6ab2f783f1f6e5f0de03f4c8c

Download Submit
/data/data/com.ismaker.android.simsimi/databases/simsimi_db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ismaker.android.simsimi/databases/simsimi_db-wal

Filesize
36KB

MD5
dad9cbf2028c24200d19ba56da7dfa9d

SHA1
0bfa7a6865f7d85363845a44b6198c9560c5add7

SHA256
ffedffa7d917abc624afff29b258c270970e39e2879a6291a1da3b050352628a

SHA512
2735da3ca496c884f4dbbde2a7445c048fcd14089c89df4d06ba07830a3e14997683df3c868a25e55db4d0a74a0db1876a9d517d4fdcdbb605f7e1aa862c9825

Download Submit
/data/data/com.ismaker.android.simsimi/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6667B70303A9-0001-10E5-6EBD139DCC1DBeginSession.cls_temp

Filesize
77B

MD5
725610af3bdd617036e48213ba5e93c7

SHA1
a1b7c593458499519386b464e21685fda6398f21

SHA256
82d043016f4dff3c8f0d38bd1087643ef063f908f980acdc9f7164cf459c262d

SHA512
7c8eac490f24ac1b00e7e47615a5deab43158eb064fbd1ccf27bacf68fbcc6701c644b2bb05696732513e18ea471e71e1e39d5bc12ef3481cccd3240551e9a84

Download Submit
/data/data/com.ismaker.android.simsimi/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6667B70303A9-0001-10E5-6EBD139DCC1DSessionApp.cls_temp

Filesize
125B

MD5
77eab8e5720dd176a01e07747e215795

SHA1
de2e8811ffd219bdff2b71b0c3acaed22d347104

SHA256
051c58512013dc78a1397b005b0c8a37a018caaa49f981f52868f15277c33d83

SHA512
3a4cb69741b2daeb74e4e0b13381c8f5b85b20048615951f05d501a73934ec28ad4d16b1cdcac5ca150fe83e26900733bdc47ead9dc7defeed061b0fefb90627

Download Submit
/data/data/com.ismaker.android.simsimi/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6667B70303A9-0001-10E5-6EBD139DCC1DSessionDevice.cls_temp

Filesize
144B

MD5
05ed144add63c2c250803ad6f249303c

SHA1
e576edc761dd24dbf374ebe52bfe1efc18f8208b

SHA256
e84b7f55968cd3da9893c89cf54378a552b255f69372b92415dcb6ea882f9acc

SHA512
999ec8aced654d36f83951dde219dcedfba59a0de7fdb00d4680160bb5eb6bffbc25b8dddfcab8d257ec9f2531cd59ac534c19c3012fc37901c67fa5d4134024

Download Submit
/data/data/com.ismaker.android.simsimi/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6667B70303A9-0001-10E5-6EBD139DCC1DSessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.ismaker.android.simsimi/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6667B70303A9-0001-10E5-6EBD139DCC1Dkeys.meta

Filesize
133B

MD5
3c925f4b5dc8224c78ef568baf6d6a4e

SHA1
263679ef9a88364d3f99ff80a2f99115a627a91b

SHA256
7d124d354394d137c20f0bcf2c4d9a01d7e9a095029f17b489611e7063273070

SHA512
bdc25a82047ae2ecfd8641f4695402ec8475e85a12c8cc6107524fe4a817e7ccab95906d480a2f0d7f7e59aff209f197898194fd47157058c83f006a23258e17

Download Submit
/data/data/com.ismaker.android.simsimi/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
547B

MD5
2da228f829651dcfe94434a128c61d93

SHA1
72e4c21624ced20a32255841e312d6178b5d3dd7

SHA256
27f4b6fe3a09af9112000c5499cf635ce6f54d2ba8ca1f07233a99594b756e41

SHA512
b8482de44f6f8ba41b5561af67f06a4aad3347a1efc7ac4502c1e034c2c794cd3e5dc4de0815eb1eea20fec89c9b9ffbd836c2241c66f420981a30986cb23448

Download Submit
/data/data/com.ismaker.android.simsimi/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
5KB

MD5
a982e6b2e1c28b4ec2168ebb543bce2e

SHA1
37a11fbf71a8a281f6abb72111aeae910683e7df

SHA256
5b9ee90bd2a654d19f0533e04ed04eb9f9eb970eb967c9391f5b7d14da98f5f0

SHA512
080529ead753343d38d9e9b03174f47c31963aab7b0cb1b99972339f3e8a28d5cb4dcb306f440726de910d3a5ffb126fd941c459d2abda45afa66d774bb9c595

Download Submit
/data/data/com.ismaker.android.simsimi/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.ismaker.android.simsimi/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_ff3ba2b6-0e78-4c24-b2e6-599aff8cd637_1718073093140.tap

Filesize
411B

MD5
6bbc36ed64f636c8a5e0ab08ea8b5890

SHA1
637525bee76d079dd5b0d5d9b5c00174b725a4a5

SHA256
00de82cb07798b3e344d1e0bf7dcae9ff1e80dbd7599e6e7a39d4f1d31916636

SHA512
2ba17dd848a8877b10d49061a4d3268a6eb18d01d896642a1749aa79db449d1f5bddeff1a30a9a462737e6da66309198d74fc72f824c515efbce82bd78d3bf2e

Download Submit
/data/data/com.ismaker.android.simsimi/files/gaClientId

Filesize
36B

MD5
5ec1e2e86401d8a10538cf31b9ce2c55

SHA1
2d18b2761b374ff8bfa777cea8b795351c006346

SHA256
0403702633ce9cc43b73d03ca0e8af585eb39e30bf70dce3ab09085b8e20cc22

SHA512
091960e63df092bd7d20f2f8bf1ec55f6b48abe4012a2479b56cda90bf6400b0f05290dc545bb52029ef3a82d502cf585c7b6156e263135cc3bb13cff7baa083

Download Submit
/data/data/com.ismaker.android.simsimi/files/gaClientIdData

Filesize
32B

MD5
f68e8b03a3e327e5b97258530d0f4395

SHA1
5d4369be1b1e92562ed97580b81466781f5be729

SHA256
26297d16832640df1e9145de11d721041554ae2ff5b047bc782dabc653b4406f

SHA512
cf7b65e483f9cade476cacc549a59dd8a67980bf8dce47dfb5723f2ebf42b62d25b7bd482585796c08b148e1f856da1697110dd26d3a5ea7928fe72f55ef2571

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads