d1ec09f6af50a001be1fe9aaa529719c15b048a9d4af8108375d8fe99a2e8c16

Analysis

max time kernel
4s
max time network
138s
platform
android_x64
resource
android-x64-arm64-20240603-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
submitted
11/06/2024, 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d16ba7afa6f0abea72e9c95d28beeb9_JaffaCakes118.apk
Size

13.3MB
MD5

9d16ba7afa6f0abea72e9c95d28beeb9
SHA1

b8c3531192a1f2673fac1a37c7d86708ea8eac7a
SHA256

d1ec09f6af50a001be1fe9aaa529719c15b048a9d4af8108375d8fe99a2e8c16
SHA512

101680c9328b7535ecab4b40965cb3d6372df35d2f02132e32b3adca13bd9ba8958ea16984a93caa5992b87c70bc9af30a7e3715ee2d49f910739f6a39f0c723
SSDEEP

393216:ajC62EXHQaTPPdygR8JoUa5hnrfRiEvoSHsn2:IC62qHQaTPNR8JoUQnr5iE5E2

Score

8^/10

banker discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.lechuan.midunovel
/system/app/Superuser.apk	com.lechuan.midunovel

Checks Android system properties for emulator presence. 1 TTPs 3 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.bootloader	com.lechuan.midunovel
Accessed system property	key: ro.product.device	com.lechuan.midunovel
Accessed system property	key: ro.product.name	com.lechuan.midunovel

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.lechuan.midunovel
/dev/qemu_pipe	com.lechuan.midunovel

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.lechuan.midunovel/app_aisdk/_aisdk_local.jar	4579	com.lechuan.midunovel

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.lechuan.midunovel

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.lechuan.midunovel

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.lechuan.midunovel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.lechuan.midunovel

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.lechuan.midunovel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.lechuan.midunovel

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.lechuan.midunovel

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.lechuan.midunovel

com.lechuan.midunovel
1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4579

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.lechuan.midunovel/app_aisdk/_aisdk_local.jar

Filesize
389KB

MD5
e16a451b3aa12edc776003680ad09660

SHA1
80cd0c9da760b87ff100ae57e4ff2cf81e6b77e0

SHA256
a9f1752e1ee67dc095e107cb75c324132792614f6fb713acc845eead3c3dcd2f

SHA512
9f28dfdc2072bbc291f21e2b3fee903515586503184ce72c3e5d86df5adb2bcfb2d452a8f147fb0f3d9ae592327ce6ff9d444f99b5922c5ace40cffe13974588

Download Submit
/data/user/0/com.lechuan.midunovel/app_aisdk/_aisdk_local.jar

Filesize
860KB

MD5
92f0125a0b3d619d7a45e713eba85fdd

SHA1
0b4fd32e83165a97119679995aeab3a7c4c0b948

SHA256
4cb1e7422f746364c29ede6891eaca2725ae7a45b1d128322f2aeb73215aba1a

SHA512
b2e174dcc13070399265421a83fa292cc2857f2ccb122cf203a1435a88f25e50efb3147a5f325c3df72e588e4473eee2bd0fde222f413ec46b3bbb752ab1356e

Download Submit
/data/user/0/com.lechuan.midunovel/databases/ttopensdk.db

Filesize
40KB

MD5
fe3b9e255b51bd38d108b786bd62243e

SHA1
0a24d2e6bc14980312ddb53267874b837cae8304

SHA256
259851e0a157c959584ecc52ddc90c6c475413b3df0224ca0f766f3d38477f5b

SHA512
5b97de979db54b434a16efa4514c79da318c8afb6cde12eec91fec0b38d2e6f483347fec49419589f923b777e1fadeab84a466d5b898f21620ffdaf9748b76c1

Download Submit
/data/user/0/com.lechuan.midunovel/databases/ttopensdk.db-journal

Filesize
8KB

MD5
e22813ab725ba99f4bd01ac4876bad68

SHA1
fa5242dc8d5eb602c7be5270911cce06c2396ed0

SHA256
67c7f6e534d2a94fec510fdacd003f2697d6ed85b6b15ee02d9e013eaf6bc9a0

SHA512
a93bc1d4f9c606829fafb62ffcc3fb23e6ec04a2b2c9137066d8983682e556705cdb040cae3f7badf2a56f99097b8a68109f16604cd277105d02b766d98f7a19

Download Submit
/data/user/0/com.lechuan.midunovel/databases/ttopensdk.db-journal

Filesize
512B

MD5
a96605e2c31753fc758de86dea4dc5a9

SHA1
147c24dfad45307c16fa965f33ee0019f5f181b2

SHA256
a10a0614f7909fac3b43451ff2cbb54f87356c766c901f37d1bed2709fc67548

SHA512
2a76cd8d5119a0bf152949ab2bde2b8886bcb2cbad79a6db9d9a363bc660c45175050c7cdcc23b18fae498656ae594a4d567842490049e8116c8932cc73c1427

Download Submit
/data/user/0/com.lechuan.midunovel/databases/ttopensdk.db-journal

Filesize
8KB

MD5
7b5d972f92c9d6714318ccd039f64b54

SHA1
bc6b510107cd187e6b8af1279a86ef3d5e1117c7

SHA256
24bd981997d866e032bb81b417fef81b3a0c8196898646cf09db516ee164c8d9

SHA512
32ea15a894f11d7904b3b6467efb5435fecc33889719dbbb5c42185dc5d87246f70c6420e9cb7c7a18b88f0adb8996e8467275ac4d1ce3a3a328665c69b80ba6

Download Submit
/storage/emulated/0/com.jifen.ac/.com.jifen.ac.cuid

Filesize
24B

MD5
d8cdae670a32ddd5845776ac893ad3e9

SHA1
726a18e735e48ee6d799c5bf64bc042a7f4fd7ae

SHA256
617442de69b8b506c1b391a05f4299f1a721b61afe0941031f5d650db2ac9f90

SHA512
6e1e66d5b98e4630aaa3a1f564d1853a07611c2167127b1e5155f12c71e2cdae609e9ff59e2f15511eb862695456411b4f7ddeba43b8f2aeb479fb213675bde6

Download Submit
/storage/emulated/0/com.jifen.ac/.com.jifen.ac.cuid2

Filesize
24B

MD5
b470b029f4f51b0ab5ebaf9f886b98be

SHA1
098e3d817e9a5e0828c37a39e09f3c77274984c8

SHA256
99cd50e8d31d7c6a8d967f7f1bf482e9a8b147c83b10eaf211ec1bcf00012a31

SHA512
7dc9eca09e67eca37632aa78a23cb8173a4effc269f157486c8e87a6510ff58c6879fd7161dd4a2a0543e0a74e76b6b9c55905e2e91251ec7aa26c8fe99a209a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads