a5a413c35bf5b839467ccb2b6b46bdc364534f6aa7cbff4ec8cca5bcdc07f9ad

Analysis

max time kernel
179s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13-06-2024 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a733f33bef83dffc4de93c9d10b91f58_JaffaCakes118.apk
Size

21.2MB
MD5

a733f33bef83dffc4de93c9d10b91f58
SHA1

6e698fcab34dd127dfda74bb524f40267afd78f7
SHA256

a5a413c35bf5b839467ccb2b6b46bdc364534f6aa7cbff4ec8cca5bcdc07f9ad
SHA512

0b4f875f75433873ea3f3df1e2c279d186af09ad47d29f9ea2e9d861e14312fe4277f7599ace57e8f292e951009f333134360666cac6c1673cffc3c97b7654dc
SSDEEP

393216:U4keXvNlfLbGEb8jJL4C0maG+HD9H6r23mw9MeMGLUR/JrK0+z6KhbNbMAMrm/rj:UcvNlff5YjJLmbJj9Gim5eHL4/Jilhbj

Score

7^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.imoblife.nowcom.imoblife.now:mobservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.imoblife.now
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.imoblife.now:mobservice

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.imoblife.now

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.imoblife.now
Acquires the wake lock 1 IoCs

Processes:

com.imoblife.now:mobservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.imoblife.now:mobservice
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.imoblife.now

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.imoblife.now

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.imoblife.now

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.imoblife.now:mobservice

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.imoblife.now

Queries information about active data network 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.imoblife.nowcom.imoblife.now:mobservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.imoblife.now
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.imoblife.now:mobservice

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.imoblife.now

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.imoblife.now
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.imoblife.now

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.imoblife.nowcom.imoblife.now:mobservice

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.imoblife.now
Framework service call	android.app.IActivityManager.registerReceiver	com.imoblife.now:mobservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.imoblife.nowcom.imoblife.now:mobservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.imoblife.now
Framework API call	javax.crypto.Cipher.doFinal	com.imoblife.now:mobservice

com.imoblife.now
1⤵
- Queries information about running processes on the device
- Requests cell location
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4271

getprop ro.build.version.emui
2⤵
PID:4327

getprop ro.build.version.opporom
2⤵
PID:4350

getprop ro.vivo.os.version
2⤵
PID:4368

getprop ro.smartisan.version
2⤵
PID:4391

getprop ro.miui.ui.version.name
2⤵
PID:4452

com.imoblife.now:mobservice
1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4500

cat /sys/class/net/wlan0/address
2⤵
PID:4587

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.imoblife.now/app_crashrecord/1004
Filesize
225B

MD5
4d0cf3d80a44241a2dada3ba53c7d9a7

SHA1
a1452eb1a9afcbcb3364e2f4523a07f963366634

SHA256
25fe7e9fa531334bea8a8c6f3c8f83246970349038ce2e067d931e7a001e866b

SHA512
7bee1078ee7c2396deed5cc3417618fdfefdc85d351f56862dd5b1b31cf47543a9f19425dd3877a74a6f6e267e98c728497b0dfbfc16712db8938b5a12e82f29

Download Submit
/data/data/com.imoblife.now/app_crashrecord/1004
Filesize
58B

MD5
72c08fb54cefb17c3da6f70760135860

SHA1
546316ca9abd97c51b9ae0a769347c3181fe9182

SHA256
5735a0cf00f899c983b398ad221ed2cccb396cccc18bb764710e936aefa44148

SHA512
6a39bbef9083f03d44e7e5eb6b55c7d8435e401fc8614af1e19374f3c024cbae6fe9a15123e630d573b9edc998c6ec11cfbf0653ab876ba57c4c07b292b8a443

Download Submit
/data/data/com.imoblife.now/databases/CN.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.imoblife.now/databases/CN.db-journal
Filesize
512B

MD5
cce3492092fa4fb23c2131992c54dfae

SHA1
868d476fe038093660361354cb8e5feaa9d7a617

SHA256
59ca0794a26eb75b25a2afd631c47f3519a339ed7bde8b558947676ea8a5f0fb

SHA512
5980879d5e6f4e42f20c5880f3d9aa26816b2c75677a6817cf2c6b5a07a2e4c95cdbc9557684ddf1edb4813a5d397488e2e9971db07d7fb348cda9eb8f4beb59

Download Submit
/data/data/com.imoblife.now/databases/CN.db-shm
Filesize
32KB

MD5
669af22191be35cab690f855a8b5b7b6

SHA1
6784c53ef1bda67b997472585ab204d76a1d7c51

SHA256
a078d51d1ec747a2503271a81f083ec72fc08280e4fb4b154699edb230489557

SHA512
293fa056c6566b5cd0e2dd9217bb4462009f177b063327f40b0177cb5b5db9692e14c2a8764a89ad314d4b90ed80bf72ab8318bc2892b32f353d1a4cd80aec4d

Download Submit
/data/data/com.imoblife.now/databases/CN.db-wal
Filesize
213KB

MD5
7820616fe7ee8b79e7218882fd4c9ed0

SHA1
86ee880982532e38daf1b2c99fddbabf824d0826

SHA256
1412e1c1c3dbbc2ef3009d7baefb24df9d49126ff186c53276b1175d28f6a10f

SHA512
1040a5f2ce0e42ff0c268c023437c7a107e1291d7f9927c40664466931f046eec8a3b83f8b60b7ecd53c825bcb7950e6905b4ec363a092a429e745b018c5bb52

Download Submit
/data/data/com.imoblife.now/databases/ThrowalbeLog.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.imoblife.now/databases/ThrowalbeLog.db-wal
Filesize
32KB

MD5
9f52c4a8842760f72c3980f574306158

SHA1
e93cf950c203de0f060765f3128ceb0c0308ecef

SHA256
f264fdad49acb4e22d5700ed4377edd34440dd7d2fc80ac30e11471c876437b3

SHA512
0c5e5a6f32872ac5039a10140e3f87550deaa74165594afc8191b2a1258ae4cca0f8194b0888f4f4e0b5d67b81cff4459da7a7cda44959ce271f3caa0e38773f

Download Submit
/data/data/com.imoblife.now/databases/bugly_db_-journal
Filesize
512B

MD5
5863d3329548996e17df197c52db8cc7

SHA1
8da4a9ad098e0205365dfba5591fe65c472e2a8d

SHA256
d876fe4986ee810f4a924d21edf24e911988770ccaea348385163233113b6869

SHA512
de9b392e5c5f77dffd6cd3ff4921b67b82701f5eeff9918eb76624dd5fe195cfa8d4a31eefe3fc5d51376c5e78dd6ccfe0b16ac85c4f712fec3ad766abd747d6

Download Submit
/data/data/com.imoblife.now/databases/bugly_db_-shm
Filesize
28KB

MD5
670d8bc46551c40a1fb9ff8ec4b72092

SHA1
82253b089122b4d8c7ae61dbbeabd9d037ddd49c

SHA256
ca2684e4da544d08c906c70f147d8dbc91da3a7972d255e6a00e1c99419f78e2

SHA512
4977d35230c533e26162cb0e4da38345a23a87ff41510685e755a52152fc78d0b027e8e8942fe10ae28fe332b16bb9a7ba0c0644ec0efd635d579515c3d5df67

Download Submit
/data/data/com.imoblife.now/databases/bugly_db_-wal
Filesize
68KB

MD5
a02665f902d8a4d2825efc8c6b4f041d

SHA1
8d56071963dffd998c0bbf3b81154c269dcb7880

SHA256
302a9ba1ee3f5b0646e41ceaaf09ae4d278ab4c4005d4e9c2d312cb2ea644c80

SHA512
04875c309b7c3330a2fe162378f9dc655e1a15f79edac86f72dbee99d676b537d250ffdafea0f4623addb3fb510aef43149774ab97848c6c814667662b3a6325

Download Submit
/data/data/com.imoblife.now/files/Mob/mob_commons_1
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.imoblife.now/files/Mob/mob_commons_1
Filesize
781B

MD5
ad62b5902dc3699c7a720a9541cae69f

SHA1
740d9a07df6ace523352585783d7efe9bb8c7b67

SHA256
cd64139ad6c7a3a3508b57432f6ef66b44e3f9f3018e55ce0939638ffe31bc12

SHA512
618d0828ea786f000385828b0988250fa50c222831d56de819cfc00b2c70213e0f9695288371da1f6d413a396d946b9ba8630e1355aa5b0ac5eb73485fc364eb

Download Submit
/data/data/com.imoblife.now/files/libcuid.so
Filesize
512B

MD5
636ffc612c2a48adf22480545a9703e7

SHA1
c1b802839724eb08a840d8d55b6ba8c940f77e2a

SHA256
b4e1a26a0c6744d80ae8637f260b8debde8a7a18dd912ab6f7b5488481920441

SHA512
75b88750965377149291d41aca701573a659e91c9cb52e67db4545ee2e7266a10d69ea2d5161ccc8a2e6c3b156f3974915172306eb38c98d73a95cdc04859a6d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
c4b81ebe4f8fc59a0ebd8cf1933365ac

SHA1
dc7e39d1d27261aa647787d724da04ebc264fa35

SHA256
7d9c78ddde015098eacc4b2f80b2874b0e1eb715a74c6d8e1e17069b7e53dcc7

SHA512
8fd9fbc79d27f3261c898360f6b1afed78898ad9214fadcb452d5c9fcc1163c23dcec86a43367a41ca9f78feb17a30b9172309a4acb6e685cac68cdfe4632150

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
22173e0d162721a62098064362dc721b

SHA1
cc9d8d9867cef7cc5b2efe3df493f777ada3550a

SHA256
d5119c06f7da2e82a7e2e91e01575a7ae5540f2a04a38f5060363619c059a854

SHA512
e8db9d8a6f327ec9917b0f796bb9e726f3a372f986f35f35f2e44c175e6e532b43f57a85165551f5562e7fc1e258214d33287fa98d44ff07df32813cb44f6461

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
06a2df511c98da40cf223459e99ed45a

SHA1
151ee4a7064ff1e1a54f8443acd656d8257cddd3

SHA256
acdba4832b6cdaf9cd189c80b0685b45fd3bc6a3a1aaba53a3cb233e90cab5a9

SHA512
5e0f2e8a1b3a1fcff9a1120b6d4ea14171ba753c55e4bd826743d48651ebcc381bf4ddd5db73206fdc72593a4d209d008a9c81908ac44a3cdaaf0a38fcbbe65e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
69497782bfdfd40780b5aac83617748f

SHA1
36f95ee1e0696cddd411d20c56f6922d4db89a13

SHA256
460d4bdfbbfb4805baec996bce14174868ec3784136592741b2845005ab9fb48

SHA512
1f627592c9e254731882da98113a40b3bcd59acb65491b6902eb553ae794540a0ac2039396dcb98f81a357f6ddebe122c6c63e7466835931cbe28a5a087c39fb

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
125d2cca296f4abd288a045b3049a116

SHA1
62fd1ba0941833b33b13ef51bdf226f5ccc10fbf

SHA256
7bcf603b5255be1b141e59d7f7f396435d273854ceebb459feaa15fab1aa36f1

SHA512
c8732f5ae029c645c85bc352131263fad5fe135a77ff88625c65e677940ce2fe9bb2484d549a7215a720e4d290922cefc93a9594dc4e31e4ed9196cdc23f2831

Download Submit
/storage/emulated/0/.com.imoblife.now/icon_share_logo.png
Filesize
11KB

MD5
cc9a812f05fb571c07108322745ed772

SHA1
a1e4ed2eb4f5498754c050eb521ad5e8bd1ed72a

SHA256
6bca4e2836a7717347bc03816d26c3c1351486c67381efa41b31a65e8c6976cf

SHA512
f819db7160ee4a5dafab87fa69b3d7d2639c8cfbd4218798682c603a0e18272e4846a80b148cb7f2d884d3d558df4474c4dbcab7f6ec156d92bc2eaa399e8840

Download Submit
/storage/emulated/0/Android/data/.mn_410185822
Filesize
146B

MD5
e306643fddf9034d1b9cbeeab206e99a

SHA1
be6d22d3e9c9a63bc62b596bb8cfe37618aa3a58

SHA256
43c1918cfb4474cae280902e3408e49b9e77df30c3ac2c91293b0a62cfee01af

SHA512
1f82d24f057ee2d1d4249d329db06c0b8337b271c8851960228f1fba1e14521c2c59db6b99f0654ba2e28843e93a4255e12fd9a6f006c23b1cef0a1c6f500fce

Download Submit
/storage/emulated/0/Android/data/.mn_410185822
Filesize
194B

MD5
c47d105125748de649b5ea73a4a97c18

SHA1
9c0360623d315f81004215b63f239c12785744ce

SHA256
b2262845fb4b0c438ff470be8ccd7985c9987bcf7c623a50be12c315e2518410

SHA512
6c89e5a0f57a42784e8ab386d05f77cd3e9d6f95805aec6c0ae4de9e8921d2e0ee7e4bc395e8f8b361df9162c4a4b91d3d4f169b7025dce6e32f03dfef1e1c09

Download Submit
/storage/emulated/0/Android/data/com.imoblife.now/cache/nowCache/journal.tmp
Filesize
82B

MD5
4b7cbaebd7d42a93bc9faebb2225ce37

SHA1
1f4674b84ea6bf7349a6d774f3dd5d250b08be32

SHA256
ac69c8e697397d42dab3b66286dfdb5a8bb27f2b4054b462fea808d919906f1f

SHA512
068e39bb816f1e8a502608154c1f53d0a0c4fbaa9e9c63c2dc981b31b9fd64f949aef3210fcb894eee7d6ef42c3613211b480dadfade5b80fa9a1fb69e85d475

Download Submit
/storage/emulated/0/Mob/.mcli
Filesize
98B

MD5
48ed845883b704d352f882403913d356

SHA1
c4f74094594bd1ffd45325e9ac4753e17471e9ec

SHA256
59803c2eaa0a13ad354a1834720d0ca12e4e4bf29a48d4e4749d956569bcb64f

SHA512
e9fd3010b57e1b91b82ebb85a9b423684cf36a87a9b8ba339163a33da6a429de5e417da8aaef8f1e9b22b11fba704951093d090bb8048ab6102a3a17655acd60

Download Submit
/storage/emulated/0/Mob/comm/dbs/.duid
Filesize
132B

MD5
8e3277a0ea3e75cefd549c7ad3dc755c

SHA1
57a00599e4a3fe8659d6f89786dfc1ba6d778516

SHA256
2fcb9b7bfd52d2a9b93712fd29458b32c5d71261b7c5cdd87362ef8e78b1f247

SHA512
7e1dca6851a2735e9c0e884e74cc96b0bbdb697aaf83ea3cfa427a3e99d7c2847a0b84f2b89c7156b3b78421a3e12fdb36a4c933c5e78ad89b912d079291b0c8

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2
Filesize
109B

MD5
69684c83ed5e0ec20cfa736b1c35524f

SHA1
f13119015c706b07074e245a748efd37bb9b9fcc

SHA256
bfec175c5db0307c885fc0522d22e66bb2b4f83d7423ec9a51dc766e11716c4d

SHA512
9d7ff50d96f6ff6c8eab048e4d534e664c4bb59d371633246d5bd2a8c7b9d5f14b334da38cc6daaa2cf59d061fc4bcfbcbcfe88969418517378fe02b9a39ce4d

Download Submit