b388e52a6b3fcc3536dc5293dfa11aa9b9be0c874b657f158c01e8e3ecce93f3

Analysis

max time kernel
140s
max time network
178s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13/06/2024, 07:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a46685d937b9fe6cb1babf3bd96a6742_JaffaCakes118.apk
Size

11.2MB
MD5

a46685d937b9fe6cb1babf3bd96a6742
SHA1

8285d2d94501bbda5b71453fec1991bea7b4fa21
SHA256

b388e52a6b3fcc3536dc5293dfa11aa9b9be0c874b657f158c01e8e3ecce93f3
SHA512

f35a33732dd9190b20ba39ef5f89aab08411b7c9520262c2175c1d1fddbb68d3f6712b8fcdebdd03b990f2ac82eaa4dfde9f6a3bc68a63e3b7f83efc8c45704d
SSDEEP

196608:r9QVEMwjoCDHTUmcOP/JCJx9NMkW1ak/flohPbL3bmIsfIgQ8EFqL4GjUPHGC6Bw:rif7ugmL/JCHYkSnXl8PvLmIsf7QvIBs

Score

7^/10

banker discovery impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.chinat2t23808yuneb.templte
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.chinat2t23808yuneb.templte:bdservice_v1

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.chinat2t23808yuneb.templte

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.chinat2t23808yuneb.templte:bdservice_v1

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.chinat2t23808yuneb.templte:bdservice_v1
Framework API call	javax.crypto.Cipher.doFinal	com.chinat2t23808yuneb.templte

Checks CPU information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.chinat2t23808yuneb.templte
File opened for read	/proc/cpuinfo	com.chinat2t23808yuneb.templte:bdservice_v1

com.chinat2t23808yuneb.templte
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4267

com.chinat2t23808yuneb.templte:bdservice_v1
1⤵
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4314

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.chinat2t23808yuneb.templte/databases/database.db

Filesize
20KB

MD5
6a33111595b8a030280c63f8b5ca8997

SHA1
db9f9da92efefdc5e29d9b2c6dd12a71e0fa6d90

SHA256
816818d34ab27b23587e892c11faf59da75fd73661a91754d9c34fd815a5695e

SHA512
08fb05153ecdfb1d499ae8533003a39aef126b2dc2afc4b022fedafb53a75212955e3df848c7c8f45ecbb19454ef44e97796cfe0df5362382f7843a05b3a199e

Download Submit
/data/data/com.chinat2t23808yuneb.templte/databases/database.db-journal

Filesize
56KB

MD5
72093b44946d29880655f99c388ffbc8

SHA1
b50765c1e680a75544f122cc886669a8efff5d74

SHA256
dfcd7cddae74ad6c7ab15d2b921ac926e4617e90670d14d97d0a5a8697e27177

SHA512
007f31dfe785c2e1df40483629298e32dc5249f97908eedebee33b3dd4a83a3efae2f0f8de53e45146f69079965e5b5d6ef3aee32ef409bbc80da37fe1019e6d

Download Submit
/data/data/com.chinat2t23808yuneb.templte/databases/database.db-shm

Filesize
76KB

MD5
0b2bd2be6a028f074d773cd275e2fbd2

SHA1
cf8834bac8118ef82ad9c63e0d1f1126df56ce72

SHA256
364ac5f94ba1d4d5a26174a828415605d375235a3f3395a0147058b88c6c0f21

SHA512
67013c94b10a727fd05cbec48a7b1408f7de25201dd50d6bd4ee5cf1cd82c4f79c49fabd5d1d6403252630c27269d3ee2bcbc588985723f943c0f0f7de892820

Download Submit
/data/data/com.chinat2t23808yuneb.templte/databases/database.db-wal

Filesize
32KB

MD5
701d995e7efb93789b91d9637856dad8

SHA1
46851da3ac3b90a1323e724808da3a1b327dc4f2

SHA256
5ed4dc78287ef1994ae67d324b6e11a9be8bf9eddc73ab76a7f988028d72ca57

SHA512
c589941374b2590b65675848b11ead170583fc37e61833a17d6bb0724bc51d6d233ed344ec5824ff933ffbbd65c161db62f9f06b4c3e7108fbe167307ccf1f49

Download Submit
/data/data/com.chinat2t23808yuneb.templte/databases/pushstat_4.6.0.db

Filesize
32KB

MD5
bae99c9ad96072979500124b2c5a7a06

SHA1
7a4868ab4797fb84493a1367bf991b25402faeda

SHA256
ddabbab1e744a42a6179fcd4491a05457a40acc98046fca13f3ba8019ede07dd

SHA512
9c87114e2758a4316e0abefcb9f5d22cae9aabc69de44dd174b731e54519bc0bcd835f64a44b4cb8f4d425e59b7c7ee8f2bd8829fdfac982e6454cc584f0d838

Download Submit
/data/data/com.chinat2t23808yuneb.templte/databases/pushstat_4.6.0.db

Filesize
40KB

MD5
4a8dd68fc4ca419f6c1d386cbb11459c

SHA1
134e958d4bb38618b32553bc2ce907034bc62e93

SHA256
14f49e7dc34978c25cd3fc2d552424b2348f6e6eeaed7101cc8a05539fa1a0ef

SHA512
79e8aa1e11c59b095de679b7cab962a288b2fc4ee42d84cebdd922226458a72feb6b30031fef6aab2efc3b289dfe42149e4bf714d37a884bdc779a27868ecf75

Download Submit
/data/data/com.chinat2t23808yuneb.templte/databases/pushstat_4.6.0.db-wal

Filesize
12KB

MD5
6ad551b7d985ef82f05f081ad0fd3767

SHA1
c02861fbd2b91aa2b9466493e26d04d43c62ce8b

SHA256
6fca7a071f2845318a405c71114de8962ea9e33cd556a8acf829d39b6f5dea7c

SHA512
c083930d143c0033cd50e450e344c8eb81fc05abaf9bf2504302785d6a8655218f33bdfb46328f1990106259e59ebb3e6c220a0596cf9c4fd6f97c0948ec3c18

Download Submit
/data/data/com.chinat2t23808yuneb.templte/databases/pushstat_4.6.0.db-wal

Filesize
32KB

MD5
215c0d56f385c7f8bb9a83d9c24f45da

SHA1
ada2d46ff2a157a40820d2d6767185d667c26804

SHA256
bd390b0639eb3f6029fb2b98d474ca2e1836f8ec7a7fc01c2b0862e4d2b7f672

SHA512
409314b9666322f95f42d4f1353a1bf3448a14e8baee25fd860d92c381cf9f710de07c349c21e698da87597a88a162ba5ea3cc3f74f8db5e3212d103e8d0c59b

Download Submit
/storage/emulated/0/ShareSDK/.dk

Filesize
32KB

MD5
2bc335b9ecf0f478085f2cfb59b40535

SHA1
8740bd07ef6f9896f926d8b606e7ca5ea1b6b4dc

SHA256
0a9d3c1f05d06861ea4b33dad8759ae0d9265df10df23723587223b14dd78ccd

SHA512
70c11cc76d8df82e66b97a2f593d7e94cdb691f8de2901f92a15be0f393e43ec996b2fb5772b1409e1b6c30df4b057b845079f6b34a1f5d155e72f1ff98eb5ca

Download Submit
/storage/emulated/0/baidu/.cuid

Filesize
89B

MD5
e7bad85870578aff6704f3250308110a

SHA1
484a1fdee427abd537a4edd019b871a1a8ecd7f3

SHA256
b7b8ba1ab7bb69491d9744c2e35a2ab63b5570804590e47b210e69598ad98879

SHA512
856655715053c8a1fe4a0430b366d534ae2f66f7c7ccd8f7fe219db1094adb868b54bf74b571fd8316c874e7fb1103dfade9241a3a02e97c09c7fec6d3babcbe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads