09d0ea53bd7a2640e3493523d4f821cbcd736effbd047c9619891dd75d4749b0

Analysis

max time kernel
65s
max time network
178s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a77cbac8eccd4a3a24da9bfb975fb608_JaffaCakes118.apk
Size

6.2MB
MD5

a77cbac8eccd4a3a24da9bfb975fb608
SHA1

434ba24e7c69787414584e65adb13bb482287011
SHA256

09d0ea53bd7a2640e3493523d4f821cbcd736effbd047c9619891dd75d4749b0
SHA512

54c2a3797b44a8c45d6e2c6f1e80d30bdfea3126223af82f62f2b66164a885e68c89a11c0582853c30b2f81e48b825210345e4a99f0a9125853ff7ece5fa13e6
SSDEEP

196608:CSuy9aWpqEQ1EqjkuPHGKdCTjt+dNYVh9mRQtrq6coNF:FaWpqgqzPHGKdndNYVXmRQNnNF

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.wefriend.tool

ioc process

/system/app/Superuser.apk com.wefriend.tool
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.wefriend.tool

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.wefriend.tool
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.wefriend.tool

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.wefriend.tool
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.wefriend.tool

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wefriend.tool
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.wefriend.tool

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wefriend.tool
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.wefriend.tool

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.wefriend.tool
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.wefriend.tool

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.wefriend.tool
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.wefriend.tool

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.wefriend.tool
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.wefriend.tool

description ioc process

File opened for read /proc/cpuinfo com.wefriend.tool

ioc	process
/system/app/Superuser.apk	com.wefriend.tool

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wefriend.tool

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.wefriend.tool

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wefriend.tool

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wefriend.tool

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.wefriend.tool

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.wefriend.tool

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.wefriend.tool

description	ioc	process
File opened for read	/proc/cpuinfo	com.wefriend.tool

com.wefriend.tool
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4174

ls /
2⤵
PID:4234

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4289

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4309

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wefriend.tool/databases/fans.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wefriend.tool/databases/fans.db-journal
Filesize
512B

MD5
7001fc61bd65766f5b30ac09ff11d515

SHA1
986d3bd72088c8445cfb94702983ae4899ba2614

SHA256
d597b2cf184ea04fa0c63d43414be9f22af69b8c92192403ed2770b2b4d38d05

SHA512
056ce21433fab6a60d52af3c5a2538997a811f70ef46200f8c90d766d52cf4478d69d7c490b27b023f196749c07a14fbc464fccea55d185d0d60cfd08a41b130

Download Submit
/data/data/com.wefriend.tool/databases/fans.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wefriend.tool/databases/fans.db-wal
Filesize
32KB

MD5
163d6a7e1df26ed55b0824be2b302cfd

SHA1
8cf95f601b62ec3f73dd376b757ebcbc7f1a4391

SHA256
d426f809f259d7c57216c1a211c6b983f42a393371b7116737fa82f73b5cb3e2

SHA512
cf1e07d49f6cb7a2bb58eb8268cb1c26d4013df40467d926eeb7815adabc39f71069d54691d303c21b02103b639d44b032fc70910953a438dc6d268aec8269bc

Download Submit
/data/data/com.wefriend.tool/databases/phone_list-journal
Filesize
512B

MD5
07d85d3b90df78c9ff44a0cbcc40826b

SHA1
acd2629dad49aa1bde05a9519973b45eae2b9638

SHA256
758682140feab7d4055d27fabb0d3269b22201737d945e340f84212b8e605101

SHA512
c06923e0535cfde9f955e72199c1d0d67211e9c7fe0d79342e239a3bbc0f28cc270b1fdbd1c18bdef6972972ff7f80b559cd455cafc6230f9a5067c10e461732

Download Submit
/data/data/com.wefriend.tool/databases/phone_list-wal
Filesize
28KB

MD5
f2f791411174f253db7b1a9b180f29c9

SHA1
0df9f69dd1b302201954a368157450330e23a6bd

SHA256
9ab358c6c2a5e01fc459a2ed14030ba14ca29d0eff20144176c4d4daa2bd7709

SHA512
e66effd2891e09042e56fd6cfd452785629f330c06734fb9e3479a3d7d52d53166b72fef50c487ded97d9b0668ad021e38d8e135777d26d6d9304b26b62c333f

Download Submit
/data/data/com.wefriend.tool/databases/ua.db
Filesize
36KB

MD5
0adda9c85a5e4808f5b1b74c0a8591a5

SHA1
5048107883ab1e345af9cf2e6849ce46e0e612bf

SHA256
1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

SHA512
646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

Download Submit
/data/data/com.wefriend.tool/databases/ua.db
Filesize
24KB

MD5
88e343294d3ed9aea84cad6cdb847932

SHA1
e206f8af86764580297f7bde91dddb2132a9555d

SHA256
aad407bd4e0e99d900de5c00ee5d562329a149f607ed429a236df940e28e5d26

SHA512
6aecc063e67c2873dfa61de5fe5926711859256af258d3d70c3609000a4575f636fd6e9c09fce3925c18b0cf863653cc15248c9d0c7c29c525f9303909ecafc8

Download Submit
/data/data/com.wefriend.tool/databases/ua.db-journal
Filesize
512B

MD5
5cd49b8bb670b27d2344076d4d793a16

SHA1
285f441a38637098e7d4b5c050928fe65808fff1

SHA256
f8556237a72a36afdbe6c64d1c3daa2a2ad2d2f58f7b7abe58e6c759da4c1a43

SHA512
0ca386c1753e087c9e3d414935f2eb7d36b2b0201bb3787dff1a32e45c17f44840a04e4135146b0e8ab9b1091efe4603ce9a17e9f4b6068fc831a8255579f11e

Download Submit
/data/data/com.wefriend.tool/databases/ua.db-wal
Filesize
48KB

MD5
dd176407ace356a8d3fb52f81b124278

SHA1
a8e4ba3b0ae7b2a335bf11cab830de3f8af25ceb

SHA256
b42ff9b06aa30cdbabc96e02dbfba4941184f148e97326a5c4d691afe6a36e35

SHA512
91a449019f38dbe75a833917dea7e470af5991d0598681dbecc6d1f2a7273462fb77d27f3953af5257620974ea54198e2af21da6fe167de025b1306b7370ede6

Download Submit
/data/data/com.wefriend.tool/databases/ua.db-wal
Filesize
12KB

MD5
56b493bcd9c2f9cd2268aefc4eb254fe

SHA1
a5405ab510b91ee5c31cf081d7be223ea34b9be1

SHA256
0b18fa0c8877004c2059b6eb651154794e838a15949e6937b0e56de4d48df589

SHA512
fe466547ef5be6fc679f620fedf05183d517b4804d7bffc0a3a28ca2c6e3de026b1418e2105692775cff5a033953d34b66a678e6bf836c637ebe9579ee46180b

Download Submit
/data/data/com.wefriend.tool/files/.envelope/a==7.4.1&&2.2.6_1718327751438_envelope.log
Filesize
1KB

MD5
99bee4c94e54bebeff6573aae7e9e3d8

SHA1
d12e33f904cb1980f5f39e097142efd742f543ff

SHA256
bcc0a2f540e6bba40a1caffbc92ca15801d584663d57207dedbe4e2e9e5b5d6b

SHA512
6094ecdde62aa19aece0392752f3162fba9edd74554446d9649965b48e1d32a9beaaccb5fff13e03b595ececcd16eebab4ee4727bbe636dff67352fbbf0edad6

Download Submit
/data/data/com.wefriend.tool/files/.envelope/i==1.2.0&&2.2.6_1718327749208_envelope.log
Filesize
2KB

MD5
73fac6dfad8f141ec791b2befd6a5cbd

SHA1
8e85361c9b97d9908add3c3e80cfb6bb644e8ee4

SHA256
48b54a63b70e897a0f4866bcbcf6c848dcadfeb8a201b3f7509c122cef1b17a7

SHA512
73b349baf10f7d8a266d4cd3137a3887a6419d6faa772a89df9d50311f50b5deb8816b057f8811e7ebf6bddd2e2be2f6f4e7b01ca78f854217245060db4ec4f3

Download Submit
/data/data/com.wefriend.tool/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
7ea085fdf14675b7530a62be1fff5777

SHA1
cc9e9968e150ef79a3e195d4ea5cca925ea64424

SHA256
27aba86e53d4e20da4f09fc2fb4ee50a7dea70e0471bed3a51fb014a412c5485

SHA512
a57dd172129b0b5dd4e32b91e53ef5d79643b82bd552df134184c78126fc63dee05407e02a4ce45e909d1920bc30434abe0deaac77f2d64f095260fc9fce334e

Download Submit
/data/data/com.wefriend.tool/files/exid.dat
Filesize
55B

MD5
2b610c26c7e384e98ab9d23629782ecf

SHA1
39024f10b3e0af4b86d5889373929873d1bd689e

SHA256
69c4f1c06befa6b083145f79267d8281c3b6a6d017cd3f9abc69ac4bda5a8bcd

SHA512
dafd9b6e06d8e6888a527efdcb8abba978e50129a05979f9dcb38288141eba41f517788219e83755317e94f389fa243ce8c042b8ac1951d4ed4f7f96a719637f

Download Submit
/data/data/com.wefriend.tool/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzI3NzQ4NTI3
Filesize
1KB

MD5
1b145b8066e66a50545dc288341587eb

SHA1
c288d91710d1c3a99a2c2746baefa3b484ee16f7

SHA256
33ee88993993b772581a928986506fae95b20ecfc1bf5effe9ea1a3c3322f320

SHA512
3256eaf0d254801f7ff70d1ac941764fcf9938e10eba105eb6e65da7c2917dbe4075e17926393cfbf9c10b36e15a561e2c17ad95c4b23be48ae9e7492c30183b

Download Submit
/data/data/com.wefriend.tool/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzI3Nzc4ODE3
Filesize
1KB

MD5
e0dba5defc8c9999285d3932dc69770c

SHA1
c9a3286e53e7c0801015e2f947b639e17c58eb08

SHA256
d49231a6b8a3255f8b36d433700d00e99b2ae2c389aa6a5dd7679779a7cd0368

SHA512
9a8aa2e43f7898fd93e915c57294e4bf1790f40135e5a16051185be1eb383c45d4528cfbfd8546ae84c1a43a0dd3713497596f7ef27d61369991457e501ecedf

Download Submit
/data/data/com.wefriend.tool/files/umeng_it.cache
Filesize
415B

MD5
15bbb60728d1aa4a061723a4f65c8d8f

SHA1
52f1c23bf65923a54fe82db543657e14d47dbcc7

SHA256
7c69fbf30d7fbe8e9188fb4e6effaac5a7b00e7558b64bf54ee31485b96af122

SHA512
6f310f233f6ae7ea35db51ab330bde0456ffe528add186b6e18a7ab2c44027ad4e28c151051a8e1825d0f1976300f068efc06c758e7709294e276b0475e4cee1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads