cf3b5660bdfa535d3b3952189a92cdbf917a2fe46faac9c569685099fadd7a6d

Analysis

max time kernel
8s
max time network
178s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a78e73b5d4e95253683a76e89a5e5bcd_JaffaCakes118.apk
Size

7.8MB
MD5

a78e73b5d4e95253683a76e89a5e5bcd
SHA1

60717a3945c0580c37b94b9edb7f2a6e305867b7
SHA256

cf3b5660bdfa535d3b3952189a92cdbf917a2fe46faac9c569685099fadd7a6d
SHA512

317ed8fbc2af3eac9e68c50959c534c32ac877e5e82fff6c772e7204511d110f016a3f3f527642bd9f1713b4f1b8e15a005547d6443c659f446356d773bdc54b
SSDEEP

196608:npiAT9Oozg2ggcnz56ybFE43Yc08r8TfyBu7scKu74:piq9Dzhg/nz5fJanfwN

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.wingbon.tv

ioc process

/system/app/Superuser.apk com.wingbon.tv
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
evasion

T1633.001

Processes:

com.wingbon.tv

description ioc process

Accessed system property key: ro.product.model com.wingbon.tv

ioc	process
/system/app/Superuser.apk	com.wingbon.tv

description	ioc	process
Accessed system property	key: ro.product.model	com.wingbon.tv

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wingbon.tv/app_dex/gmsdk_hackdex.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.wingbon.tv/app_dex/oat/x86/gmsdk_hackdex.odex --compiler-filter=quicken --class-loader-context=&com.wingbon.tv

ioc	pid	process
/data/user/0/com.wingbon.tv/app_dex/gmsdk_hackdex.jar	4298	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wingbon.tv/app_dex/gmsdk_hackdex.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.wingbon.tv/app_dex/oat/x86/gmsdk_hackdex.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.wingbon.tv/app_dex/gmsdk_hackdex.jar	4268	com.wingbon.tv

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.wingbon.tv

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.wingbon.tv
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.wingbon.tv

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.wingbon.tv
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.wingbon.tv

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.wingbon.tv
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.wingbon.tv

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wingbon.tv
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.wingbon.tv

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wingbon.tv
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.wingbon.tv

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.wingbon.tv
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.wingbon.tv

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.wingbon.tv
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.wingbon.tv

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.wingbon.tv
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.wingbon.tv

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.wingbon.tv
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.wingbon.tv

description ioc process

File opened for read /proc/cpuinfo com.wingbon.tv
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.wingbon.tv

description ioc process

File opened for read /proc/meminfo com.wingbon.tv

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wingbon.tv

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.wingbon.tv

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.wingbon.tv

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wingbon.tv

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wingbon.tv

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.wingbon.tv

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.wingbon.tv

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.wingbon.tv

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.wingbon.tv

description	ioc	process
File opened for read	/proc/cpuinfo	com.wingbon.tv

description	ioc	process
File opened for read	/proc/meminfo	com.wingbon.tv

com.wingbon.tv
1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4268

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wingbon.tv/app_dex/gmsdk_hackdex.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.wingbon.tv/app_dex/oat/x86/gmsdk_hackdex.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4298

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wingbon.tv/app_dex/gmsdk_hackdex.jar
Filesize
1KB

MD5
9082ba9885885fc12c6e4e613178a282

SHA1
49863e024a2fd1624ef9b43e71493019b57ec756

SHA256
71b9664e56e1446f28432d806ab7ac3647b9b4b3ba5d162f13d00920c94d0f2f

SHA512
66e421df8754fd647add3f4c7eaeed83a1535f6c7491062f01808f7c45afcdcc901e5c84749fa522c65571a43aaeb964099096990f90cf025d8ca3b20167ec60

Download Submit
/data/data/com.wingbon.tv/cache/okhttpcache/journal.tmp
Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.wingbon.tv/databases/ua.db
Filesize
36KB

MD5
0adda9c85a5e4808f5b1b74c0a8591a5

SHA1
5048107883ab1e345af9cf2e6849ce46e0e612bf

SHA256
1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

SHA512
646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

Download Submit
/data/data/com.wingbon.tv/databases/ua.db
Filesize
24KB

MD5
aa7d820507cd690a8a0c72a4ff4a7781

SHA1
1f81dd8bd27681f12baef484684e16d6f7d551f2

SHA256
ee4017668280b33516c901ab10fd38fff67b7be7e26292b89cb9f4b31bfddc56

SHA512
326f4ffe199c2d8862c6a0bf47c7319baefdc29ee350c8600854b5d542dad3034a9f387fe3a71579d19cbd3da8c2edb7e6428cbc8df2d9fbc87bc49cc5efab02

Download Submit
/data/data/com.wingbon.tv/databases/ua.db-journal
Filesize
512B

MD5
408f5d0437e20b906b068e6cdf900eb2

SHA1
e6bf5f2fcc05dea430bef6c1cc8209feb080a839

SHA256
19922db6c1a09a295c3562de8e90e8be7c032962308d81f83b1dfebffb1eb1d4

SHA512
b4a893090a5dba773efaa5cada97c4e81116211da1eac1a1f8003e65a07e214114840104e37e41fe2812763f094ff141cf46b96a8454bfa00ce537bfe9cd6a70

Download Submit
/data/data/com.wingbon.tv/databases/ua.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wingbon.tv/databases/ua.db-wal
Filesize
48KB

MD5
4ba35ad5fe8e48d6900d7c7d8e6529d4

SHA1
4f9e7817cf4fe038d62d0b3c54b83e08f4a6f4d4

SHA256
1e39ea1105438a926a7bb7e60cc37b6da20515f8d11e9f8e33568f40178376d6

SHA512
1961defbb500f7e8f235e8672557c04dd04d9d6f8d7b70f9ee5a39025960d4b4efef4a35d163126b454def2e311b9b22aa888af322e8d8e118151b5c9fb8c912

Download Submit
/data/data/com.wingbon.tv/databases/ua.db-wal
Filesize
12KB

MD5
db2ac206438c880e3bdb56e110acbafa

SHA1
4781c52f6c07495af34133659ff796a8d813b407

SHA256
a7a7af7a800b3833d2a6bbf9a08f56bf2616b1f9a7fef6db222e23f0062ed8a3

SHA512
8e7ba3d130d0577fcf1896b5f2822551497c233fd816c9a48b347166cb20c72e9c6002808683c6a921be83401acea53280b1e1e2c84ef8e5f1d08369cc359a6e

Download Submit
/data/data/com.wingbon.tv/files/.envelope/a==7.5.1&&1.2.1_1718328924932_envelope.log
Filesize
1KB

MD5
9fe9da35efe831d09860ee201ad3e987

SHA1
584909579700d85f0d6d586f36811de79dc5c629

SHA256
5da74b99ac0cf534be8599a664a075d65bdf04c4344d55ce9e7677ab6321af2a

SHA512
df5820dfa1fc82cb7aa52dc6d5af55db811b3e82ad0f7174029ac28159642fa1f923a6791d0814be8f96204a1878f6cc0ff44ac70b843491cdb860eddc425371

Download Submit
/data/data/com.wingbon.tv/files/.envelope/i==1.2.0&&1.2.1_1718328923488_envelope.log
Filesize
2KB

MD5
2eaa93dafdca6170b841f16ed2a44ed5

SHA1
0c93a7588f2990dcb286a09e5aa1c09506dc1062

SHA256
af5ffaf530115c1e71e569d10ea12476c9596db21ca27d2fe20bb266c2a0dee3

SHA512
98885be83f8e802a79dbcc98a6fff6859085f73175face2619ac878aedb4c97eccc15878a4c185273023d146ca50d71a1c77f9612ff972d58204e055b10a1326

Download Submit
/data/data/com.wingbon.tv/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
ae8ed837e9e4ac8904259be273d322dc

SHA1
b6a4ef3f52f96ca1049ff7f8e9a02bff4edcb648

SHA256
545b1d7398ecca0cd87d2029d10a6ecd82434020b159c2d29790252bad78d947

SHA512
27ebb7d4a6c0bf88c691c123e4baef192459b2783cc8a487fd6709c9576f0776082d2a3ad9fb8b8de0fa7e848bd004e4757fc5c9df6d9cb709ffff91a5fb5bbe

Download Submit
/data/data/com.wingbon.tv/files/exid.dat
Filesize
55B

MD5
f94f2acd37a1659538968c363f8eecbd

SHA1
69a59a315288384371fbd4bb96bc428ebf18b72a

SHA256
fc3f8ea79c89f1e7ebaae1f099ad58fef32312bb6a3d49ba429e5cb0b6330624

SHA512
b23c4d1ad9f6014070176f2db4a7cf3ad9dae5ce67592030e3911c0759232fc86bc5f963cfe21a601526fbb48b7d1a3543c39cf8fa1530715ae96eef7f4f40b7

Download Submit
/data/data/com.wingbon.tv/files/sdkversionInfo
Filesize
5B

MD5
ea9495d53d78b5a6cd250a78ead42aa0

SHA1
e2a02d1a2891c9d664dc63af02f69c8cbfed92f9

SHA256
a61552bd969df8ea8acbc43ca7288cbb4d5d38365a610c8021a427e26a51851d

SHA512
3aed7dead7f449a023df53d6065c1a17693756d40db53d3f93145f3ed7e6c940cb809175da2170ae8184e6e5c7735e91cde883a663be7a0913df874591c24b24

Download Submit
/data/data/com.wingbon.tv/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzI4OTIzNDI2
Filesize
1KB

MD5
60490d97b69974f616a7cc59bd1a07a1

SHA1
146a6e16e1e9719c8f27a79d4b3fc53fb3508742

SHA256
20959f1bcef4baa8de4527fc7f955a26d07656f958b4e038625917411e5f5661

SHA512
8523e96980051f5af4ed6dcb98222f2d17287af53b94b847ebdb639cfba4c9ccdd23964be447c273ccb0f38a8483beeda7dda21b43fcc248ff7699fc787e0771

Download Submit
/data/data/com.wingbon.tv/files/umeng_it.cache
Filesize
415B

MD5
f3306a72c450340ec2388bafc60132c9

SHA1
16338deade8a195d72e3f76d6441cf650943ec3c

SHA256
43b7fe433614e1496bf658dec8e56054de98744f35a97631d5d9a5def6108a61

SHA512
0521e91502dc768a38d100bbca363b945dcfa5ae75700ff4bd78e4bc280ae2037eebca9aaa1c77307782fae7dd9a851223cf1407a7dc7829e1897a4d700f059c

Download Submit
/data/user/0/com.wingbon.tv/app_dex/gmsdk_hackdex.jar
Filesize
424B

MD5
6000232763e0ff15c9559788fad9e43b

SHA1
0385af22a6bd1dbf16a6ab9e857854b7b70b2479

SHA256
6f054581fb2f01a0168c91533cee57f2cdda5a844b81c2ed78a127545bc1ac93

SHA512
431cf0975b70cc78e110e4ebf9e639c9b92b9950b5f09ac49bc8ddfc3d82115da6a0579b60508bef38318b9de19d72d0caccb656721e126b13470e3926f7eee0

Download Submit
/data/user/0/com.wingbon.tv/app_dex/gmsdk_hackdex.jar
Filesize
424B

MD5
7c16cc8876eb50c1bb451289e1037b13

SHA1
022b03fdf3c093996f14454fc5f1dedd0010f27f

SHA256
33b4ccdca22ce786f92af283e92bd37a4cc54971b2138a7dacaa77dc8793cee4

SHA512
efe14049ceade14f2aaa41c1c7524e8cb0dae627240c158873724ee95ad420e46b0a3a18e52747040d94199508bbdf526c609cb765a3a944cec3ee74458bd52e

Download Submit
/storage/emulated/0/.bx/did.dt
Filesize
22B

MD5
919298ae8296d35e77bac0c333454521

SHA1
e0a9a26ddb4e30bf6e3ed6590787d4824346052a

SHA256
a555d92ca1745314b4a1376498eba03e53c72c09b7b6578175d719352bdbf03e

SHA512
a0e0ab9c3d708e88f0bdb4c3ba1aa81b35e3c6794ccc43b4b31ca8fadef23d05c072f7852269ba884a3a82e9cb1e48d383f12b20def62c31d8aca4ad85e58acd

Download Submit
/storage/emulated/0/Android/data/com.wingbon.tv/cache/uil-images/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit