2d67d664a2e1b4881a71e5a6210152cf2b090438f37a40d9e1729c9fae67bcd5

Analysis

max time kernel
6s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
16/06/2024, 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3a98bcc59829842b2f694e4de27d404_JaffaCakes118.apk
Size

11.2MB
MD5

b3a98bcc59829842b2f694e4de27d404
SHA1

2dd9d085b61f8d02baa94c98252f84df01706c89
SHA256

2d67d664a2e1b4881a71e5a6210152cf2b090438f37a40d9e1729c9fae67bcd5
SHA512

45077ac7b74a49f535cefc0875b54e40e943ff6ec312acd8496aa805828d210705000b3264a557eedceb4eb035b107f2423fa1cbcdeb82ea9faed3f757cd2b44
SSDEEP

196608:OCMGED9Rx6tjyd/8HupTmcY34EMiSafTdC9FwNdueb4p2kid7EJ3h84isvMKLVI:OvGIUt+OHupZKrMiHUuK2rI84ir+VI

Score

8^/10

banker collection discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.tieniu.lezhuan
/system/xbin/su	com.tieniu.lezhuan

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.tieniu.lezhuan

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.tieniu.lezhuan

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.tieniu.lezhuan

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tieniu.lezhuan

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.tieniu.lezhuan

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.tieniu.lezhuan

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tieniu.lezhuan

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.tieniu.lezhuan

com.tieniu.lezhuan
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4273

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tieniu.lezhuan/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.tieniu.lezhuan/app_crashrecord/1004

Filesize
228B

MD5
fdf77affdfda29f4d06f8b1d25dc9174

SHA1
af75b3a9193eab6ba3e5be74c2540113e18b18ea

SHA256
9c45d7c411ce476709e39ae5de3ea3da8ae130baaad76dced9ee42c9e2a4dc36

SHA512
953d349d0a9c9ac157e7215c52cc29f215882ac55d5bb3a720ad431fcac717acf3f5e744198b9619d1c41335323da4428aaaffeaef4da3455515dfba92cd14e6

Download Submit
/data/data/com.tieniu.lezhuan/databases/bugly_db_-journal

Filesize
512B

MD5
fe448deb3b685a40b824db1bcd9fd5e0

SHA1
c290c45469820400c5a0b156a4212d2678abea6d

SHA256
0fdd165eb731e2192183e83fd1b7dc5d1d6fee5238e49145d872b22db47115e4

SHA512
013d849f48b9f64132e5761b1bf3bff1d3039b6193904fa6ab4891be1190d8b1f31a5a0fd09ff8dd9404c86b03e6eda252d0f4b24085997e37fde7147b54f443

Download Submit
/data/data/com.tieniu.lezhuan/databases/bugly_db_-wal

Filesize
68KB

MD5
a861dea769102b36661adb23684a7006

SHA1
03ecc5e1a924fc9975f3d77e43d59137392e4d70

SHA256
ab9fefa55c7721540765123fe14f864262b7f8e31d487eccfa46481f324fe759

SHA512
4051b7603f42ef85ed86f7f8b57dc3055f51ef870829c1fc468e44ef705425ca3df893a164bcaf99e771da0db1d99474a0769dbf14a2e0a733211486c75961d6

Download Submit
/data/data/com.tieniu.lezhuan/databases/downloader.db-journal

Filesize
512B

MD5
ef13984eea37c594455eb7e9ef9a1cee

SHA1
210c97222201865a1ec7740fbd953804ceee5427

SHA256
8fcf4b2f94c09d93acfe7d6d6a3660d3dab248f1c4ddd9286067f52f3845c1d9

SHA512
ba8c0aa2fd052cabe7bc95e4ad0de4ad37c66a73ac8dfc49ce3b5f452bff0055eb2e71e257173273d0d821ed077beee1fc0daa1b3e33448a8b87eb86a5ddef22

Download Submit
/data/data/com.tieniu.lezhuan/databases/downloader.db-wal

Filesize
16KB

MD5
67c31afe3d4158292f64ecb5f627ac72

SHA1
e41cd589f2b2cd03552b07ea740a134541ea5f78

SHA256
6d02d4a044307bc3260ea9dbf91f7d30477667092588e1d4fb2b9c5f45c47441

SHA512
4581f5ef78c7dd6112f084c5fd4f9b4c5d4c74a923f43acffdab0b84849a8bbfb27dca740a59b1f4068bf0f0532eeeefd1ce08ae29de2ad77ce7b8f1b158d89f

Download Submit
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-journal

Filesize
512B

MD5
4b407d763216c390378c6365df3491c4

SHA1
e703b4ce565a6a98e0fe5d49fe2c0a68ecd20902

SHA256
f060a95cb5d663950af92b43b4162fd1b889b27f3d4d605c333aa8610729eb22

SHA512
0396d560a272e464e369d359fc5d4450cc8e9db860e75a9c631bf547c6b1864d7ec3838535122c94bc46ee98c61055c6088c1e16aedf4d08ce4ddfd3c6a58ce3

Download Submit
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.tieniu.lezhuan/databases/ttopensdk.db-wal

Filesize
60KB

MD5
5ab4e186af00252301ab22ae5108ee15

SHA1
06af94c9fb3eac55605d65c8584daf9f32aa911d

SHA256
aad6c93526c404da87c9236660017196d8f12185fafa4dbf40338c89f43b4897

SHA512
2168b854271850aa48f0fdf1418c66e7d500238aad271e8b96814f89ddf3cb2e719b3f4b3d9d4bd4a3b801f95ef7deb6f7c486005a061e49a5eae2e3492e86f7

Download Submit
/storage/emulated/0/com.tieniu.lezhuan/config/5ac714da7be6d534dd74c84a097f98e0

Filesize
344B

MD5
81c233ab39a49c5e1804695652694a44

SHA1
bf4f2988a1c6c395c13540e2bf28bf2fa4f9eb1b

SHA256
11e46fbbe530ec0e8405fbf05a12ccbe41a71d07a5a8375c3d3fd1cc5c85c4c4

SHA512
d8f4be78a6ac599f81824722d47a93a387e09d01bee21faa47def64ddd14cc2d1efc6529bcbcd8fc92012658c6a27fe2cb02cf85ecf6deb7b9c2ca1699c618bd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads