3e2dd9ecf811676346afe762ce756e4bc923850dd9b872828a9312416efb44aa

Analysis

max time kernel
7s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
14-07-2024 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43e8eed195da83ac64106cffd3f71bc7_JaffaCakes118.apk
Size

5.6MB
MD5

43e8eed195da83ac64106cffd3f71bc7
SHA1

544fb342a60c282ab5d23008320b321aaef9e8ee
SHA256

3e2dd9ecf811676346afe762ce756e4bc923850dd9b872828a9312416efb44aa
SHA512

324aedac757b6cafea218832745d420ee9eacf22fbbcfaded3f7ed8ddd3c9613cc85f3b80d139265a3567ca3a843405e5c87752280a7b2fbf7cb89404244a4b9
SSDEEP

98304:tDHATkkug2boDG57gkABVWEq34RYnRD6vmbTXKxf9FmkocZgbeC4INha:Lkug2boD87gkGE3xnYvmn6t9FFZgbic4

Score

7^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yefl.cartoon
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yefl.cartoon:remote

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yefl.cartoon:remote

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yefl.cartoon:remote

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yefl.cartoon:remote
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yefl.cartoon

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yefl.cartoon:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yefl.cartoon:remote

com.yefl.cartoon
1⤵
- Queries information about running processes on the device
- Queries information about active data network
PID:4210

com.yefl.cartoon:remote
1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4286

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yefl.cartoon/databases/cartoon.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yefl.cartoon/databases/cartoon.db-journal

Filesize
512B

MD5
8745f5d2be656a8f3b2cb91be9d0b7ed

SHA1
881ee633095820df790a1c4c4688485c57987dee

SHA256
823a949e204700ccda34f9129b1a50bcb70c545c30349427c60cd07b4977aa5d

SHA512
c18d1170ddc4832df2f2658ff151ee5421b570ea80c6001afa245a888a64b0bd01f8ca2163edc2c3ad76d93c079fe78c73af8b34ef1b1d79f229f8ade5b02400

Download Submit
/data/data/com.yefl.cartoon/databases/cartoon.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yefl.cartoon/databases/cartoon.db-wal

Filesize
72KB

MD5
a27a760e4547d22c2136eb792b7176af

SHA1
b1059a38bd6dcc34c218736d1a97cf0f3094a7f0

SHA256
353ad9b93f07e30aecf65838a3ba9cfddf8034d3af4ec50ef9753cd40098d5cb

SHA512
b52949cb9f8cfce1d9aa0666d363e2c890de06c74a743757bad54f2490a190ab225856ff3a038974b8e778a4418edcc0c33e6025ce0a671fe2a6dec0bc0a37bd

Download Submit
/data/data/com.yefl.cartoon/files/TDtcagent.db

Filesize
20KB

MD5
da27bde93fe28438c3a1686e30e811d2

SHA1
c27da9c061bab0e2f159bc88496b189055d560ea

SHA256
2c11083e1dea1535ce360a237cfb00797381ceefa0b5149b4900fcf6baa4a1bc

SHA512
23a65913e311aa1a7afcaff975e1245a66d53b10568f2adfe6d1402495313879389f28ad808d33c9a1b89adf1ee5a8e8023b621fa52ca0617ded452ec648c966

Download Submit
/data/data/com.yefl.cartoon/files/TDtcagent.db

Filesize
32KB

MD5
63883ba6313297af1cc2ee59ed1cf4ce

SHA1
96f823190616fd7f9d7ea3690c5f938a583c381b

SHA256
b4fdd24d469ee21419a4ff043a89e0760885c42915c302316d16715ec501f62e

SHA512
cfa3cfb1339a12a26eb5b3a93b741f7ac930e745461ad374054f53787fc81e2e8382d809bc50468be68612795b86e1740791288b30e3c49bf16889bfbef1f3c2

Download Submit
/data/data/com.yefl.cartoon/files/TDtcagent.db-journal

Filesize
28KB

MD5
0d3e99204c6401ea499fe9e6d9855497

SHA1
09829f00ca458eab7374d5079393a2cd69a2348a

SHA256
63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

SHA512
8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

Download Submit
/data/data/com.yefl.cartoon/files/TDtcagent.db-wal

Filesize
8KB

MD5
5c10a7bc7da55c6e44f83483619a403b

SHA1
d1f7a1ff082010feab1396c5337882b3fc1cf9e6

SHA256
1451c4f1cfdeab7ea9ed8b463cb2aa4e7e5ec939ffa81deb8be9fdb1d7e93c3f

SHA512
94fe3be036262540b96d1b7c088efed287fbc20808e9f63165b6123f7fc4ec16451b2a6e1009b8172bf766991e30884eb44f9072abf560db985ee8e1890c7ef5

Download Submit
/data/data/com.yefl.cartoon/files/TDtcagent.db-wal

Filesize
72KB

MD5
4ce99a6ce96fb9ac173b6aa656c9f568

SHA1
6de533b6fd17c156feedb27b227a65b9e0a4d7fc

SHA256
ed3a8fd9aa0444915d8e92b288eee229c1510502a4fc9ebc50e368efb6749178

SHA512
f85041c429a92ec909aa6ab617fd6f9d6b9a7cce664f739a5830cc06ac9d9510b8e506dcc5a5b457d520d8fa270abd0594b8286d780a8006b695fd379520495e

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat

Filesize
12B

MD5
8d80bc8ea90e9cac010d3ddf97bda5f5

SHA1
f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

SHA256
f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

SHA512
9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

Download Submit
/storage/emulated/0/baidu/tempdata/conlts.dat

Filesize
153B

MD5
eb73ba8dd8db13908de4f012a83942a1

SHA1
2029f10dd0320a3a7d54fa983a1677e10424eefa

SHA256
88ff621280277f80e7d73a0eb667b92d083db604debc9c9b66a52609d57507fd

SHA512
ce75a54b89558ee3b6a2925ed09eed05cf4c6a7fc7e2cd1b23814aa48799d022033d1cc43b61088d662ddab077db99b10083540a3f1419b7d2e9c51bfefb9ef0

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat

Filesize
24B

MD5
a936690571e9104e1922dda4a0ba5bd1

SHA1
65f49c57edde2f96be2a1dbdfc3f7351f1e66554

SHA256
f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

SHA512
3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

Download Submit
/storage/emulated/0/baidu/tempdata/yoh.dat

Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads