bab8223b1d79140b1c92495227f37c47a9b06a4f7cb6e72983dd6012bad6877d

Analysis

max time kernel
179s
max time network
186s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
26/07/2024, 23:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

76410d30931c40cc15986576fd5c3594_JaffaCakes118.apk
Size

31.9MB
MD5

76410d30931c40cc15986576fd5c3594
SHA1

ebc01dff637cb9cf64eeb1ec7001a6e1af526a5f
SHA256

bab8223b1d79140b1c92495227f37c47a9b06a4f7cb6e72983dd6012bad6877d
SHA512

0d309a626264588d9c8be4657bd3e895a8eb8ad9c9f30f51627c1911605eb83518737a564c729cce37c8a87def9b56e181c937ebcb3780db42c0ff92db78953d
SSDEEP

786432:0+0B51nenTWthCpkesTQxG23+NWEOUODOhObOdcOz:0bb1eTWGpkRsGVNWEOUODOhObOdcOz

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.ygcwzb
/system/app/Superuser.apk	com.ygcwzb
/system/bin/su	com.ygcwzb:pushcore
/system/xbin/su	com.ygcwzb:pushcore
/system/bin/su	com.ygcwzb

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ygcwzb:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ygcwzb

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.ygcwzb

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ygcwzb

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ygcwzb
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ygcwzb:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ygcwzb

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.ygcwzb

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ygcwzb:pushcore
Framework service call	android.app.IActivityManager.registerReceiver	com.ygcwzb

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ygcwzb
Framework API call	javax.crypto.Cipher.doFinal	com.ygcwzb:pushcore

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ygcwzb

com.ygcwzb
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4928

com.ygcwzb:pushcore
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4973

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ygcwzb/databases/ua.db

Filesize
24KB

MD5
72d716b1567be19d2a68ebc239ed9a37

SHA1
177b52140c2d1fe0af05c3edc18dd2de7986a886

SHA256
2623b5c96c41c5c4613ada60398fdf2bf6dee252956b8cb93147b02f7dec3e71

SHA512
21e840ec7925dc3b9aa029d1be4edae8875c09217c06781933c7bf8459f88bb65a5fc4b4ee4c99b652d6e83990fc9d51974b3730c92eea0e950aaf7f991b206c

Download Submit
/data/data/com.ygcwzb/databases/ua.db

Filesize
36KB

MD5
b7036131b84bdf2b66c67fde18d62308

SHA1
18b1e5a358d68c846495cab5cfef7c6679659093

SHA256
c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295

SHA512
256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

Download Submit
/data/data/com.ygcwzb/databases/ua.db-journal

Filesize
512B

MD5
510f5cee973954616cf9a2ea1fb648e2

SHA1
ca35c4fa145ea8e176c4be5a506ea36620520499

SHA256
e0572bfa1e7e7f4da80f3e3b784e293b4afc20b3f077079dd493ab059819959b

SHA512
7d64f2910b6e00a3de13707101e4cdfe6d7974a83a330ff01c075d6d0e48aa36385ebd39f83bdacc351b476b7fa7759c84f2e0dbb19e2fc2db5172ccf9b9693a

Download Submit
/data/data/com.ygcwzb/databases/ua.db-journal

Filesize
8KB

MD5
9ac3ef737261030d1546b9a9cb362a39

SHA1
df24cc9062583aee1207b0e8c183c153f129623f

SHA256
a4aa459a3fa0047d3a644db3f919266bf7fc9fdc57b1c7babc1074c978a730a8

SHA512
86c8ce41b1f60beb3ac97c92d39d508f2bf98a548fba291cd8b1e3e99145efd96d63e57c4ced683445e6ce5c630efe7f617a29385e7442dd4478dffc0a3ee230

Download Submit
/data/data/com.ygcwzb/databases/ua.db-journal

Filesize
8KB

MD5
c8e47043c34fea971739bd637cc5cfc9

SHA1
e408770537b71926c8e16b91ac0188e6ee1a815c

SHA256
bc3437c59d6cf2cef98684ec1dca555dc6e8a344616e9361fd4617bfc823d4ab

SHA512
de53d23001c0c08e924b19ee9661a989ddb595c1dc706f8d25d3b9e8571ee3b0993757b4dea30ced8055cae95fcb4190309ebaa2656967cab09b5b184d5714fc

Download Submit
/data/data/com.ygcwzb/databases/ua.db-journal

Filesize
16KB

MD5
b6dff5a11938fd88b0c6d2af79332513

SHA1
7903985b290e5d299ae965339ec287d772a10263

SHA256
d11c18a016caca2dc55ed6c43d2da0aed821d22f9273e5d2518dd55c1d4f346c

SHA512
7feadf35d6a2babeaee3a71ee0bc7501416bf94ab4351bc092d25966973ca0cc1e9700c123920f5707e16a8c4b828ee025fa529580355c4346558d4eae2cf08e

Download Submit
/data/data/com.ygcwzb/files/.envelope/a==7.5.3&&2.2.1_1722037747269_envelope.log

Filesize
1KB

MD5
ee2d0d795fa25569da18364335e6a559

SHA1
7e55f77ff49e4be4194fc6c77771d4cad077d882

SHA256
2c073aec70c39689061e4196ed3b75a1e00e9cacff230e08cda45db24f292ab6

SHA512
84d5914909a71261bd6fc31df4f09462086795cbb93009f668d2cd8a5af9f140e7c564ed6351635c68f8ad8c6f070f41ac245f69056ad0e74c518cd5f63ce62b

Download Submit
/data/data/com.ygcwzb/files/.envelope/i==1.2.0&&2.2.1_1722037745841_envelope.log

Filesize
2KB

MD5
9ddf3ea4f5427f65011efdf8938e8231

SHA1
9d0080abcd7eb4c7ce690d466497abd42e45f3dd

SHA256
86b615ecc57ccee7dc0b3c03a56a68796be5b9c436b4037001e41dc7c2707ab5

SHA512
e789c82eecaa6459bffa57b1bd3716f1d874398770b56aa499a7ca85a41f3a83f2b4f03a5f0a0af5d0b0fdfceef391a3e009251aa5870ed083c3bb983ab01d05

Download Submit
/data/data/com.ygcwzb/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
b054564cdf20e42b84563b6b0511f130

SHA1
9f7139cf23bb8de5711d23f76704b89b28a136f0

SHA256
8f6b6ce8ff7fc733e95577a4a05edfcf44c9f1fae05b4d6b7f26cd6fd0d4d9ba

SHA512
45451cc44949b9b3f9bca7ef9163545cadc2a0c1fbdad57a68fad76cfe18941ad4df97e424e700a3da7e45263a73d50e60bcd1b8ec86ba4e230a6aa3d9ce005f

Download Submit
/data/data/com.ygcwzb/files/exid.dat

Filesize
59B

MD5
c3cff3f6fcad0b0f7d583a594568ab96

SHA1
353db35e90b5b6fb8a314da2e584d3126ada2df9

SHA256
28fdea99ef4821b717bb57f9afc7382774e7af46181fc432ff8f5f8f69e8b7f2

SHA512
f742b24016dfaaa7bcaec285bd3eb65b21ccf76b18f388567e652fd90a9b544d572fd7288468830299d6a50a827e02ee3fcde161fbed757bc221707d3583b313

Download Submit
/data/data/com.ygcwzb/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzIyMDM3NzQ0ODQ2

Filesize
1KB

MD5
7c833976b11bf2c662f6d600fe0a05ef

SHA1
2c7115fc1f0f0f6e174b590cfd2086d2f9548f65

SHA256
e71f303a23fe9f7ef94cb1ef6c3195820883d97aea846a80ab865e9090899a3c

SHA512
694df0c60e9eff1fc0906e122207ed00142f0e25b9e11a68597f4b9ec831c38cf5d1ca6ee71e63e71b6cd69decd0a521c090507c929d3dd2e477a59e7447b639

Download Submit
/data/data/com.ygcwzb/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzIyMDM3Nzc1MjUw

Filesize
1KB

MD5
d1f4d264cccea6ab24f5f38171a5890d

SHA1
62ac127bfce5aca357910455b0d8bfaa089cc558

SHA256
14b73d7f71b52a9d009473ae904cf86d0dafada8e1135327dfec342e2bb2828b

SHA512
c5f57c101f4835300fbc954f105ddceb441a03bbc11ce4a5c384d3fbafd96cf15c3164a61842d4594b4ae2e6f490e9a85a856c7fa816470419574f8636f01b94

Download Submit
/data/data/com.ygcwzb/files/umeng_it.cache

Filesize
350B

MD5
af3cc1bd99c0ba95eba0e2ae27261b74

SHA1
8ad75f0bd29c597d958896e853928b0bc972c1f1

SHA256
62fe8cee55741ac748ee75a02c53163f987fa7836a599fc70c1105a5a69bd160

SHA512
2fa68755965b284293184123fb4f0764baaea633704ea86c5ecfa5fe6e2c62f089abc5d223858f1db19edc6730f251f0933028a14ce30b3a145c8d6c466f28c6

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
2de313d99be2b9a2eed446c4a5abf1bc

SHA1
5be0991afa5b2586ef852c196ffaaddd869f0785

SHA256
fb49a8ee4f10b35ba8331aebc5bb2971d2146af80580700a12b654d2a85439b3

SHA512
c723689c737281bdffd11280ecb84fce431950bf2e03517741758b495e0333cdbba7305213ecc2819be319c2e4c5c065aa09e1b04f72448dd09c67c72d6a2be5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads