ca96b6b37de5ebd047b27646232e58fdd2a44a9cd05ecf2941d4759e7c2f477b

Analysis

max time kernel
144s
max time network
144s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
10/08/2024, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

871fce6c39c83f667a4098298246cbe4_JaffaCakes118.apk
Size

5.4MB
MD5

871fce6c39c83f667a4098298246cbe4
SHA1

9f57b77635d9bdebc07a1226204b111fc7919f56
SHA256

ca96b6b37de5ebd047b27646232e58fdd2a44a9cd05ecf2941d4759e7c2f477b
SHA512

8cd6af4ff94371817a6b22f5fd5bd1a4066454de4859ed56e1a3ebb5489ee8fb1b6f50036301255c9750d52c9ef67f782f35605bb442cccaddbcfdf2c2d80148
SSDEEP

98304:Z/BXbz9MvtdajuofOR3QeWZDz5QNAafbBMVND44svM+3H8q:ZtEcLO+Lz2b83sU+3F

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	cn.com.fetion.win

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.com.fetion.win

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	cn.com.fetion.win

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.com.fetion.win

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cn.com.fetion.win

cn.com.fetion.win
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4245

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.com.fetion.win/databases/external_db

Filesize
502KB

MD5
dfff00cb278ea0debf836d89ce3595b7

SHA1
2ef7d619221f0a11774c0de7126592ca5792fe6c

SHA256
ada98c8a940c9d53e1748518e109dcb952626f255f6740dbbbe1304077ddb3a5

SHA512
c0a098549aef691245cba6a6dbff717354eff7ce32bbd5f88212bce873afa03d37b8298f34f3ec25fe083720a3c8348c2803c380b06fdbd316b0fe0d648756a6

Download Submit
/data/data/cn.com.fetion.win/databases/external_db

Filesize
1024B

MD5
1be7d666f3495896362160ac69b20be7

SHA1
e886ee54c6938ebeb1915e215b246f70010f9111

SHA256
229c30273c0d7b7a263dea83aa590b18f83aa2b6ca220660df4a1bd16a4aad6d

SHA512
fd2c84979d4240e6febde771e63cee67f1dbb1486934f995a454d36751999b270a8e23f085e8a21c0ad540b65f692a2bfe9266536e89f755560b38d7a4059fbc

Download Submit
/data/data/cn.com.fetion.win/databases/external_db-journal

Filesize
1KB

MD5
a9ba9912c912e84580fcee575571dd4a

SHA1
07d4845c0d73dacbeb24ef26b686ef1f25a63306

SHA256
92f88e02d3c5567e7593a1eb1936e1a10f3ae6a4c1c101cdea5ad8af3c447674

SHA512
6d5a827404c37772817dd334f76eb26e131894da37f17113f9a44518c45ee03bbcd160bee73bc57ab4f5c6d9bf4e139576c7c834f43910e9df48f95aa4b3dba1

Download Submit
/data/data/cn.com.fetion.win/databases/external_db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/cn.com.fetion.win/databases/external_db-wal

Filesize
5KB

MD5
805d1dd080f5492f3c0e98d9171fdc05

SHA1
6c24707a0eaa2939f29d3b59e056e1b5fb3b20ed

SHA256
dd912d360342c1959cce927218f77fcb183c65c3c2d476c0139d713ebe6729a1

SHA512
4c8f0d74af726524c9f1cfebbd357e3ad4ca4b3404b11cca792d7bb80d36697564d4f6008a987ad6e3b96c53c8fc3f05e25c62db4697828cf4e33fc4a637c411

Download Submit