a5b93c7aa7e717d1ee70ed73dec333f8d8b20364a852d6d5751ebda1d9fe12e7 | Triage

Analysis

max time kernel
8s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
12-08-2024 06:28

Sharing

Report Analysis Logs

General

Target

8daa50ed9a482ce7aab5feb2a9509282_JaffaCakes118.apk
Size

19.1MB
MD5

8daa50ed9a482ce7aab5feb2a9509282
SHA1

faf46bbbd3527068f5e2ef26e0485d973c1df930
SHA256

a5b93c7aa7e717d1ee70ed73dec333f8d8b20364a852d6d5751ebda1d9fe12e7
SHA512

48b537f40101877ccf262c59a19b03689456f3fe3b65f5c470fef5e1d137d75fadde01f35798832fa0abc070b65f7ae7c3067f4482c97fa16a04853db5119474
SSDEEP

393216:f/P2uTZeGBeS1Z5mbxjK9Wjj8fnN6y/Ar3xoPXPtCBbCYCZNGo0bywsf7u7ic7Aq:P2uTZvLxlWjjsnN9YTsaKNt0Ef7uOMAq

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

System Information Discovery

ioc	Process
/system/bin/su	com.jovision.xiaowei
/system/xbin/su	com.jovision.xiaowei

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

Process Discovery

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jovision.xiaowei

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.jovision.xiaowei

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jovision.xiaowei

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jovision.xiaowei

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.jovision.xiaowei

Checks CPU information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/cpuinfo	com.jovision.xiaowei

Checks memory information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/meminfo	com.jovision.xiaowei

com.jovision.xiaowei
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4243
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4292
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4391
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4414

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Process Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jovision.xiaowei/cache/OkHttpCache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.jovision.xiaowei/databases/pri_tencent_analysis.db_com.jovision.xiaowei-journal

Filesize
512B

MD5
dec5feb0f0d3a6beb1d6054e7f286607

SHA1
8ea94834e7641666006db808ee01bfa7b2cd6339

SHA256
3ce94c669d2515c943965379447a2ad5051818e75829e9ad5fae53e129aeefa4

SHA512
cf9ce76c874a1fd31d49e8425bf8df7f4a9ffa54da3c4e5378cd10808dfa84d57b55df758e805ac645045d7a140447c08c7683a7ad98adf8c8ebfcfb13806f86

Download Submit
/data/data/com.jovision.xiaowei/databases/pri_tencent_analysis.db_com.jovision.xiaowei-wal

Filesize
64KB

MD5
76e4f4cd6b1e85deb386e13071007725

SHA1
a76e1ee899e6167eb1425c0f00c0a3991fcb429a

SHA256
435830d7a0f2d40f1e316211ec7a77160655580cfa72bd2c871c6c30bd2324d9

SHA512
4d30f0eec4db741c8adee790acde0f57ad64fb865cdda2ede87a8ff09d974ae3ec36b94b9714c6898750ef4af98f40d90e0e174cb931874f4a6331c79b396775

Download Submit
/data/data/com.jovision.xiaowei/databases/tencent_analysis.db_com.jovision.xiaowei

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.jovision.xiaowei/databases/tencent_analysis.db_com.jovision.xiaowei-journal

Filesize
512B

MD5
c4e76d0acc958d2c9181bfc51b17156c

SHA1
81cfb4ec23a751aa256f74a50494f833e5c2a553

SHA256
3ff20c226cee31b210b3ce4548ac211d2f4d33cfab062efb347d0b8da5349ba9

SHA512
4dbe6b8a247d1d90e338fbd53b7c31a92fc63689d44cf408281337ee32248c09a5b30c28e941ae432d0d5d3bf19de9e070dbf0f3db00629b510aa53ee29ae574

Download Submit
/data/data/com.jovision.xiaowei/databases/tencent_analysis.db_com.jovision.xiaowei-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.jovision.xiaowei/databases/tencent_analysis.db_com.jovision.xiaowei-wal

Filesize
88KB

MD5
69a1d98a74609f5dc2108453bd708f2b

SHA1
3bb64b8bb1281ee96c5929cc30ab49a184f7195a

SHA256
eabb07e2fe7e6a19080d7ed9a007c1b55f1a69f4179a90a231b6c4a7c2033a7e

SHA512
dade81440a2b29d2432607e4747027a14f69896258ea3053d9d0dc91550fc64bd10da19a36fd6c6ef60ec33e06dbca1841f5750f64c8017350790e39875e72fa

Download Submit
/storage/emulated/0/Android/data/com.jovision.xiaowei/cache/uil-images/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/2024-08-12.txt

Filesize
143B

MD5
ad176345459690c0264591795030c1a6

SHA1
4d69494fe826271f196212c7c9e3b17ab7379d4a

SHA256
a011c2906cfde7ddc8b553439158cea6ea1d89f05cdfe751a38099e69dd00801

SHA512
92ce336cd31583a433fef93a24e737123465898be28329479055198eb703ce33d4cf18d07be315bfae739152af22a3b902cfeae906583e2fb7df27c1e2388760

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/2024-08-12.txt

Filesize
222B

MD5
975e76d5705569ac7877da03643100ad

SHA1
11ba24e71221c368e9411f2a90f56a2ca18a6947

SHA256
eb3e71af12ed5c4c9579cb6edcbc3041786717e3a3ad92a9cb9e5d74d304fada

SHA512
86fbf53ca43824ce51e74e9a0c2b72e4e38676724ae805778b7bceb1c0b12efd5488914a0983f97def4820603d48e2e8af78c1439230578ce61a3701c6552f81

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/2024-08-12.txt

Filesize
365B

MD5
a9b428e881b792098bc59e30d560cd58

SHA1
20057195c50dbcd5fb730f62231fd00948ea4755

SHA256
769ada410b9ca38ccfb20a0dc9e99c732d0940d7b66aa72960b2275959862b5e

SHA512
1a7424f3d4f45d6a452d9b64a76fc4c6cce230084f9f903ff50c3430583c67735d005c3b6bb769fb4951f56af4505003b033055eb24972faf474acf39bcc21b0

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/2024-08-12.txt

Filesize
437B

MD5
c126836d85f8f1af7ae76d564e117284

SHA1
d9b94ab3247d86172dcdcf9d0a8b289c864521a5

SHA256
529aa556fbd0f6237e4a3d9f1a963a86b7f63c541266d0da195ff2c3e9b4e8ad

SHA512
a733721ca669cd2f1db52cea46d5611182c086f4a74d45177c491388de3231103a1f579265781c8998fe77ee8bb480d05b439aa36b7a42e1e4f9c738ddcfdfb8

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/2024-08-12.txt

Filesize
511B

MD5
53a6255049c3601b0c639e94b80bb866

SHA1
2c17d7c06c80e3778c6f8794f6bd94753591746e

SHA256
c3c249ff9960d67bea0bb5fa2a71bc30877ff4ba56a4cc8797de402fdaccd1b9

SHA512
4e1e62f618171a212395bfe6b9f0899b2aaac6d661d919f1fd0cae8bcc318897f810aa2359f1d9ae682d3123a3ef229281d8ca2cbfadeab506e26aff144e2495

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/2024-08-12.txt

Filesize
2KB

MD5
88aade4f63e8ae3207d0dd2e45cb2726

SHA1
95a164ffedc7ecdcb52562e6cf3f2fbf8660963a

SHA256
1621b9eba3d09d03b4bfb631bad33806772b9aef590c669cfbdba11e7d3e0808

SHA512
32a8be15e0ce24dbb1f2c315d7c94168c82ad4deb21bf9b6261bc9d23c78d4dd43b376eda33a14ee7cb2d51c5209902213645dbb9bc4f24d977da937caef4864

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/A_index.dat

Filesize
41B

MD5
96ec69eef4fe04cda7eb0dbbcfabcb8c

SHA1
60e1e6ab3d3c017159f2550966389d5de33bca1b

SHA256
83cde305e37ad1deb17d86f23a39bd2434d6719e30b307adebe5a189a78ff6fb

SHA512
a8bc5a95767b3cadba530f1a5c6201519a6df25a969f86bfca1a46a86641f8bce1d2983f51322314bae5aa841d1db774adf1093a5a3464e0d64eb94b1269ac7b

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/pl.log

Filesize
711B

MD5
7a743e642982e6af237fa0d30a463f0f

SHA1
55b0ea340b1e4f7211fb1fd8f232a0713c4dd5a3

SHA256
b71f67987b048cc14d5452d2450ca6cc0e3b978a41199a8d1e05f086e89d22f9

SHA512
248a6ca19e671bff814021a7e10fb419ac62d166fcd14e192b26adebe42400057a089eced04ce2bd42f0606c50923322a70a5f2906ce14e0ac0dea235e062c86

Download Submit
/storage/emulated/0/SOOVVI/.logcloud/yst_connect_log_20240812.txt

Filesize
80B

MD5
3a2e2fd1e852884fcecce8d0acdd5b8d

SHA1
262c8ef43b1aee598102c24b30046d541df30a27

SHA256
e116321d72e6cc65fe5ab5e0704c8305d5287d26faa868656e2cab91b0b494ce

SHA512
1b39b01260051ed7e3659183565938377813714f13eee4cfecb4ef24d25a677ae6fb6d23e8de8535bad585f6e9401f7533dbd0622b78728fecbabaafd1c02dc8

Download Submit