1db2fedf9cb6fa428478421cf2ec0e66ad728cde930f9d6361c6b77d74d1d8b1 | Triage

Analysis

max time kernel
4s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19/08/2024, 02:35

Sharing

Report Analysis Logs

General

Target

a93e2c19c769c519c0393e2e340a89df_JaffaCakes118.apk
Size

6.7MB
MD5

a93e2c19c769c519c0393e2e340a89df
SHA1

b5d296e32b6d021e626a4be30abca7f91828ab3a
SHA256

1db2fedf9cb6fa428478421cf2ec0e66ad728cde930f9d6361c6b77d74d1d8b1
SHA512

f83f83aa991df8b89bd6ee7d2674e26a609839e91e3d9a7b975e048cf0a5e7a9b29f5cee28fcd767d0a7871d4f3245341b78105c3661ebff767d019ab28f2f96
SSDEEP

196608:pZ+WZs0mwlLFxLFtqKwZEGUx/WlSWFzRx:bP/13KEGj8WFzRx

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

Process Discovery

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.foreader.sugeng

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.foreader.sugeng

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.foreader.sugeng

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.foreader.sugeng

com.foreader.sugeng
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4270

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.foreader.sugeng/app_crashrecord/1002

Filesize
229B

MD5
dea9d31bbe33a70ae56ce51e46aac767

SHA1
bb9a0db46d0b72bd400c0092899349b5b79e47f9

SHA256
6d68a9c416fd175af3522f8b1373bdd7a9bec3ba6007ad5aa3a65f577cb09d65

SHA512
f97de9618fb7a754bdc602b6bba090f6752d6067309ef86e66ce99680963829a2daa78d01a5c2d2cee89733904173ea92332f6f59835418cd2fbe11a238d310d

Download Submit
/data/data/com.foreader.sugeng/app_crashrecord/1004

Filesize
229B

MD5
a4fcd988465535f1fd80751bd020d424

SHA1
066a7433e39f769172fd47e2cda357f3e301c0c4

SHA256
eefc2dadcb8a1f6331b4a3c8633753a5cf5a759a89d47de2996f25f3cc2bbc59

SHA512
c73f0ce19ebf862dc4fd58b4be177db4f5aff649577972a3cad3775cbef5b906f847aa43a57e6523fcf77efb867d7f6b8a9865c9063dd1ed9185482b923b4b24

Download Submit
/data/data/com.foreader.sugeng/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.foreader.sugeng/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.foreader.sugeng/databases/MessageStore.db-journal

Filesize
512B

MD5
1ca5489d1bb0ab82c6d09a0533f231b8

SHA1
adb44e5f1829f6f7259930d14a82e19dab5d1529

SHA256
33ce680dc58ba2117a21e2771f2abaf4749b4029d9560d43066e11da3e269000

SHA512
e981df7b8acd6480e93b8e1b5d9ef15cc5a6ad6ba726c14c67c96dc04a9ad72ef71beb9ea8d727e715455290c670e4d3d175877256092f267c57af9e5457d327

Download Submit
/data/data/com.foreader.sugeng/databases/MessageStore.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.foreader.sugeng/databases/MessageStore.db-wal

Filesize
48KB

MD5
ed9d1603ee2c959c097e575da77349f3

SHA1
36b83accd9097942e9907324b2f478f31d102502

SHA256
1afa2156896caa89730461d8dde8ddffd595069936b1dd3d4612b6efa6abdcf8

SHA512
fa060100e139349e2a1240ffd69a5c60601c7155442a6413c2e4b0b01158bda8bd253865269d634844621a44e0e6f78fdfba5084550f3a2a1e26dddcca0da577

Download Submit
/data/data/com.foreader.sugeng/databases/MsgLogStore.db-journal

Filesize
512B

MD5
d45b83b4e5cb1660bdb702a78aafaf78

SHA1
373af5f70c5df180974ecd7b7cba763030f9f3f6

SHA256
1117a1b73b6cbfe68e3c7eb5b0659b63b11e707320ae0f6247b23038e682eb70

SHA512
981ae7bb7291ccbf2d354e9e7fbaec5c307bae08b1214537aeba1805658076c939301ed84f38e24c7b8a7e1c5869b951c290e5b1f29f7929562668997d93537d

Download Submit
/data/data/com.foreader.sugeng/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
2ad619f9fa3c7d89b7095f1f0fc53fd0

SHA1
48e8cb826c16b0c356dbe9c3d310cd18bd1ce51b

SHA256
a8c1924469b0a9b2f1e22fcd4e92bc9492f72f26b77c25113dff56f7e6c2b9ec

SHA512
0d70f04d517407030e864cbede766860daf8a62675d7671f73905320605dc1855449cf43209f8e9da10f20f7a1c3fdf7bbf45ef4adbdfec6a288319f12900486

Download Submit
/data/data/com.foreader.sugeng/databases/bugly_db_-journal

Filesize
512B

MD5
f9e5a1bdd483555d3bbb85f34dca041c

SHA1
eb841ac6a97e40db66bd12658f4a69b847a300fa

SHA256
ca41ff5a2bdef3d7ff79a976bb3bac8a516659ed7549a5de05e4a04bdfdc4ca0

SHA512
430d73d0b847a934ecf463e35c4b9b1bc822bf3caf2084c442ae9855a58e42e82f4dd623d20e08605e87dc016bc3b5bc84a1f091f09df71ab2664e3575cfc4c3

Download Submit
/data/data/com.foreader.sugeng/databases/bugly_db_-wal

Filesize
76KB

MD5
78a887f7d21aca44ee5d3d2162307b2c

SHA1
3e7cd402effd08616eba9072bf3517791aeaf87f

SHA256
881684c2e65763b813784df9b5b95e4d151db07a8708d21f63a5e10069d962a1

SHA512
35c31150d286f6cff22731d2a48a6cc6879ece4f9e0e15cbc59715ce8473875bdfe289febc423b489cb448cd13465b79adcf3a5b72e3db5ba95cc64ee3c820d6

Download Submit
/data/data/com.foreader.sugeng/files/Mob/domain_1

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
19ad65942e42c649f7c2cc6bed750292

SHA1
73efcdca8489fb5a0eba0495acf61ac7d05538f1

SHA256
0c3656a6f65d4454969ac47ef329664e6ad48b24f2a7bcb6140856819a00f1e4

SHA512
3c7da157a144d5be318d20b9435aac9e9d36a31404a3b0d1807da2a7ebd3371bff895d1ee548127758fe03708b65f25058567439db6b1889e61bf06f0d9e3857

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
ba485abce6782d471a8f02146b27cf0d

SHA1
5c250100769120e099e3ef256fd1420302b71bce

SHA256
8eea20594e7cb25381e51a29749b8c30c9899ba2d4ba104250faf416b5cd8f10

SHA512
da4d0fc74109d47e979d29cbc28f34a9a2401e1291b39b32ab1a41ec228fed45ef143c53bdd3f1a5195e48a7415daac13afbf942a82fd3b7131fa80a5f0301c6

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
52938ab3c114a9fb96c28cb180290048

SHA1
f55a73871bff2e79bed09498429e1b05ce8d1373

SHA256
18660096de3df6885d5e305bd92da18d2118daf05ad3ca86804837424f26c6e0

SHA512
1a4a1e988088d9f3883b2d20477547e66c874e341a85d428f5ffd91d61ca167ba18e5aaa343024da459e52d2de4f923fc65f7eb6cad78e92605075cbeba80cb2

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
cf0a427e69db1b91654b7ca661a0743a

SHA1
233cff8b92c867887bb5ee06deed6bd9b1d7efef

SHA256
44f2bb7330ea6f3b2ef1ceb008bf46d899d322b5b0fd5376f2b1e42bdd750974

SHA512
1bc4041b3abf88e384549c831a16da6c582cb2289b582d238928bc370ba75f36552ddf8525f70ad3c69ddc0185fd3b75ab823795c073504224495a5fe267c0b1

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
130B

MD5
f321656a466363e5192773d92000e401

SHA1
3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a

SHA256
53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c

SHA512
fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d

Download Submit
/storage/emulated/0/Mob/.mcw

Filesize
82B

MD5
a7f92d9ac83f7d80123e876110921c00

SHA1
fbcd822a5e05750f7c53e9bae726ccf551ad1eaa

SHA256
5f864fe6f72708f14b9fa139ee13592f30b577e511f21527b2efeecb2b316783

SHA512
98f40e854e596f7118480d44a6e79ebd4f5d091995ea8982a1b92c005a06eb5c1557008e015c70bf645a3eefeee7e974c57b35bdd1866a0d0a3596fb7bfb7253

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit