a614b070b66391c911c0c263078785f0e97431ec22779d380b80cc451d5b3fba

Analysis

max time kernel
179s
max time network
187s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
29/08/2024, 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8c4144ebc0f73d36cc4d4632a1a5b7e_JaffaCakes118.apk
Size

19.8MB
MD5

c8c4144ebc0f73d36cc4d4632a1a5b7e
SHA1

5f9a43ab6439913108832f1dc0fc90151658c1c2
SHA256

a614b070b66391c911c0c263078785f0e97431ec22779d380b80cc451d5b3fba
SHA512

05ef70caa3e7e6e2e51ea778b2faa57f0ba85baa90518ed206a9bb6a51c715a1133f4711b0dd09588e26a449f02a0479bae1364486c6e64903652354ae72a05a
SSDEEP

393216:HnolIe0xMeKBlYnpe+vYAPGXdYbYZ6fGCfhpYOGypJGkDq7cbvjsMqUweT8:de8I0nAhA+ybs6dfQOGypzDCcbvwyweA

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	io.dcloud.H58323F04
/system/app/Superuser.apk	io.dcloud.H58323F04
/system/bin/su	io.dcloud.H58323F04

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.dcloud.H58323F04
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.dcloud.H58323F04:pushcore
Framework service call	android.app.IActivityManager.getRunningAppProcesses	io.dcloud.H58323F04:multiprocess

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	io.dcloud.H58323F04

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	io.dcloud.H58323F04

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.H58323F04
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	io.dcloud.H58323F04:multiprocess

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	io.dcloud.H58323F04

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	io.dcloud.H58323F04

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.H58323F04
Framework service call	android.app.IActivityManager.registerReceiver	io.dcloud.H58323F04:multiprocess

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.H58323F04
Framework API call	javax.crypto.Cipher.doFinal	io.dcloud.H58323F04:multiprocess

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	io.dcloud.H58323F04

io.dcloud.H58323F04
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4997

io.dcloud.H58323F04:pushcore
1⤵
- Queries information about running processes on the device
PID:5031

io.dcloud.H58323F04:multiprocess
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5085

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.dcloud.H58323F04/databases/User.db

Filesize
24KB

MD5
cf4ee2ebdbc6935ee58c62b74e56ee09

SHA1
df1ed409f5a46d565487519e6334e2b489b5773e

SHA256
f1b8c7c0ae3e9d1d70127a1469810e045d6474819b21fe94934f8746ce4b5cdf

SHA512
22df5e934fa7f46c472e5fcf79c02588d64b18406444d38f66b42b27fcb666010602094ab366095c870516ce058ee034f55e28bf4d1f142b9a85da61c767b981

Download Submit
/data/data/io.dcloud.H58323F04/databases/User.db-journal

Filesize
512B

MD5
82abd45062e18cd975512a924f484655

SHA1
de0f83f3b5802e5068309b72c28905fe8494d605

SHA256
b952f9c3e5167fbc0cacf72714d7ca1c7d02a03974a71e2758d94638dfc1bc38

SHA512
bd46866d718912f39c7b632cf08c18641b54c5b1d459b7b851a9fb96790b800ef4f36fae13793c83f2f97a00d1ebc583f9d55d487b12100681db7ab00c291648

Download Submit
/data/data/io.dcloud.H58323F04/databases/User.db-journal

Filesize
8KB

MD5
d093b1130188950290b73665ce3886ae

SHA1
f847be52a91d08a863cf36c32d7919ecd836b2d9

SHA256
9ff3d47e1dd46f1b1167ed3abb4f08e0f452023fc3e4b54f5b8c5cd35784b435

SHA512
3c2967c56c19a0c0428ad6cb9275584f057ed6f04112fe9d61f4b7bb5e6163469b06b3ea1e0d5320e7ae02e9a893e6a7d1c622f4f94eaf657e2e62b74c1f8e71

Download Submit
/data/data/io.dcloud.H58323F04/databases/User.db-journal

Filesize
8KB

MD5
1c5f6a9be006f8a4fd908448227ad7ad

SHA1
1d783e2c4e8a6e6c55c87a17168417267eb5291e

SHA256
8ac253e2b2ee3a91a0c701f5bbaa7be0b47598f523212e7ee5b3b711b8aac31d

SHA512
7ec0c7c406fb3a3e65ded0c85e93cacdeb57dc4748010a9b0368a5ab1bbf769c797f56ebf2e691c152245630bb11cc395369264e2a9f79bab17e567587ccdde7

Download Submit
/data/data/io.dcloud.H58323F04/databases/ua.db

Filesize
24KB

MD5
22b21d0cbd9e499153fa04f828976b95

SHA1
f1c6758eee2ee4d3825329706d628d49b5925a17

SHA256
1b13ea41ec88c5c7c3aa7b98d23e54ef70bc979c400f9d54c5e799afb2f29c13

SHA512
9c29f755cc616d1e3648691adacaba9e96150b8b2140ab604adabe5a81de3006417609ca2d52a64fa9482b406ba612573be9dc6744df8e590a8100ec593d9735

Download Submit
/data/data/io.dcloud.H58323F04/databases/ua.db

Filesize
16KB

MD5
755a85ee971f3f8487f656a12c96db84

SHA1
30351efa5a9e15c9ff4adb7e18dfecbc33d3b914

SHA256
15da86362b791903f5f259301c260d52e5d22af884624c27de8827b4011c0e6b

SHA512
5b20b4b109aacec27b97ac28e964d78b2ab07b022c040351749df7e8c144ce8e5d4b01c5e6a60237b141ffbb13283f169f052492500e42c06c5bfbacf0fec67e

Download Submit
/data/data/io.dcloud.H58323F04/databases/ua.db

Filesize
16KB

MD5
6fed4d51ec64d8176fcb38abc6f8bde9

SHA1
dd223005c0e621b8709c95ea9b54030cc9b30e0f

SHA256
3670f07e8195992d4aefb3cfa9f1e3f8921dba406008e0087c3b2cd6d9b5135d

SHA512
74001834bb5a7432b1d7cded1386b3b64161efedee40832d30112dfcbcb26b4ded4505d26ce868941c27a1b27c67519d1a40fe1d4f2a766b8c31a63936b883f0

Download Submit
/data/data/io.dcloud.H58323F04/databases/ua.db

Filesize
36KB

MD5
b7036131b84bdf2b66c67fde18d62308

SHA1
18b1e5a358d68c846495cab5cfef7c6679659093

SHA256
c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295

SHA512
256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

Download Submit
/data/data/io.dcloud.H58323F04/databases/ua.db-journal

Filesize
512B

MD5
7eadfa0518ac1475d7ce94299a491c53

SHA1
8d802a57654d72da3de48e413f68b177a758d56e

SHA256
20c53a7ce19fe804eeb36ae8d4c0c12700aeaf4933507b69a28938ad3d93fc67

SHA512
dd98ee415d7ad34d562f187f9e2d6e2defac2692a86e61fe0ce6a7b02f77dea27e91f63b92a256423251f42b33367dd70da95730837c73ceaf5bb47b3bfae0ea

Download Submit
/data/data/io.dcloud.H58323F04/databases/ua.db-journal

Filesize
8KB

MD5
066a393b290b1ccdad9b5db4ecdb0f49

SHA1
43a411bcccd1774448cb9254644efed374caa4ec

SHA256
bfb7c861139228a2b39108a5989a8ec245bce270fe7d2417dbcc8768a0827af6

SHA512
ef7818d65b27d6bdaa582f9419e84e37fc0a791429faea19ccc3e1d3927599d264ee17f5a6b3ef4881f5cf5e91c05febcbfc7763591a468236d74c082be68a68

Download Submit
/data/data/io.dcloud.H58323F04/databases/ua.db-journal

Filesize
8KB

MD5
02d35f8728318d4bb7c92aa72abd3e8a

SHA1
bc2ca03cfc1e8ff5a05767c7fad66ecd0ca36081

SHA256
b13a85bc94773d7ae1a4541bf39c6b9c58a8f6a9bd8846af1084e918fc9a6782

SHA512
7e17a3510147d1d74f4ba3289c221e4108541215d26533d96d2e7ee1378fab5d64749aa843210c8ba4fcb2780b350f291353ea7d951446754dac7d2adc0c4acb

Download Submit
/data/data/io.dcloud.H58323F04/databases/ua.db-journal

Filesize
16KB

MD5
42a1ab592b516bf6f79fd3a588f5d446

SHA1
cb7ebc7ca889c05dc08fb395119fab43a233cd1a

SHA256
f836b8961b965fa667018ffe43eac6f2df9b42902a27a1ed3e885147fe2a9a23

SHA512
73811bed7cd28890c0412ee5c4e8d938187a10e4218eebdac59735ef1d1255ce361d4ffe659bcfd190a412fd054c6e1aa6ffe15684fe4c819c25f84ceb41be6b

Download Submit
/data/data/io.dcloud.H58323F04/databases/ua.db-journal

Filesize
8KB

MD5
8d40141f7ad72a25718cf626c5e43681

SHA1
d79dd4ca06c6efb094704f6aaee42f2de34edceb

SHA256
46dc380f102fc876b2ecbd23993ac1fa64af4264a15e2e2cee3528bb277da1c5

SHA512
75a5778c9616f724b0732cf93f7f3874150f48120d1189168362988610032b294b2e45e6cc3d84ee01cf8a2d5ed70c63d95f9f4e48df558f5b26b1a5276185ab

Download Submit
/data/data/io.dcloud.H58323F04/databases/ua.db-journal

Filesize
8KB

MD5
13db09d844c6d49f0501b6d7b3246e26

SHA1
0eb0e63ae92a24dc7ff09485362e227f76b49e88

SHA256
2908c9ffcd28fbbcd842c8b49c3d83974908002ade02d6ae34d56f78258c4cff

SHA512
f4d80654d6af176cbc55550c50b8db2391f9399511c49d04ab0255b0edbd8e6fa9bf400c802006ad7d8708dd2e7b784487dea32dd329da903448d4f1b968fe99

Download Submit
/data/data/io.dcloud.H58323F04/files/.envelope/a==7.5.4&&3.1.9_1724932326559_envelope.log

Filesize
1KB

MD5
28540682ca26be6738c382ec7d13bb88

SHA1
7caae7f8a85c60338fdba5520404e83661fb698b

SHA256
7f4ab915020aad0ae827ce7758a81994d467c80938bf08038eee78cfd1d4e696

SHA512
5425e8bb4aee9940f81f920b66657507d6f6038c45970eaf85bd35fb188e08b3c98ebc7becb51d00b376388f9d52f2a1a6eb52633040daad9f8d605078ce3f22

Download Submit
/data/data/io.dcloud.H58323F04/files/.envelope/i==1.2.0&&3.1.9_1724932327071_envelope.log

Filesize
2KB

MD5
1a4840428beb9fb16fd6bcb0113677fe

SHA1
d22096005e0a7924e0b69ac7fd4df884c981758e

SHA256
905c81ddc7559882220303234ef2e777050c1b578af3bdcae0e5cd22dde4c1d6

SHA512
07b6bb6f2dc2525994e4708ef8a4043a6f4b99bc962980220b41582e7b3de657444bf0f5fca0d60711a40f9c3d0906f75418293e963eefde197a596180c64b61

Download Submit
/data/data/io.dcloud.H58323F04/files/.imprint

Filesize
922B

MD5
af243a69620f2aa406272df54b7f8c40

SHA1
6423938f089238f5bac95aef6e1a4dda24d94413

SHA256
a3cb65aa852e9500cd1ad855f8bdb4005717b240c8434e4425819b42f3cf0157

SHA512
e5e650f6d177d494f80f5e9b9b720d1bebd4d3c674595ca0b8cf4e46f69b9dccf8abeec6a4e836c60f1598d127b0e367893d2f223c22863dbddbd538c34e92b5

Download Submit
/data/data/io.dcloud.H58323F04/files/.imprint

Filesize
922B

MD5
b1e037a66655e94acab01ee0ca96c88d

SHA1
cd30813e1f720b7293a713dd157e48ba91792ed5

SHA256
76dbb5529f04c6a270c724746cb07dbda793497b7393a20a576bb557957f1302

SHA512
82c892885626c06b785222f2ade51b6d5b066935547690ce9f718b6af8a4e04b5e4a84605a4af27264f09d2f5daef4c166b8fab79ea47e2fddb0a9d4191ab22f

Download Submit
/data/data/io.dcloud.H58323F04/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
ef2e95d770b3094c6e1930dd8b07ba23

SHA1
87922fddb87500188249e0736cbcd1c196379a9a

SHA256
7b2e07c766a4c5b1b875b806e5174b16e5bf8e014d96f105879d35ba7767cd50

SHA512
2ed8d6d317e058fb6c27027a9732a2d00987e4487041430c8a9ea31d8c444de5dee3f2670b03d191b7f1f5b9258e39e7135c1791f10afd0a4bf38a06d2885e39

Download Submit
/data/data/io.dcloud.H58323F04/files/exid.dat

Filesize
53B

MD5
5987f7845910708b775cb886f5c492db

SHA1
25e1516c62c6a268f650318485db4b14be1a46d6

SHA256
7a58f07d6e7533b46f5b7e4ff6e87e02f4d4306c05cc03fb22d89da6cbeb68de

SHA512
4a73c454d55b57b4c73a35155b769227594cdee0ed984a3f7b1a8557edfac7b115ab4c1209a6e4c90908c4143203a6f7af96b691da4ea8a25d9e8d8fa430c3a2

Download Submit
/data/data/io.dcloud.H58323F04/files/jpush_stat_cache.json

Filesize
119B

MD5
0ee669711bc33fa956f0073395437517

SHA1
c22fd1c36e44a47991487799114f5ad1acadb286

SHA256
771fc40cd13a2324189944fbcd39afd20c828e8d1be2c5d542a52a74487c4677

SHA512
0c942adcd3cefb383749212349ebaaf1a500c5d6e756ea450203f20e1e15bc8873177792f17b0f6d8eb8ccae9e45a9306093057033af8390024fc67b150a0d6b

Download Submit
/data/data/io.dcloud.H58323F04/files/jpush_stat_history/active_user/nowrap/bf4f9350-932f-4440-b859-41f40eea1260

Filesize
159B

MD5
38a9c00922d2e9b532b83edbb1bcfdf0

SHA1
421831c60c12e6dbe003c0f0e8ad98f3cdda2fae

SHA256
49599bc68768da661757ef349d1085f97b6694d67624e91ed60fbe175f72f760

SHA512
75827918acd98b87abab14040ae50a9286fbc6c5bee423e16be4dca4ea689becb00d4e5ca37737d5b3f406edc024f29892feeda5c00f944ee6e26a1efd7762fe

Download Submit
/data/data/io.dcloud.H58323F04/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzI0OTMyMzI2MjEy

Filesize
1KB

MD5
6e1416c3b881390f01b6eee8a6ae6ffb

SHA1
40c9922a72542b683398e676579a8aad7cc85338

SHA256
17db8f8614583d4d7a03c11c9c3a7c97a28ca32fedbb45e42c8c43c0714211b2

SHA512
b6928f1a93f911965c144a53d87ba2e5eea6b81fa5c8f028f370029bf1e21196bf2f013e3d9f86dda7206f736b21a47e722fad19984dc5b94f08953e61f9b59a

Download Submit
/data/data/io.dcloud.H58323F04/files/umeng_it.cache

Filesize
433B

MD5
1608fad31d65e16d4783fd90f32f0f8d

SHA1
b0741261754e9a4562cb4e393d3303b45c800c16

SHA256
50aa98f15849ca573510b12af2d6867da937f0b1ef3e2cbebb47cad93cde791d

SHA512
998d0f0591e5fb0f8d9842d52350f64714d60b666125d438badae9e0456dcd184eee4bbcb00f90e5ebe0ffef869d7b2dc24895ece7ad53d83397ad5dee94d365

Download Submit
/data/data/io.dcloud.H58323F04/files/umeng_it.cache

Filesize
220B

MD5
4902808564e9514ef2ac4117c0708e19

SHA1
dcbe2c09985c9f73042c05e492052fc61093a087

SHA256
95d463b9112fed506abe7632503023fed6b1d01eb6040ff2fec22b506c8f646d

SHA512
f2703ee5dbc7fab23979700ec2b2fbe02ffa01f0e2164d0dae1e4c6dce782e57cdfa38149e5c151b2ec808596d126949e7f067ee41a48753c62da7bd68fb39fb

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
13b189f56060a58ff756621e728cc785

SHA1
4804d914dbb8670f21f5d4c27e3ae7c10f7da1a2

SHA256
2431a3754179de05b318c2c78670d5c3552efa4420816c7d5e26ebbfca3a777b

SHA512
a8e102423ef497853641181c0e67e88335327cb9de4c3d4480310471213d17ecc6dc9a1b4c5370c2cd8316f059049d549e0db6d4009a181629b3ccf18ecb78cd

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
213B

MD5
48fb45f4542efb7b0f9ff428f727cfbe

SHA1
38a1e4f27cf110373e7db81a94df85a735fa131e

SHA256
52c52b48ca9e36128c95477b1492956f82c6a388cf33abe1eaddff267775392e

SHA512
d77b5f9704fc0f16214729badaf488532c90c7c273f5ecd6117c4e80f0efa1f1854d590f472981d0a00006dd81664670cafb71b1c15eac39c3531adfe2ff5cd7

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
74bc6252159e082ceb183279c919c4f0

SHA1
46f0b9bf66e724d5d29aa764acde2f5d5226b5db

SHA256
9e534c7a9e2992b201174e8469b481d269403280b55169079c40a6938360d95f

SHA512
3bddbf75071b0d5fd181af93046857c0a5ff45b74acf00ca7c7ba17e9eb22eeeb2f9b4584a283d3df5008e9b274c2ed4865240878f72f1bd42409d1263c3228b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
14077f40174b45356c4ff763c07a48b2

SHA1
542ebdd136341feb3a855956456d9d5c3a86ab58

SHA256
78cba13bca8fc869edf2daa22ef33a72c1e9bfb50eb308367639a5249ca7fcf2

SHA512
b89794be51b0ec5ee39f9586c95244ac59ee594d49c0f92877503f1673df8c15ae766ec80ae0b2571b909c5e01f7044bd4f7725a056210bb58e001bcb22445f9

Download Submit
/storage/emulated/0/data/.push_deviceid

Filesize
32B

MD5
78ebe837f9696f511bbf473d66b36b6d

SHA1
91ffa5211d168ca134d83dfdd36306486fbff187

SHA256
073ad5e9fba25fe9847ef7539fdabd9ab8383080598a2d04352bfece7106a2dd

SHA512
03a9884ca0115d3a8ac4898f2eda4b84b42441471b10c4e2e3ce19f93161e8af19de9187aff6fb437191cd10fbc52a70388d227efb1a130c5cc730090d2ed9d4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads