e9b954d5d482de2a81c6608f9bc48151443554d8ebbe6a1828fd3abc7682e31d

Analysis

max time kernel
5s
max time network
152s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
07/09/2024, 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d10f2dcc253e582f871a04495f731123_JaffaCakes118.apk
Size

28.0MB
MD5

d10f2dcc253e582f871a04495f731123
SHA1

51b08b58ecab1bfc2f0eef18c2d2a9656bd8be51
SHA256

e9b954d5d482de2a81c6608f9bc48151443554d8ebbe6a1828fd3abc7682e31d
SHA512

c100131b973878984c492497ca610a75cc47d8d25471390e7d35a91244961b952d52f0aed3f9830bb36cc7bfe61f0102dcc8f713470af9167a95a0741c63c9cc
SSDEEP

786432:SCvQNIr0B8lvyvtFf14ShD/B6igsg9It+T6/KG7k6:SC5YOlvAFnTsiBtz/Kz6

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.yifeng.birdsrun.mi
/system/app/Superuser.apk	com.yifeng.birdsrun.mi
/system/bin/su	com.yifeng.birdsrun.mi

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.yifeng.birdsrun.mi/app_mimo/mimo_asset.apk	4320	com.yifeng.birdsrun.mi

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yifeng.birdsrun.mi

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yifeng.birdsrun.mi

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yifeng.birdsrun.mi

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yifeng.birdsrun.mi

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yifeng.birdsrun.mi

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests dangerous framework permissions 1 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yifeng.birdsrun.mi

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yifeng.birdsrun.mi

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yifeng.birdsrun.mi

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yifeng.birdsrun.mi

com.yifeng.birdsrun.mi
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4320
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4467
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4486

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yifeng.birdsrun.mi/app_mimo/mimo_asset.apk

Filesize
300KB

MD5
bf0be21e40885f5f682349db415ba2f8

SHA1
823bcad773983ab798565f7b64b95783dce14d80

SHA256
aca4c8f0522c09a77bcc790b10c772611525456cc88da97b0240ffdfe1c4a2eb

SHA512
3c837718ddcc19885e00d54f9b7c336d83406571affdf64411e85a1ca317d67399e1cd56c5472a725568897dcd45bc5d94b87747be72b15e37e565034544be81

Download Submit
/data/data/com.yifeng.birdsrun.mi/app_mimo/mimo_download.apk.tmp

Filesize
380KB

MD5
894eb71a00f566a4e5002158d02868fa

SHA1
04f9b3ce56938826730978a081f2391ef70dae51

SHA256
4ee44cfdb5dbb8106bffe20648797c66bad8a62cb914565ba70617f875c01ba2

SHA512
048d1a7f38c60c36684a692240b0ac5faa52480e5ba9392b8df4c38d552168209a0b44b918898e50be9673b354a8f2a4f3cf8f101b2069fa55d463e4f0ed3e6c

Download Submit
/data/data/com.yifeng.birdsrun.mi/databases/ua.db

Filesize
24KB

MD5
60fe3bca372e662900f84a93bf1e2ac3

SHA1
85458d2dea8329a9a86feadcd3953d65cab5efd1

SHA256
d361906bdd66273295804b8adaa1c3b3b8cb9a72ff72b5f585d628ba0007b08d

SHA512
944dbcff18007d0a29100b57ecce090995da1879433bb52c4f7f90c9e91b22c45a9072c3f1b74486a42cfd4c7ac7f98ec8d0e4be505be138185bc488cf627218

Download Submit
/data/data/com.yifeng.birdsrun.mi/databases/ua.db

Filesize
16KB

MD5
4bcbd9ed201c2d14f7407d81c8a759a9

SHA1
3db47f9b6fce6df020b7f0c95875f6071c28404e

SHA256
9d98888b638468f37b2cec5da381d2b417031eb4ee0b1ff513ab9f4633ad5f82

SHA512
8f0efcc23cf39016d362a5af1998ca74222776817f9b2c5790394843a5f9ef78d641bd1829a2f03356682e821b9332c7d80d8163a9fc33bf4d2163a2af14dadc

Download Submit
/data/data/com.yifeng.birdsrun.mi/databases/ua.db

Filesize
16KB

MD5
ef73a30aafd54c04bd1b95520965f73f

SHA1
b4a45818f43d7659e5fa699656e4d9b3db1b03d9

SHA256
a5d60af88bd6beda587462a3130bab4a6e1a134f4ec7d2a91ab5c147e4ddeaa6

SHA512
56947f64fd9428cd259e7cc792408030b469ad0f661b17ef0b767995cf302756e4f3849002e4518a78b7705e3df39e003466a24c3fd38e8c2d7f17334c1abd0e

Download Submit
/data/data/com.yifeng.birdsrun.mi/databases/ua.db

Filesize
36KB

MD5
0adda9c85a5e4808f5b1b74c0a8591a5

SHA1
5048107883ab1e345af9cf2e6849ce46e0e612bf

SHA256
1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

SHA512
646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

Download Submit
/data/data/com.yifeng.birdsrun.mi/databases/ua.db-journal

Filesize
512B

MD5
7145a4c461de722ef02ae80a5fa85e55

SHA1
52005e9476167a0d840cfbd02845e71054203bb5

SHA256
eef15a4f9429fa6deb625e532621b779e9bc9826caaefb3b2244e9e5a552395c

SHA512
01f82c5bf0704ca4264ec2922b67581ba79a954e54532f821d360a01aed525919da5e9b4e33b77da401c8d0fd8ffc4c15a0bbfac3a18890357609c3fe151a7e1

Download Submit
/data/data/com.yifeng.birdsrun.mi/databases/ua.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yifeng.birdsrun.mi/databases/ua.db-wal

Filesize
12KB

MD5
c3f7fe64a0825b32614d927ba9594a95

SHA1
3c40e996e46d2c851c004d0c1fdf38a7ad7804b8

SHA256
1dd9713b9840b76fc34d612420243a530de55dedf824e36d6228e9aff05246ac

SHA512
82e97b04e1d37d7dd56c75cccf76af4b75bb95c006619a1f5ad70cb1dff04b8203fc0efa50be9d92195483ec18686339264697c1fc8f75fe3d5a6ae9aed4012c

Download Submit
/data/data/com.yifeng.birdsrun.mi/databases/ua.db-wal

Filesize
4KB

MD5
7625f29b2672ecb17640290c14e31cc3

SHA1
042f9db146dd18006f71f6b35e86de368c80a6da

SHA256
2b8fcd26e080b0c0306dc67aabf723967758da45e869ed2deeae7ccdc47d1174

SHA512
ce2126b3d58edbf384e761adf476a44aa086d6ff8ee8ede23c54ef841492e4d73907c9a76e71d997c528487e4ad53bc192804302e018f9c5a6063085338e330d

Download Submit
/data/data/com.yifeng.birdsrun.mi/databases/ua.db-wal

Filesize
4KB

MD5
dc3963100c7e0d1fd86169e6f8edb06d

SHA1
961cf81f4877e81cc0bc091ebb79b86f732417e3

SHA256
0b84077849323e87fdb48de422c883dc29a3d13b477060012beaf3d482d9f856

SHA512
56f0149055191b1fa872a7f5b0d150e61d260dda5902e90a2301e16e039d235c79601828cc2c7fce701cc9239158391e901917f775281c6ccca4006a7b88555b

Download Submit
/data/data/com.yifeng.birdsrun.mi/databases/ua.db-wal

Filesize
48KB

MD5
53991b35df0ad8fb32301660e2c1907d

SHA1
8d25121af13890d0f55318e3d0d7afcf459000b6

SHA256
d56b0adc6aa1172d98c5a8aaed4cd58fd9561925967e37fcb2417fab5346ad8b

SHA512
f4226e32c2927bece1aca027127f94cd076b60e0b9d82d696018d5184a9cb95738201f547ee0d895c941083ded43a334f61ccc07eee19ac155239ad0adfeb5a5

Download Submit
/data/data/com.yifeng.birdsrun.mi/files/.envelope/a==7.5.3&&1.9.4_1725968064673_envelope.log

Filesize
1KB

MD5
e8b2cb0f7aacace2482e075a355a1e11

SHA1
0648d1421bae79ee646ff2757daed42dc8676f20

SHA256
9a698f57a501775e33d59c16ed448b33f70d00bde3ed873650904dfa9cdc40a3

SHA512
c55d7e3b9a64fe5caa6b326431f229c5945f966853aedfcc7ca775f47cd7d303e67a4e414ceb8ce5046573ec13deb8d30375141427a34c88c9ff5ceeb204a4db

Download Submit
/data/data/com.yifeng.birdsrun.mi/files/.envelope/i==1.2.0&&1.9.4_1725968065228_envelope.log

Filesize
2KB

MD5
68ceb7a6fb1ce7bb582df49928a4ec52

SHA1
a94b7aabbde48bc0ab6e693c8ada344d2f8b48ec

SHA256
8080141ab888901e8b604d4b80abd997ddebb787a4c3f3a4dc704e10ba52455f

SHA512
13f6b9cfd38126d88505cf72f6c8e55d28d8ef239ea6c89789e7150477f9d0f6dc2f1e7637e16f7c87928577be5149541895f823781d02ae573918b649fcb8d3

Download Submit
/data/data/com.yifeng.birdsrun.mi/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
962be68353832495fe629620b123d4f8

SHA1
f76e3b2ecf5b13a8088549a28699b1f460ff5deb

SHA256
087a7760b0440d47c3a68ba0354609eb6516d244e8190b82ba99b201ed3545b6

SHA512
d557f2d261827193376e20b01ef9d5d46f5a99920ad3a123e929af9328f773f20d33854b591145cd87d2fa1941f322a58c86f0517b0930516bd629e87c37f1d3

Download Submit
/data/data/com.yifeng.birdsrun.mi/files/exid.dat

Filesize
52B

MD5
8d195e73355168ea2f3b4737988e9810

SHA1
4bcbfbbae9ecf9df777e9bb12ad6ca91294c8619

SHA256
f69bd9d3a55da160b09b66b11cee37ca93b74d6b638b5072e05e852590b99447

SHA512
7d18a933eb2985281bc38891ce7160d6290d2eee32dddd40db7d9b051da2ec340571c72e77478fe54d77744217961fd5746d5e5b0b649ed5c69f15908f42227d

Download Submit
/data/data/com.yifeng.birdsrun.mi/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzI1OTY4MDY0Mjk0

Filesize
1KB

MD5
0fe7b78bea77bb12e434de264cc650fd

SHA1
5b87e71310029c771e0a8e6d97199004bab98f39

SHA256
38eda3b7137481fc6d857304275c78a0fc80484ee5177e5da5b4c22d49586aec

SHA512
1500826f68e87120951311364076496fbbfebd08e06facad6022410463f828a365253adff2ff326e3f72b618dac268f46a6d058b10426bfe9125294d18bc6458

Download Submit
/data/data/com.yifeng.birdsrun.mi/files/umeng_it.cache

Filesize
415B

MD5
59e53e1fb3b5453516f2a6123e17d45a

SHA1
247829ac23f7e18e477dbe67e538de6ce933c413

SHA256
fb5ae62858ec844ca767aa590466e6de53e4f8775ae19d2e9a3fae659e17ecb8

SHA512
8f6aa818f02e6391353486618611a17ea900a8145bdf8ffe22e4196d657bfe328769d96e829d7939e0df8e4cbf9aacdbad0d5a73930f00de8eed8428c510b979

Download Submit
/data/user/0/com.yifeng.birdsrun.mi/app_mimo/mimo_asset.apk

Filesize
504KB

MD5
5a15af670a78139158914e6c23a74dab

SHA1
86ebd3ce9d7b325aaf25daa601b79ef10bdc0ac4

SHA256
454d49ed08121de604effae547020357ca79798a558451b688481aea9c7383b2

SHA512
b8b6e18f68edeb80ddc14ccdac1ecc8e0523083f55da52da4baf86a75d255cab1b47e25265e5e5668c9ba583a18feddffcd41db1dc2fe0945e2c1b723421ce1d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads