245013f50de50456599bc4c0858c1e76dcd29c21462b8d7b87e499e074c71a8b

Analysis

max time kernel
149s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28/09/2024, 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc6076b1548bf90b30c979c2be2dab52_JaffaCakes118.apk
Size

16.6MB
MD5

fc6076b1548bf90b30c979c2be2dab52
SHA1

04259dc43153ea3e9217b6c44dfab6d631d579d5
SHA256

245013f50de50456599bc4c0858c1e76dcd29c21462b8d7b87e499e074c71a8b
SHA512

8eece97509aeaacd252b19c568af802039105ac15c38d8f8133c92312c7b3fe29b7446ce1d263122d062f011d8acdc6dfa1b488df50dff0f8557c495d472b0a9
SSDEEP

393216:z2equWZIYeeLQ3nHkXCmi3zhp5b+kzX3DTzNAxCqCftY:hquvYJQ3nEXf0ZFzX3zNAxmlY

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.talicai.timiclient
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.talicai.timiclient:pushcore

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.talicai.timiclient
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.talicai.timiclient:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.talicai.timiclient

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.talicai.timiclient:pushcore
Framework service call	android.app.IActivityManager.registerReceiver	com.talicai.timiclient

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.talicai.timiclient
Framework API call	javax.crypto.Cipher.doFinal	com.talicai.timiclient:pushcore

com.talicai.timiclient
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4319
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4381

com.talicai.timiclient:pushcore
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4354

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.talicai.timiclient/app_crashrecord/1002

Filesize
232B

MD5
638a3effcc2c341965eb5ff916c8fcae

SHA1
0e73324527c30bf91e6bfe8121f81bd4c171bb57

SHA256
0435421ec5b112a44ed67a8630ac83a3ae36973166653d72a2a30bb00acfabde

SHA512
9fa5d69e144daf4a3ceb6c1e4422dcc83b3313e039962549ce9a0a048bcee70a48c7803225f76bcc5aafe9f4d53a0d45cc9d0a1ce8f532a509993340777e4de8

Download Submit
/data/data/com.talicai.timiclient/app_crashrecord/1004

Filesize
232B

MD5
4fbf8c8015d2ba13bdb5549cb7d02796

SHA1
3dff32917ea9f2db03eb9eddc47a92a582f0e09b

SHA256
c0a7129163f5ae56f7a7b89df3974469c5dc8a654bc32e3f47a0994b73bbde1b

SHA512
36ff61fb6fe552fe034f4984011f9ac83c41c3196dc859b79f59bcd4fba109c4072d11bfd1ded5240660316e82ee18148083618e5e4b278d6a44b6c85aa6819d

Download Submit
/data/data/com.talicai.timiclient/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.talicai.timiclient/databases/BillsBook.db

Filesize
56KB

MD5
3811dc61b958d938861de4cdf327a41d

SHA1
838fa55df67c0e1866c0460ac62227d341a85b5d

SHA256
c0f086c423fd1cb891b6dd98bdb3074618fe020c5145044accba01599b8892bf

SHA512
8bd9b42a5cfd68d3c789224eb5503c76564b32282c01b4092a5ec203343d307338743c6a0074b731759d5f35aa2b07d02fd2c758deddfe2775e348671866f687

Download Submit
/data/data/com.talicai.timiclient/databases/BillsBook.db-journal

Filesize
512B

MD5
f485c09216a9cd46a7fdf876eb5316a0

SHA1
4c1121de8b736457c8c8eee0a50415b2f50153db

SHA256
f079ef60ae90b04b828135bd586118f8dd78310b9ca26267b91fb896ad2dc6d4

SHA512
a5cfe041598f540a9734abb2a2dba55dddd27dd3a112fe5abd528d58291e60e92a6fed985778bb2dae9cb0546e1359eca7cf5d5379436589403135522bc458f1

Download Submit
/data/data/com.talicai.timiclient/databases/BillsBook.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.talicai.timiclient/databases/BillsBook.db-wal

Filesize
406KB

MD5
57a188adcf902d6f0caea06801e1c6da

SHA1
bec22a46d181555794f19fe1ef0b99f4f509be6e

SHA256
85535f8e9aaa29d294462a83387ed59786868ba97381395e8643f4a6021bd16f

SHA512
6a9372ac802664b2b4c8d5a859de98b2eef5f590d68b47da2ea649ece404cf68db3fd1d6652d9f7535ef71d677aad03f392e9074a87bb1418e8cad6173df1aa3

Download Submit
/data/data/com.talicai.timiclient/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.talicai.timiclient/databases/bugly_db_-journal

Filesize
512B

MD5
ffd703a700db336ea19e6c898d7d582e

SHA1
64db58ef016e39cce7153acf924dadc871a67758

SHA256
cf304d78f5858c5c11c27c907e9ae678af7f531b2943aadfadfa56f0538fd0d4

SHA512
f498368132b94f9dd49e46dc583d278ca953ac3de61a3a4899b7bad593b3ed3e1a5f0367ad7611c1c0ce9eda8b1b5a3557183f9cdf2cac4d6823c330dca70d2f

Download Submit
/data/data/com.talicai.timiclient/databases/bugly_db_-wal

Filesize
68KB

MD5
044208577bb6d47c0c00c238601a33c9

SHA1
7b7c0c6a8ba5e924f7fd3ea5abef0ab5c06dc2df

SHA256
5e7c0b202dd1ccd5d0f3503d02989a811cde828be61cffee7998076ea306e6f3

SHA512
f36b4c12b6056874ec92d38abeef884ce52da56b75b62fc52ac7f616e1f08ad6508407277835e8186d4370eb47f2589e5760b8a0465d2570ebd46f4476272d3a

Download Submit
/data/data/com.talicai.timiclient/files/jpush_stat_history_pushcore/11a2e9b8b491c9ab96c6724a/normal/nowrap/af88057c-8462-4257-aef9-5d7b2b9745d6

Filesize
202B

MD5
5db019fefec81ae5529e691261375488

SHA1
aad524aa3fa78ed1f169e62ce1cc627b5c93122a

SHA256
496682dcade4cabc87a285378589b78a3d2f94a654fc1c3df78eabd17d9a067d

SHA512
0d11bed8e4e4242d8d5ea498402c1170bf5e9b3709bb1cfaf74229e6af765b3822a4d018761886f51fc67add1b8084c75cf1da61f9b30f7c6df52a0e4cb988d3

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
98B

MD5
0e066361d68cec1bb227ca72ed8a1173

SHA1
a064aacc6653f9ed7d3e05959a87806c6033260e

SHA256
13e3763219d1b61c51a93de39d22a8891d340cdeb0bb309c059ed944683979d9

SHA512
5eaacbb64a4c18ba073b7bdcc707ba8c2462e05f4bf900bdad8f25c89aa9f3999e8c8a9039d4c268f50ce3c0bbbf93260d54dc5f6fb75b75035963de78127f95

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
146B

MD5
e0c326ed9f7aa1f78b4233f79af791f3

SHA1
2476123f25e4079f6fb2e0c6faeaaadaaddc4f67

SHA256
80531864d890e8c225d6e52d4aed07fb0ab8331a9f40e7b72ba227f0f8193e79

SHA512
03a381640bcc12b48aae29d1b0b7b6a0e43cd62c882ea137f3790066b7e145865fa2c467ec35fb53013054ce15bcca6823e4d4a175a6d70c7c160a895172b090

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
82B

MD5
e8be01a3d651b9f955cbb28d7fe2f623

SHA1
04010f8b539c2e98c8d7b7752e9879547aa9dc0f

SHA256
97f36bba6fac1a853fc47a62ed426b46325a58a209d20a7c232641ffba4e44f4

SHA512
19eb61bf037bcc667e6a19773beee13011faffc9a5f8efffebddeb5e27e017bc47f26e143de5e9f471668bdd9eb445fb85afda410b065f0d3ae323169ba4b34f

Download Submit
/storage/emulated/0/Mob/.mcw

Filesize
80B

MD5
ac430b3bad93926f7034c74c100d331b

SHA1
98517f521f7106b88b54d775faf3a758909b8208

SHA256
b25d66912b0c79b8a4f8795d12f01ee0d069352f519a8497439bd45e947368e0

SHA512
b154f5ca40df98588c9a5c930b51e05abb847f12a4b83cff05072d265183edbfd508331b2c163a9f002383cb5713ee1429644665e87422292461dbe17b1dfd98

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
/storage/emulated/0/timi/timi_share_img.png

Filesize
17KB

MD5
8aff5a27e76f332178ee22288744f994

SHA1
0ec34e517d834e369bda0acc9e5dbe70e364c993

SHA256
62896037016ccc9b7bcf42fd2a23a2d3571fbb24485ec90974c5b7fb9c4dddc0

SHA512
f15ae50ced83b958b92581560bc9d92b51423651876e793ec8309f086304be23914bc6a27101893bc904adfb75d3c4071fd0884ccd18a9b58b31ddfea78c91b4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads