dc08d8407c2aa581d8787e3e08e032cbd725613435e29a26eab020380c109e9c

Analysis

max time kernel
146s
max time network
154s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
29/09/2024, 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff289bdf67bbe5d0a28c21d3a47154fb_JaffaCakes118.apk
Size

14.0MB
MD5

ff289bdf67bbe5d0a28c21d3a47154fb
SHA1

96e0bc6d2fae40be78463ef56a61b6401d9fae54
SHA256

dc08d8407c2aa581d8787e3e08e032cbd725613435e29a26eab020380c109e9c
SHA512

66dda43e37e185914598db428e7f8621a2cd667c5e13eb504ce8aca4d7a6ed4c9360bbb90047cdb1f8f0afa22d6b79cf5c31124b00bb0f6d1291b3031ddd7a0d
SSDEEP

196608:X0vX29OxIAScxkGvKU+7HzmEroCsXn5jhPfcQu8X/VlgDF0tc1yMQhls5ujwk0wN:X6UOxHRypTm2s3PsjQhizw1hndFXc4

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.yf.mnbqlgc.vivo

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yf.mnbqlgc.vivo

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yf.mnbqlgc.vivo

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yf.mnbqlgc.vivo

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yf.mnbqlgc.vivo

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yf.mnbqlgc.vivo

com.yf.mnbqlgc.vivo
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4327

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yf.mnbqlgc.vivo/databases/ua.db

Filesize
36KB

MD5
96d00c090cc0e3ae70369c1abf29eb1b

SHA1
b56fd1c8aad351a021fe82d7b6d0d81629ac1d4c

SHA256
7a0df9a5766bcb2a85e0c5e8770cf359552d156a6c03fcf02b4978a36b8ee296

SHA512
33a4567dd7466410d71b64815f6b1a383fab1477e579a62fae83469fc65fd723a99bbecd1cf9667bfa4ca7257f7375ca5b4b6ea22324c1b680b726dc73c85cdd

Download Submit
/data/data/com.yf.mnbqlgc.vivo/databases/ua.db

Filesize
24KB

MD5
350e5cc3f57910502ae255b5762d87c1

SHA1
a0a714c8eba2dcc25d4f07521e26f37bad245acd

SHA256
c6a117fe765e5bf33de1df4f97e98131b4df9fa34c333d578de3be8b6c657e10

SHA512
d5f920571469b7b6178a7bb3904ab4e3fb8bafad0d4f19887db9912b8dff0a747b37298e78861aa546423e2d3369f09fafb7efc5ea713a2147dc186cbe8a7f9e

Download Submit
/data/data/com.yf.mnbqlgc.vivo/databases/ua.db-journal

Filesize
512B

MD5
1c694f051a800387633b7cc4f77121fb

SHA1
9c071cdb7aa212df9e5ea6a98874c5f7621a1f62

SHA256
7743ac7f2a5b6a20df96eb2d116ea5eef2d1130cd5e1ed9ec0b2943eaa17a290

SHA512
ae2c8d3dd1a9d20f160676edae4b6a09c76ef4bdb50e8e206991551fdb64899832bd8f7d17cde1890ef83e93e0f46def36740284b6ee7cff9419ce5e544fb20a

Download Submit
/data/data/com.yf.mnbqlgc.vivo/databases/ua.db-journal

Filesize
8KB

MD5
3751a9d144e3baf62cc4d0f2b594f06c

SHA1
8025436c024f8ba703eb18fe3452c629bcec292f

SHA256
1be60f9f6a8dccd5d55413ff2617c1a907ab7f5b8a09867a3edc9c1180432f25

SHA512
51b96e9865647be2cde8e677e50006647cc98cf7af9903e9e0e93a55b6604843e5c59188e329c27a89f8a6c1abb08b5e07816718ab33fd324966a656333566d7

Download Submit
/data/data/com.yf.mnbqlgc.vivo/databases/ua.db-journal

Filesize
8KB

MD5
cf5d2a39f5817a27089061708025a32d

SHA1
85c779f518322f36f92e3c1b40a59532c2228417

SHA256
3a0ea786a1e2dbf5683d5b681edc5e7b34928676f128d9aee7c7afd63c384004

SHA512
a25187b25b2615aafbe9c7a34c6f26b3da37c51d40cca9e4fa7d0d4c59f6158e1b849abd576da7649a8c7dc07c2320c605599e461b73e205b503bc470faa715c

Download Submit
/data/data/com.yf.mnbqlgc.vivo/databases/ua.db-journal

Filesize
16KB

MD5
c85e2881ec3f1b32f5fd830853a34eb0

SHA1
cbf22defaa726e4f37e30969c85e9afbd7ed0ea7

SHA256
cb79183ac670861662ef6370a38c61e90cf4b9f9b13bf1b46dd89067ae812df5

SHA512
f840de6d2e9f8b287ca75f6f25728bcf8fcd27dd33661140aead1fdaff3f986723c7fcd2dd2b6be1441a61f5a7a69d4ac05899f1fad8083cb5a55e20f9f194c3

Download Submit
/data/user/0/com.yf.mnbqlgc.vivo/files/.envelope/a==7.5.3&&1.0_1727635879887_envelope.log

Filesize
1KB

MD5
5ff72fc34f913dea6a7817f5d82467ef

SHA1
42ff2fbff4e6357e24ae0a34fba35c78f7d5bb9e

SHA256
31c8eed7948503b8be20092251f62c49a3ba8a48b0aa51985d65f9dc482b9fb7

SHA512
b3d7327cf64ef76f35c18ce17b2f66875c5c5853507a5371087d8d9846cb56bd710a601c55400f52c1810e5677106c88434a5c905aa63bab08ec6b0114a8e202

Download Submit
/data/user/0/com.yf.mnbqlgc.vivo/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
ea2811a36c5ba09eb16717f98c24471d

SHA1
d451e32dc4b4719110e2e4d075071443da51e18d

SHA256
80e1798aaa104fb88606f17f26f9fb22b9e31befff2c4a927cc738c2ff81f67b

SHA512
ffcf79dcb9f4c4dac2833963c5cecbdaad5f51f1d810913924a330c7635342caad2678eedc36185dbc8eb4204fc3e6e0cccdc72eef5fee74b39065ea44bd327d

Download Submit
/data/user/0/com.yf.mnbqlgc.vivo/files/exid.dat

Filesize
54B

MD5
5d2e2bfdceff6eed82c3c2554ef83f22

SHA1
ae143acb0f216c65ef8f02557c2ca58f8a0d8fb3

SHA256
6d4bc213697f7324203e922462219a2c6452adc340c6250de692629708946709

SHA512
a29e9b455c4e229a9197420a8963761858ca44f1b4848690a912579c1eea86a0ba5625211ce2d5c769fd805e0487d1d691ea47c1d3b6ae38e67ba0504223d08d

Download Submit
/data/user/0/com.yf.mnbqlgc.vivo/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzI3NjM1ODc4MDgx

Filesize
1KB

MD5
83382b08e0937827498b055ae6fb5693

SHA1
4a906d02a3375ef9745368c64f4a63b5306febb8

SHA256
f99d03e35da04d4f7c86b7a767d1dc90724390896bc73f5c7ed3b54b1b83f722

SHA512
13c582ceea6c066c9a0da796b9246bb0c97180ef5e2caf89f341cb517f8e78df60827fae6fd909efcb12da1df41687ab9bdcaed1eba33197aee9e9ce46c13a2f

Download Submit
/data/user/0/com.yf.mnbqlgc.vivo/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzI3NjM1OTA4NTA5

Filesize
1KB

MD5
46c79b831ebfdbd9e216bdbd543cefc7

SHA1
1aaf2c2ee83503380d120f85bc7726e32314b08a

SHA256
63f291512ca095343711df30a6f7f4274aea3f9257052c9295b4b6bcce42a393

SHA512
9239b5820ad4c373f0aa6706dc20d63b247a67b4efd820cfc2836f07860211c4288200f074ce0ed862f766ba73bcd42a097117b223681eb73a07bb4e6954f685

Download Submit
/data/user/0/com.yf.mnbqlgc.vivo/files/umeng_it.cache

Filesize
350B

MD5
35ad5543a7437f00b1c5e6693b98dc3b

SHA1
395b400ecab845589ce332177e7b70802965e654

SHA256
cd7084f1814b9ee1e4adc1689382490a4d111ad6af2a4e2a85137f7f940efdcd

SHA512
11eefc9d4ac3ec31593f432137e49d9ac1143078dbefc904693b44fa5d0606866ee65b47cfc8c1e5794b1483dde399b97e5c6425490f71fca39cbf62ffe7c4be

Download Submit
/data/user/0/com.yf.mnbqlgc.vivo/files/vivounionsdk/vivounionsdk.res

Filesize
29KB

MD5
7a92466708fa1ae45c5585a5b986f5aa

SHA1
e9e8e0dc60208b7a8b64a65550442a73f1166c30

SHA256
cc8416f87003538f2c8ea5280a7eaebfb40597b6ebdcc33c4fa64b0cf08d3b73

SHA512
026dec17ed60d89257c8cb7873a0ccc0de910aad6706f1bbb7936229d7074b9542b7b80a2040f466c64e6cf8896e8531ee01ed7acbfa6a7ed90637a5fe2d477d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads