2c6115a5720f9b5fe715d8b6a3d90cc43d1e6050e1797f9187d95d2ba28b34e5

Analysis

max time kernel
132s
max time network
153s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
02/10/2024, 14:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b3663c3e27c860645b3603516a61f6a_JaffaCakes118.apk
Size

3.2MB
MD5

0b3663c3e27c860645b3603516a61f6a
SHA1

2f5592da2f678ef29d30c1e0ee1c2621317f5ba4
SHA256

2c6115a5720f9b5fe715d8b6a3d90cc43d1e6050e1797f9187d95d2ba28b34e5
SHA512

1bffaf37ac31183672ddc4b850b3cf1a0b548b83e69b65ec7287031449a21b21107a77dacef24b36cb4be3d1212835315525f64f71dd95b4cfe28b6960f58fbb
SSDEEP

49152:IgTkG6rTFTDT5TzTNTTTk4PUsumrV+SOh30ZGv1P0VGLU2xtYjUdD0TK1Vsbunc9:IgCnnk9h30ZGNsVfSL0O1Vsb/9

Score

7^/10

banker discovery impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.wta.NewCloudApp.jiuwei1654

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.wta.NewCloudApp.jiuwei1654:pushservice

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wta.NewCloudApp.jiuwei1654
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wta.NewCloudApp.jiuwei1654:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wta.NewCloudApp.jiuwei1654
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.wta.NewCloudApp.jiuwei1654:pushservice

Queries the mobile country code (MCC) 1 TTPs 2 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.wta.NewCloudApp.jiuwei1654
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.wta.NewCloudApp.jiuwei1654:remote

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.wta.NewCloudApp.jiuwei1654
Framework service call	android.app.IActivityManager.registerReceiver	com.wta.NewCloudApp.jiuwei1654:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.wta.NewCloudApp.jiuwei1654:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.wta.NewCloudApp.jiuwei1654

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.wta.NewCloudApp.jiuwei1654

Checks memory information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.wta.NewCloudApp.jiuwei1654
File opened for read	/proc/meminfo	com.wta.NewCloudApp.jiuwei1654:remote

com.wta.NewCloudApp.jiuwei1654
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4244

com.wta.NewCloudApp.jiuwei1654:pushservice
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4284

com.wta.NewCloudApp.jiuwei1654:remote
1⤵
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4301

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wta.NewCloudApp.jiuwei1654/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
afa49443d4b106eca43f9032de9cbd6e

SHA1
c783d596d101b3f9a7ded8672bfcbdead75399a5

SHA256
7e5ea5e16915fde02b7647b36ca28bb92ab3afcdb5708b2a7be733425187a2a1

SHA512
7e0db5b8fc5b57663f9e2996a9bac5656d77653ca89998f741a18db63facd3443912d76b39d672701f71e03f06064f748632c6be0e54ea8af5c21127c727d553

Download Submit
/data/data/com.wta.NewCloudApp.jiuwei1654/databases/ThrowalbeLog.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.wta.NewCloudApp.jiuwei1654/databases/ThrowalbeLog.db-wal

Filesize
164KB

MD5
3b1345a50ff9a59d52b94a52bc10094e

SHA1
c6b8759c0879edb61bf4c4430b22d9b845f31786

SHA256
575d54e5348f862580e76821e612f45f7e2e8e2f31ecd48c41a8b57a3338afff

SHA512
1e967c85e5a4f403280b33e7d1352959bcbe0d4bc81c7bc9495ad479d11521b64ee34616dfa6b5a6c4206ca50dfa0d1242bd4c900d24234bc504f1985a26d905

Download Submit
/data/data/com.wta.NewCloudApp.jiuwei1654/databases/pushsdk.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.wta.NewCloudApp.jiuwei1654/databases/pushsdk.db-journal

Filesize
512B

MD5
42412f3680cd10d18f0263684322ac98

SHA1
7bd78bf445d3fef93057b57ae32b447c2729bea6

SHA256
f0a56e46c972b1784a3e32812e352eb9b4db7be07154e4c9c41145c1f607ea4f

SHA512
a32bebc8a1625e306488d431e615091f8f91e0d964f31c65976848397ea6a7aac84bd4466a959af0fb8ed3c146547e0e181aab8ad9fb8075e51abd50214b66af

Download Submit
/data/data/com.wta.NewCloudApp.jiuwei1654/databases/pushsdk.db-shm

Filesize
32KB

MD5
1c4274aa7a9a5cac8c6d1df71e4588c6

SHA1
abaecd685e01cc68801292e3dc7085654a22feba

SHA256
3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

SHA512
1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

Download Submit
/data/data/com.wta.NewCloudApp.jiuwei1654/databases/sharesdk.db-journal

Filesize
512B

MD5
0d153a19731138553fdae77b492a35ac

SHA1
41f0e105442177ce5b784d4e105dd8078f518b4c

SHA256
2b47366ba8c1688335007e96e9d832d330658ac5dca213dcf134f1a0ca2c5cae

SHA512
05b2b9d8685c5d9911bcf3dc63037a17064ed32dff9fb1dbfadb774c4a5d81b05d28eaad84d2cade887f80c5d83b24db23dcc2fd6572b44081005677d1b64d8e

Download Submit
/data/data/com.wta.NewCloudApp.jiuwei1654/databases/sharesdk.db-wal

Filesize
32KB

MD5
9351fb06a110b94e5e631f430f01e93c

SHA1
c2249ef4c0a7c6fa6e241771c677cd2683f4cd83

SHA256
9fab1825cfeedf4bbe9c9603d883a6916c149bfba831c3034037a45b2d2bad53

SHA512
bd744782b3c6f28f3b8c7d82035898108b3415b4000592c93389e0cad8640c547109c8fb0cecdc8ab8279c0b69fb4b0aad13b22d91687dd41082421e94b2b144

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
389B

MD5
a7641cda2861070be7d9d071ca818313

SHA1
6518bbad965e70e1fd76a7ac340dfb189a9c3080

SHA256
3428804c405b8c3694d554bdb34450af97b8c42e211a2727f5313536c4379497

SHA512
fd9f6861aae633760d2d072f784789971793dc151f5d9a30a7fea7498bd3a31c613ca3f43bb076be1d25a3c3273eaf9e7be532ff11b3986b141ae02a8cd88a53

Download Submit
/storage/emulated/0/ShareSDK/.ba

Filesize
488B

MD5
2f39783754c0ec84dda99fd0af18b853

SHA1
03f15ae8f6557ab5b28e1daf58c0981f4ef7b09e

SHA256
9b9e07ead3296a4e6b9bc98d712aafec457a5c9cff8497f56094f0d7229a7b44

SHA512
25df3fe1b74d673ec7d2beac431ca988e6431dde7faa8498dc4304a9063acb38b748e6f5660ca31b85d939024a856a71eb8ded8310f7cffac8ed03a9f0511d06

Download Submit
/storage/emulated/0/ShareSDK/.dk

Filesize
80KB

MD5
eec5514052a88c5d4ee87217e8995978

SHA1
153143c39469c4296a5c5911cb20399294226368

SHA256
1ff6ce28268b71561bc94b846f736ff7b0c27a32050c00e55fa788f0b7a01c16

SHA512
c4cfbb533ad5fb29b8b69f38c57f9386d6833d3625306a117e5e42bfe098f020eebfd34ece8f78ea98ecb340660d52f2a65728facb0ffac69fb9621752d6ab06

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads