c8f50e3f2bdddb10e9f2bd4b0a69005ac146a25c06ea10bb4bf556262b779e7c

Analysis

max time kernel
149s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08/10/2024, 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26a55810e213ad7dbf76448a427cdb92_JaffaCakes118.apk
Size

10.6MB
MD5

26a55810e213ad7dbf76448a427cdb92
SHA1

e337e3e3e04b924a5fe04b579e4046aa771ec866
SHA256

c8f50e3f2bdddb10e9f2bd4b0a69005ac146a25c06ea10bb4bf556262b779e7c
SHA512

3774edb6f2c427f60c52d473a136b6b0c97c2fb35d14092777890d2a29631de8c7dfa55c1c747c66497401be222432310269ad05047a770716cbe60e7c695c23
SSDEEP

196608:+77QrNfYCl+RwA/hdmf4vJzukno3GxPZeRppX+MTSf+TiwA2oQrNfYy:+/QJfBERwApA2sF3GvouMTSGTiwAtQJh

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	sh

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 6 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.ninegame.gamemanager.yz
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.ninegame.gamemanager.yz:core
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.ninegame.gamemanager.yz:core
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.ninegame.gamemanager.yz:core
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.ninegame.gamemanager.yz:core
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.ninegame.gamemanager.yz:push

Queries information about active data network 1 TTPs 6 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.ninegame.gamemanager.yz:core
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.ninegame.gamemanager.yz:push
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.ninegame.gamemanager.yz
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.ninegame.gamemanager.yz:core
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.ninegame.gamemanager.yz:core
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.ninegame.gamemanager.yz:core

Queries information about the current Wi-Fi connection 1 TTPs 5 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.ninegame.gamemanager.yz:core
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.ninegame.gamemanager.yz:core
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.ninegame.gamemanager.yz:core
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.ninegame.gamemanager.yz:core
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.ninegame.gamemanager.yz:push

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.ninegame.gamemanager.yz:core
Framework service call	android.app.IActivityManager.registerReceiver	cn.ninegame.gamemanager.yz:core
Framework service call	android.app.IActivityManager.registerReceiver	cn.ninegame.gamemanager.yz:core
Framework service call	android.app.IActivityManager.registerReceiver	cn.ninegame.gamemanager.yz:core

cn.ninegame.gamemanager.yz
1⤵
- Queries information about running processes on the device
- Queries information about active data network
PID:4260
- sh
  2⤵
  - Checks if the Android device is rooted.
  PID:4584

cn.ninegame.gamemanager.yz:core
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4291

cn.ninegame.gamemanager.yz:core
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4398

cn.ninegame.gamemanager.yz:core
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4446

cn.ninegame.gamemanager.yz:core
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4502

cn.ninegame.gamemanager.yz:push
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4549

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.ninegame.gamemanager.yz/databases/ninegame.db

Filesize
4KB

MD5
f5ae32aa1d107b065c2b758b7d8cc54e

SHA1
6f4c6201365aab1b4d6c1a1669213db716eaa1c1

SHA256
d96bd17a72f054221436b1e049350c1a11ad752a4e2dda89019394efd248979a

SHA512
35f7148afc30d4766733709af5daafe22c32039f358d2ef24cb9a1462e960141153ae95905b0516a15eb04c6f380445a52c381a0883e8f591f0711f3b7c6a6ea

Download Submit
/data/data/cn.ninegame.gamemanager.yz/databases/ninegame.db-journal

Filesize
197KB

MD5
42a98d1c8b4dbfb838c3958dc29bd2c8

SHA1
f12b8f03c3dbea5cb596111ed824bcbe365f1557

SHA256
19d2adaec9d7b8dcfaa99a67b851d51ed41c942fa43cfb9bd0cd272481cd5618

SHA512
6d5e9375cdb61c1194395eeceadfa78c26892f9ecdf37cb4fb02b1c2008990a4d4ed270d452a371c1ff38791f59da54eb60f1993bff11f5eb8d4f562d9c11654

Download Submit
/data/data/cn.ninegame.gamemanager.yz/databases/ninegame.db-shm

Filesize
32KB

MD5
f1458c7225b492275f89b8973568bb6a

SHA1
774f26be0b3c218290131d1884c7e6c131605200

SHA256
c194f9900042fe0e34a96d4990a752d6581f5b8fd46afe6ea12f6c17999c0640

SHA512
257083708934b2cb32a2abdb313bdf770a52561fef7c342e0b9fd8f32d0bc63f73e2c9f780103b4f9fe933283ab4b455296d1bf23f382c32b7440e01e798d10f

Download Submit
/data/data/cn.ninegame.gamemanager.yz/databases/ninegame.db-wal

Filesize
173KB

MD5
fd5e20d713bef179033230015ad5f0d4

SHA1
d120bc96e36da9d245fabf1d2e26ab080bdd5848

SHA256
53044d3bce0c0b6f97cc73baa686bf8e09cbfbdea125ae4aa9943281a210217a

SHA512
224fe9c7f6ea3cb45ca8e4fee364b5e0c68f75c3cd417e33a9aa422151540bbdbbf76fb143498da7d375b9eb12cd75116eec619734cd50434baaec91423097b0

Download Submit
/data/data/cn.ninegame.gamemanager.yz/files/tmp_template/app.js

Filesize
23KB

MD5
754b9a87e69f0429cb878bea810132b4

SHA1
ac28e2757c5de2014ac77ad840e01e3b40fa7e73

SHA256
66ea1a1ee99125e12547e7fd5abcba788cfa26b66cd3b6e1d481deffc8b3932c

SHA512
f124470d43f80d91e6660f2b501f911cd4a0ef36aea511a37f456b0fa848698166ea279be743f7440824f7913db344490e4c2ff86feed97585000621f2660f77

Download Submit
/data/data/cn.ninegame.gamemanager.yz/ucgamesdk/db/ucgame_sdk.db

Filesize
48KB

MD5
708b421f7772f862d8e9f2c62d00dce9

SHA1
2ea501616b2cb074fce6955236a507fd0f094cb5

SHA256
9c53b09dbccb132f5b4b306a5275b07b1d22e033884828920b7091380a5f22f1

SHA512
ab49a487f16ee14df8dc807e53cf92279939d44b3ff25739e516fe378cd6565da66eef10713a8258afc258b96447e7da73e5b8f1d904ae32b5e0362f29591789

Download Submit
/data/data/cn.ninegame.gamemanager.yz/ucgamesdk/db/ucgame_sdk.db-journal

Filesize
512B

MD5
c0c8000d9ae625893a919180524149e2

SHA1
a699e94189ec88aa499e0811c4b5bda9edf02782

SHA256
c444102206402b08e5abddef85ced9dcede02c4f4b5a629fb2e86b9b9c699811

SHA512
7ebefbd0755538329555c21ab9d56bf6985e3b41c4ad7a9fa044c5b7a0e9da4ba9f2a41348e9806299683bcea2dc89b01c15d6df516f31e72db0a7c5f9f5bd61

Download Submit
/data/data/cn.ninegame.gamemanager.yz/ucgamesdk/db/ucgame_sdk.db-shm

Filesize
32KB

MD5
1c4274aa7a9a5cac8c6d1df71e4588c6

SHA1
abaecd685e01cc68801292e3dc7085654a22feba

SHA256
3f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be

SHA512
1adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c

Download Submit
/data/data/cn.ninegame.gamemanager.yz/ucgamesdk/db/ucgame_sdk.db-wal

Filesize
68KB

MD5
88cdacef200bd203729370a8af8784b1

SHA1
8bc6fecad30f590cf323c8ed5fd2fcfd675b1650

SHA256
2d6fd95a619681d93877d3cfbd604522b3a386143e02132eaf291b66218fb20a

SHA512
7ba349b6e73bbab4ff16eb7cfcbcea88b960d0319c5285973f39b58408ca23b31a265fa681cba0cf96a9a54537cba438e9faa1595a0c9e86840dc5e892a6a4ac

Download Submit
/storage/emulated/0/ucgamesdk/db/ucgame_sdk.db

Filesize
4KB

MD5
49390d7fcf66fa90df47636c299459d7

SHA1
c50dc2fca2a5495d6f1b9aebc9de54af016d4287

SHA256
84e4d20e29fd6829269de00f15a2aba3fd25a915b3738ef6507ef7df1dce12ad

SHA512
29a2bde34a7c466b4d7f651185beed35ea164aadf6dcd8a555311cde46e7a6ccd9e1728be9d1f1fd3997823d35441e993596189840b8baac4cbe208ee872018a

Download Submit
/storage/emulated/0/ucgamesdk/db/ucgame_sdk.db-journal

Filesize
301KB

MD5
802079f8c4e5daabdfbcd30419a4a907

SHA1
7e07b35e05109035a81dfc7e801240a0e1e4774c

SHA256
a800903e01373fdec6036b71600ab295dce3ed84df09df4536b0c07485c784c5

SHA512
a56dcf3bd43407ae1c3d90db66613a7f53fa92a6bc191a04bff922a4fdc17cbced17e3556906894dbd1c65ec7db0a3b41ee89a51fd57d0bfeafa63503a62fbb2

Download Submit
/storage/emulated/0/ucgamesdk/db/ucgame_sdk.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/ucgamesdk/db/ucgame_sdk.db-wal

Filesize
68KB

MD5
e4933b42f0a868e9517067833d0756a2

SHA1
50878545ce359883fccdb4e4f6112ed949ed8d5e

SHA256
7e7f46fef3c6dda02900f66c825dac6ace0c8dc601b498fa6e359fe6ad0dc409

SHA512
ab1584fe3de4ff644b736158ac0984fe367f2e712047c86b29b91b014a6a6a05d459db0e8ca1f683c6e22fa20f2954f4637e2317f5cb3f472970904a87a1c915

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads