4f0d67d4775cb518be89b133afad05933c14f5fed26e24dd52fe9e96fe163874

Analysis

max time kernel
148s
max time network
153s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
11-10-2024 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

371581702729313f8c3d11f023e76905_JaffaCakes118.apk
Size

13.1MB
MD5

371581702729313f8c3d11f023e76905
SHA1

7f0ea64b85b48b78269fa8420dd3de3faf1266e8
SHA256

4f0d67d4775cb518be89b133afad05933c14f5fed26e24dd52fe9e96fe163874
SHA512

fdbc7d274579203a7f1710467b2655a402ba1211bb89aee6b57a71da76c081dde35f3150fb288e1776642399394c2aa7179e6cbf5601db09b9def67a4581c0e1
SSDEEP

393216:VB8YqBV+Kf6tf32tSJEdu/qaFnFeL2szz:ryVDf653WUFUz

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	cn.mama.activity
/system/xbin/su	cn.mama.activity

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/cn.mama.activity/app_bootloader2/5.5.1/install/main.zip	4937	cn.mama.activity
/data/user/0/cn.mama.activity/app_bootloader2/5.5.1/install/baselib.zip	4937	cn.mama.activity
/data/user/0/cn.mama.activity/app_bootloader2/5.5.1/install/main.zip	5000	cn.mama.activity:push
/data/user/0/cn.mama.activity/app_bootloader2/5.5.1/install/baselib.zip	5000	cn.mama.activity:push

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.mama.activity
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.mama.activity:push

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	cn.mama.activity:push

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.mama.activity
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.mama.activity:push

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.mama.activity

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.mama.activity
Framework service call	android.app.IActivityManager.registerReceiver	cn.mama.activity:push

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.mama.activity

cn.mama.activity
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4937

cn.mama.activity:push
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5000

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.mama.activity/app_bootloader2/5.5.1/install/temp

Filesize
2.0MB

MD5
6ff420aa5307b884c3e210011765d531

SHA1
1e799e92feca9da47e571ba1e7c160f8a7990816

SHA256
f234a5aabb016387e3894881fe08a515f18b7427247ffacbfa813ab1df31a439

SHA512
a80263bf09ca845e4fd40191a96ba3b1d4a5a2dd10c6dfa4bd40a41124d4d4edd36dae56958407930182d212782bd9594b01671ed8173bfd2c6437ff0bbf0f21

Download Submit
/data/data/cn.mama.activity/databases/MAMACIRCLE.db

Filesize
100KB

MD5
fb3886c51aefa6cae173ee095a150a4b

SHA1
931235fd79d348be90893bacb0c8c222ee3172fa

SHA256
462359368623104231ce22c2902889013dd4a9baba0f52c69ad8dd727c19dcc3

SHA512
46d526663fe970cb978949f7c43f143b1225e20fea76c4836ecf243359265ff127a871cfbe755fd4099e7fb519135c47babe8c1b829ef6a310fc9b8f24b2d949

Download Submit
/data/data/cn.mama.activity/databases/MAMACIRCLE.db-journal

Filesize
12KB

MD5
92da62bc4bf55838d08f524e39c09719

SHA1
33337415cc4f03b658c01134df075a24f55acd27

SHA256
be6929f9e1e1421cc7e97e2047caca655be20535181334cefd262e2caed8bd43

SHA512
bac4fbc24008191364db3d6d74983d8dccda33f8f3fdbac09add0074ab4d3915a11faefcefb4e76d558670b5ae66292abc5afbfd4f711efaf21364d9a95836f2

Download Submit
/data/data/cn.mama.activity/databases/MAMACIRCLE.db-journal

Filesize
8KB

MD5
aaa42c367e87fa2337fcd31fbc57bea9

SHA1
65a4ac76990414b6f5b989fb5d6a291a852ee541

SHA256
8f3b7f6756ada2e4089d2ea197bb4e1409c8765ec7310a76fca8596482bbdbce

SHA512
4550d7f3dd924ca56ad74a2337aa0e4b59fb25579545993a670c1a7e6d9a2298e2491533a169a540eb7d252a56467fe897d092f23d99c361521b3b71fdd62483

Download Submit
/data/data/cn.mama.activity/databases/MAMACIRCLE.db-journal

Filesize
8KB

MD5
6ae3388992eb6070bbedb224debafbb9

SHA1
d97eedf2dfc6caa4d4421a4000690f0293effa59

SHA256
6a5b7cb20b3421b4038d23d27d854269b25922e6bce0f9402c0306094781ce6b

SHA512
d500927547fd2355de8c71c6871c2b1afe0a3d90c2cc3668d456a8410f2b69087e22f74211f29d5ae8cd0e8c7b7a9b794bf5c4127db2d16377238b17a875a410

Download Submit
/data/data/cn.mama.activity/databases/pushsdk.db-journal

Filesize
512B

MD5
559ba889db947e5f62227862784c54f0

SHA1
8378b48c57b790d9ca7e5d499badf91f783ca31a

SHA256
53e1ffb3ba929b378aa05c0abe029dd40d683ce6470f520c09326928eb0c876b

SHA512
7c19b8a513ade4e61c9e4d7ccfcaded07229ab8fbcc5ce81acf55312fcb2f665f238ca7675f005454db3e2a0ff0b9740769af122c6aa16121deed5b3278f2a8e

Download Submit
/data/data/cn.mama.activity/databases/pushsdk.db-journal

Filesize
8KB

MD5
49be0da9e9762abd03723702ad8f544a

SHA1
fa509648e0ec69fc189951cc0f25af5a41a33cf5

SHA256
e28505ba45299e4fcc9c87c0b0f5dbe88202591f58db83409df02e7dd197bfe0

SHA512
48add21b318d4f85dcd1036fcd4d83823de22620ed04acba99a00a3d1de1c36ba9ec8b771b1a84540c40043f4cd28ae7fd42971dae05ce8eb6deb65d3d93ee66

Download Submit
/data/data/cn.mama.activity/databases/pushsdk.db-journal

Filesize
8KB

MD5
3413a9123529046112d0429a638c888a

SHA1
a9bd28583aa23b0eb96aa117876c0ac6d97de34d

SHA256
9a406de7ef3052e588f6b57ce6e90f2a0ddf3fa07041d5d53d05a618dc27d876

SHA512
1188ed1b63436cc756faae122bff777c22a2ee6bf7f908a95c8f85202f727efdc60ecf4a52d67b761b2276b674e26254ba8884f4acb196447afda1130fb8ed65

Download Submit
/data/data/cn.mama.activity/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
18ce7a1b9e4214e5abd4773fde06b35d

SHA1
dd95320d11a1c87b8233034ccf9b49a7df2e4dfd

SHA256
79ebccb92d40b1dc8bcf0674b06caa4adb2d40782e3206c90b131bc0a6a14fb0

SHA512
e81cd923bd3ca4379928ea89f6a7fad51e4aa1f90a98f46908376196d4e4104aabb0a6e7db0fc4880f352abd842a956c56d390ebfe8bf910e077c00c25e1891f

Download Submit
/data/data/cn.mama.activity/files/mobclick_agent_cached_cn.mama.activity43

Filesize
1KB

MD5
fa31efe81d1c46aa79141e5a8ff2528b

SHA1
1f4f0c14d2ae5fd62582088f311a8cfe23d3288d

SHA256
73a41609ebf535087ed225ad49e33e44a29fe13b46069780954e4013aeb2dca0

SHA512
9f55bf1b01c7eda905f7ff4a4187d9418d52adb230bf759f268766300b22b434df80990cfec528f43a34542ce172170d3d74e5ba3e996f2e0137b43a261fc5ba

Download Submit
/data/data/cn.mama.activity/files/umeng_it.cache

Filesize
245B

MD5
80e1d6837bb2f47328bd28af0c1243e1

SHA1
e4f4a4b28b1f09f26a604f90da9a74a512054d46

SHA256
752bb7cc0ec409bd95fa75527cc156f07a55bb0bc4d532bfed45050d566306f8

SHA512
d4a9a41030bccdd74e4a56dc8b45d77aa463ccdb28c4594542585a66bcb5261a29ac03d84a8b9d55cd0168847d878cccf4870527f32a929cc9cef7083e024439

Download Submit
/data/user/0/cn.mama.activity/app_bootloader2/5.5.1/install/baselib.zip

Filesize
2.4MB

MD5
6b3876ddf8456fe4093d438dc6a6bdfb

SHA1
253b206a8c04ab2154f8c84f700587fad48b12b8

SHA256
13de06503e3cca7a0e080ce473d300eb48eb8756ef987de5c749d7b8119b94f8

SHA512
995390483557aeba2938427f0b97d441b267c5efb96f71973f870b1f36a2491206e860dc74a3d6a7dd31b32c60df99318a4e8b56b123b7f3f679f4f7abd74cc9

Download Submit
/data/user/0/cn.mama.activity/app_bootloader2/5.5.1/install/main.zip

Filesize
4.8MB

MD5
e3bc4c7391f331bce3457a2f2bf23752

SHA1
9198a6e2e084cc7e74c297bcdb4f7621e521331d

SHA256
d9a81623604f9c4cd668312783aeb7a4025490fdb042771d35a796a806fb62ce

SHA512
93ce12dfb953ad19ca768d0264f5553f881c087d602f187febbf74ad151b3056805a46df7a7473c41c82fdf8f579514f153a7bf350488ea0225f61176aa2a13d

Download Submit
/storage/emulated/0/Android/data/cn.mama.activity/2024-10-11-22-20-14-1728685214589.txt

Filesize
4KB

MD5
bb57d6e7096393c95e9ce7e84b068991

SHA1
f215d210ba4fd8f1675e3eccd85ce00b96279b75

SHA256
7ac77016cfb4cad7fa3ade301bbb52e49653026dc78b1a7834be91b143e3d9e1

SHA512
f49f5a4c8f36d9ea33d3c37f6ca758197fdf6da05350fc88fd8b1ad90c1a1ad7c7357d8f4cf547e6c0a5c0a5ccb992472d533a7da18764cda01d904e805506aa

Download Submit
/storage/emulated/0/Android/data/cn.mama.activity/2024-10-11-22-20-15-1728685215938.txt

Filesize
1KB

MD5
e361cf6f532676bd363d31c5893bac01

SHA1
331988bca8555da0ca224bd0a95ac1db79eb7cb3

SHA256
8c68ff87dbe0324ffa440547ae27ed1b4d246adc3ec1021c9c1b90e2627e04d5

SHA512
b2d6f1709ad438699d9170a6c65d2ee099caf55e2fa37f88efa389b372a7230992b8811391dc76de1c34499a590ea281e2c93a94f5e8110ba8d96680d012cb06

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads