7cc3b5c2bf7a5e5a08b87577cd20470dbf41295c65489763fa59773deae0c4ad

Analysis

max time kernel
5s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
12/10/2024, 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3785837fca487a70b0e02d046656f3b1_JaffaCakes118.apk
Size

14.3MB
MD5

3785837fca487a70b0e02d046656f3b1
SHA1

4444dc37658e54bf1d8302ae8c68261fd8428e98
SHA256

7cc3b5c2bf7a5e5a08b87577cd20470dbf41295c65489763fa59773deae0c4ad
SHA512

530102b55df23385ce4d378a513691d20ec50ad6338365a03c3898fa27466c95607d02c8c4126c6664d6c5002730f1fc4f7203b4813267343e90e4f424f80776
SSDEEP

393216:wTIHWVf76L9xd3y8oMwpf/jPToOgWRslqb7iZCKB5:w/feLbd3IJ7htMqbqTB5

Score

8^/10

evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.netease.mail
/system/xbin/su	com.netease.mail

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.netease.mail

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.netease.mail

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.netease.mail

com.netease.mail
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4264

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.netease.mail/databases/blacklist.db

Filesize
1.3MB

MD5
a95c1d6a271632b2d2d58c1e1c77cf6b

SHA1
3d072dfeba0b0a781133f215089687043fb0321a

SHA256
477be3a249cadc675750d25248eaa58a28814f953905681f114086a9d77a3126

SHA512
1eee4fbf9b3aedd499d3155ae0ad2feb1bbfbffcf18d5a7af46404f09a14e557e168a583f3c065f269ec1f2a9b3027894b2b23157cead3c519a248c9113a1ed9

Download Submit
/data/data/com.netease.mail/databases/collegeblacklist.db

Filesize
4KB

MD5
e3de4227036847f5565624076c94cedb

SHA1
fbfafcbc383a4d5378d25f60962a16f9a165e5e3

SHA256
3a259867bc19a3ba1750454cab4816b76fe76455f5edd8775bf250f185dbec37

SHA512
a23661f06616e52b7a24ad803f38c544a41c36f54cb4c985fb591a2d5731c3433a999da98c0bbf902e045f890b373557fb66a86fee07bc962284c4e272f906cb

Download Submit
/data/data/com.netease.mail/databases/mmail

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.netease.mail/databases/mmail-journal

Filesize
512B

MD5
5dd3fb400433b2ac21907e6fb9e59ce7

SHA1
7dcd37a9c2e3553e5f3c758702b56589c0ef0289

SHA256
18a0ad5877bb13c1740da619842c5abab7302f4740afe89a6942095aed8000ac

SHA512
c853f69272b72aaf7d7b041130f02c1b9db978d6fee5061a98aa4ac4fffd331f6fa8a3af74500e0898081768978443fb1138555ee5602ce65502e8a85895018c

Download Submit
/data/data/com.netease.mail/databases/mmail-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.netease.mail/databases/mmail-wal

Filesize
132KB

MD5
2d8dc284b85aca50d5aed7888bccc96c

SHA1
2d7f25c51a0528d6f930f28a7b18332edd3a40a4

SHA256
d881a58c37f349a6e80a59645b8e3c23011223c2cde007c764cce2d8bb6ed9a3

SHA512
1a5e1d3d649babc553f21046aef3312adc45f758492381307db141b72d86e1ef2e520b1fa7e098b4e1d1e74ae2601d5c3ee94a98008ea5348e029ec7d17962a0

Download Submit
/data/data/com.netease.mail/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6709BFAD0218-0001-10A8-06E10DF019FCBeginSession.cls_temp

Filesize
77B

MD5
11fce9d45102c903b4bcddc347cb99db

SHA1
bb8d7d9dc77625b45db1bf138492bddb4cccc248

SHA256
715d75be82aba8dd18737e3938b8fe7b877b1eaa57339c524717f4fb458894fd

SHA512
b9daf7105723f14c84a5cd7900e99ee8de4af0961fc734caf66568fe9582ba1e0f32b76525d1ee59c6e4d6d08a2713530497351af88be9eea076ca6546b02cdf

Download Submit
/data/data/com.netease.mail/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6709BFAD0218-0001-10A8-06E10DF019FCSessionApp.cls_temp

Filesize
111B

MD5
dce51721a1e39bd67c68152183c0b115

SHA1
75f82e265431c81eb12d42ca1d4dd94b9a9268ab

SHA256
f891b8e82ffc18a171f658eda94e3cce15a2b6dc25dd8efb30671211e6c58ce2

SHA512
605923338cb3e25dcab9909b1e60a571e3fee138c6d9a7371aca4e1e8296b4e0e83f66874656c9e6e593b459ef32954565809e0499e28c1a646d620b0ee6091f

Download Submit
/data/data/com.netease.mail/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6709BFAD0218-0001-10A8-06E10DF019FCSessionDevice.cls_temp

Filesize
101B

MD5
2caf580414c081c4e0b9116fa76f9be4

SHA1
b31ef456431f130f1bda1cddc28e7579e18870e7

SHA256
d6743cdcba9ab81eee4e491b70429a8b3f757dde124b8ed9d3531718848e76cf

SHA512
396f536d035f0d0b3a23e7713ec0fba7ec98621f582c5bf7091af034f8259f101f9b9d6959df55fd2f2f17c4127e9bb4b89129f5b18715eb0f7bfb857d217a82

Download Submit
/data/data/com.netease.mail/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6709BFAD0218-0001-10A8-06E10DF019FCSessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.netease.mail/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
503B

MD5
d56eb364a70c479c4d487206e8d1f00c

SHA1
456688a0718afdc41c9f3b7232cd3d13ea5ea076

SHA256
11e79c42a918d2a2ac2d40405d79951a10421c043222cd1bc603e43f954ed851

SHA512
716cf45d99be74521357df355037d636209aeae8f8e8c6b164860b3c46584dad6245a2ebf0c98b64916593ea37d765e273d30212eafb577f4d1fa0c6bfe066f6

Download Submit
/data/data/com.netease.mail/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
447B

MD5
adf3d89f7ed1fb025ba84ff3348f3f62

SHA1
9345a5769f7db5c4eec2c411f16532bcc222c9c3

SHA256
82aa17df8c228f334b7394290690ea32386cf33075a73af669893f029d5d8069

SHA512
ca2ac2d3d93624662d84b43fece3dbbfcc77a73a45ca86d0df9935822ab91451eb4a72b5422274bf123015cc3c0cd8e3cf5a81e3c98edf24743a957d5feae548

Download Submit
/data/data/com.netease.mail/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.netease.mail/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_1c25fe16-6ee2-4aca-ade8-4687d669ac1b_1728692141929.tap

Filesize
348B

MD5
0b8c426fbd870614997e19fa0bd65d01

SHA1
94b657e2cb85b95da9544cd1221243216e1efb58

SHA256
de76c4f6c406371694541d572201c3655b3eca18392ed4cd7b09ee2cf2c4d8de

SHA512
87d6a041b3cc2ff9e9a62c045ffe297b193455862c50beb0fe190cc795cf0383142db14c364d9c676b681ff4ba7f91e8c9b439c1cc844abfbcf6fce71c83f9c2

Download Submit
/storage/emulated/0/Netease/Mail/.crash/crash.log

Filesize
2KB

MD5
653b0ff995583621b5f7a45cf91b9f70

SHA1
30f648177473321cc1acbba40d629538bfb67055

SHA256
1b99fd058d39f1680b168d58a39d16c69a95106c57407c0043d74c1b2c19218b

SHA512
309ae5df1435f9c01dc880172fad79a229169eecf56742583222d69c6062a301e92538e6507b29774adc8b601ac8ef92672a64d7ecb13615a6b6aa905db130b2

Download Submit
/storage/emulated/0/Netease/Mail/app.log

Filesize
2KB

MD5
1c8476d9979fb0f9806628105369cce5

SHA1
e4155c669aa41f3949b27ac0ad10ee45bca5f2bd

SHA256
9dc90e4f500f6bc247b7494c297390916e946ab2fb6b62a8fe3900e42cf3d611

SHA512
12c336e8a74460a85f55a17b3b09f3d69ed698e2186e379977177759bae4f5592f92b9eaf777de71300916e112e3429b1fcee5e6b884c61981e5c2414c27c8e2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads