7d8558c05ca7fc02634567504af0d480490ecf68512e1c08b0e167535233f611

General

Target

4610eae564c78e469ac6e59a3cf9eec3_JaffaCakes118.apk
Size

19.5MB
MD5

4610eae564c78e469ac6e59a3cf9eec3
SHA1

8b1e4e25e8d8755e020a6192bcdac350df578987
SHA256

7d8558c05ca7fc02634567504af0d480490ecf68512e1c08b0e167535233f611
SHA512

f79afea9432f47280c9e3f85a9c729bfb20fa4ef01ed36d9983657edc6ab336e4c72d06ab4c3a68a732233f9007b8e7662aaffe90776ceb088e6fdff091773ed
SSDEEP

393216:4wDuzyW4O2y5FtevzsshyRAtT1bNpw8XPanL5+jHw8XTQ35nL5+jiHml:tey3OXRgQshyRsbpw8XPanL5+jHw8XTP

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	cn.cntv

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.cntv

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.cntv

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cn.cntv

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	cn.cntv

cn.cntv
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4244

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1633

System Checks

1

T1633.001

Credential Access

Discovery

Process Discovery

1

T1424

System Information Discovery

1

T1426

System Network Configuration Discovery

1

T1422

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/cn.cntv/databases/UmengLocalNotificationStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/cn.cntv/databases/UmengLocalNotificationStore.db-journal

Filesize
512B

MD5
859b90adf9079612331ea3d2bc1a783d

SHA1
01deabb29520ae302d06591396dbdc3b1d7556ec

SHA256
f210bf245db12187002c7df1b75c3e10a7d139f030007eaa35f862a98b327f21

SHA512
4c1ddb3ae994a697c54a3813a4eb9a65953f8122038617168a40294bdff1e41fd520ebca70e43b5e50c458181df90848f697a2772cb00bc080d9c176463b0c70

Download Submit
/data/data/cn.cntv/databases/UmengLocalNotificationStore.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/cn.cntv/databases/UmengLocalNotificationStore.db-wal

Filesize
40KB

MD5
93bad10e1f6c5d07cf2eaffb54648c92

SHA1
1930ff8f1f235b10a1112e695279e4f1a0f63587

SHA256
33c87375ab656ec07cf0e19fc192a4049d2b7ab6b2707f48fdbb097a6b42817a

SHA512
989bfe26c0f1f031f0e4c6aa9091584842173253ed168c6604cfac3ea700e3437ae687bb53ff60db266ca304c6144eee2f4041e696807ad29fda5c6478506c42

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
bd4d893870e186c76366a62be11f94be

SHA1
b84e9bf131d1a0d09de228f6f5f6d30a707c1f4c

SHA256
9018f961ded4896fd317e985aa31c957eb270eebf06d3c06a7af38dcde671b2a

SHA512
6b092f91d28c5214dcdf74e0e99fbfe8a3571360c37984913aac1bea94661fff6b3aade9b14c8ecfc7296fc197866854372ae3480dec492937139442751ca220

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
49025d60dd8c6e290151800aa2e7256d

SHA1
bb42cfeb4caaecbda61f10dd0aca0bf1923c107c

SHA256
3b16180faf76428e39a3a10694cbce2b182d6cd6f699643440e18765b8c7843e

SHA512
041450fa8f1cfc1df22d25beff3a930c7320774018ded53def2ff762bec87fa26520eb695977d72cdc6e23283c5f906e8fd9f2ba6baf791bf07a80703355dc61

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
c81658af9362a5809c024bed253dc183

SHA1
8fe9dfa2bcd3953aa32930626ab6da191ab352d1

SHA256
98cce723908842e457bab31a4b642232769a7304b6a27e097ee117429234aafd

SHA512
2ce1fdd39295237bd7d42924b07ffe8d447cc6111b7b89620c196b74d3ef6a15f8b59f775b2e189a002e6bec7b29d6c06908ece4beee58d8140421f7ae5e45f7

Download Submit

Analysis

Sharing