7ce7e1472f5d44c43eacf58954d1336f8acbe6b843a45354f369ce337617d383

Analysis

max time kernel
57s
max time network
133s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
17/10/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52486ffd19962d05d3d497ff8f417cf2_JaffaCakes118.apk
Size

2.2MB
MD5

52486ffd19962d05d3d497ff8f417cf2
SHA1

a262600c4daae5ae2aa39027351c9ad3211c0b76
SHA256

7ce7e1472f5d44c43eacf58954d1336f8acbe6b843a45354f369ce337617d383
SHA512

bd0be580bc22a85a6387b8fb6f9aebed0b673df736e5f60c117f61b8633285950370434fbd0900dd2d6dc27609c786f14e883d86922e38e202847c4e1644bd3b
SSDEEP

49152:SLqbZen8uBWL4/9CZthxK7uRGFjehIzlnT9dsBLQyc:D08uB2qYtqScd9dos

Score

7^/10

banker discovery impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.huanzan.app

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.huanzan.app

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.huanzan.app

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.huanzan.app

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.huanzan.app

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.huanzan.app

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.huanzan.app

com.huanzan.app
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4262

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.huanzan.app/files/cnc3ejE6/eje3cnc

Filesize
335B

MD5
585839d66722cfd02e40cb740cccb633

SHA1
374c19200fee201b26d0153487a281a934615884

SHA256
86a9bb4985cca6c9636c4fd071bef4b70ba7b3a5eb51af869a1299dc2b1574a8

SHA512
09bbe1bf1455861fd4732f2d1945c84bac34090906ac2fab75d144c22ffcf6bc585c8209e94a2b1919c8402df53966081a1af2993e12261ae4c4ac5568667d88

Download Submit
/data/data/com.huanzan.app/shared_prefs_ext/test_app

Filesize
24B

MD5
1b77cead9372e196b8a150ef3863cb46

SHA1
40a325a1e979558130068a2d4271a78820954ea9

SHA256
38573b031333b42a8e803c59a9f8d4a142cacd2f888e86009855de5062b71e16

SHA512
35193d69b0092c481c4d1c26fcd97e67df94e2dbf1166ee6f0e372976fe9b5ff7a32a684908d0701ee47c8852e34664fba6b10fa02f171f6bd76aac456b8b757

Download Submit
/storage/emulated/0/.imei.txt

Filesize
32B

MD5
c865029b75a8d17344a7940886fdccb5

SHA1
fa2af422abec7abca583faca9c9e3a7a24da2ea2

SHA256
1438ede326052ac3396567fc4d038042ce8c2d2329d6d988872d57266075bbdf

SHA512
2bdac529093f12ceb03d42233954592cec9aff56c63d4c7bc16c818a29926f14eaa0332672226f242d8d8be07811731ffeca57f2c447abfaa0144643cf2c9d20

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads