605d2dcdea05f0d6ce55f009d676846cec92b51a5c4648692d922d51c3420c24

Analysis

max time kernel
172s
max time network
178s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
04-07-2024 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25fe46fc182a6c48c7f52fcc2b1ce5d9_JaffaCakes118.apk
Size

15.4MB
MD5

25fe46fc182a6c48c7f52fcc2b1ce5d9
SHA1

fb77a38a524512e34962fa04dc2ffdb094b8529e
SHA256

605d2dcdea05f0d6ce55f009d676846cec92b51a5c4648692d922d51c3420c24
SHA512

034de087b726f05a039ef7feb94851718c46b9c939a35bcb9e6777a7679ff43ee7671852d2e98b13646df1c1c103a017b2ad34c61d1f6c7051f9e7608f599109
SSDEEP

393216:3tLoYI+Cz6Yobz937ROIM93XxR2ixkyvVGntWB+SQ:3tLoYyg9rIIM9nxJkptWBY

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

/system/bin/sh -c type sucom.sinaif.credit:pushservice

ioc process

/sbin/su /system/bin/sh -c type su
/system/app/Superuser.apk com.sinaif.credit:pushservice

ioc	process
/sbin/su	/system/bin/sh -c type su
/system/app/Superuser.apk	com.sinaif.credit:pushservice

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sinaif.credit/cache/td_fm.jar --output-vdex-fd=45 --oat-fd=47 --oat-location=/data/user/0/com.sinaif.credit/cache/oat/x86/td_fm.odex --compiler-filter=quicken --class-loader-context=&com.sinaif.credit

ioc	pid	process
/data/user/0/com.sinaif.credit/cache/td_fm.jar	4309	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sinaif.credit/cache/td_fm.jar --output-vdex-fd=45 --oat-fd=47 --oat-location=/data/user/0/com.sinaif.credit/cache/oat/x86/td_fm.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.sinaif.credit/cache/td_fm.jar	4252	com.sinaif.credit

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.sinaif.creditcom.sinaif.credit:pushservice

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sinaif.credit
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sinaif.credit:pushservice

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.sinaif.credit:pushservice

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sinaif.credit:pushservice
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.sinaif.credit:pushservice

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sinaif.credit:pushservice
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.sinaif.credit

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.sinaif.credit
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
collection discovery

T1430

Processes:

com.sinaif.credit

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.sinaif.credit

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sinaif.credit:pushservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sinaif.credit:pushservice

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.sinaif.credit

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.sinaif.credit

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.sinaif.credit:pushservicecom.sinaif.credit

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.sinaif.credit:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.sinaif.credit

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.sinaif.credit:pushservice

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.sinaif.credit:pushservice
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.sinaif.credit:pushservice

description ioc process

File opened for read /proc/meminfo com.sinaif.credit:pushservice

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sinaif.credit:pushservice

description	ioc	process
File opened for read	/proc/meminfo	com.sinaif.credit:pushservice

com.sinaif.credit
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4252

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sinaif.credit/cache/td_fm.jar --output-vdex-fd=45 --oat-fd=47 --oat-location=/data/user/0/com.sinaif.credit/cache/oat/x86/td_fm.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4309

com.sinaif.credit:pushservice
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4288

/system/bin/sh -c getprop
2⤵
PID:4364

getprop
2⤵
PID:4364

/system/bin/sh -c type su
2⤵
- Checks if the Android device is rooted.
PID:4440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sinaif.credit/app_crashrecord/1004
Filesize
226B

MD5
f2f84cffc8fe10018bff337e5db8d337

SHA1
d6a4d79854b8bad8988432a616e1c4368969c442

SHA256
4bccbf47309865f4958363e13b40d54597ad58ddba057e2dea236d228183aba1

SHA512
6063047727de348b61542cc5df5459299a6b842ef087a17e9a49a2cb9a26c1dc27dbe8184cbc6016abdb97a47e1f78a324e55ac3c941630775e88f076cd80a77

Download Submit
/data/data/com.sinaif.credit/app_crashrecord/1004
Filesize
76KB

MD5
da357d3d7ca5af602086d740a299467a

SHA1
e2a7158834be4d9f8d77cd9d17aefe05fbf4553a

SHA256
706c2db0923f767a393685669c6b884e871d7e7bc02c8d92c77400f5a13319ef

SHA512
1ef759c5ad1b448879c249f035fecc0f08aab5574ee081514f02015cc3ff4cfdffbfe429f3d84ba91fc0d3659e3218b2d4f352a4341d81a20928948523bfd915

Download Submit
/data/data/com.sinaif.credit/cache/td_fm.jar
Filesize
37KB

MD5
488c534c779e804b027511a4e7462c7b

SHA1
204328d1dea60063877bc1dd2fcbb7eb11b32a70

SHA256
a9199cf4401aba8839357201546d66e3d3e8343a366a445b581a76a103c3d3c9

SHA512
0dfdda4805ad77df431731fa4780d54ab81423a0f2dc394bb161f66b0014cac1f3125d61cc3d83ffba86e9c8d710c8f7d41fe0df3184aa03089a51471b5c0304

Download Submit
/data/data/com.sinaif.credit/databases/bugly_db_
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.sinaif.credit/databases/bugly_db_-journal
Filesize
512B

MD5
fc691381afb1f02412b0630ecf895280

SHA1
7b67f65fab7d70fc42171bd61f6c0cf65c8e64f1

SHA256
e1d33a4cd7c0294ed69360e2df7abeb5c2d3a3d5960c4415080543359d1582c4

SHA512
fd477ea96509fdfa714f7bcd8c91bd129f25756e69c747f08af7933e38a22338305e4f5d0215455a1e89e596cae58c5d002c4dcbfac8f16397c498999e3bb5cc

Download Submit
/data/data/com.sinaif.credit/databases/bugly_db_-shm
Filesize
28KB

MD5
b354a3798d70ae0a36c4359aac6a5a58

SHA1
591bf4d73a4ea2ede29f25db14d53f0a63b0323d

SHA256
9e3ca451e62c6db03da38f24710d89f83aaa89b5278cecaee6931edb367c249f

SHA512
96a1831defe9bf18c8a1b5b22e7c102da6f63c2e42b30ddc9a428fde7a986d877f0fa848ba8d860946007557146c7d94a87ca9e967dde46e53574b56318eea96

Download Submit
/data/data/com.sinaif.credit/databases/bugly_db_-wal
Filesize
68KB

MD5
a5caa24cfe2417162168087aaa12bf5d

SHA1
c341cb0554d95a798664faeb0edccf23846f1d79

SHA256
bbd905bdddbfdd39068ac518b445e72e80bbb73a270311be2677faaffdbe2c1e

SHA512
8b410934a882b5beca44cf75fc0325e4b26c4b2c7637a4e30b01bcb86f67e3374f9987b184a8794320eb00b377c44f27728fba813c054f0247deed245380634c

Download Submit
/data/data/com.sinaif.credit/databases/pushsdk.db-journal
Filesize
512B

MD5
761715d2c4652a5b68be0bb3024f38e2

SHA1
9b78bc1d2e1e35bc172b602ebab5998b189aa0ec

SHA256
47ebc869f2856700d1e201ea3a418aa649a9363f2ee75346fdee480e0ffabd9c

SHA512
006506eef8cbaadd71ca09f1795864f83d723417bf36a5d4c1d0b5dff32540e73592dda443b9fa8fda6d7ca87d97f1edbe02f28e1d25c755070b622792552441

Download Submit
/data/data/com.sinaif.credit/databases/pushsdk.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.sinaif.credit/databases/pushsdk.db-wal
Filesize
185KB

MD5
3c3792fed6cd08206e4bd3fb5663b1d0

SHA1
7f23d6f074c47d84a1b2ecb25053f994a37a9e7d

SHA256
cc5050186e2dd78f134d83fb7c17be4b4f08fa2067861957a991731724ef9ffb

SHA512
49c1c5846f48f4c254c5573f0cd2f06e3081a8eed66723fd93895ec913412360ddb2285d3ac6799c329097f260a803203e76f5dfcf700fedc9f0ec5e0fa1cf32

Download Submit
/data/data/com.sinaif.credit/files/init_c1.pid
Filesize
14B

MD5
8ee316e7809f93ecb82fdfbfe08e8d44

SHA1
53480ca733e929192912699eb3561f39a2ce2566

SHA256
5f347cdb0d5ca5aa89ecc11df552eddc75be8fa1be6bd76efbf153130698fd1e

SHA512
ff54b7e1c32c61767acfbcab3ab4b1a91e96beb92cf243dbe886076975458fc27b3dc9ae691e97e29e466e7e4ab0cd3e0f0a5fcb6fd12b1623cbeb36b4eff21a

Download Submit
/data/data/com.sinaif.credit/files/init_c1.pid
Filesize
14B

MD5
8b8a359bba45be1fc7d7947948c8c2f1

SHA1
30f037f2ec11946d3e5144ae43832ed9512ed057

SHA256
b20d1bba70615a6136e9cb38ea83a15fadfc03ad34e9a50a6f0668069ce34d5f

SHA512
a83d1c82456d39fa75ffcdb3faafa9b9d82ecf517108b35ea4c598403363cdba3153334711279be76dae25fb9a7484ccda68d8ba42ca726749e19d0e4a1675a8

Download Submit
/data/user/0/com.sinaif.credit/cache/td_fm.jar
Filesize
84KB

MD5
52c2ffa309fd8aa40784aaf86a7dbccb

SHA1
a1b56087977d6b40cd17c564e7b6156956def42c

SHA256
b98c73b8c6bb86e29be5611eb016bcd8b2ed5b61b222915a890a7404c4a2d205

SHA512
ebb4ce4f3c2a8aaf826cafc536fc4ca5edb8d654e21613bfc9b45e26101bc7e64d7186c90c877012c9817a9b2f81faf9e4e6cf25352fdedb5012f566ce3063ca

Download Submit
/data/user/0/com.sinaif.credit/cache/td_fm.jar
Filesize
84KB

MD5
b94b2179695252d2d9220e97d14e2557

SHA1
3a0278afd368d25a40670745171a1248590e92a5

SHA256
a165fd6c0ae33cc8162e164a63b5e5abfafea84a4ef69b3a2845dec716046448

SHA512
0ca17f898c9fe03cbd1cefd19a021b351a7f7432a8520f7527900b9b553dadc305ec2e8ae51ac6eba6deacaa1472ccbb01bafae98646158234ba29213da1c1e5

Download Submit
/storage/emulated/0/libs/com.sinaif.credit.bin
Filesize
75B

MD5
ff583469b3e9e6efcc6c88068d8450b0

SHA1
66aceed49a3b1c33c0ec2b2dd959433cb9c29d3a

SHA256
507b2bc1bd5f531030773d8180ee88e8d29b94a42552b847a99c0e5f21dc36cc

SHA512
9363e53770d7b9a1b49523ceb6d78d5a9f1e03cf759bffddad1a3b80c9dab2b045cff82033a43e049a7d8273969f6e951d7ef75a611aa524c6122ea339d2d436

Download Submit
/storage/emulated/0/libs/com.sinaif.credit.bin
Filesize
75B

MD5
f92cb6876af03ed55517c16b1e8eadf1

SHA1
e146bb3152388fd7a64d33c1a7cc2f248166e0bf

SHA256
070087d24588ce3a1434a38afc8588cceb69d1594f088e3cf43d738deb781d4b

SHA512
60e038a10a663bd977462a536a80072fc630cf4029ac866404c7894ef3c28dd5b4c36d9dddcb70ed898c30eef07628e8c928b56142ce79657fc93e615590b5c7

Download Submit
/storage/emulated/0/libs/com.sinaif.credit.bin
Filesize
75B

MD5
955dcc29505ea6e4e34b3717ecc7f9dc

SHA1
46cff66fcf63bf9444fe6b1b22860431f6464693

SHA256
ec75208b7e0cc4a2d3c0ae477b1d0f3b82ee1d1ed0ce1d2bd239f030c97f27bb

SHA512
772e3ad48df1d7136e1048d33a85bdae822caa9076900e62ac760a38a6c8bcfe92f77bb0872c5e7ed413e52ddf419f4f217d656791bbb1d649a811f58dd130f2

Download Submit