Analysis

  • max time kernel
    154s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    08-04-2024 01:19

General

  • Target

    e64e9fc94ff0b95e5c0cf2b38be94502_JaffaCakes118.apk

  • Size

    3.1MB

  • MD5

    e64e9fc94ff0b95e5c0cf2b38be94502

  • SHA1

    7c9861d9fb7b00ea43113d7a36902b2c2525a1ee

  • SHA256

    d97aab6e351401596e170f056c3833bfd709cf44a2db97739a9129910fe2ece1

  • SHA512

    59bafd293766ac2aa60d06fe375eb4e4855dbb4d88577b83995fe0970960dadc9bf442bcba96d2bca8f757d6035e9c90ee45f1a66f934d8b13fe710da3ead220

  • SSDEEP

    49152:YR2dtusPvSD0goCVIvBN/wVIxFeLuZtRqG69FF3w67KDzCxTn5fl3MHOL1:YR2dtlPqD0oOHwGFttRqlvd7Xhqg

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator. 1 TTPs

Processes

  • com.yzojnxnf.buzdnua
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4428

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    902KB

    MD5

    32402d48b275e41cc5442589a81990e1

    SHA1

    f76850317f3b3c84b57e91703f59b3f7d697577e

    SHA256

    9b69e3577180577a26eca85b5d81154ed7533376363d0e43328db7d081a275ee

    SHA512

    a5e1cad53f86c144ec123112b7dd0428d5446e85e4e20ac1260dbfba3132b1e1bf49f4ffbeffc94a1d561ab0def8f32e42d493a1cf49b370a14a76e6523ad1fc

  • /data/user/0/com.yzojnxnf.buzdnua/code_cache/secondary-dexes/tmp-base.apk.classes326348149357720164.zip

    Filesize

    378KB

    MD5

    22461312922193347c5757959b7b8822

    SHA1

    ac343cd4e2b12b20a22e97e1c0ea69742a3ae287

    SHA256

    364451f204343b864bd2a0d4cadbcac05a9f59942a4a351ebd7fcb0e210dfaed

    SHA512

    7b8f58aceb39ed19ab85b2414ba135236e03dd12e4df373a5a8450519e096560096ebc1436ec470127569dadd6a015c8e961fe0801a442f5fa6624fa43375c43