710a155f9b7a1c2b5b12753f437677804bcb2daa2de3a19788cde780ea1bb13b

Analysis

max time kernel
32s
max time network
135s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
18-04-2024 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7afedc2b2ddaed4272534494f4d5d6e_JaffaCakes118.apk
Size

4.0MB
MD5

f7afedc2b2ddaed4272534494f4d5d6e
SHA1

f923ced7b203bc61e154db82018448de4a1253e2
SHA256

710a155f9b7a1c2b5b12753f437677804bcb2daa2de3a19788cde780ea1bb13b
SHA512

21acf6e09a5bd6b16b82219b08ff041bdfebb6cfee7146d1226fd6826eaf4798b8e065b56efe6043b338f16765690a6ba4fffe33af0d2b5f2fe1334d1407a626
SSDEEP

98304:R6383MNJvLlID+Ymv/aLJzjUMhM/bL89V:R638Ct5Iq9/aNzjRhM/bLIV

Score

8^/10

banker discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.livewallpaper.snow.baransoft

description ioc process

File opened for read /proc/cpuinfo com.livewallpaper.snow.baransoft
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.livewallpaper.snow.baransoft

description ioc process

File opened for read /proc/meminfo com.livewallpaper.snow.baransoft
Acquires the wake lock 1 IoCs

Processes:

com.livewallpaper.snow.baransoft

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.livewallpaper.snow.baransoft
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

49 wtfismyip.com
50 wtfismyip.com
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
File opened for read	/proc/cpuinfo	com.livewallpaper.snow.baransoft

description	ioc	process
File opened for read	/proc/meminfo	com.livewallpaper.snow.baransoft

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.livewallpaper.snow.baransoft

flow	ioc
49	wtfismyip.com
50	wtfismyip.com

com.livewallpaper.snow.baransoft
1⤵
- Checks CPU information
- Checks memory information
- Acquires the wake lock
PID:4465

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
2d82ad30484546916a31c2a55758d9dd

SHA1
83bde9a0e6ab693ff5adea0810ca7ec2b8286852

SHA256
b8fc5ead2e780d9fe7fc559bf4ef26064534bfc9ffbf351c6bc6d867d809b1c7

SHA512
497a7f65c57b79f02fa0b5d03cd8e819f6b441c0278f41728d45651aba77dee7ba017a66a18ceea649d8be3fd06cc24785bfb1ec4500cd05271d4c3d48866836

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-wal

Filesize
68KB

MD5
41fb9687fa44c130efeac6419e688b70

SHA1
0671d7a9df2a10ca6a64bc6a35c7fc6533ac2adf

SHA256
bcbf501ca90a9bbc6bdee1c837bb205593a3cbb5dd0de6d1766af862d3cae37d

SHA512
7fa8b90c4e29f64cf603a210b493b2136d8d581899132e8a8eb675ab078c2b66dc75fd194fe0fad495bd307d1eb7fb1ab50989386d6d1ba2df3a200586e36816

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
512B

MD5
441d8fd9808f6a0c0d2486641319c8ba

SHA1
6d9608a4c8be2e6fba4623aa2ef95e8b9f55d285

SHA256
340433eafa49c4f5d80117dd728ec2400d109d71f69b8076449682be5cab52af

SHA512
5ab5c904759c0d7b259394acd16683449b3fb0baf6b0f991bc3c06b3844f7819b4e7342d564de11cd1b3a109fe3ed15ff18af7a8dc22daa62689bd06c04aeaa6

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-wal

Filesize
84KB

MD5
8ecb0c4372cd6fed905a6887e7d1c200

SHA1
224b5f39fe1b7f8a69972b0b531dd4be2c5af1b8

SHA256
23f13e2b43fc365566365ffa15bd26d6d7f9831fded5bd01352f072f226f78a9

SHA512
6c2b8f53533e85ebf4fb3b2b68f7d3b4230daa3077673d9bb9b53bcfa13c79a5ab6be10a14deada9e7497c0102f765e182e4ee8b26f58c6f20ad11afd7e92aa9

Download Submit
/data/data/com.livewallpaper.snow.baransoft/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.livewallpaper.snow.baransoft/files/unsent_requests

Filesize
3KB

MD5
98c901301164ba9ef317df066ba2676b

SHA1
a4a19ec53f01561f86bb48cbc0cf7adef366288d

SHA256
09a1d0c22f132804ffc3249983df0fff2d59955c0d61ec76f2a76af6480e2d84

SHA512
486335f7dab0d54eaafa7f4a29a57b55b20d7cbf7ad3f5d3831732dbadc03b7c9c522e531ae9c710815170e3c5ca3dfc4ba6a5694ad0d5105f3f1059177f69c8

Download Submit
/data/data/com.livewallpaper.snow.baransoft/files/unsent_requests

Filesize
7KB

MD5
6e50748e05fb1681a6bbe17d598a658d

SHA1
66b98fbb53c9aac457b1ae5661f9de0b23066fcb

SHA256
fcdfb4046d47bf026bee379337ec1912b6347c5abaa6ee2d0b6b89368034d73c

SHA512
b3edb80de18ad88f01100e6ac0f0b2fdb4a59790047766ecd120b18bd1d90bcdc6d67079237ba15bf8d18c762a927ac72619826d2dcba848c7f7df86660f7cbb

Download Submit