710a155f9b7a1c2b5b12753f437677804bcb2daa2de3a19788cde780ea1bb13b

Analysis

max time kernel
40s
max time network
156s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
18-04-2024 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7afedc2b2ddaed4272534494f4d5d6e_JaffaCakes118.apk
Size

4.0MB
MD5

f7afedc2b2ddaed4272534494f4d5d6e
SHA1

f923ced7b203bc61e154db82018448de4a1253e2
SHA256

710a155f9b7a1c2b5b12753f437677804bcb2daa2de3a19788cde780ea1bb13b
SHA512

21acf6e09a5bd6b16b82219b08ff041bdfebb6cfee7146d1226fd6826eaf4798b8e065b56efe6043b338f16765690a6ba4fffe33af0d2b5f2fe1334d1407a626
SSDEEP

98304:R6383MNJvLlID+Ymv/aLJzjUMhM/bL89V:R638Ct5Iq9/aNzjRhM/bLIV

Score

8^/10

banker discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.livewallpaper.snow.baransoft

description ioc process

File opened for read /proc/cpuinfo com.livewallpaper.snow.baransoft
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.livewallpaper.snow.baransoft

description ioc process

File opened for read /proc/meminfo com.livewallpaper.snow.baransoft
Acquires the wake lock 1 IoCs

Processes:

com.livewallpaper.snow.baransoft

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.livewallpaper.snow.baransoft
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

47 wtfismyip.com
49 wtfismyip.com
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
File opened for read	/proc/cpuinfo	com.livewallpaper.snow.baransoft

description	ioc	process
File opened for read	/proc/meminfo	com.livewallpaper.snow.baransoft

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.livewallpaper.snow.baransoft

flow	ioc
47	wtfismyip.com
49	wtfismyip.com

com.livewallpaper.snow.baransoft
1⤵
- Checks CPU information
- Checks memory information
- Acquires the wake lock
PID:5040

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db

Filesize
24KB

MD5
ae279242f3e8471545a195087d7bf638

SHA1
697b7bbb5bb1e57968d1dea8072039833ea7d291

SHA256
2bed06e4104057ddc60f11648e99b5b38c83fd41e4c831118c048cdb6e77b1a4

SHA512
57e23b9ad0dd9320f67c952b28699d16abb92e947d0570f4fd16cba22554df51175c860ef5ab3e67a03046749bed9910c2643f290b7e491541c545994b33cc28

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
5f8ad2dc3eb0cdc2bc2c408359414534

SHA1
d27c039da8471b8ca59ac02b58d0db123c3cfe5b

SHA256
af9e93937a8cbec3726e25c99254fa5864ca85c96e12709a1c753241aa46453e

SHA512
b57b684068b5575204f32465b165989b59a2d0f430d918db240f69d9843a45ba1651a00bac29fc9249b7fdae02a0083614262254050a0c7ef76378a76c44741c

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
eda98296a6085aec0319e8da50031c02

SHA1
b4a800c2e69db42574df65aa0b788a0c35825e36

SHA256
132dd5feb1266ec9f251560b899bc488da23406fa7945e01a05e593ec98f49fd

SHA512
f496e00e066dcea879d0b5c983c5851e29381ca8bec248466174e305e200551350b185ec94d7db2d6a23597f753d9ef35545bf3e969ab06aadbf780ea6d803a7

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
8e8172a27264e369210d4edc88f90b7a

SHA1
f3ac0b6a351da6b2415037ee17902dfe8b7edb0b

SHA256
914d3e6c9ce70c9da8e6daf6047dd97cedf0f7b480fab62878d03acabf3d4fa7

SHA512
729def483edf6f836506edc4705b31554f47732b344c86f0e924ea97224c34508abcc6d215ece47fbec5782f3042bf1671b5dea86a737b1ef63679d27c5d1e7d

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
369aaad5607fb82f8b4282534b037a75

SHA1
261f9f64e438560b1cd801365e027d20cbf86d81

SHA256
f008a54da327b34f3a6e0f027c95467139023a1da00a25f45e3c874bdf43c3e5

SHA512
39e8ae154fb4fba495c92287345aee75e851a93a4b633c9370bdf46014f4fcb32b46aa941b583eba61e09c6bb313944d3a448e0906ee702dd1f7fbbe67fa9f22

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
6eedbe54e2ff486ca6a30b421c36b485

SHA1
d59a8f6fd45bc2ac27d08ca041f6289f040700f1

SHA256
f5ff615105369cad55c730359113c170fad77a090f27e064f41e887d34ff2715

SHA512
36b60253f458fcb74338a3b01d93e715db3a4a95ac7ca842b099a94fe25477a3d5fffc0b67afd81dc87d4752190758bb4e9eaf380b87432010a7b9f6a875e933

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
b0cbabc3b7db5bca65a576dcb6b8a519

SHA1
dc42842eceb69829df0b7e4848cf44f73c5be854

SHA256
dce41bbdd0011723ff0c7ede4cedfc489d7ae18f760650d1908b520acf618a23

SHA512
0eeb890e348e38ee0b06230ffd357baf2ebb4c05304cb884c4ed07e3ce10feb2028b1e4f345005ce962b1603780eece2ebc4899698a4b02d7462e4054db96382

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db

Filesize
16KB

MD5
0f02a773ffa26b97048b4cb732da2473

SHA1
4b0f32407a2ae06f9be10f3045170d26ac04ba93

SHA256
540ca6503cbe0971e6b23f9868819d6a764ba967c0951c1fe46dea375daf9c8a

SHA512
9ab269f768b095253c5406b304fd4f079cf3c64f5ab3b9ee1c248d035e2ee8dd91cd4c174e693d72beb2643f91cf48e265d4ae05df851bcfa1332a79643a1fb5

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
912363ea6d70b23c9204f795bf9e9a61

SHA1
5c64dde34e0b4517cbe6b39febfbe4ed03430876

SHA256
ce83e777df9004890ab3032c72199ce074831609a88bf7f9d95441182fd0c930

SHA512
75c9d09aac6266bc6e4b35fa39faf48264dffb2782201e44ab9d73b48906f510160a968c43791cc0aae0f79dd47931c7f0bedeafc0d354b0e6a8ebfcba4a3e24

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
a8d524e9523fbbf9a06bce654f8dd349

SHA1
6d2aa75cc20105cc206d6b5559d664b7dcbebc97

SHA256
de48e8717706dca2ed7d76b3e3e4a71ac43d131cc96b4ecfb6e87ce988992d6e

SHA512
81f8ef4bcb3ef27c5e2644d3697639b55734c438ab3b6ea2b3f9989b68b33147aa3f26df476b36e17ea5735ea3b0cb8f5591fe9dc54eda6e33818f5ac4f1eafe

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
512B

MD5
bccd81dc4a61f71781a07f70cc55fb98

SHA1
e259bf4b473e855a7c1e1b100379da8f1b3ef275

SHA256
fc63a6beb2d62785dd3a182000552f03c0bd60b083d0979f64b438ff4a5029cc

SHA512
e56dcbaf703338192610272b30b07dbd04f2aa7afb98e8ca16c0fad2f271958dce6d17790582a91124decf5fb526126de84fa55c46c9c0b1be3a4afb19279185

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
53bd1e8785e5722c46f3b27874ba2639

SHA1
babda9a457783f5586bbe17b78f57a026aaeba89

SHA256
bbce0b171ea834ea072b69242fe9525daa0f903e6c17361245e5f390fe8ea399

SHA512
05357fda3477bd18608b6d23c67bb3d7a93fbe039cd2b6d93c1a56b38f7161005da4965ca1f6f51dbdd99a8bcede701cefc593fbd35eeebcd27e2494ce2a3755

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
5d0bebd9b42de28cf176f8aa6bc68a6f

SHA1
7987f60cd8b8c819f9a9766804863338d27c3048

SHA256
529909d7e2b25eab2a682461b13401f5183b078e96ca34d05bac762a18de854b

SHA512
8aa0c4e552688e53ac2f1f345931e7fd8a3b8dc25eed090b003f1a3e13f0ad555a2521a3f92b6152ed293c7a4a89f75f5a31004024e7f8c15035305609bee345

Download Submit
/data/data/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ba56587d16951b9705b01a265cd4f31c

SHA1
a62dbf3abe007a6e1c3fd03124165500d20f5034

SHA256
b593af539dd412126f05d74e17c063ea8ba2418fab8569892e893beb544da5c7

SHA512
7a343310b8a303fbea998aeb0c817f456ef1fc01415e7f9ade7b9501be8fab4f790e01b43d43efa4c0fe8c37b20b2af7e4c624ec9f8e2b9de7e527d5da60a639

Download Submit
/data/data/com.livewallpaper.snow.baransoft/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.livewallpaper.snow.baransoft/files/unsent_requests

Filesize
3KB

MD5
ec8468aceeec21eacf86f946bf54f0f0

SHA1
ee342743de85d732bc496dd41ea7af76b2007bed

SHA256
db0aa65218291d9ac6b40a7e71d16d4f8467874210a9c55eb8ec6e3e431378d4

SHA512
6fb7b84a89a17d09b017f907c017ef95aa266078b7fc9f7edb6c24534832ce003dd078332e40ad7ba910feafae60e3adea16aa1c7edd4aed4b4706a19a349704

Download Submit
/data/data/com.livewallpaper.snow.baransoft/files/unsent_requests

Filesize
7KB

MD5
b62bf0a1388030382f041c8b92b89294

SHA1
2e3505e56e26d6c3cd11a7bcc8e25d03b3e30ac2

SHA256
a32fe93b6fb6ac27fc162256cc26fd9a0857274cf0274cf780f0d85d5646b81c

SHA512
a1cf77ec1cac633e535243106ac3da237e1bdc50c5ef5afa7fd1cec4212ad62a037c070f9241f722fd49229ac83380c605957212f4d234272d2233a8d866f3c4

Download Submit