710a155f9b7a1c2b5b12753f437677804bcb2daa2de3a19788cde780ea1bb13b

Analysis

max time kernel
138s
max time network
168s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
18-04-2024 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7afedc2b2ddaed4272534494f4d5d6e_JaffaCakes118.apk
Size

4.0MB
MD5

f7afedc2b2ddaed4272534494f4d5d6e
SHA1

f923ced7b203bc61e154db82018448de4a1253e2
SHA256

710a155f9b7a1c2b5b12753f437677804bcb2daa2de3a19788cde780ea1bb13b
SHA512

21acf6e09a5bd6b16b82219b08ff041bdfebb6cfee7146d1226fd6826eaf4798b8e065b56efe6043b338f16765690a6ba4fffe33af0d2b5f2fe1334d1407a626
SSDEEP

98304:R6383MNJvLlID+Ymv/aLJzjUMhM/bL89V:R638Ct5Iq9/aNzjRhM/bLIV

Score

8^/10

banker discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.livewallpaper.snow.baransoft

description ioc process

File opened for read /proc/cpuinfo com.livewallpaper.snow.baransoft
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.livewallpaper.snow.baransoft

description ioc process

File opened for read /proc/meminfo com.livewallpaper.snow.baransoft
Acquires the wake lock 1 IoCs

Processes:

com.livewallpaper.snow.baransoft

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.livewallpaper.snow.baransoft
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

45 wtfismyip.com
46 wtfismyip.com
47 wtfismyip.com
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
File opened for read	/proc/cpuinfo	com.livewallpaper.snow.baransoft

description	ioc	process
File opened for read	/proc/meminfo	com.livewallpaper.snow.baransoft

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.livewallpaper.snow.baransoft

flow	ioc
45	wtfismyip.com
46	wtfismyip.com
47	wtfismyip.com

com.livewallpaper.snow.baransoft
1⤵
- Checks CPU information
- Checks memory information
- Acquires the wake lock
PID:4408

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db

Filesize
24KB

MD5
9ed060b96c0c822fb2815199868eafba

SHA1
4202258b05a6bdeed7bd6287d23312f8dc0653a5

SHA256
0deca22c229081b448aeb022415d68e03eeb802596b317f7db82a21dba6ea0b4

SHA512
11f4641192ddbf538e2dc203ca0295d816e07856e20b6096276d94472f71373d508dca162b6081126967962cdcf9474e5cb6a117f6fea6529913abd19acbe4e7

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
554e99391e8cc7064ca1ab0d2574f365

SHA1
720190539bfbffd4971c1d7b6c697d8763710fd1

SHA256
497e4d1770fd9c45df05411b21f2997d1d30901948583bedfadfd6887eaf691a

SHA512
1178e9e351cb0bab608339465dfe3a483dc276221c58b2229898c6b5fdd06d8c3c36e0398d44fd1962fbd319550b2be64dbc147cc36030ed8640c267306c1fb7

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
40afa191a386b9fdbf9def9d853efa33

SHA1
55c2ae0a196d56b1010e4dd1f6a0462784eb8e44

SHA256
9e62360162b11dd8bdf3386c2c1dc5037d9aabc96edb73c3732eaa43a94baf8e

SHA512
917e3c81fb027b8230cde55d527d8aabf0ef28b581850861c2116d1df7a8cc3b67722c53526d5456ff04c59837390ca5b235b8086d6d3d4a6cfe46f8694b25a3

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
c60968e4d0ca479c6d3b2e55c3dd59e1

SHA1
cdf365df64c67521c1a280efb1438a53548a4bc7

SHA256
1d9dda4e1171eac71e897b4ccbfde1c3a5d65a906e17215d7514abd26e530e11

SHA512
616a93a7dfd64af73df507ed7766089a078da6e67a8b5875dc484f890e3cd3ca58691f7bd53dcbbac022f693f99e5a0884dc3595a468ce95bf624b77c7cdb7d4

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
8378096dee9156ba769e3b7cdccdd2bb

SHA1
a74f1d11bd019dc5e13db7a52788f27429610cf6

SHA256
b68c046a9e5b73a4c0200be241d186d58812211233d7c35e9ea43bf0199a595c

SHA512
406a0a1480cf52cd37a7847d32a4bff316c4fa8c6edd4dfe8063dcf87adc7bbf31ff0d57d4341e3d6c5ec685d657ebed7b52ccbb9965fc3680bce8266b226e41

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
7dd12b3f019500f7c338dfb709de7a58

SHA1
b614e68251c43985f15ab56c11e0ae20da361394

SHA256
4770f11cc78f5a1461af93a6f649cb31240b1f593aa68e769cf5c28993056f20

SHA512
65c29af356e08d4301da407a98c9452dbb890d66a06b7bb55781bbcae86cae630349fc918e66997f4c5e93508d9939b399f59a59276490a6b5e38fa2dfceeecc

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
da82846e52ae6c9eaa4d080fdf8f6d55

SHA1
e4888c8dd2a08bd611f7455b1d3e38de1f9f5a79

SHA256
6d3e245ff4bee92f2977b83b6dee69a8bbd2689486fce2410dfbef555e087b1d

SHA512
89243ef86d3c6ada6f208acbefb812ce4adeb412fea71dbcd2a1ff19a4264f88ca00eed2a9aeeddb55d84995eaefcb95e2f793a61ae8322ef659f28f616fc561

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db

Filesize
16KB

MD5
de1d74a02bc2df69d7b305d3814f951c

SHA1
c911d42734fcee485c8181af54d97428c38889ca

SHA256
5ea8f1b42cd5fd54efe3e8325f50e73c3e27af31fcf765d613747b65994c00ec

SHA512
015e8621afbb7b361518ec3b26d944858b73725891ddf2430e79e7f8dfa85a6831815fd1783fa3adcb534b6fe7039d48c150cf2e5adadccd6358db15ea3e5083

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
517e4d71e912d9b3f33af2978a23e4be

SHA1
3629fd5eb4259855da0d63234615622c510635cd

SHA256
4cda3de92458636217f3914fafffb7cda67bfae4881f5430225c258c0f2d3162

SHA512
6b391cb255007c57c874c87f200f47d5763b7948997709af30fe52acebd33984aebfc03281a7b0582ade6a2f7df5103fed0e677d5687a99b408bb068ec1a941f

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
1939c39de9f42ac0880e96ed1e364d8e

SHA1
dbb293c5baf45d486e509053aec49e2e848b88dc

SHA256
223fce0cdbd75c885216bd38b76d1562e4a321ff7f40ee371456a96c74120799

SHA512
d91382af29ec66e0c4ee14bb28a4eeac098f44c8bce13e225b1a17c44f08db1c1458c739a772c9dc3fd8abc2508c1e9536556290881501651fbc4304328491ff

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
512B

MD5
a681f861a4f6f71e53b3754433e8e813

SHA1
21a225bdcbc0352e9565e091157f0b8bcedbefe0

SHA256
98c0606a8378f43ed74600bd887017631093a9743dc4fd16711cc92bb5cd7ca5

SHA512
5cfbcf2ed623e140d9e87dc7d25d79152b6e853502c61a6a36984296d19f8d798ac12b27608220350995b2783280a0755c75dafd91ffd279687f742f0af42632

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
033f7d323507ba8dc862fd38bb2bc5b4

SHA1
3e32e7119151bf6efa7b32093053a34f6ded739e

SHA256
676850073ab30f69693412dd83fd24dfe89ab8aa0b8f346f1b17a7745967138f

SHA512
8425fa9826f4a7349ccd6f01813e664039a8cdb9d5fb3311531384ab0a292b3a5b098d9d5ac9dc77b5fc5beb6c42e6fe73befb896a10cfd8ebab1d29bf76af1e

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
5f4d536aabf51116576eb09258ea09b7

SHA1
acfae9b2d5aeedefcc90a7e39d9b079282345eb4

SHA256
ca4a82535f99ce629eed7a92b51e68f98c91f6d6214ca09bc2b3b34de716fcbb

SHA512
da72353e527cb6f50ab6e218a193fad2f12a1a1570b3fd927f1aee1ea4b22869e06999c27bd76f1473114f6f35a4bc5254207bee1e414013c4feab016093583b

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
130b70f7f531ed1fe35ae445b53c672c

SHA1
a0f66bbd58b8c12aec6357ea14cac3e7c1fbc009

SHA256
ec52aa26e8d790208fecdee0508140eaedffd8237a67fed1abf0cab24d9709f5

SHA512
4c1e73d56e645830f9e5dd82c646281f2a897d89aedc890279e8ed735d9f0fda82d19bfd82b61a839b0eb88ac53b5a7fe386cb396b95329efcebb4699663ece5

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/files/unsent_requests

Filesize
3KB

MD5
721f65621cb8012f4c358b7fe76a436c

SHA1
db89fa0599f47dbefef1d6b10e2dfed90f1ff5ef

SHA256
07723e66b49e2529c02fa4d0ce43e3c71d67ea0d854014aca4f24846956abd02

SHA512
417c89d040f66842dafe8c270436a48263e7b7b55503831befc36a83c781cbb785ec390a77c23d2ca38f20f48f842f2265f15fc46251b44579eff953bb56414b

Download Submit
/data/user/0/com.livewallpaper.snow.baransoft/files/unsent_requests

Filesize
7KB

MD5
11bc68369137d001daea0a8b63611eff

SHA1
479e3bdc58e8a8cdd73da47198a7ad67ed063808

SHA256
9c53533b23c0dd16633628a243ed0eb132fe4442eb96044db9249a86433661ac

SHA512
fe5d349a36d344cc0a1ebbd6e6540f9a2771b3c68f85ddcacd02706357745fbda6b20d70c1b002f586170fbd1457c51725f556f0f8d69a8b9f8e1b09f330e8af

Download Submit