Overview

overview

8

Static

static

6

01ef639124...18.apk

android-9-x86

8

01ef639124...18.apk

android-13-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240229-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
  • submitted
    26-04-2024 23:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01ef63912412faed554db5c8a5518e78_JaffaCakes118.apk

  • Size

    6.0MB

  • MD5

    01ef63912412faed554db5c8a5518e78

  • SHA1

    c62a558be01d7c4e9b6edf004fda0837ab6faf38

  • SHA256

    96d0bffeb5473e360465ccb8fc26761c8ba227501ad574891bf24845722dcf67

  • SHA512

    c9e17671a94483d60fb18105480cb560e6692a06ac431780f3ffc1a5d1391fb8adeceb25df9d16f270d79334899e2d2cbcd2108fd4e6de07a14f5bf8e33286ec

  • SSDEEP

    98304:wVHSDmDe2mdT5hMY8mTJdt3/MCCpWxA2UoKmQzfwuvgyJWyLnVZZm7/2aj7bSUga:wYUeHdT5GYXft3/hOb3zx/JNnI/2UbR7

Score
8/10
bankercollectiondiscoveryevasionimpact

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Requests cell location 1 TTPs 3 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.msunsoft.registration
    1⤵
      PID:4286
    • com.msunsoft.registration:pushservice
      1⤵
      • Requests cell location
      • Acquires the wake lock
      • Uses Crypto APIs (Might try to encrypt user data)
      PID:4359
    • com.msunsoft.registration:remote
      1⤵
      • Requests cell location
      • Queries information about running processes on the device
      • Listens for changes in the sensor environment (might be used to detect emulation)
      • Uses Crypto APIs (Might try to encrypt user data)
      PID:4461

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/user/0/com.msunsoft.registration/databases/pushsdk.db
      Filesize

      44KB

      MD5

      cab353b476884bc1231f097ef4ea7693

      SHA1

      d0fd15bb974d4eb88166067e18db5a3c4e3fbc1b

      SHA256

      f28169d9a8c57758aa79d4bd5fd0b18a7902f3ed4fda85fa688f64142bcf89c7

      SHA512

      ef2f0ea78ed542894a380b07522dfa7edcee15bcaf6768df3342780575a6b9308996e113d2c5d4e769bcb9bb193f1bad6a8ad433d1fe1d5ac33004e827cc2d8f

      Download Submit
    • /data/user/0/com.msunsoft.registration/databases/pushsdk.db-journal
      Filesize

      512B

      MD5

      21fa81e53ad8813146a8168a54bdad80

      SHA1

      1e25e6ab3cc83224ce43683645feef88a8c60d38

      SHA256

      b4c614e32001b754a9cd05993253f8298c9664957a6fc3a685670fe1ac8e3722

      SHA512

      3b5c6911d5af215d04c35b512b3b08dc427469a8836fe64eac9ca4f391f9aa6f28bb52b32733353c3274fce938436b8406d6cf2f667e8e4a30c56516e1134b7b

      Download Submit
    • /data/user/0/com.msunsoft.registration/databases/pushsdk.db-journal
      Filesize

      8KB

      MD5

      ef9c6e51f224946870d8c85693655e78

      SHA1

      5002251e50f5804838455b342967612feb0d0783

      SHA256

      261cef5bc7aac674908c77dec123cec61648e4565677ba026fc5c915f6b8f962

      SHA512

      eb85d9af2e086c67ab606158fa80ccfd7451120bf405d391d2b0066a42433a232ae669aca1e11f897632e292f5835be3df14d483c102810e20703a9a5a673991

      Download Submit
    • /data/user/0/com.msunsoft.registration/databases/pushsdk.db-journal
      Filesize

      8KB

      MD5

      dafe2849e50706d8e0decbd3ffc10231

      SHA1

      fbf0863f81063c019f67140e1ac701faa81bd741

      SHA256

      a4d0716576e65aa40e9a4171c860d2a92275a14821caad72b1f42491b27bd696

      SHA512

      6109568ec88368b3971ff6b59addb77a686af441c01cf2242dddf8466f567974ff8715e5c23e671b79ae095afef0bb1d0b30239c911fb42e2883fe349f524654

      Download Submit
    • /data/user/0/com.msunsoft.registration/databases/pushsdk.db-journal
      Filesize

      4KB

      MD5

      08e919d6e7abf3ecc4add64a88f3b163

      SHA1

      7c32fed97d97be483407d01ae6415bcf0d3a4572

      SHA256

      37a08ad3832e33c17154faebf0e3285adaa8b4ec359e6963fe93958b2167bb6b

      SHA512

      e95369794a635b6f4730af148c8b2ee5bab1cb28303845579a25d3b8d41256892b314b2ce4db5ffe17fb6a9561d9ec7c0ad35d42cc46c5b61daf0162f8e74ac9

      Download Submit
    • /data/user/0/com.msunsoft.registration/databases/pushsdk.db-journal
      Filesize

      8KB

      MD5

      efc7fd999c3d1d0725029deb540a0eb0

      SHA1

      e66de01db6b3d3808519936cb6290f13efe9d0ee

      SHA256

      06d17e7d7cee1c612cfd00991e67f6a096c884d2aec72d0565bbd5c9038e70fd

      SHA512

      1fb303f66b1d61e76c5dbdcadc3400923ebf68e978b107713d023d0d7a75d6807f69d244b3e62160fcf1eed37424eca9d6f92161a1affcb3055e6b783fd91249

      Download Submit
    • /data/user/0/com.msunsoft.registration/databases/pushsdk.db-journal
      Filesize

      12KB

      MD5

      56a592ff91c5e98d821e06f2f24ca68e

      SHA1

      72777e5eca295e106e36b5c341f2a70e5cc7079a

      SHA256

      54fa5806124f65d3d4eaf59d29ee85f752a7f93b3a635422b066d4f7eb57d074

      SHA512

      35b88cfe9c1ebdf95679e485202b13a9cd50ea9e86b63f4747be737615d763ad34accc6993ddeed2a137b56f7505d7cd0dbf1447be99c0e5d57b9efa25613bdd

      Download Submit
    • /data/user/0/com.msunsoft.registration/files/libcuid.so
      Filesize

      109B

      MD5

      7d5e8629f809693d3ab60be1bda3a5e0

      SHA1

      0fbd5d7e28ca1469f414c9029425b91f6f003f7e

      SHA256

      bd31cfbad4ff268baee5dd656f623af87115669a25368f392fa0225dc72fb4d5

      SHA512

      bb855706b82c79a8e40ee4d180dd74b006a558b076670c5d329588e25ce595f861e331a5ce66edeb267f9da2ea2e6bfeae05f3590110cab68ab7b778923d7c65

      Download Submit
    • /data/user/0/com.msunsoft.registration/files/lldt/firll.dat
      Filesize

      16B

      MD5

      3b2081dd21e4691b5390d963d9643313

      SHA1

      30ec932c793d04e0bc6c830ca28ef31f48f5634b

      SHA256

      1030f91f4b07b9395a9c15c155e1adc6175e4b4f6922b6900b2788ab9c9b7075

      SHA512

      6c40218cfc710267da248888b1c43025df6f39212e31c378a8d05dd19f9edbfcbfc69d98d875ea038bf71949e4ee17b015d7b86c9cf0b96ce1d0873497f01924

      Download Submit
    • /data/user/0/com.msunsoft.registration/files/lldt/firll.dat
      Filesize

      16B

      MD5

      4907dfddb2001c580d7bbbb485073a66

      SHA1

      544496914a37874939786381d3d364ae17f5d25f

      SHA256

      bf07eece20ab016394b37150a1fbd7891ffe35f5d9f1e37f79dd4a51630438d2

      SHA512

      16273d4de15e222a566781a7a1df0d79b8e112d7ba9be4ab6f98e43f61d86250b7bbf12226ab7a0f81b571374ac3c8fa45a8f4d9ab1ab497c270db247475b7a7

      Download Submit
    • /data/user/0/com.msunsoft.registration/files/lldt/firll.dat
      Filesize

      16B

      MD5

      ca2460b99b6282ecf436935683f239aa

      SHA1

      4b61b0ba2bb68c204b7f3457fbc255f0d29c437c

      SHA256

      fe8ba9cfdee0d9a536c05b760f4a09f2572f66fd39c99a9b6c66339d08093da8

      SHA512

      0fe2dd8a55e2f44b4ca1617b366f4cfb4ff3189e8058259685e67699e678b5b8220571b43d8de130da143dabbeac365b46205fc8e1668fc54b99719f2b0532ca

      Download Submit
    • /data/user/0/com.msunsoft.registration/files/lldt/grtcfrsa.dat
      Filesize

      206B

      MD5

      6d613136def26031e18f3f404299bb7e

      SHA1

      14a7a4a3309b932512dad59dbdb35503845e60c0

      SHA256

      58e28d4defb46364dd0057354a4a89f8cb726d3b696c632de04b1a707803be18

      SHA512

      89ac70f36ec3117b631a56d43700b4d034d6d269d4632933fdaa8cd9675c57af1df95f15271d0b45b796f56b4f89ec3d6bd4c9114d7cdd24e3a25d30e24e7ca0

      Download Submit
    • /storage/emulated/0/backups/.SystemConfig/.cuid2
      Filesize

      801B

      MD5

      704c42587e8daafc351957a1981cb6ec

      SHA1

      acc2ecaa27b9bfe2a902062d7587d18017cd0872

      SHA256

      1da49ddab07753dec55923ec45eb407a1056c3090f42552609f627fe87452db0

      SHA512

      5414f78fa09e54beb038e34ecd4388e40117a2c9a3b429e53b99b2585c948cd054e41c1d1989f2559bef4a59da7e649a1cf2f09e0af547b3d0562534c3d1119e

      Download Submit