Overview

overview

8

Static

static

6

03bec99742...18.apk

android-9-x86

8

03bec99742...18.apk

android-13-x64

Analysis

  • max time kernel
    145s
  • max time network
    128s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    27-04-2024 22:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03bec9974278ea18202d597b9f2e5b79_JaffaCakes118.apk

  • Size

    6.9MB

  • MD5

    03bec9974278ea18202d597b9f2e5b79

  • SHA1

    3f011bd908212aedee0af319c5675c2335be0e6d

  • SHA256

    7e5ea9a965f763f9274bb93aa5428bf9b81de0a5a479a7262253925c095b63e2

  • SHA512

    ed0c18d9826c6d10db7720d1a48e1edffbe6da25abc8f4fde92f95128948f049e100404c8aa0b11d19601da9c72509a005d8189e830123ecb220e3679f11c47f

  • SSDEEP

    98304:gwIUadB/z8fOwtgOzLwDM5b7RqYXJcbXPQ+QohND5nU0lOPY3jKNKD6O+NNyALLO:oUadWWqAQl7AasQR8nB8zO+vLO

Score
8/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • igudi.com.ergushi
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4307
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/igudi.com.ergushi/files/__pasys_remote_banner.jar --output-vdex-fd=89 --oat-fd=90 --oat-location=/data/user/0/igudi.com.ergushi/files/oat/x86/__pasys_remote_banner.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4418

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/igudi.com.ergushi/files/__pasys_remote_banner.tmp.jar
    Filesize

    286KB

    MD5

    5be82952660053836998015bd86e661d

    SHA1

    2a03d5e076d51a6965b9801fc7885542b84c88be

    SHA256

    ce6663136f5644815ffb8b1f512e443a009aacf28e12d9923101d2fb75314e5a

    SHA512

    cc133482b664265a0f808731385a76cc92c7a8f3a90d0e93125bbbb99bbe1c80876c51db13a895a3fa684b5af99ee1aff15c7bf1a6b9bc8c7324f88e064c5b7f

    Download Submit
  • /data/data/igudi.com.ergushi/files/mobclick_agent_sealed_igudi.com.ergushi
    Filesize

    547B

    MD5

    27c9308107b8b1680f0933cffacf3c4d

    SHA1

    fccd3750d6903c914cf01bdbf1ad86e5218916a5

    SHA256

    eee2de3b9ca4a1cbefc91e56e05eb6a5cb3b5078805e56aabfa999a3da5168f5

    SHA512

    da0bc4bfb1bbcc18b4ca7b2c5341aa6743334597238829ce6392571f88fd58432f490f5298e16db5db41425be5d72cf6452b58cd2deb751583e46aa45d6b8887

    Download Submit
  • /data/data/igudi.com.ergushi/files/oat/__pasys_remote_banner.jar.cur.prof
    Filesize

    353B

    MD5

    dfc4f0f41f033f883fc2ae446b3982e0

    SHA1

    ec4d38e5919c5f65490c56953fa925aa6a2d20b7

    SHA256

    711f95b9736cb3951583e32f47bbfbc1f98337928216004fae80f8d9b58d50a4

    SHA512

    985efce6e8117b2bb341f3e2589a171b091c4c3db49a20e20acd39b542599dfdaf1862162413d7440b362f247e4c1dc62e2df9447d90536aa476268a24839a43

    Download Submit
  • /data/data/igudi.com.ergushi/files/umeng_it.cache
    Filesize

    211B

    MD5

    35658d03fd5f867881278ecc6f65a0b5

    SHA1

    c2cf9b28de4c0b8a7031a15c4bd61801cea21ebc

    SHA256

    46dd1cdd1966b5bafd1f3b4d207f13b04ff5861f4fc1038c1f8e88f8ec1c4eb5

    SHA512

    c227c9789b6f1c24c49ad3bd8eb8cdd1ebeb9c9a0662c3a29160381693e665a33c5e1cee89d73d67c3622e093286bb5e19a18c7fcfd60fc185bdd5c85cbf678a

    Download Submit
  • /data/user/0/igudi.com.ergushi/files/__pasys_remote_banner.jar
    Filesize

    413KB

    MD5

    825c13a8fa013b3354d89454b9b8e9a3

    SHA1

    52f9e947bfe0a4417a1057fcd712d941b315cda3

    SHA256

    699bd0739cd43638ff845df3ad9d4a8aa56c7c1ceeecfe78ad20c22f3d2816ab

    SHA512

    3b36d136de00540bf95a6a0cb318e23daa8725ceab1e575ad62a01efc1cd3655da328beb67c3237ffa36fc9d8255a8ec809851625bad764de6740c750fcc987e

    Download Submit
  • /data/user/0/igudi.com.ergushi/files/__pasys_remote_banner.jar
    Filesize

    413KB

    MD5

    e033a50c5aeec2a9d5e53e80453a98b2

    SHA1

    63a71bdb3bf588279079dbef063c753b2f218ab3

    SHA256

    baf439f899582c1faf3c5407f5e30dbad4bfa72019bd57e3408473e30b155197

    SHA512

    5eb15d08192dd023cd55474fc86a750fb55018d5fdc9af081092b8948abe6310e882e37a696b1a27da7a4d87a3f05a3278f747de537edb3047e6d7179faf5e84

    Download Submit
  • /storage/emulated/0/Android/data/.class/android
    Filesize

    33B

    MD5

    3d01a0cc7abc4fc30bb3e60da34f59ef

    SHA1

    a77628ffc105519271a9bdfc24bc0ada1aadd20d

    SHA256

    687bd1f19832d515445c688a6acdaf9212540c0b08796179b9a1b27497f45e29

    SHA512

    6d3fffcd24d6a65a48a89313861896434f7dcf4dee695dc84f3b55d6c19e457a7a68dd6f5e464acb007d16922b44192f994e24064d69062c36481f2cf80636fc

    Download Submit
  • /storage/emulated/0/Android/data/cache/AppPackage.dat
    Filesize

    18B

    MD5

    861fd379029b39591ce8cf5b366d0319

    SHA1

    d70d9345157f9b8aac17566c0207cd4dde5758d2

    SHA256

    ce597cb7b4d82125c827f16833bd3fe57192f8f7a66ce43b18aa4e11ede109c9

    SHA512

    9249a97e0b679ed1788d7508f696a883584d7b9c196479fdeaa9712d54e63b13196aa4aa430bf4dfd20ee3a5242ef9a317aa30e6e87dc42a274cd4141b864a72

    Download Submit
  • /storage/emulated/0/Android/data/cache/CacheTime.dat
    Filesize

    13B

    MD5

    9b61d7013ac48b5f6366bc04835748af

    SHA1

    3023ef28438f998f336d3b47b5941169f4ec9217

    SHA256

    66a6a87d90bf8a777768b787144749e562f411985a23d22fd0f7f154e4cb3e62

    SHA512

    9d6571c3d3f69cb86c31ba735f1459eb8a9942cf032dfd439edd43c778484a682be88bcaad1c629806ce6fa50ec1f06d10250f91592d3841890a11a6b41ee81d

    Download Submit