Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    27-04-2024 00:51

General

  • Target

    020a9064d3819a0293940a4f0b36dd2a_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    020a9064d3819a0293940a4f0b36dd2a

  • SHA1

    95c9088bb149dd381f2783ac52026d0211ea256c

  • SHA256

    064e31868539641c9b89e144f6de53737a15c5375425ab13e6637e6057b23332

  • SHA512

    0d984478873b1256607905397351030f6ea47d45f73392c6545c447ab3953d5d5ef7243bf751a73654c3ab7c25f897195f557439ea352040044172d4d54d57b8

  • SSDEEP

    98304:MtQu6bUIRPtE3RY7ZI8IMbLImVaeEAZOE:YPQEBY7ZI8z8mVDpZ/

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Tries to add a device administrator. 2 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • dehzrmmuephxt.jlspwknqzylvykca
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    • Tries to add a device administrator.
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4187
    • ls /sbin/su
      2⤵
        PID:4217

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/main
      Filesize

      20KB

      MD5

      53d7713c95fddd2d8976c69259594a1d

      SHA1

      088864004b031cc283e0202bb5664d499ceeb896

      SHA256

      15d5e809605f735119ced83840be00ddf28a8eb36c0372538874dca32c84e599

      SHA512

      b66b8d5c49c9fab49ff57071f533a82248e52532da8538b56927ba286cd0d138bcf2b8d45480319d113d70035acc070e8c8545103fb2fc061f338715d960ee80

    • /data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/main
      Filesize

      24KB

      MD5

      dafdb8d45d05821439f16ccb1907909d

      SHA1

      36dec7dd5c8a7e80d9cc24c30585b4ff11e8d0b0

      SHA256

      6c523a4d63e99f5e17461540bf0e2944b91d85ec0170b7f9d911b29f2819251c

      SHA512

      f2b4d3cd69aa5d797a430254920b1a5c2244cf84e35edbe70dfa8eba349cc2c37e36ff6420cbe6f6ce380fec1ad149785703efc7d1a356be1d05b298a32723b8

    • /data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/main-journal
      Filesize

      512B

      MD5

      e0560a2121128f22dd3e5e12508350eb

      SHA1

      dab00bd8db4d9f32f7a30c2b5273cdc70c4e4dcc

      SHA256

      b921fabf0a14143e3bbc5eb819ca1ab6f8ca52036fb57ab324e27fe91f5fb433

      SHA512

      589f99bc3830e94ed4fc93af7c30e91aee45896645b38ea8c996cb898b1d9623db72a201f47e0d555d17e9038a10bb245c222e7e9ceef32937a21d1b3ab8269d

    • /data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/main-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/main-wal
      Filesize

      32B

      MD5

      a0067c5a351eb9f60a139b429c86e148

      SHA1

      a6f2881d3bfa3243d7ad54aa82603740875c705e

      SHA256

      39c9966f10723bc430a7f4a689580b7be744fbf91a8d3146ca99a83700bfdcde

      SHA512

      474644a62d64e24fce17e7d2fc67980a4bcf14e322d2fcc6a21182b3c9f200bed5c5f49245d7860c1b8134a86c9f5ee1d8175deac846ef78f1b2e800e9cdba22

    • /data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/main-wal
      Filesize

      8KB

      MD5

      4c0c5e8c05f184f9c46c3fd8762c1b89

      SHA1

      1628e6d5410e8fb7e32d690525dc10d0775f513c

      SHA256

      ba0bad0be561ea61f34b24feaec67808a6ecf2d8eaaea789573eecf00e31fb7d

      SHA512

      a115bcd778b86fbfd5d3be034207cef74bd274852483db006a306bea5a1855cc161ecaac759636164090bf818467769378fffeaac5ff88cb8820c4c2eb130fc2

    • /data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/main-wal
      Filesize

      44KB

      MD5

      10a3a7b4602208c16209bacc1ac7fc81

      SHA1

      9c928d68c89cf04085e816249fc9ab725d314910

      SHA256

      e3a4aad789356ed828a2969b315b18157215e2ea29d3a3a81b1bc03309727a84

      SHA512

      ba8780575fb7aee14a8f61c3711aaafc663d413d75428fa2e18c798c89a29dc33d50d95c64cfb4d91726efa5c8e4528f97466c76d2c46618dfb5045e6acc9585

    • /data/data/dehzrmmuephxt.jlspwknqzylvykca/files/5a411ce47ea10.apk
      Filesize

      48KB

      MD5

      156441057e307e0dbca6186b3a31c608

      SHA1

      55146784fb0e2c92746194569d7922aca40e860d

      SHA256

      4842519dd8325f030fae94aec3da4a764d60610ea72e736212ce8c78b8221fb3

      SHA512

      a0f787d30e6d5c99a0990a94d8b68b330d5038519a3ef56eb44de60daa4ae8c3ce8ab5b0892da607835b31c766a5434261a279bf650b87ad6ea22c7fc4ececbd

    • /data/data/dehzrmmuephxt.jlspwknqzylvykca/files/oat/5a411ce47ea10.apk.cur.prof
      Filesize

      379B

      MD5

      fdc1b25ca9b77024d4f31f36d08f8247

      SHA1

      1aaa3aa2d55d936b9018353c1ee50fa7cb9152c4

      SHA256

      22058ea61d1829a2c14194a58e4a6f6344a4e9eeed37d700c87e8b1ac703b8e6

      SHA512

      189758c86b1dcce792174b88989f629fd2d37fdbaafb0dfa6285025ded713da25b518cb7f9ea5492ac0aa2857e783b7281aff0f5b5350ffb4d6c192aef4b7112

    • /data/user/0/dehzrmmuephxt.jlspwknqzylvykca/files/5a411ce47ea10.apk
      Filesize

      113KB

      MD5

      9778e03c60275524d3649ce5c92b6618

      SHA1

      cd7242a2d6ac8e923061612a2d300012e65ec4c4

      SHA256

      b8d887b0ba0e951714eaa73b9b033dd4aab86ceef3dd698d07ccb676cf3aae1f

      SHA512

      c5bd221b820465eff85ff573c30a7137b5654016e90a7806aaa386797f6bb5ca8562bc8057f0f10d7a801a1effc5707c868c3547696fba6c62312271e576fe49