30454fb411382ad49a6125282fb1961a5b14c4f1c9f3ccc0ab43d2bb13ae3efd

Analysis

max time kernel
33s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
27/04/2024, 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02bd526115635d6b9aec44cbdeb6e4c3_JaffaCakes118.apk
Size

15.5MB
MD5

02bd526115635d6b9aec44cbdeb6e4c3
SHA1

808cebc4db43669ed137837b111f60dfcdf47678
SHA256

30454fb411382ad49a6125282fb1961a5b14c4f1c9f3ccc0ab43d2bb13ae3efd
SHA512

27c4e571d2deea2362a21f069839f5d4d2cadce169efb99a406329b350f72767a3d25aba98845a4bcd3a1170a29abedc039a0d22f105ae96b507f3c2f8f46e6d
SSDEEP

393216:N67eq3LnbmiGIkLOVGrAEEFORnK/Vokp/L9:QKUmCWWGUEtK/VvT9

Score

6^/10

discovery impact

Malware Config

Signatures

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mcarbarn.dealer

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.mcarbarn.dealer

com.mcarbarn.dealer
1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4195
- chmod 755 /data/user/0/com.mcarbarn.dealer/.jiagu/libjiagu.so
  2⤵
  PID:4223

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact