3caac43cd5ee4c28bbb263c83b6f6cefe08ff413b437a79b963021f571025dfa

Analysis

max time kernel
43s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
27/04/2024, 11:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

03292bc5b95c9c589fd85a2ac1f325ec_JaffaCakes118.apk
Size

18.9MB
MD5

03292bc5b95c9c589fd85a2ac1f325ec
SHA1

afcef3d739d960fed42f4cf1a226820fd1747e2e
SHA256

3caac43cd5ee4c28bbb263c83b6f6cefe08ff413b437a79b963021f571025dfa
SHA512

2dca3d245362a09ad2f38a60fd67b693b20e31f15218a77c0317a8f2fdec144bff699afbeb968c8a930eee295c8e74d482757567188d4eac45d7c857c7b4c24f
SSDEEP

393216:tnDQoTgAquUQYuvl/z6iVtZEwLrrIPuyZ0XziiPjFqitEazzDdPu:9DQoEqUQrZnst6qiCazNu

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.atomized.Gunnimals

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.atomized.Gunnimals

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.atomized.Gunnimals

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.atomized.Gunnimals

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.atomized.Gunnimals

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.atomized.Gunnimals

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.atomized.Gunnimals

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.atomized.Gunnimals

com.atomized.Gunnimals
1⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4186