92a9789211eaf2795a70f2179babb11bef3b8a3b1d069a06bd48629eb5bafdf2

Analysis

max time kernel
150s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
30/04/2024, 23:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0aa4b203e95edd017e3db6995de4ebd0_JaffaCakes118.apk
Size

5.7MB
MD5

0aa4b203e95edd017e3db6995de4ebd0
SHA1

4ef2284ba112d36e0201a98ae9a0b38341462261
SHA256

92a9789211eaf2795a70f2179babb11bef3b8a3b1d069a06bd48629eb5bafdf2
SHA512

a457f1cec47f47bdac023912028db46f14728236339209e32f50db8eb1a1328ed47b67698bc24779d1f05c878c8211a3a84af05c2e263b13a19df8b8afb3d2e3
SSDEEP

98304:LzW+sh6AUBOTQQRxhFA7V4oS7IozK9wSv3Na6NqIIzq0n16LVV4Jz9QYD29B1zSW:kh6AUByHRjF+FozUPqpu01MVVk9Qy8Uy

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.appgame7.brickblast

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.appgame7.brickblast

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.appgame7.brickblast

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.appgame7.brickblast

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.appgame7.brickblast

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.appgame7.brickblast

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.appgame7.brickblast

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.appgame7.brickblast

com.appgame7.brickblast
1⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4263

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.appgame7.brickblast/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/com.appgame7.brickblast/files/mobclick_agent_sealed_com.appgame7.brickblast

Filesize
576B

MD5
66af68a31ff9b73ba16dea619ccf25f7

SHA1
6d90942bca452c96b42bf5de4d410930e55e9663

SHA256
99dff9586495c966303a0dd272494879eaef5d3b201ef761d918e2755fdff67a

SHA512
431da020179b7e3c7c74bb5c1c5be952c8b9a64ccadf84ab91cdd0eb5effc896369b8b3024ba8345b5d030a526e5d867acee9b8743ba8499874882db471bc5aa

Download Submit
/data/data/com.appgame7.brickblast/files/umeng_it.cache

Filesize
211B

MD5
f7bb268b7d73ff4d6fb0b7b03279e726

SHA1
5fe559383043799fd9ed5faac101bc75d95ea669

SHA256
ae6e8d9b71efcacca0e041da6922a1fbaa8b634edc3116465253b2a19607469e

SHA512
032c9816e463126a1f9e628d97bc2d307e0d5cae86a31ef62cbef21d3a34101626241ba9e8ff5f05b57d8aea978a67b1cf804c4ad842cd011bc797f302b50518

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads