bc015a02e3a0486a7c226a3948a4c5794756041044f5c2f381ca5a85dbf58369

Analysis

max time kernel
154s
max time network
154s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
01/05/2024, 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b79cef4ef45d0dceb2787bbda73d67c_JaffaCakes118.apk
Size

8.0MB
MD5

0b79cef4ef45d0dceb2787bbda73d67c
SHA1

60ad47a506af11799ef700315cf0fe7203d30588
SHA256

bc015a02e3a0486a7c226a3948a4c5794756041044f5c2f381ca5a85dbf58369
SHA512

4e65601daa32624a9052f305189438ac2835c619898e195652f22f1bc2fbb09e6f7ad520342b6fbd863e1f01b97602b9f04bc297a3b9f939d658b25b52486a37
SSDEEP

196608:WRsCRqweE/MniEB4uJAeh0m0hROONkPwLPacPDoHJVCLF:y0wSnibuJVWm0rZkPwrrMHJVCh

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.snmi.ninecut

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.snmi.ninecut

Checks known Qemu files. 1 TTPs 3 IoCs

Checks for known Qemu files that exist on Android virtual device images.

evasion

System Checks

T1633.001

ioc	Process
/system/lib/libc_malloc_debug_qemu.so	com.snmi.ninecut
/sys/qemu_trace	com.snmi.ninecut
/system/bin/qemu-props	com.snmi.ninecut

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	com.snmi.ninecut
/dev/qemu_pipe	com.snmi.ninecut

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.snmi.ninecut

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.snmi.ninecut

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.snmi.ninecut

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.snmi.ninecut

com.snmi.ninecut
1⤵
- Requests cell location
- Checks CPU information
- Checks known Qemu files.
- Checks known Qemu pipes.
- Queries information about running processes on the device
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4341

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.snmi.ninecut/app_crashrecord/1002

Filesize
224B

MD5
b26c019a69c7f449b182f534e9d638c9

SHA1
63f49d7d8a2718844023a65f5a6430e4338a60a8

SHA256
2ff54f7ac5b34db46b95c1218f7a0cac2136ea033fa72a05b6659c824b4b7649

SHA512
258ab4fa30459a814cf2a6f794ac86363f52e4e83cf485409ed3ffe54e500bd841b1ead922d277c70c7116447e5c949580052fc79114102d1f60f0b279e0967e

Download Submit
/data/user/0/com.snmi.ninecut/app_crashrecord/1004

Filesize
224B

MD5
1f43bad02ba66a2e5bf07027e67060f2

SHA1
4cea89010850af0986d10790b52ea13add3fee89

SHA256
cb26ebf3d7bec9d5e74b9886248289f3bc84288329afa537030c09cae53d7ac9

SHA512
d7bd7f3a2ec7afe852abc7934b16dcd5eb41e4e9e8c1b02a048c6c5f2f3db0f27441621d7ac47e2241bb3be9e888e7b1c0d02de82a39e51185504f23a952ed8f

Download Submit
/data/user/0/com.snmi.ninecut/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.snmi.ninecut/databases/bugly_db_

Filesize
52KB

MD5
a324e038373151a1941ed6cdc6235085

SHA1
93ef01a6868fb989e9cb20480f117f7d31d9bea1

SHA256
6ab7276647e08988537328afa8ab04e2f8d5ade291ed8ad5ca99cd2d34532856

SHA512
7427b9a623b6ad9af2d641a9605d6d162d7821b5a6a1f83ab8a8f71b8e33081910e08fdb078229cf97b117539b5893b9d8fff7ab9aff204ff7337377656a8d3e

Download Submit
/data/user/0/com.snmi.ninecut/databases/bugly_db_-journal

Filesize
8KB

MD5
80a8a79ff86f8ee7edbb8362e1a4b583

SHA1
903550aa5f0ade844cf8def757f9e4e6a520ad5c

SHA256
ade383930d087d2c1bd920f4d9b93665a38e9f8a2fa0b0ed88d2de402147ad65

SHA512
fa497ccb2141a2e745fb29f5d024d7214acae495183d6813f8c0dbad95dce996875bf1045c21d7257e561cf661cd8855efab93cbb5e3309c70a0243af60a7f64

Download Submit
/data/user/0/com.snmi.ninecut/databases/bugly_db_-journal

Filesize
8KB

MD5
7ae54332f68f193c7d4ca237945ef906

SHA1
6272f012f305b436225d9b16328ac2b88fb56d2d

SHA256
198055bc43a5d8df384bd5fe21daa9d8fcd84186712fc6e2e4564ad9c88508a4

SHA512
7ae006814e935003aab1f8c1416e40246e304a841282330bdd41699de805e90ea348459bb6ffa2c0b6580027b296b613e2dd3fd0cd30d6d4a30a4010ad94ca87

Download Submit
/data/user/0/com.snmi.ninecut/databases/bugly_db_-journal

Filesize
8KB

MD5
1c3d0bcf2a2506fd733818f3b6c0897b

SHA1
f9d50d83f1ff7d79533ab3bb370cb3488701301a

SHA256
5d8072a49a57d521fcdc4723ae6a6d636995ccb53f97bcdd5fbeba7db097f959

SHA512
4374ffa7e7abb4aaf32a7f6b8ca2cdafdfcd21194006127bc00aa956b83be3f5b421821e99a783a293d686cb27cff40f543ff4c4584c17e3d267b95e46cf0f27

Download Submit
/data/user/0/com.snmi.ninecut/databases/bugly_db_-journal

Filesize
8KB

MD5
129676d7e3d8859590d72856d1334774

SHA1
bcdf107066747625f8156eb38e351e6bb6295606

SHA256
0e14bd276dac650b14cf9af598715ea4b0d253dcec179cc9b7963ac799eafa12

SHA512
6be5c0eec9fd2f0dd68e89ebc3f6bf875ee4c7afae6ff8750cf2b1c1626ed13d57b391348451bbaa331aabc781968b10830f7861f47a38fcdec08b0d82a58a24

Download Submit
/data/user/0/com.snmi.ninecut/databases/bugly_db_-journal

Filesize
512B

MD5
67faa02a1cc005dec529958ada87e912

SHA1
17b7ea0288f505843463d3ada4da6bc4c009915a

SHA256
7d92f8659802539a7aa45dfa27dcc09bfcbb05a6ffc1b328b7cc25f9551f33f6

SHA512
ac56e0902f1ecd0b1e35f04ef721fc13b92cd88e9ccc084d2e0b657d51c55180cbb8fa6d085e5f1060ca4871318775f3ce0389500069742906b97d671d8032bf

Download Submit
/data/user/0/com.snmi.ninecut/databases/bugly_db_-journal

Filesize
8KB

MD5
f1723b44db61bb40f36b484e3f82d4f0

SHA1
d33f3b24b1648d25bc4506939d84f947edebfb46

SHA256
8954663eb8369242a4e6e44a86cb1e570bd8d0787d5067085c2be5f6c474ed3a

SHA512
131b0996a2e488dca19d2b088b17b762d6d3d9899e1993f4ce42629aa1d6d8ac327e0fe5626f97adc5b4f576160d6b650b1049f8c9b8f71fef950eac278877fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads