Overview

overview

10

Static

static

10

0ddac187bc...18.apk

android-9-x86

8

0ddac187bc...18.apk

android-10-x64

8

0ddac187bc...18.apk

android-11-x64

8

Analysis

  • max time kernel
    37s
  • max time network
    135s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    02-05-2024 07:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ddac187bcec564906043e70ca2b6096_JaffaCakes118.apk

  • Size

    1.4MB

  • MD5

    0ddac187bcec564906043e70ca2b6096

  • SHA1

    9f017f4cb0d420a0a717a298d2416e4060f0c531

  • SHA256

    5882aeba41ce45bcc23b49378baa5d0e28c774c3716cc89982492fe3075e0234

  • SHA512

    3d1f3ab5c887729a5668a097c22090e3977cf4efcdbe2ce50a405a2e73dfb31486df07a978c58aa1b43bee02d99d00c7c997358acae2cd2284f8f1eb453795cd

  • SSDEEP

    24576:BaVUcbzzKtd+b3V/nbGmc1+g/wQIQPlQVslGOEeRRWpbR92VNqZ7VJKC/hNzVxBc:BaVPKAMx+ywHe/0b72VNg7VJKCpNm

Score
8/10
bankercollectiondiscoveryevasionpersistencestealthtrojan

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell information.

    collectiondiscovery

Processes

  • ir.noname.pop
    1⤵
    • Removes its main activity from the application launcher
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Requests cell location
    PID:4272

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal
    Filesize

    512B

    MD5

    9ed27998280afefaa33a0059d02b40d8

    SHA1

    c89936979dc0ea413096d3dc8d88505b7371d7d7

    SHA256

    f847d4ea6612167e6a7c34a83d02aff02b704c596c389bbb82d2f49a7387296e

    SHA512

    fe70ea2023a6e028e71a6fddf7b0e104621ee078ad5389fa1ff358223ddc395e0b8d6a8e8ab976b63bafc2c3a099e317733f8a0b8e1d6e13f14cfb96c863e000

    Download Submit

  • /data/data/ir.noname.pop/databases/__pushe_base_lib_db-wal
    Filesize

    156KB

    MD5

    21cbf258d387f431c61fa7852489f7cb

    SHA1

    64775ac2628f79aad3a007f75453f8e63abe2d83

    SHA256

    342c84889be51340d490a3d1cf3526cbf5b7489c1b3cded104d74f05724170bb

    SHA512

    c1c2e2524ca4791cdd58e5031820c53d9c229f02316b9f24d53778dd132256c03825ed6d4fe241fccb332b5fda3a9946963678448e9d4068835d11dbd95075cc

    Download Submit

  • /data/data/ir.noname.pop/databases/evernote_jobs.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/ir.noname.pop/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    40088b8b7303a5731c4e31e69474d216

    SHA1

    2a68ffd3f2237efe4a88f1a8df0a4180f8a3a54b

    SHA256

    9a5d94c42ebbc9cfb5f847c2415715221220899d71d3299eec320ab12e5883f3

    SHA512

    2a52131b9d087515fa89d5210f9ad975800d5263e95c10ee92f671b269d8f23c292207d4b21e91a1832155e06a6978f30c12cf33dd945647666bbbafdb04a6e4

    Download Submit

  • /data/data/ir.noname.pop/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/ir.noname.pop/databases/evernote_jobs.db-wal
    Filesize

    104KB

    MD5

    bc502a6832519dab8441178dca396ab7

    SHA1

    c441ac877b0bcaa56449ce1faf22f2b7eb59afcd

    SHA256

    c2ee55cbee9c6e39b4aef5412195bac72c7237712f1b638803345a878ef8d91d

    SHA512

    6abb8e815f20e4d36b2017488cdd494b2540b579a219e97512f1dadee4c3c2a32f7714dacc7cce6176d6f6b2e98581ff0224b0b2e988e7bcfab0727fa0baf923

    Download Submit

  • /data/data/ir.noname.pop/files/unsent_requests
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

    Download Submit