dc069681ea5c6d89093a76187d6bfdd9ae3a8ad32b15c83cef47a7502dbe55ff

Analysis

max time kernel
73s
max time network
150s
platform
android_x64
resource
android-x64-arm64-20240506-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240506-enlocale:en-usos:android-11-x64system
submitted
06/05/2024, 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ebd7c216d3a7d2fba4d38b41909d556_JaffaCakes118.apk
Size

3.6MB
MD5

1ebd7c216d3a7d2fba4d38b41909d556
SHA1

717c0440b922fd64a6c4a02ccbe1e59d8cf62eff
SHA256

dc069681ea5c6d89093a76187d6bfdd9ae3a8ad32b15c83cef47a7502dbe55ff
SHA512

d85865430ca98cc3e44819c5739315f4e5ec16580a4acb34920bff7f9adac7c8c8be56c7a52db7c700b8acce6dc64d88abd64a9c39c20a4c6ad0464d46d74822
SSDEEP

98304:K1j+9VHzzdkZrBmjXBB433MKoyu9vAJ81esb23Sx:K1jMzdkBQHhfcsb23e

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.dilsanmalik13.facebook_pro

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.dilsanmalik13.facebook_pro

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.dilsanmalik13.facebook_pro/cache/1582435991586.jar	4772	com.dilsanmalik13.facebook_pro

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.dilsanmalik13.facebook_pro

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dilsanmalik13.facebook_pro

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.dilsanmalik13.facebook_pro

Checks the presence of a debugger
evasion

com.dilsanmalik13.facebook_pro
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
PID:4772

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dilsanmalik13.facebook_pro/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/databases/com.amplitude.api

Filesize
40KB

MD5
4317370513233c62df53ffa5288fb605

SHA1
dbbeca700fcda00c627d837c53f4b7ec6cd77259

SHA256
5d76800b2fcaf1a0c728611aec05af8be1123647024c61b2774c50134c874d55

SHA512
b267a813f8c4999c41fb6d8e019efb738c41cc265088345e22722082d78a05f4eaa2691e60448a596a3c4dcfc772d05b6aa1e6ce6a3f0643103316cffb16d34a

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/databases/com.amplitude.api

Filesize
28KB

MD5
d68035e35717addec96ede652145327b

SHA1
286bbf891d4a1c24a0f3abe49695f36ad99fc41f

SHA256
cfcf8ecba197ee775c76401af4e5f07a7cbe8cf2ba774f549aa2cc1f5f6a5a89

SHA512
3b9054435b5251c3a42f4ce0d1af741dec661c820c8c105e6d57afc254e5a4943a245788161b46851cf3a8f1acb6af41eccea76e06a7789aeca4e67565558e1e

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/databases/com.amplitude.api

Filesize
28KB

MD5
f11afd34b89231881b134a1688fc0a22

SHA1
4c1b7575083f86ac89a888f03c965d173e5b266e

SHA256
56934e668817351244a78e603407e322e611fe8d107e50c563d4bde5b9f22259

SHA512
36ef1d8000590545567d782550ca92357747fe237e54908ebb286946e88246d3b1e2304badca0c1fd5c7f71cb505404cfaaeba4d27aad792e5437f39012e71ef

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/databases/com.amplitude.api

Filesize
28KB

MD5
75bfd7ae10da6a6f1399dcb90c39ee3c

SHA1
a7ae889fa429b8630264ac6d52d4097ddeaa2d87

SHA256
fe77729e2da3cf7e686ecf576bdfc358e4dc8150549d4ec2e2131fc6965d6a5e

SHA512
8a9285c610cf3fb9233a70cf2581bbe1a24771507d45a19642670adca92de0d8bac8d573bbc67b2591651795103cc969ae58d525c277b36f90a86e59bcfb4465

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/databases/com.amplitude.api

Filesize
28KB

MD5
8b024f526d0a28394b24716f10085e46

SHA1
f8db07dda898db76304b403f99826901cecd98d9

SHA256
fe4f329e4a861af94de2d9bbc8009e9c4dc25ad0d106de79548a8ff5a809878b

SHA512
06a4a9516882c9645eef5d17459ef39fd12ee7d4fd5a9b78fa3d94dae9d1baf680d49e789eb29857923483f2b9a470ddcbfb2947b227beb81fff4d63c099aca5

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/databases/com.amplitude.api

Filesize
28KB

MD5
16d624bfee8627fcc278ca2ee5658b71

SHA1
bea9d7b5af20b38de38c38cbeaaafb586b12c319

SHA256
f434b685339072fc28ed1b5dfc192d0d8fe460070362041eca83b0ef64b6d768

SHA512
19cb219a7259f216fdd00d59b0c934e01ab07cb489f2ad56040b1c8020e8ff8f8e6aefbc5bdc1f533c972337bd99f44f5f1d7a14f2826ddaeaa04037bf3a73bc

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/databases/com.amplitude.api-journal

Filesize
12KB

MD5
a1eec6e203b39d2c9d3ba66edad5a50b

SHA1
86b2c488d9094bc7c35089b0785390eaa3d72bcb

SHA256
7cb5d3e51a812f9b1ae6e2c57ba69b1ca91f19e51aa4acd181e102996122e4f5

SHA512
80fbaf2c1ad6caa4b14c04999e7da98a03dd6802fbccf7308ddd68207c103d53f96bff837c321b598b6e1b049661cb7c250a978e44f747728fd149d9929fd13e

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/databases/com.amplitude.api-journal

Filesize
12KB

MD5
767ed3a2bc108a7f73a0af55e2f83737

SHA1
bbfa9064e6bd4f18e57f28ea3f52a78499395b27

SHA256
b94f9d0f6e3033846b915b43da19b75d275890ac7137f0f6827dd398383c3ef4

SHA512
9fac5a712217977362b55395ce51718fee2882bb87a7024ed8f1bfdf0e4d3499307871b2936f457ebf3e3136b18291f06c31c502e104909d2ed8a3f6e2218e8e

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/databases/com.amplitude.api-journal

Filesize
512B

MD5
ba0fbb0c2e66bf1ba403bf63bcfc6bfe

SHA1
55c97576ebef90559cf4115964af61c2f460c624

SHA256
96a0c5f81850979211f4f9528201644fd9b470007559aa506ada0ab061993046

SHA512
142ef7b1cf512e39c46c0f09cc1d3d43ed5e65dbebe79c5b7ccc92f773ff1726abb0f76307e4a7615a87387e64abdd272c8575df230466a2e7530464ea505ad8

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/databases/com.amplitude.api-journal

Filesize
8KB

MD5
f473feaa898ff4c3a397a2a1c5ee0059

SHA1
cbf6407a9af49a890fd76686ab200938e9d0111f

SHA256
e7c0d877b35262c10f432adbb7edaeaec7e7757d412aa3236e0f1de9dc66ace6

SHA512
86f4365085269fd6ae1c08ebad1cb9fec07862de547eda03109ca92a478ce825779b3a8da03e5cbcccbc11be74b4e48fd5af0d2f0a0535d9e2d82ab9abba11f7

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/databases/com.amplitude.api-journal

Filesize
8KB

MD5
e885460ea09d51bfc56fea001d8e59d7

SHA1
fdc73702fc5d19253a0954504d92db2278f4fe45

SHA256
9ba2a0b253c966fe3ac29806d3808dd3022297d178f0d230b102de919c8f29dd

SHA512
3ae0a995ef9d57c298dd0ed7a4d91abf4647eed7dacd1f3d0d0a42632236dcc3be5567d7702e819724a5c68c7041b08ad3483144445622ef82d12c2db1ecc811

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/databases/com.amplitude.api-journal

Filesize
12KB

MD5
ab11e112914b1ce41f8572a147a2af67

SHA1
89a00c108df62a521ca99b951d864673d79b096c

SHA256
04014ef363953e056b39e89d9aff8da1ade5133dca0dee5b544cfa1ff4be72a1

SHA512
1e024c51525dfd74306f2c26c29fbc2913b3799be73428a3f4a4993b91643f7a2941c206a0118cbe61b05f9b7b868c169236d276bc815ec3e0526fad6e66181a

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66396D1D0290-0001-12A4-FFFB9549C361BeginSession.cls_temp

Filesize
79B

MD5
b123ee38b7cc68a14f8933bd74785b03

SHA1
f6fb05feebc7d57392df898438f6bcbe32647762

SHA256
ddf6b11b25d3f2281993a190074d2b4242fd82d4b272ae3ba1cf65c0382867cf

SHA512
70662accd35c8ba4a4c4111cb0cae3ff992f31ef4e8467bb79926b5189a5a68d2f6346dbc2dfaf9d0a6f51c39658335e541e2c4ae7ed967e74e96ddb120edaf9

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66396D1D0290-0001-12A4-FFFB9549C361SessionApp.cls_temp

Filesize
110B

MD5
f99503e1f231c6efd263213020465349

SHA1
6e006068546f311cadbc2c9314a039992f419e38

SHA256
36dc13e2a6a7a8be092664399e231ca0a90f78d1dc5bdf1d9ee6903b1df621a0

SHA512
547e16861d96eb236c4d875c084243aece5e6e5c358710117fe6284a5b31ca7a608ff3a9d01b6c86fa7b489a3d97ff8efb830a59743d00e7b33eb3a45c08e846

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66396D1D0290-0001-12A4-FFFB9549C361SessionDevice.cls_temp

Filesize
131B

MD5
6c9c80f6d50187be44afe677f5d08977

SHA1
eb3923bc8abfc82b6252a7881dd6f94e406ff1d3

SHA256
a9b7262f30bd222dfa9a317594e1a97954ec323131e1efab6cc5071e053dee53

SHA512
772f9e377fdaadae5d36bcd9448d25d9a3cf976f76114e7dbf23e8d8a75118032fab7be308e91a4106fc933d7e3bec700062fde353eabc14231008f59797bfad

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66396D1D0290-0001-12A4-FFFB9549C361SessionOS.cls_temp

Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
514B

MD5
7d981a0369e79086847f8c09c37e2f6e

SHA1
9b53e3e90c61a2a26fbab931aadaa1d247182eb3

SHA256
6db27c868509f77f4eecae076a1431137fa5d2fe7bd28d4e16de87307b8d6ed5

SHA512
9b7b6eca489931a5f2d14e1b47f3fa251ef7af25210416ca4f8da492c5cff81245f3443334402b545c00a17516fbe79f07422e5bfed00e26fbfc8d9340ca16a0

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
3KB

MD5
46de9a7e208b853591a403046c51d6cd

SHA1
251609564185ce270d573b9a953781b13d2833df

SHA256
12c1243f8055dd2e62133473d3aa8f358b76896e41c24ff93188324189038310

SHA512
2ee386d9e40140e79a4609c72a38298ac64bbba837fa8b1466ea5d86e0c749e74b65aaddadf4da440be6d4821486b5efe0e3ef8f4815d9e7d23642143c426703

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/com.dilsanmalik13.facebook_pro/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_11f9d8a7-c98d-4396-9806-8b8dc5bc5059_1715039522550.tap

Filesize
394B

MD5
c7b3a2024c832b3c26a76d31dc6229cf

SHA1
496ca64d6750e1d94e1f89ccabf48011b99da3e4

SHA256
c90d8cc4b72364a5b9c8f1ff99aaeaf0fe11a2bb4166d4e8b01195ed1a5883f8

SHA512
2818f477e04b2fabaaab425cb8097aaaf953d863f372234099a7dc25f976ecaa982f8b75a46688afccb67262e55d18a56a0bbee0dfa9597bfde39db6f7424cb4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads