5828ed0e5303b33fe29e856a9cae933f6f73a0bc2fc1a66a5a0c9bb83b174cc2

Analysis

max time kernel
28s
max time network
136s
platform
android_x64
resource
android-x64-arm64-20240506-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240506-enlocale:en-usos:android-11-x64system
submitted
07/05/2024, 05:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1f9e279903ad349132712855b90a5dba_JaffaCakes118.apk
Size

998KB
MD5

1f9e279903ad349132712855b90a5dba
SHA1

d99fd33cb6b6d6e581c5bc5b0868da4ac9494484
SHA256

5828ed0e5303b33fe29e856a9cae933f6f73a0bc2fc1a66a5a0c9bb83b174cc2
SHA512

e944d21412daa2ceb87f8fd660f27851f9cea66e6c7ee8b4b302f6b526a2b6e9aa9cf3f71eb8092954c7b010b9b726d8d1aafc6daa2fc1f3f924c1b1756dd92b
SSDEEP

24576:oXN8lCFPIW3mVUrT1yPVP/xNDVbwVTONfQdOivkpiMZhL1:Hcp26H1qP//DVkTOyjvP0t1

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.wackiapps.snowyeveninglwp321w

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.wackiapps.snowyeveninglwp321w

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.wackiapps.snowyeveninglwp321w

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wackiapps.snowyeveninglwp321w

com.wackiapps.snowyeveninglwp321w
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Checks if the internet connection is available
PID:4948

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.wackiapps.snowyeveninglwp321w/files/INSTALLATION

Filesize
36B

MD5
f0a76eb42340046751387d339f843e6c

SHA1
4bc51b7a0e3f9269a3a53f4c89cf81f4420f663b

SHA256
ba2469736a0b80262a22c733944a6c6afb4a50876187c056f6c3237cb8222234

SHA512
1ad1441a6535984ccba846e07afb0de0d2a3428e1a4be4214b46595153448ed5661645fd5f8783610206fe5a62abdf20e3708252be5627f92e4894a60293c4ac

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads