2fd5eddd65b8c35272cde79643ce07f2ca4449766943e8a4b478d620708c9662

Analysis

max time kernel
48s
max time network
141s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
08/05/2024, 12:12 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24c856bdc19e79cc96548e8fa99413f1_JaffaCakes118.apk
Size

14.7MB
MD5

24c856bdc19e79cc96548e8fa99413f1
SHA1

e7d3e2c919d29ce40c77a30e0813c8093bb1dcd2
SHA256

2fd5eddd65b8c35272cde79643ce07f2ca4449766943e8a4b478d620708c9662
SHA512

3cc4c50b33e8a9d7fb0dcf7fca89a69d3fda59fc7ebda888f9797eca69c488a0315bb18e6d0c8a2f349bf771438f5cd6efdd730b23b24ff468db83cbf1154336
SSDEEP

393216:rQtBWduQtBWd4QtBWdxQtBWdxQtBWdvQtBWdC:0+P+t+o+c+y+4

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.zu.zu

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.zu.zu

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.zu.zu

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.zu.zu

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zu.zu

com.zu.zu
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5102

Network

DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.178.8
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A
DNS

www.apk.androidapkmods.com

Remote address:

1.1.1.1:53

Request

www.apk.androidapkmods.com

IN A

Response

www.apk.androidapkmods.com

IN A

216.107.136.213
DNS

www.apk.androidapkmods.com

Remote address:

1.1.1.1:53

Request

www.apk.androidapkmods.com

IN A
GET

http://www.apk.androidapkmods.com/

Remote address:

216.107.136.213:80

Request

GET / HTTP/1.1
Host: www.apk.androidapkmods.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.185 Mobile Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
X-Requested-With: com.zu.zu

Response

HTTP/1.1 301 Moved Permanently

Date: Wed, 08 May 2024 12:13:09 GMT
Server: Apache
Location: https://www.apk.androidapkmods.com/
Content-Length: 243
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
DNS

safebrowsing.googleapis.com

Remote address:

1.1.1.1:53

Request

safebrowsing.googleapis.com

IN A

Response

safebrowsing.googleapis.com

IN A

142.250.180.10
DNS

bigappboi.com

Remote address:

1.1.1.1:53

Request

bigappboi.com

IN A

Response

bigappboi.com

IN A

23.22.126.183
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.200.14
DNS

ajax.googleapis.com

Remote address:

1.1.1.1:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.179.234
DNS

cdn.bigappboi.com

Remote address:

1.1.1.1:53

Request

cdn.bigappboi.com

IN A

Response

cdn.bigappboi.com

IN A

18.245.60.4

cdn.bigappboi.com

IN A

18.245.60.53

cdn.bigappboi.com

IN A

18.245.60.64

cdn.bigappboi.com

IN A

18.245.60.29
DNS

media.go2speed.org

Remote address:

1.1.1.1:53

Request

media.go2speed.org

IN A

Response

media.go2speed.org

IN A

108.156.39.9

media.go2speed.org

IN A

108.156.39.107

media.go2speed.org

IN A

108.156.39.58

media.go2speed.org

IN A

108.156.39.60
DNS

sdk.lockertools.ai

Remote address:

1.1.1.1:53

Request

sdk.lockertools.ai

IN A

Response

sdk.lockertools.ai

IN CNAME

d3ab7pnr96ugz4.cloudfront.net

d3ab7pnr96ugz4.cloudfront.net

IN A

3.162.140.5

d3ab7pnr96ugz4.cloudfront.net

IN A

3.162.140.117

d3ab7pnr96ugz4.cloudfront.net

IN A

3.162.140.14

d3ab7pnr96ugz4.cloudfront.net

IN A

3.162.140.50
DNS

ws-us2.pusher.com

Remote address:

1.1.1.1:53

Request

ws-us2.pusher.com

IN A

Response

ws-us2.pusher.com

IN CNAME

socket-us2-ingress-1392515755.us-east-2.elb.amazonaws.com

socket-us2-ingress-1392515755.us-east-2.elb.amazonaws.com

IN A

3.19.189.41

socket-us2-ingress-1392515755.us-east-2.elb.amazonaws.com

IN A

3.131.177.182

socket-us2-ingress-1392515755.us-east-2.elb.amazonaws.com

IN A

3.141.48.24

socket-us2-ingress-1392515755.us-east-2.elb.amazonaws.com

IN A

3.16.225.202

socket-us2-ingress-1392515755.us-east-2.elb.amazonaws.com

IN A

3.135.73.232

socket-us2-ingress-1392515755.us-east-2.elb.amazonaws.com

IN A

18.224.193.14

socket-us2-ingress-1392515755.us-east-2.elb.amazonaws.com

IN A

18.188.251.2

socket-us2-ingress-1392515755.us-east-2.elb.amazonaws.com

IN A

13.59.136.229
DNS

bootstraplugin.com

Remote address:

1.1.1.1:53

Request

bootstraplugin.com

IN A

Response

bootstraplugin.com

IN A

104.21.10.24

bootstraplugin.com

IN A

172.67.162.35
DNS

stats.pusher.com

Remote address:

1.1.1.1:53

Request

stats.pusher.com

IN A

Response

stats.pusher.com

IN CNAME

clientstats1-dummy-server-lb-398743415.us-east-1.elb.amazonaws.com

clientstats1-dummy-server-lb-398743415.us-east-1.elb.amazonaws.com

IN A

52.21.9.172

clientstats1-dummy-server-lb-398743415.us-east-1.elb.amazonaws.com

IN A

34.192.70.190

clientstats1-dummy-server-lb-398743415.us-east-1.elb.amazonaws.com

IN A

34.238.67.27

clientstats1-dummy-server-lb-398743415.us-east-1.elb.amazonaws.com

IN A

3.213.105.30

142.250.178.8:443

ssl.google-analytics.com

tls

1.3kB
6.0kB
8
8
216.107.136.213:80

http://www.apk.androidapkmods.com/

http

790 B
706 B
5
4

HTTP Request

GET http://www.apk.androidapkmods.com/

HTTP Response

301
216.107.136.213:443

www.apk.androidapkmods.com

tls

2.3kB
6.2kB
13
12
23.22.126.183:443

bigappboi.com

tls

4.3kB
51.6kB
36
43
142.250.200.14:443

android.apis.google.com

tls

2.9kB
7.0kB
12
14
216.58.204.78:443

tls, https

128 B
40 B
2
1
108.156.39.9:443

media.go2speed.org

tls

2.2kB
32.5kB
22
30
18.245.60.4:443

cdn.bigappboi.com

tls

6.7kB
187.2kB
94
145
18.245.60.4:443

cdn.bigappboi.com

tls

1.1kB
7.5kB
9
11
18.245.60.4:443

cdn.bigappboi.com

tls

1.2kB
7.6kB
13
12
3.162.140.5:443

sdk.lockertools.ai

tls

1.9kB
15.6kB
18
19
3.19.189.41:443

ws-us2.pusher.com

tls

2.3kB
7.0kB
14
15
104.21.10.24:443

bootstraplugin.com

tls

1.6kB
12.6kB
12
17
52.21.9.172:443

stats.pusher.com

tls

2.4kB
6.8kB
16
17
216.58.201.110:443

520 B
10
216.58.212.194:443

520 B
10
142.250.178.4:443

tls, https

607 B
40 B
2
1
142.250.178.4:443

www.google.com

tls

8.5kB
11.4kB
27
38

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

ssl.google-analytics.com

dns

140 B
86 B
2
1

DNS Request

ssl.google-analytics.com

DNS Request

ssl.google-analytics.com

DNS Response

142.250.178.8
1.1.1.1:53

www.apk.androidapkmods.com

dns

144 B
88 B
2
1

DNS Request

www.apk.androidapkmods.com

DNS Request

www.apk.androidapkmods.com

DNS Response

216.107.136.213
1.1.1.1:53

safebrowsing.googleapis.com

dns

73 B
89 B
1
1

DNS Request

safebrowsing.googleapis.com

DNS Response

142.250.180.10
1.1.1.1:53

bigappboi.com

dns

59 B
75 B
1
1

DNS Request

bigappboi.com

DNS Response

23.22.126.183
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.200.14
1.1.1.1:53

ajax.googleapis.com

dns

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.179.234
1.1.1.1:53

cdn.bigappboi.com

dns

63 B
127 B
1
1

DNS Request

cdn.bigappboi.com

DNS Response

18.245.60.4

18.245.60.53

18.245.60.64

18.245.60.29
1.1.1.1:53

media.go2speed.org

dns

64 B
128 B
1
1

DNS Request

media.go2speed.org

DNS Response

108.156.39.9

108.156.39.107

108.156.39.58

108.156.39.60
1.1.1.1:53

sdk.lockertools.ai

dns

64 B
171 B
1
1

DNS Request

sdk.lockertools.ai

DNS Response

3.162.140.5

3.162.140.117

3.162.140.14

3.162.140.50
1.1.1.1:53

ws-us2.pusher.com

dns

63 B
259 B
1
1

DNS Request

ws-us2.pusher.com

DNS Response

3.19.189.41

3.131.177.182

3.141.48.24

3.16.225.202

3.135.73.232

18.224.193.14

18.188.251.2

13.59.136.229
1.1.1.1:53

bootstraplugin.com

dns

64 B
96 B
1
1

DNS Request

bootstraplugin.com

DNS Response

104.21.10.24

172.67.162.35
1.1.1.1:53

stats.pusher.com

dns

62 B
203 B
1
1

DNS Request

stats.pusher.com

DNS Response

52.21.9.172

34.192.70.190

34.238.67.27

3.213.105.30

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Windows 7 deprecation

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.