Analysis

  • max time kernel
    126s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240506-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240506-enlocale:en-usos:android-11-x64system
  • submitted
    08-05-2024 16:43

General

  • Target

    25c5c07564fbd738c35d5eb529dfb860_JaffaCakes118.apk

  • Size

    149KB

  • MD5

    25c5c07564fbd738c35d5eb529dfb860

  • SHA1

    a18b6740907eacf398e2fb2a7b27e6c980154790

  • SHA256

    6751d123db9e9b26253b16e961afa0ba3662690e8182e714a4d05950e67788fb

  • SHA512

    b4a12401ff29fae61242e1cac90dfe090d2d7fcfcb944442a4f352cabfc981f79cb201081eacfd0429143a6823e28df778284ff00ddf68b3d36bb0eabaa27eaa

  • SSDEEP

    3072:tXoHgArdnGabuSZSWROSQNKf+jKaU7ysSHM:CLrYwZS0Oqf+joysT

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Tries to add a device administrator. 2 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.onion.lock
    1⤵
    • Checks CPU information
    • Queries information about the current Wi-Fi connection
    • Tries to add a device administrator.
    • Checks if the internet connection is available
    PID:4789

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.onion.lock/files/mobclick_agent_cached_com.onion.lock
    Filesize

    136B

    MD5

    277fc77edaa0bcdf22db128adc639b0a

    SHA1

    2e4489963594fe24bf4d4ecdcd659fa08040e887

    SHA256

    3d76362e9563040539563757bca7bd97f8f88c53c6c74e1fbdc98ead1ab3ea85

    SHA512

    9205521042eb9645f85d7656295909b82be2979c2594ac64a8ec87c9443ae031a12c7ea78f5142db290d4b999d838b6b161fecdfb76292c0934d2bdbdd7cb9b7