a11b4f2f3efc76bbdb195cb66fc2440c0b0d1c1c510917072cb2a45dd869135a

Analysis

max time kernel
63s
max time network
129s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
09-05-2024 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2aa396efbc51ed2fab801eaa8531c5fb_JaffaCakes118.apk
Size

30.0MB
MD5

2aa396efbc51ed2fab801eaa8531c5fb
SHA1

2d612dda4046c8ea559c32efef1b72ab6dad1eb7
SHA256

a11b4f2f3efc76bbdb195cb66fc2440c0b0d1c1c510917072cb2a45dd869135a
SHA512

44bcbe694e65496593d8c6b105e99947d21e8e960d33e9de5cb611047574bf9695205ab186f3c335de76e867ba089b088f15191167444a66011f745e631626bc
SSDEEP

786432:uNaeXJG4m5JOryFjM9MG1J4hwIlS/xnB8NJowARwQ/L8Zg48DJoSP:sacUjJSyFS3z4nkxB8Nx8wu9B

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	jp.co.linkkit.lk0013td.sengokudefense

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	jp.co.linkkit.lk0013td.sengokudefense

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	jp.co.linkkit.lk0013td.sengokudefense

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	jp.co.linkkit.lk0013td.sengokudefense

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

jp.co.linkkit.lk0013td.sengokudefense
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Acquires the wake lock
- Checks if the internet connection is available
PID:4277

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/jp.co.linkkit.lk0013td.sengokudefense/files/mobclick_agent_cached_jp.co.linkkit.lk0013td.sengokudefense

Filesize
121B

MD5
0236b375685172bd536e8473d412bcbd

SHA1
fa686ea8cc16956746d8d1fae0ede02c4c3ae5de

SHA256
10c1beae911bd456a81e0de4380270f6e77933e8a2b215f48e73411ade42a78b

SHA512
22d5a57bf46c50dca4e46091179581083ccdd51eb69d898cf24558750fe9cae306a5eec45d05fae2d991330b8523f1f65c9021e9ebcd69c8294869aa7c476fbd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads