c8100a06df2796d4549c2b6dc20f46f874a40fdc8582ff19ad428cdcc7d3e4d1

Analysis

max time kernel
64s
max time network
150s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
10-05-2024 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ddd7f3b1c71d8c6b442abebd75e10de_JaffaCakes118.apk
Size

15.7MB
MD5

2ddd7f3b1c71d8c6b442abebd75e10de
SHA1

49bc4c09f7be23abcd7f792de875ff032e53a032
SHA256

c8100a06df2796d4549c2b6dc20f46f874a40fdc8582ff19ad428cdcc7d3e4d1
SHA512

529392f3725b340278957aff4c05950add1a2d32d620ce437ac63232eaa3a0ea1a73c70d924e00593c1f9d9d7339e138caf514774a985a7e5d67b8335db28c35
SSDEEP

393216:sg3o7MVLSJjNbkrkALQugrPE5nbCtP3xlFnBtHR5A:DRtSNNmnLQtAbC1hBtHE

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.mi.trader

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mi.trader

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mi.trader

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mi.trader

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.mi.trader
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5047

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mi.trader/files/mobclick_agent_sealed_com.mi.trader

Filesize
527B

MD5
c5b2b59323afecfad7e29503686a4988

SHA1
6374d144a7862f38c8960de568e8bff12d294c53

SHA256
10aaee45ce5afe9120190bca18511723d85e370e8d83693f55197f93ff1bafe0

SHA512
209eca994f722a55c947b39f3d375bc34b0fc9e778bc53f4155bed5f4655ea30ce2fb58a119b40baffb4a340bb4d20c100da3e0f164852574dda408125664df9

Download Submit
/data/data/com.mi.trader/files/umeng_it.cache

Filesize
148B

MD5
bf264ea1b9b41fbcea17ecc003542d80

SHA1
c4f5a1194f68e6e4ee479e7a4ab82d82003c3acb

SHA256
5bc07160e3518f54f5e95650fa4e8da9e9942b43d5a45deb1b6bdb802c61a15e

SHA512
a1df001002994038bd04cccfc6af5fc92ee51aaf629e5921edab5530b71af1be12eff45c03fc1be5d5ebaa4b17a844d48813b8b264bd3cbf5f4edb01a1495cf1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads