387da5a4ebaad1e11c1d9d61b7c81f312072616774541abb6bdcd98a261d638f

Analysis

max time kernel
150s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
10-05-2024 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e2ac8e2ce6b5c245330ce442c401567_JaffaCakes118.apk
Size

23.4MB
MD5

2e2ac8e2ce6b5c245330ce442c401567
SHA1

318b2f33e13ccba8e6413824216f4e279297ed0f
SHA256

387da5a4ebaad1e11c1d9d61b7c81f312072616774541abb6bdcd98a261d638f
SHA512

a76ca36d4724ccc120904c36f3cd5ead720adb5e62ed5b1749f7a621ff0bbace089dbd2baaadf17d91a6750d653924325df8162dadb67f9e1b828274722fb2b3
SSDEEP

393216:qxX9Xd2Ct0+hnRq8UA4CrEcm2YDm6TJteN8b+H0mxiSAfdby4+Abtz/5MTf0U:Ott2C5Rb4eEc50ON8e0mxiSAffDbtzhK

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.amuzo.sshcam

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.amuzo.sshcam

com.amuzo.sshcam
1⤵
- Checks CPU information
- Acquires the wake lock
PID:4256
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4318
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4380
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4448
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4519
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4539
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4559
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4579
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4599
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4660
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4689
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4708
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4740
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4759
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4778
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4811
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4830
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4849
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4880
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4911
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4930
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:4987
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:5016
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:5035
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:5054
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:5073
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:5110
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:5129
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:5170
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:5189
- /system/bin/ping -qnc 1 8.8.8.8
  2⤵
  PID:5210

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Android/data/com.amuzo.sshcam/files/sync.php

Filesize
274B

MD5
0a4e33cbf892cf0317dd9a85367565f0

SHA1
1a32b183800e5f8f93d743a25c6067d7a84db775

SHA256
d0eaeb61a47479be5f6d0466207949a1a1b1c56d2efe2db8d3317e326660fbd9

SHA512
dc38d4efc41c5bdfa06e661509b9de76b494478a7dc651a4fe26fd61695128ed1df49194af239ef0d40bf14b43a1097f57d7b8b33fec503a4aa4ac02e9935679

Download Submit