643f95a8a9c9653e3ef58ebd331e3e7d1ef711440e21a507624d7f9a2891f0bd

General

Target

2eead97aac36b390bc83715d7f68200a_JaffaCakes118.apk
Size

602KB
MD5

2eead97aac36b390bc83715d7f68200a
SHA1

5505f3396d3b443a426ce4e85f67fb742d4b76ea
SHA256

643f95a8a9c9653e3ef58ebd331e3e7d1ef711440e21a507624d7f9a2891f0bd
SHA512

da6e53caebb24fa7aeb2b0bc29c1b6e5303079eff7abc77fff8fb1f2c3b79a4a0b8b974eed472cdef0be514c7b6408715e2019f1321e01729a4b16551790d111
SSDEEP

12288:EEaFZvkGGNUuWW1NVwCKn6GAx1d9H1BY+0aTBpqSol2KpElpX79b:EEaFmFN9v46flH72wOSoMKA9b

Score

8^/10

banker collection credential_access discovery evasion impact persistence stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5061	feifei.shasha13.meta.face

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	feifei.shasha13.meta.face

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	feifei.shasha13.meta.face

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/feifei.shasha13.meta.face/app_ttmp/t.jar	5061	feifei.shasha13.meta.face

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	feifei.shasha13.meta.face

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	feifei.shasha13.meta.face

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	feifei.shasha13.meta.face

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	feifei.shasha13.meta.face

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	feifei.shasha13.meta.face

feifei.shasha13.meta.face
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5061

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1

T1407

Hide Artifacts

1

T1628

Suppress Application Icon

1

T1628.001

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Clipboard Data

1

T1414

Discovery

Software Discovery

1

T1418

Security Software Discovery

1

T1418.001

System Information Discovery

2

T1426

System Network Configuration Discovery

2

T1422

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Clipboard Data

1

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Data Manipulation

1

T1641

Transmitted Data Manipulation

1

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/feifei.shasha13.meta.face/app_ttmp/oat/t.jar.cur.prof

Filesize
602B

MD5
4313f777cd67e7370c194c68406a590e

SHA1
264b28cf8f98b4334def80ce1c6166cbda012836

SHA256
4fda5e33af087b3e2e87d5096c5a2e18230936fd95c62cbd1c9b0ac88e0a366d

SHA512
5310cacbbb0846efe1e48d734a3abc3e984a41c79a718c82ecef62c614bba3945bef96f98ac1abe23958d63f299b9e099bc300d22293ee6813673d7d9b412689

Download Submit
/data/data/feifei.shasha13.meta.face/app_ttmp/t.jar

Filesize
276KB

MD5
9aaea567e0c93e51718ba7eade0e83df

SHA1
0005116aad1779361b70093db00fed5ac090ae23

SHA256
b30a95dff6f65f444472971c8aaf895ffc8e66e0117ce242ec4cb8a8a519a5ec

SHA512
2aef1034335d8752f4e25ce6c5823ce03019536cc6e51ee61b5291c77a0f356a2517e0cbe7f2c4cc2d897115dc856449a342cfdc247c9d34d313187d15b2f890

Download Submit
/data/data/feifei.shasha13.meta.face/databases/feifei.shasha13.meta.faceb

Filesize
72KB

MD5
0c921e882d432c769ed15ad702a6c3b7

SHA1
17f029e96d5b41cd6d0a7350d3950a3e6f9769fa

SHA256
e767804fc660d80750958c57df42cb719228ff7de8862a720507bc86ccb5d60d

SHA512
93a510398fb1efc62142ed27b55cdca98f6363620c2064fe2da65a0d005fd60909e72d80f1f9a7265f0ea4a302da77441711e90d290f3146271d7385dcc08124

Download Submit
/data/data/feifei.shasha13.meta.face/databases/feifei.shasha13.meta.faceb-journal

Filesize
512B

MD5
2e7bce44c4bf398d6276f09f41a5fbd3

SHA1
ef1f0970404761ede864a7215e8924a23b6a1bd2

SHA256
f7180d36b68b7ce5f13098e7d5efaa1af7a47ffc79b1fed5ae9fddd3d5d1412b

SHA512
eaca726418a46ca1b3cf3046ee19e1e3434305115676940a18d602e0ea87d237ad8a746c4447e7ab0ea2a565152f303be7f668fa3485a5e2cd28d5e7e4aaf686

Download Submit
/data/data/feifei.shasha13.meta.face/databases/feifei.shasha13.meta.faceb-journal

Filesize
8KB

MD5
57b0948e4accd828664c2cf6d4c928d6

SHA1
125e60ee60e6d31c49b7dc6063b8a06cc1b39cef

SHA256
2e9c206a585db2451dda5a51fc63f5fa2f28b92faaecf37e9aa011f2a6477439

SHA512
ee43d8ee2c00a231aaaad33399897df7e22757104af6805e848d0d631135e0f289ca5c94cf2b3a75090b674f1e152d522a3ae227528b174ce57010503fd44d39

Download Submit
/data/data/feifei.shasha13.meta.face/databases/feifei.shasha13.meta.faceb-journal

Filesize
8KB

MD5
e98d1c058a882b7d2f2bcd9397efc346

SHA1
4d4916358b04f2476d7367cffb757e3aaefac4bd

SHA256
4dafdef73e91f22631f8e76c95b8aaa1378bb9053870c8d76d260dcf3dc3687e

SHA512
69e2e8a59df708c604140c9f37078f6c7a5e6ce4000a345ec433185fb18a457057df9dccad5a79e4df2987dc49c9d2a12868515f547daa895ab6a17aad26fb47

Download Submit
/data/data/feifei.shasha13.meta.face/databases/feifei.shasha13.meta.faceb-journal

Filesize
12KB

MD5
0b4c157d57d9b507f080fbc0f769ce14

SHA1
418c63075d9b838c47dcbfc33cb8c6288f9206ea

SHA256
77f5579fa9175b80c8c5a0e23f095fb08eaba8c3d9dcb835be1109747ef5a430

SHA512
069c94d14bca2ffad97ecdead784260a24096cc4637c3ded5095bd19907c95b4daa9a9d6445057332f612edc1262d1dff3c737f6a0dcb12eec2ba7a4173184d0

Download Submit
/data/user/0/feifei.shasha13.meta.face/app_ttmp/t.jar

Filesize
587KB

MD5
f72c3d07507c3e26d317e9117ba757d1

SHA1
cdede4739e9dd9fd95243aab5e44c24f93f825c3

SHA256
1c65834d9ca018c6496a8b9957589d0e94657911b6635dc21a448d78f9238887

SHA512
3420714252e7503abc13c99274d767b0bc08671d769460dc61823ab9470e145fb75c5dfaadc617d3a05cf251ed5ecf38ea7e8c1d7b343bca4d7e8296f1b805d4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads