643f95a8a9c9653e3ef58ebd331e3e7d1ef711440e21a507624d7f9a2891f0bd

General

Target

2eead97aac36b390bc83715d7f68200a_JaffaCakes118.apk
Size

602KB
MD5

2eead97aac36b390bc83715d7f68200a
SHA1

5505f3396d3b443a426ce4e85f67fb742d4b76ea
SHA256

643f95a8a9c9653e3ef58ebd331e3e7d1ef711440e21a507624d7f9a2891f0bd
SHA512

da6e53caebb24fa7aeb2b0bc29c1b6e5303079eff7abc77fff8fb1f2c3b79a4a0b8b974eed472cdef0be514c7b6408715e2019f1321e01729a4b16551790d111
SSDEEP

12288:EEaFZvkGGNUuWW1NVwCKn6GAx1d9H1BY+0aTBpqSol2KpElpX79b:EEaFmFN9v46flH72wOSoMKA9b

Score

8^/10

banker collection credential_access discovery evasion impact stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4839	feifei.shasha13.meta.face

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	feifei.shasha13.meta.face

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	feifei.shasha13.meta.face

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/feifei.shasha13.meta.face/app_ttmp/t.jar	4839	feifei.shasha13.meta.face

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	feifei.shasha13.meta.face

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	feifei.shasha13.meta.face

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	feifei.shasha13.meta.face

feifei.shasha13.meta.face
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4839

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1

T1407

Hide Artifacts

1

T1628

Suppress Application Icon

1

T1628.001

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Clipboard Data

1

T1414

Discovery

Software Discovery

1

T1418

Security Software Discovery

1

T1418.001

System Information Discovery

2

T1426

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Clipboard Data

1

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Data Manipulation

1

T1641

Transmitted Data Manipulation

1

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/feifei.shasha13.meta.face/app_ttmp/oat/t.jar.cur.prof

Filesize
509B

MD5
e8a57a0de7a350d03e53bdbf2a7eb7df

SHA1
f3e63fe750b9f9c2c04149aec942d34c68cd90de

SHA256
e695a37aedd087884d5a7fb98697ac8982d855ffd7e6d4024ec8ae9ce931eef5

SHA512
24f16004deedda78e2720c85871d55c07320345d74d8863405f012d3bac0bb43b4fa530fe072f8020886c16be2316fca04c59d589f89174a038c17ddd7c3ad13

Download Submit
/data/user/0/feifei.shasha13.meta.face/app_ttmp/t.jar

Filesize
276KB

MD5
9aaea567e0c93e51718ba7eade0e83df

SHA1
0005116aad1779361b70093db00fed5ac090ae23

SHA256
b30a95dff6f65f444472971c8aaf895ffc8e66e0117ce242ec4cb8a8a519a5ec

SHA512
2aef1034335d8752f4e25ce6c5823ce03019536cc6e51ee61b5291c77a0f356a2517e0cbe7f2c4cc2d897115dc856449a342cfdc247c9d34d313187d15b2f890

Download Submit
/data/user/0/feifei.shasha13.meta.face/app_ttmp/t.jar

Filesize
587KB

MD5
f72c3d07507c3e26d317e9117ba757d1

SHA1
cdede4739e9dd9fd95243aab5e44c24f93f825c3

SHA256
1c65834d9ca018c6496a8b9957589d0e94657911b6635dc21a448d78f9238887

SHA512
3420714252e7503abc13c99274d767b0bc08671d769460dc61823ab9470e145fb75c5dfaadc617d3a05cf251ed5ecf38ea7e8c1d7b343bca4d7e8296f1b805d4

Download Submit
/data/user/0/feifei.shasha13.meta.face/databases/feifei.shasha13.meta.faceb

Filesize
72KB

MD5
c2f0a6183833cf8b44a273e8198eecb3

SHA1
dddf6daf6704e5f18103060c0d953a1020699822

SHA256
56bc9676b9697d9484aad71c49310c782bae855e20c11b65dbb89a0b23ab76c0

SHA512
9a9dcc1626ecfb177878a98d720c260715afad2e627e4370d9cab1b70d9ade22747c15d33191df549a4d96e1aa7268543bff667ff0bd0f71790d81b59e1ff634

Download Submit
/data/user/0/feifei.shasha13.meta.face/databases/feifei.shasha13.meta.faceb-journal

Filesize
512B

MD5
eb6bdfb3bc04af8220670719faab4c79

SHA1
b5e346732d1b73edb9951e5ef94bc281622b81de

SHA256
fab22bdf33637069fb4ee63d651c76f840b7b20b77c4822219744cbd1cfa73c0

SHA512
68103c85045be8ffaf4b8c4a156d6458c4aa8face87f6621904da8af8b29276131fcb4c22e0bcde5b584b64a0ab23803462f74c01c0066770c9784d90a8f892f

Download Submit
/data/user/0/feifei.shasha13.meta.face/databases/feifei.shasha13.meta.faceb-journal

Filesize
8KB

MD5
afebb0a0e11876caaee0f027082cc028

SHA1
d0e77b6b8ead9f11b1ad3bfd89437787daeb4003

SHA256
da91c3d99b1fd46ee652a13812d14fe2af468e8ebaee4170b7e6a080ab955ff3

SHA512
359b47a3aca8543c4b8ff4fd01ad39f7a2b42799043c3d3cc14a1983bd53c91fc5e1cd9e00183a4962c63aba5f3b6075e71eff2454eb1df5132837d0851cea6c

Download Submit
/data/user/0/feifei.shasha13.meta.face/databases/feifei.shasha13.meta.faceb-journal

Filesize
8KB

MD5
463d5cff82309abf5f30b94f0356cab6

SHA1
2b584d0e27d28b8bf0d777e4760330705ad3bc79

SHA256
0a0a517161235279a8bb815c5b3d4a06e67d55747f4a0385c95b7055deea6a0a

SHA512
4ee58887e3b69ae3f10510280d99a7de1ba3b0640ecb40da523c8040ebe595360f9a45f2729189fc53ecae506c9496570f64f7ba35b4ead6c67b529250a16e5a

Download Submit
/data/user/0/feifei.shasha13.meta.face/databases/feifei.shasha13.meta.faceb-journal

Filesize
12KB

MD5
b032e05c9fcb6c677377751e06b7edc5

SHA1
10b3c5629f86c30f6c97f862366ae203f212d4c0

SHA256
a2ee83966db97066819e7e0c41949e736340a9cbe53bbf0f1d4a25ba9af7a0e8

SHA512
08d096d894ca7778cd202a5f757f13a02908465fbbb9b060cd22f4aaf5f18c30210014e644027fe858f7c58977967734de899a86ffa2d6e810a4eacdf93810a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads