15d22edfc88648c578c9c64c310cbd08bced650df872f06cf8abc5f5c4cc1796

Analysis

max time kernel
150s
max time network
150s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11-05-2024 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3734f828b836c87583c82e5105726d36_JaffaCakes118.apk
Size

17.8MB
MD5

3734f828b836c87583c82e5105726d36
SHA1

5f4162d16872f2b45197ff46bb3aa5f316d2d557
SHA256

15d22edfc88648c578c9c64c310cbd08bced650df872f06cf8abc5f5c4cc1796
SHA512

4cc4b30d968ee4974e23ffbf34fddaf624b0e718586de0d5b3a77960927cb61df689634dd9adc449f3fb02c86d2f800a3edf4bbc34b5c9947a0257bdec3c68cf
SSDEEP

393216:r97OPPb3GpixA9AuaA/dZk3dN0fdhnUelvqDh2d9FhJp2pKpxJRip:JoipwA9A+lZkevUSvqDhiHHBnop

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.dm.timber

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.dm.timber:ngds

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.dm.timber:ngds
Framework service call	android.os.IPowerManager.acquireWakeLock	com.dm.timber

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dm.timber:ngds

com.dm.timber
1⤵
- Checks CPU information
- Acquires the wake lock
PID:4190

com.dm.timber:ngds
1⤵
- Queries information about the current Wi-Fi connection
- Acquires the wake lock
- Checks if the internet connection is available
PID:4218

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/.ngdslog/com.dm.timber/pushv2_part_one.log

Filesize
1KB

MD5
9c67ee40dab74ff20dcf029c7ed3d191

SHA1
4702737d246cf4144804eb131a3781eaa5851200

SHA256
715a5cca1e8257ab8f4989ab11881dae5cd3eb50b3e84b22aee106b18532d504

SHA512
97b64b9bfc0ed9dd2f27bdb2ff60723787a1a24dc3e65ff5c0fdf0c89cbf90dd2083f921f28427757b09b8f9280f20c90aab8f8994b90c8a97f5dbaf8667747b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads