1f44c598e7188498f593dfabc052da810c428217c782f44568a1ca05bb15e247

Analysis

max time kernel
136s
max time network
160s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11-05-2024 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31dbb88896204e149c54064f94593106_JaffaCakes118.apk
Size

30.4MB
MD5

31dbb88896204e149c54064f94593106
SHA1

d5848e43fe6983a34359e1cb960debf3a62456e6
SHA256

1f44c598e7188498f593dfabc052da810c428217c782f44568a1ca05bb15e247
SHA512

9851674abb65f9b0c74ca5b74422aaa6a94ba13ee060bde6e12146a0be091e877487918fd473d252e3c518e2754ecbc0084d237c227397856761d55e1f0e183e
SSDEEP

786432:FySrdp5MhAWzzU4SUDRZv588PGxRF+owaFbrf0P9:FySrdpRWzz1DrZPGjdbFbrsP9

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.smsd.sxxcw

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.smsd.sxxcw

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.smsd.sxxcw
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.smsd.sxxcw:pushservice

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.smsd.sxxcw
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.smsd.sxxcw:pushservice

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.smsd.sxxcw:pushservice

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.smsd.sxxcw

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.smsd.sxxcw
Framework service call	android.app.IActivityManager.registerReceiver	com.smsd.sxxcw:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.smsd.sxxcw
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.smsd.sxxcw:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.smsd.sxxcw
Framework API call	javax.crypto.Cipher.doFinal	com.smsd.sxxcw:pushservice

com.smsd.sxxcw
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4276

com.smsd.sxxcw:pushservice
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4443

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.smsd.sxxcw/cache/image_manager_disk_cache/0e597b54266cfa1eef2ee58e303081fb1608cc2ebd561bd2639aa2a8366cc65e.0.tmp

Filesize
24KB

MD5
3e37fbe4bea382c16f256cc9653cde4f

SHA1
c924f3331904f2c8952f674d2e7894488963ca3d

SHA256
4c121f4f97e7c7d006abfede9a798eebe6de1e4c5ba02b5b8b1a24fea7ec871c

SHA512
6fe80d29e925a86e5515a256a7ad29f2e6ef0fbe165efe0170c0b025854139283dd025511fbd2a467fb5f02305a0a99d9026a900d2975f6454ee47c6cc5e8958

Download Submit
/data/data/com.smsd.sxxcw/cache/image_manager_disk_cache/677529b1e3d2e44c0d12b8c7cc1aa3792d547b620785dd8c50e943d450ae2144.0.tmp

Filesize
8KB

MD5
5c0495fd1d6f10d0fc2e8a0dffad1a3d

SHA1
b4b772ea66f51197fc9758fdbf37436adc41d773

SHA256
58a0198d0dfdf4d73596b398315771c5f124b03f810ace04f11acc0204db6c37

SHA512
a07718f7bfc2850895b93a2ab7cbd7f4d1f32296bf52fb0708a12fdb8b1f8b0c971c2cee00230b4d07d445bab80085b00922808a9793228cec707fa382356de0

Download Submit
/data/data/com.smsd.sxxcw/cache/image_manager_disk_cache/97671ff72c7f3f8ab8404d315b1d53d44483009402d56b2557229f67848df32f.0.tmp

Filesize
838B

MD5
28f77aecf5bf08e6244b551f4d90e2a9

SHA1
4f1c8b660464081548d6e68f127600d3efc9342b

SHA256
120b6e229e122b9b872d2b80c515c6a3d0fdf6c3794da89368ad0fc07529b839

SHA512
57f6a334a54e782a8b351ce2f7f419ee5bae7f99686b400bb0d1f9d6ffa00f8425e8fd634d6cd48b51fdf1b3d34a574d09051fe565b4cffd685ffd36cc640372

Download Submit
/data/data/com.smsd.sxxcw/cache/image_manager_disk_cache/d3c8b9b381bfb09c21f4900dd9c3363070b0d252d4c9323056c618464d4917a1.0.tmp

Filesize
974B

MD5
2d89ceec5c6edaf235dc6ba735914e53

SHA1
68571289b95fcfbb195224b9c2f0936465ce1f6e

SHA256
8363723bab57d6bf9ae6cbe9a3e2dae804817669ca82bb74f4bd8e1fa307f1c0

SHA512
70a7f4aece7ef83f697976e18807c729cef75c55e2c50c3d36ab066cdf12161ecb9604e6362be694cd6065a5ed8e26328de74a0dac92cebae1fd821e94a49677

Download Submit
/data/data/com.smsd.sxxcw/cache/image_manager_disk_cache/e55a689f931205a2d67b4fc55566c26aac374dd33f30c330a991cf22c2320b94.0.tmp

Filesize
688B

MD5
93274d6dbcf5ad4483ee463897386560

SHA1
7e35110cab53578ed71baf85634099b038a924f5

SHA256
a3e426b6c9cab8e7b9a39d03e71af6fc65e0eb7c958aee87926f32f726ff6d8c

SHA512
5f562e3d52145761b2d9d6820211fbea4fe6c9a4153c0ba2726346b1fa7cc45dfaca0ffac3f0f6438aa031a530c325a82246d19dcb7307901214d178531e565c

Download Submit
/data/data/com.smsd.sxxcw/cache/image_manager_disk_cache/journal

Filesize
761B

MD5
ed1bf542949119141492252866366d42

SHA1
baf4414a03361ea5df1a474680c43d763e4cd658

SHA256
75b24e528451bbb7b8182fb70d494ca882f6ecc3ad9034e80b31615eebdd79b8

SHA512
83357565aba47e0550ae3552ae57a8128dbcbee8932e9a903ba76bc41438764846ed4a161b7c0caf09dcfcc6799b5da1ed7255b89408a5f3beb7d21087c1a08b

Download Submit
/data/data/com.smsd.sxxcw/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.smsd.sxxcw/cache/weex/libs/weexjsb/x86/libweexjsb.so

Filesize
6KB

MD5
848924e79f7b4bd06d7ae497014bd036

SHA1
3d7ba0605cd20b6d97e86e2d8c0c930e047ae890

SHA256
e66b03e20886c19b86c0c1f6f06237bfa7a9eff7b27d1e99c74df665dc9cf0e7

SHA512
73777fe4d824bfd2dbdbf7b59070b64c922c52273cc7579d77eeedba2de105ca31bca4cf0b6bf6d26a953ffd69e43472764e75dcf7791e6e0822e374dbb40a0a

Download Submit
/data/data/com.smsd.sxxcw/databases/pushext.db-wal

Filesize
52KB

MD5
f431f78c8e2171132989accf10ba3de6

SHA1
2ca6ddf14fa644d4ef2f0fb57fba3f151292eed1

SHA256
6c321f808d65777d87948ed1e2da27c9715297e660d5cf42092500c99d9186f6

SHA512
73c012665c5ecbc650fc272de83d4aebeef1ece260a3f5959b62189f86564473d651e1c9262644fb380a0d741d0d570e4ca601c9a5aed2a979da0e38be476dad

Download Submit
/data/data/com.smsd.sxxcw/databases/pushg.db-journal

Filesize
512B

MD5
9449579e2d79f9cdeb9e0b5a42ca2e92

SHA1
2cece1d942162a0ff407d5994c48146582ab7fa3

SHA256
b5032d933ff3ab8bafeeaf84229e976e5a48f20729f90cfbdbdd6137c21ab1c8

SHA512
cabff4f52cadbecdb8a963a096bf2b0e3a171a0d4190495322c0a4223508ba284985d8033bd861b4550a8a74a02777fc31537717479f4c38ded6b62864667949

Download Submit
/data/data/com.smsd.sxxcw/databases/pushsdk.db-journal

Filesize
512B

MD5
a7f2c48fe74100eac522e8ff43f05e6a

SHA1
bb39145892aa960bdf54fb10aa091aadc2f5ac67

SHA256
3080e2b61d99c485126c675b1df48ee011991dbe2bda959c136427f3cc8b2942

SHA512
4c37472ae4023a6d1bace193755b6d432999ffdd565e0beb4e764519fdf53a2297669d56b5547480b532a83937206dd7053a8d83950d30b8178d6b2d81e208c0

Download Submit
/data/data/com.smsd.sxxcw/files/.imei.txt

Filesize
32KB

MD5
5b6af1c62d835753da655731003e50b1

SHA1
697cbed816ce29d9a2b4e30a8ecd0edddb6f0165

SHA256
587221935de7cbcd55f78019cb586d54a78f0620edf99b1e6ad3772db72bf7f9

SHA512
eff78f1f1c09a6305cb217e48887a2292f7f9dd26df90705c7499b16ec2eda319069375cd6a3dcf0c693c9269e6e480712fc15d08b1fbe760771218ddd901eb5

Download Submit
/data/data/com.smsd.sxxcw/files/cnc3ejE6/eje3cnc

Filesize
32KB

MD5
17586c66c3d41a92c56349a475c42838

SHA1
0aa76d251c7a66feb0c7ea343c4727424355f332

SHA256
690671f3be20b5aae537c323b7326a3a3e9d1fafe1a0fd0297ce3294b96ff584

SHA512
782d361107375a3c9e5ae8b7ac21e4e054e50784677b901d9eb45c30d9b6352e4845a0264b284c85025813859ea9dbf3c3067ff800cd7ad6c7f62bbb219bb1d1

Download Submit
/data/data/com.smsd.sxxcw/files/init_c1.pid

Filesize
14B

MD5
0f54090b1f0bcb5f2793aed6b3c8718c

SHA1
217625a8c0411d42a7eee8148663e07ede8a8f40

SHA256
5d94ac7904f041f603a2956e26291d975f4e5372cb6f5860697e602b953d7b7e

SHA512
21cd2af3d4320ad5a66e6f65fe62fc105df3c75c369df0cf839b34d162319b4663747269c5eb0102705cb9ed73e9bd15503d35b5f4782503156fa2932233f2e9

Download Submit
/data/data/com.smsd.sxxcw/lib-main/dso_deps

Filesize
177KB

MD5
679dd5640810d64714c1c86fa09938be

SHA1
a17a56ef712c46484b031113c01c4469c34afd04

SHA256
70f7c75d0ad3116a6f1aca83a07e3dbaca3b1d71be33699ab88c5c924abb2193

SHA512
b046647e21dfb8643dc3aff2f3a485154dd3312ed45d910e6ff79b25bf60217b51ede68b414c051aea99eaf06ec25bbf26f7541b4fe9f0770cc85c7fa86bb67d

Download Submit
/data/data/com.smsd.sxxcw/lib-main/dso_manifest

Filesize
32KB

MD5
c4ccb5a2f260702d42176763f736fc83

SHA1
a0b2c8c8195b9fe33b04a185577207b742b8c7d5

SHA256
53f9c5abec5adaac3372ed6f0cb0f203941edab83bff591fc0e94fccd7070e19

SHA512
c6e0863b8ff74b48687cdc329c4db35b81bd091ad81f4437956a8cda733f9190de609f6084f102303bdcf9bb38cb10d9f7bacd0c0cf92bcd8f874b3d999533e4

Download Submit
/data/data/com.smsd.sxxcw/lib-main/dso_state

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.smsd.sxxcw/shared_prefs_ext/test_app

Filesize
72KB

MD5
ba91dab9710bd9b2f912ee57385442a0

SHA1
4809156122923c6962b112c20c41fb2cf345df76

SHA256
3c0bf52a7a6d2ee6ffdf1ab688e8f1c9e723096c860a250c7f8eb6a4854b0d22

SHA512
e8eaac2c6270081f1a39b04b959cac9f06187366bf98d7246d5a48f51511f8797a59bb7754ef0b9f1e55823138f59c08cf463fb139219470cca3270890b47aea

Download Submit
/storage/emulated/0/Android/data/com.smsd.sxxcw/apps/__UNI__AFB6095/temp/1715388441384

Filesize
659KB

MD5
24bebe5ac883f1a7434a4fdb9ed67254

SHA1
c18ab28c67435ba598fe1ebb9c5f5dc0488f32aa

SHA256
2641a16b8ed245934e72114da14edca6478fd8a00af782d4b2a39ce84879fa1a

SHA512
9d63e934dc650a15cbd517f0cea358d8849ad67baf7588de45b02a15fb1e3a49dffbe1b8ebddeadfb168cbc961e876a106d774dc89b8516749bacb8f2261479e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads