c3ec267a2b3721e0650d311bb345cea6d2ce90986978a44c67e6e0e26e3f0db5

Analysis

max time kernel
12s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11/05/2024, 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

324f71035abc10e8028fb1ed49ae875b_JaffaCakes118.apk
Size

29.0MB
MD5

324f71035abc10e8028fb1ed49ae875b
SHA1

0a4603cc61cedfa5a7aa2ee1778b1cf62941e5c0
SHA256

c3ec267a2b3721e0650d311bb345cea6d2ce90986978a44c67e6e0e26e3f0db5
SHA512

c5415c53a57bb4f324afa1d70384465fb41bdcf1ac7769f4c4bca6f81c418b9c71a3574c01319cb2ba1bceda316d0255d63e94cc7e91029ed9b756279c53b6e6
SSDEEP

786432:9lYvwUy6D1+BnNFGTlv4Dd0KtII4T12aduEJWJl5x330wlT9p2eMwbXGSv3Er:4vwUy6henNATlv4ruIraduEJgn30ceew

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 2 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	air.StickDestruction
File opened for read	/proc/cpuinfo	/system/bin/cat /proc/cpuinfo

Checks memory information 2 TTPs 2 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	/system/bin/cat /proc/meminfo
File opened for read	/proc/meminfo	air.StickDestruction

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/air.StickDestruction/app_working/facebook.dex	4297	air.StickDestruction
/data/user/0/air.StickDestruction/app_working/startapp.dex	4297	air.StickDestruction

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	air.StickDestruction

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	air.StickDestruction

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	air.StickDestruction

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

air.StickDestruction
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4297
- /system/bin/cat /sys/devices/system/cpu/present
  2⤵
  PID:4334
- /system/bin/cat /proc/cpuinfo
  2⤵
  - Checks CPU information
  PID:4360
- /system/bin/cat /proc/meminfo
  2⤵
  - Checks memory information
  PID:4379

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/air.StickDestruction/air.StickDestruction/Local Store/#SharedObjects/stickman.swf/data.sxx

Filesize
63B

MD5
7c8c7530ba7f940d676e99bcc8dd0333

SHA1
16461d87be0e8a90494add8ff75b589710a02909

SHA256
b9302382568014941979c2ade9a98aa3345ef6e852e3f978e083d873a5b8c586

SHA512
674cdf27ab925a5c15d0853b48b64d9b8e330f9901a7b2dfe1d8490deffd9555792b000a05954eede6da8ab5f3b57307df84c4d461f3e3778f620f37849b640e

Download Submit
/data/data/air.StickDestruction/app_working/facebook.dex

Filesize
254KB

MD5
bded5ff06b05d91bc98fa8444b9035e9

SHA1
a55da71119c6c2ebac9c0b635c112900292cc2d3

SHA256
c39d0a1069340803fd36de4e679ec864f8e5b15b3c3f114e3d0ccf105a9a2ba5

SHA512
b0fb71452b2a98390af7c09f9a2a1f894d171a8c10d20efd88d4b0297f3918e7733bfe3c0880c346aba235bcec0bc824499472b84c554aa2909fa6f67cdcd917

Download Submit
/data/data/air.StickDestruction/app_working/flurry.dex

Filesize
604KB

MD5
386c815a629651ae09aeb9563b474910

SHA1
7fb4e1ce77e3b1ff8f27457f576ab201d67bba57

SHA256
78c77b3cd48c616b6a4cc03812f0dca19e039f9623655a7da1ec45818394c493

SHA512
fa37c3b31c5a2131b3ece66978287f1154148eb1706137be6aed748a1a66e904f949edf7f5e2ad39ba435a9ee13a886e0edcbe16cec929643a85171614c976a8

Download Submit
/data/data/air.StickDestruction/app_working/startapp.dex

Filesize
558KB

MD5
458a8f63830e30d8a81ea5985ce36c16

SHA1
a4390ba097aab62274be43c783ef1133cf01d133

SHA256
a9a2aa5882fe44d7f26cdb0b85008601cbefb514277a63e42a98350a4f5c4cfa

SHA512
b89963f7ce3db75fbefa61ba630471747b61772628ce724c4ff81ab378767ece0d8bcd7ba9ec861ec6ed6d31414e0fb4c93525b20fd7446a64b88a306a2fdf91

Download Submit
/data/data/air.StickDestruction/cache/app/8464f4b0-40e8-402d-90ca-90d772082c71/assets/META-INF/AIR/application.xml

Filesize
10KB

MD5
7a0b9a7b45d82b5cb1adbe3dcca14411

SHA1
2e3234e3958dbd6c4a163036c0024001c9d4bbe7

SHA256
cb24775e2c395f20b52e93e65f58f87c92592d8df11d80ef57e5026520698456

SHA512
ae0abb6de1b7a7be47bbf6c20b5aebe68744b6b6b113710d2a7e10f852bf60c9149ec2d034d96f8b6c23ccfe7ca1a24234984a6e15fb6dae54d2245c5045b440

Download Submit
/data/data/air.StickDestruction/cache/app/8464f4b0-40e8-402d-90ca-90d772082c71/assets/META-INF/AIR/extensions/com.appodeal.aneplugin/META-INF/ANE/Android-ARM/library.swf

Filesize
8KB

MD5
5eaabbb9a904471bfdda3f52af642326

SHA1
9255734b29082a23857abc25a9bc57cacb371429

SHA256
ab1bd0ddcd5e010b21d673851c7843311d709509f5c5edb7962a310df995bbc9

SHA512
dba42216d8342aaacfeb591cefadc0a21e4d97dda3e2646549b196f1bc18463d495d3b1ca340f74be13a3c87046cb5bd40a57831edb74ee0df91d34f0a744b94

Download Submit
/data/data/air.StickDestruction/cache/app/8464f4b0-40e8-402d-90ca-90d772082c71/assets/META-INF/AIR/extensions/com.appodeal.aneplugin/META-INF/ANE/extension.xml

Filesize
851B

MD5
88e54b3861e42b10fce5105c4959d9db

SHA1
637c8ddc2b5351126dc1cff80db33ddc3a4c3798

SHA256
b34aca29e9ec9e808c5b90d7b759c70562c8739046dbedacdf087584d8754e20

SHA512
1afddcccb0ce4fca9c86f59186f88528c5e190671a72f6a10eb5aba7f0476c1345e679697d5681264cae7de31eaf27f42bcea725e46f490dd306aed62ec7df34

Download Submit
/data/data/air.StickDestruction/cache/app/8464f4b0-40e8-402d-90ca-90d772082c71/assets/META-INF/AIR/extensions/com.appodeal.playservicesane/META-INF/ANE/Android-ARM/library.swf

Filesize
503B

MD5
73730e0ccd75e8a1ac89a76d5d591adc

SHA1
7c6d12225394caf116bb1bb5df3fbe2b11339d30

SHA256
75ea80769e58457b5f15ef8298d33110d58f6f1f0092503697dd8f6de08450ff

SHA512
04afa6a8274cfdddfd5165884e328b070a82a272e4be8b95f1be8ed010e41d13a24deb83cd7e9653ea0d881d7f73164d2dcdb99e881754a37497c57cfa661e71

Download Submit
/data/data/air.StickDestruction/cache/app/8464f4b0-40e8-402d-90ca-90d772082c71/assets/META-INF/AIR/extensions/com.appodeal.playservicesane/META-INF/ANE/extension.xml

Filesize
902B

MD5
1b185e5f692b9074e24b957a779e0a9d

SHA1
67dc02baf0913177d82ffafea1c25809f42080e3

SHA256
668edede0a0a88823c241f5146274097d3fa803090daaccafd43e62fd255fa1b

SHA512
5f0f3347e1e81c11f0a66d10ae17794a47063ad1934dcfd9166ffe724662f507f37f33727f249806a3ea7285a1c4b639ff2ed8f3739f1c3113bc4b16d252cfef

Download Submit
/data/data/air.StickDestruction/cache/app/8464f4b0-40e8-402d-90ca-90d772082c71/assets/META-INF/AIR/extensions/com.appodeal.supportane/META-INF/ANE/Android-ARM/library.swf

Filesize
498B

MD5
621d6a3d6e83c91b1d63d495b75fb45d

SHA1
b18d1d93dedb217e94f446908dbeb72131f7e691

SHA256
f0b802f4055ea5827d7d47dd11baa1192a8290c6c6d39783f0458ef3e2f02f2e

SHA512
c768640e47ffd27abc0b9f06d13d9bdc62872f8597b02cdd37109a9ba2b5c5f9c4d1e6a09f4b60d5be530e67a00448e1bac66aaabef5d2b6d60d9df0989d9bce

Download Submit
/data/data/air.StickDestruction/cache/app/8464f4b0-40e8-402d-90ca-90d772082c71/assets/META-INF/AIR/extensions/com.appodeal.supportane/META-INF/ANE/extension.xml

Filesize
845B

MD5
9c91acb91561d45d051a1f44aef551cb

SHA1
aa5a11a4d39df191ca561f819f8df1496b3f0c74

SHA256
5dcc28744d5b100a220aa33573532ff9c678f5d3ffee112b840bf5ad5f6baff2

SHA512
790f57c94c10aa4a9a53cf8e58a239f46dd35a83c8aa9344fb8f1d5aa74abe61e927ae84cccb9c8e1bf7267595c69b810fd971d816d4188ff4efbffd4eb6b210

Download Submit
/data/data/air.StickDestruction/cache/app/8464f4b0-40e8-402d-90ca-90d772082c71/assets/META-INF/AIR/extensions/com.milkmangames.extensions.AndroidIAB/META-INF/ANE/Android-ARM/library.swf

Filesize
11KB

MD5
4a0d8fd2583d79247c19d1d70ea5f446

SHA1
933464a1b6152c7f1e1659f601878e3021a01140

SHA256
ab02059b092060429864798e33a10669ce69bdbf88e938baa188299840702ea6

SHA512
034764e7117773856f3e06b1f9da88a4fcf454c1ca33b6986219b2b96ba8ffb6a61520f88029c47f73d27981569f46d734f77322625a5e075b226c1b189fc8ac

Download Submit
/data/data/air.StickDestruction/cache/app/8464f4b0-40e8-402d-90ca-90d772082c71/assets/META-INF/AIR/extensions/com.milkmangames.extensions.AndroidIAB/META-INF/ANE/extension.xml

Filesize
1022B

MD5
716f0972ed182fabbdb88dbda9315570

SHA1
e6603b0f8da0e69ef80561cbae3c087d4a6542e3

SHA256
2b8764b0b6c802d4f63eb80b259a52a3ea38a6e4f169129397737e7daa024fcc

SHA512
13a0047214cdfcb1aff3dbb0a68f1665d304466f5a16ddb3ad1d6eb899441d3433875ff0146459750fbd0427ecef734b61ab0fe14c870f1dcdd6d4c8e7dafb98

Download Submit
/data/data/air.StickDestruction/cache/app/8464f4b0-40e8-402d-90ca-90d772082c71/assets/stickman.swf

Filesize
438KB

MD5
a464522bd46c86d7068c21d8b2b44ad3

SHA1
50f1ae0a15e8a646c48b0af25797a638e138cd6c

SHA256
e3d9de38c0d8200c2fb342abc3ad55ae6ac32650b2aeac447183541cdddb8071

SHA512
5a373a63766081f106b8fe9e6651c4ffb84b7f307b01e5b85df0cce03b30a8455834b6a401264b6fdd841b3388f1ceab670f1901dcc3aac9c8d882d7f04f87c8

Download Submit
/data/data/air.StickDestruction/databases/dYZYYZW

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/air.StickDestruction/databases/dYZYYZW-journal

Filesize
512B

MD5
8a33b7dbd270b99fcdb27c0ebf11bfef

SHA1
7cf37a32eb74a867ce1ddc41970aed0949f2bb5a

SHA256
825f6423ae2b8f4b4527d81b788aca0dad2c32fa0a3a480fb2bd9404e3e7f4e0

SHA512
c088bda1f4b74914ac071833b85ba3de7ede7db2ebec02ccbd740a100fe921d2d9db6943519e85a916b8ab6165e77a355e8a33959e9824f80b9d81f55a92d7b2

Download Submit
/data/data/air.StickDestruction/databases/dYZYYZW-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/air.StickDestruction/databases/dYZYYZW-wal

Filesize
104KB

MD5
abd585a581a82d831f73b36c8053c779

SHA1
3d0ffa089aa499aa388d1fa89df7fc3d3bc7c1d0

SHA256
968e312814fb4de65e48a16b1fdce06cd65b548a162d21aff772942a0fadb665

SHA512
ebc3adc8f1375801da1cb72de7aad64b15bf066bff824ae65ee597997b35a00ffef7663daf2502095f7c49e373bb5f819844e5201ac1ed80fa2e7b68f961b6a0

Download Submit
/storage/emulated/0/.appodeal

Filesize
5B

MD5
88278dd6f1c310e699905218a9161893

SHA1
616e70e35b2ce06b150fb71911606ea34fa100b6

SHA256
469abedf5797bb56f1afa35a227eba1d8f7b3e22c99426e527da4b0d839dde15

SHA512
86b75a46ffbd2c5f9d3dc8c3a3ab8c52a5a93ae22c669c3f20b7a715be6875af0fdbe25e7899e6b4c8ec9d328b634d2674d5749c2174ad3af0e95b3483fbb106

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads