56597a06fb16925859fe01ff734409d950bbd494eb30d854745e9430d4da5295

Analysis

max time kernel
142s
max time network
160s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
12/05/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38716f839b1bdda0a97d3ba22f90794a_JaffaCakes118.apk
Size

1.2MB
MD5

38716f839b1bdda0a97d3ba22f90794a
SHA1

a8239ecb3b6650554593e353a69b781c93f84785
SHA256

56597a06fb16925859fe01ff734409d950bbd494eb30d854745e9430d4da5295
SHA512

d105d768ca13011edcd34cd2b7cbcd19280496a284e5460944bd6362cf978eb49c20dc1d2b6b7d24f30bfcc823c51bca24c4d87c3f1a77048d67555170ef1042
SSDEEP

24576:b2yBmGMldP4YZMXNEvovYNcy2DUOE5dYhcYL3XAvCr5CP/:b8hZ8NESYNp2DNE5ccIA6re

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.ifext.news

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ifext.news

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.ifext.news

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ifext.news
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ifext.news:pushservice

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ifext.news

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ifext.news:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.ifext.news

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ifext.news
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ifext.news:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ifext.news:pushservice

com.ifext.news
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5097

com.ifext.news:pushservice
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5154

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ifext.news/databases/pushsdk.db-journal

Filesize
8KB

MD5
7f0b234ccb1d3a0719a1f69fdbc8b395

SHA1
27f808e346f4b2d4f3e792b7c37b1c1df40da83d

SHA256
dd143e39acf4564e2bfb5f32fb6edb59a13afec344030321dc0ae654c99198c7

SHA512
c657070b28c03518296533a3c9293bbbae278b082d82eb13798e061921998f7dd70e6926c9b079d3a493adaf25ba268f715a85f7946903834cb8644273edcbcf

Download Submit
/data/data/com.ifext.news/databases/pushsdk.db-journal

Filesize
512B

MD5
8ad308f47e0f5924a631b3e2957f6675

SHA1
3f957cbf7de083b3de17030de1ff5268c91eb86b

SHA256
235fef62f68b8c87425fa401d67de824f4e7a458266cebb5957078603c8748f3

SHA512
1fd7d54eaeffc2853a89cdbb37ee10411d2c20cfe65c5821266d3a356037376e0e5c557b6608b885748c2732fd23d2671e600e299c52e8d0fa0832a7e68fd57c

Download Submit
/data/data/com.ifext.news/databases/pushsdk.db-journal

Filesize
8KB

MD5
a75c2284f59e5032734e9d87517b9562

SHA1
f1497a0ee213bba16c7748b404dccbdc5087b273

SHA256
2df6e3ceddfd9c5a968bf27c222617dd11e3b9bcbde0f3e702146b3acdfc557d

SHA512
84eb898cc5ac96b4e787064dade701954b56474e682c7a58d240a1bb544648b752493c06e958ab39f4181120c57435ad12b8cc6f793ed92737719179003207bc

Download Submit
/data/data/com.ifext.news/databases/pushsdk.db-journal

Filesize
8KB

MD5
ef42e5bec8fd9ab90d56f3abc9376315

SHA1
96f903d1d9821ced343092e7b9cd449354e55cd8

SHA256
f6f0165d0cb0c11e0b34e121a276073322fa4d4438b53b4e39a1b7ebd7aaae60

SHA512
32a096892a464f6a6aa3025e60845a181015f0eba4a99511740f11824815c4d170a86bf0d3e56cb4b35dc6a2a89f45659c18fa03eac54b67b31b57abe4cc2081

Download Submit
/data/data/com.ifext.news/databases/pushsdk.db-journal

Filesize
4KB

MD5
af2076ef40e26e268a92c425c112553b

SHA1
de0a417c7d530447ac1e89af1190f3154538726f

SHA256
4a0ad9911ebc31b73adf6d2a1abd48cb74d94d45b008cd75257516b1f5bfbde9

SHA512
1251622adc49d61bcf08574a9fd88f29ef2a5892650b2d01385ba3fb1960b5bce36903a0863aa092c5685155924158fce664575eddf60fb22c76d99bbdb63219

Download Submit
/data/data/com.ifext.news/databases/pushsdk.db-journal

Filesize
8KB

MD5
3bc8e32056cadc759ad37851e26ad4ba

SHA1
9dd706f52609400f4b8e07251bd162a99bd34cb9

SHA256
af26b563458b1845391235163e794389883efa5cbe1e34def2a7712bdf55b7fe

SHA512
de58ec2ea282858bbb81f6a4cfccd4b45b2d62a09101fde332ee8af2a4669b5f8eff2b5465b434b77f054405df2d5a31dc4fae04dcbaff28c34c30c4cfe678b9

Download Submit
/data/data/com.ifext.news/files/init_c1.pid

Filesize
14B

MD5
a731c737e62f84dccebbf6fe8bd7c07c

SHA1
e3149685e5cb8249a530903af4c15a34c50e94cc

SHA256
7959ae7e5309881fe3401b643cd07b4015529ffcb445034809eedfd8050bb3f3

SHA512
56217f3437730d46dc2c7680f3cb9b7417108641cbf1cf2d0e370a0108df5e254dac6bfec9dc6564c4a6e410f9d418918db16701aaef4c5b9fc4bf3c21f46132

Download Submit
/storage/emulated/0/Android/data/com.ifext.news/cache/channel_info

Filesize
2KB

MD5
c8fd9b2a0faf22ac2e49dfdfb43c5568

SHA1
eb6160a3b3827bffcb6357253345f137e3031c6a

SHA256
0ea604a40585114d43206d8e629dfd0f68f2e4246a0bfce5958a15a82ee25632

SHA512
ae146804875becaee34c7959caea2d8efa1cdb08a8a389af6931837835ed652c9fdedd43f5aeb27092faf0620c04d7ca3575b92b595d9d7b9ff191ada40d9f2e

Download Submit
/storage/emulated/0/Android/data/com.ifext.news/cache/channel_server_info

Filesize
2KB

MD5
c2bde3bd315b92d5600f1048fd5a4418

SHA1
57c84eaf55768d71724fb65624afb6b37d956d30

SHA256
55229b6acfd6e1c067576c8a5bdeb94adda7c857a37130e83fe4ec502fe19cca

SHA512
03183c8683d7db15ee0c855b9368d6f0bf7e2499f26bc3450177c24f3c8a1b937d017be9028e976adfdc8653b4a6e34189432639c115f765a1ea4886805b230b

Download Submit
/storage/emulated/0/Android/data/ifeng/news/cache_temp/e3106d41c051243e

Filesize
48KB

MD5
a03d487d89c13aa9db2d2968550c0ada

SHA1
b43937f80c87f97017fc0b91b0eb281394857ac2

SHA256
6cca76a36bea7c59ed5de80992be9992ffa3ffee51ddaf061d629cda47f99ce9

SHA512
13acf79952dff2dacf9f729e3ea4f5758f0519eee50070744f5ff8a32b08043d19aa1bc787114050da79b152f1c1fe7d29203631898e2cb2319e8d2e9f3c103d

Download Submit
/storage/emulated/0/libs/com.ifext.news.bin

Filesize
70B

MD5
92882762af7af4aa5ee02666a7dc0d3b

SHA1
8386b0a436824540a75e0cbc498236b1d20c0321

SHA256
a37b5bc1fd44bfdb7be0ba0668e4673338085c437a2f6e99f1683579765e68cd

SHA512
ebc3133f4ed516b469e96750a3ca2553e792dd9884cf37725f86317c11a641592baa84b2d4d132ee69d226fc3dab27d52f6f68370c6a019106d3bca4ddbf1cb0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads