d649b07ee07f944ecd10e955d6edd0c998b54cf5542fe23905282ceddc70e74a

Analysis

max time kernel
135s
max time network
162s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
12-05-2024 08:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3936153b6fec314797315ac7e7a2257e_JaffaCakes118.apk
Size

9.7MB
MD5

3936153b6fec314797315ac7e7a2257e
SHA1

b38194afa9c747a2911c8ed2be6daf230a6f6924
SHA256

d649b07ee07f944ecd10e955d6edd0c998b54cf5542fe23905282ceddc70e74a
SHA512

3bd901436281869bd19b88b977abaf441cad0846c16dd1f252a9a0bfe7ed7f71d7af6e48ff0ecb4e4400b41d5ca3e1bd6d8b3046eb3bb27291765b84c94452b5
SSDEEP

196608:0x+jyRfmruRV40IcAWpFzFRJp99I4pyvZUSFQJpF1UrNGhJ1RxBPcAKx:0xGyRwuR2Nc9jJb9I42ySFYpANc1Rx9Y

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.juying.wanda:ipc
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.juying.wanda
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.juying.wanda:pushcore

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.juying.wanda
Framework service call	android.app.IActivityManager.registerReceiver	com.juying.wanda:pushcore

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.juying.wanda
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.juying.wanda:pushcore

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.juying.wanda
Framework API call	javax.crypto.Cipher.doFinal	com.juying.wanda:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.juying.wanda:ipc

com.juying.wanda
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5099

com.juying.wanda:pushcore
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5157

com.juying.wanda:ipc
1⤵
PID:5189

com.juying.wanda:ipc
1⤵
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:5342

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact