2147b7e613749b6f1964625080ff93cac4f6fe166b958379beee8aaf5f23a706

Analysis

max time kernel
131s
max time network
152s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
13/05/2024, 06:27 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e23b1e1515f995a6ee4ca35af827431_JaffaCakes118.apk
Size

1.9MB
MD5

3e23b1e1515f995a6ee4ca35af827431
SHA1

0ca7ecba605cbc88396feb54e0a5d74ba1f3b58d
SHA256

2147b7e613749b6f1964625080ff93cac4f6fe166b958379beee8aaf5f23a706
SHA512

5120184eee2e89ed5dd312677c0d9f9046d1ed31cf66a19994f41eca42f79c8a198696d73251a70dd4e9eeab28b88fe540d0c872beeeed4629a391df6656a53d
SSDEEP

49152:tc1+8xWY9E4HndtBFiHOFaeYV0N/9BDumCj/quIFlZTQ:C+GWY9E49tj6QYe/9BShhm8

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.lwj.nevpid/files/nia/JahFvw.jar	4151	com.lwj.nevpid

com.lwj.nevpid
1⤵
- Loads dropped Dex/Jar
PID:4151

Network

DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.250.200.46
DNS

gyd.jms.cn.com

Remote address:

1.1.1.1:53

Request

gyd.jms.cn.com

IN A

Response

116.62.181.149:8080

420 B
7
142.250.178.14:443

tls, https

858 B
40 B
1
1
142.250.200.46:443

android.apis.google.com

tls

5.1kB
8.7kB
22
21
116.62.181.149:8080

300 B
5

224.0.0.251:5353

3.7kB
11
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.250.200.46
1.1.1.1:53

gyd.jms.cn.com

dns

60 B
125 B
1
1

DNS Request

gyd.jms.cn.com

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lwj.nevpid/files/nia/JahFvw.jar

Filesize
955KB

MD5
041c6b7293d75acb73b36082199f0131

SHA1
d97e124b4b453ab8b385bec2dda8e49092e7ba00

SHA256
6181d815c8a23be2a63c19bee4c8b4bb775bca78f51e3d337898f5069fef7a92

SHA512
ce8892661c5beea26fe4f8e84e555c6785ed8b9e42282496a8aa928e0c24c2ddfa12a9ecd228ea2970f2a6281b7c020d845f2b9e17c7c612d57ea239a68a1e23

Download Submit
/data/data/com.lwj.nevpid/files/nia/oat/JahFvw.jar.cur.prof

Filesize
227B

MD5
ce9a649454dbc25e97d5b7fee175c260

SHA1
239a4056b3aba797de24377ff9bd8828887b41a7

SHA256
d1272db6b5811d78e64507efba360bdb1729df16d817e577d15dc865b8369082

SHA512
fbee72946090a5f8e67d130ed6aff108354023606d3fab7608965dfec3eb69dd1607810a753a561f3736701ef607de98789fb1dbd4d5b2b1efde0bf4c13c1360

Download Submit
/data/user/0/com.lwj.nevpid/files/nia/JahFvw.jar

Filesize
2.3MB

MD5
6b259317eac32af14a4924dac4a64825

SHA1
f679289953d343305fbde6d22982c8a5549276e6

SHA256
d313388664b02af835042a9fa6303c518f37ac4a343a844f745ce1f6203cac1b

SHA512
01b1fc75a83cf64bcff83f41d93027f354df00545136d507f840929ac77e49318407ce3ecae2ec036685fc02bce7745dccdabeecbc07bc58e48e9f51b5e47caa

Download Submit