4df44db4b4ae04d36e778f6d29c09e77a32032be5ad273e2652389b5482b1e28

Analysis

max time kernel
149s
max time network
131s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
13/05/2024, 11:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3f62a00ca38e4c5b8767b95d8f7f2e23_JaffaCakes118.apk
Size

772KB
MD5

3f62a00ca38e4c5b8767b95d8f7f2e23
SHA1

0743e79f4a410a8db96a7eedcc7eb31c2358c86e
SHA256

4df44db4b4ae04d36e778f6d29c09e77a32032be5ad273e2652389b5482b1e28
SHA512

dbb81e7ad81dd3c80724a4b72458ac7fd51e79e87db165b143da1f1df1dbc4b2e96c7132abb4d53e209995443867c122ba71087795a2ec3b2e5b5ea8ec32e24c
SSDEEP

24576:kcYBMWH4HMHSR811nzxg+wjWtMxghn529:3WYsyR81UnJUnm

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.blue.batterywidgetheart

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.blue.batterywidgetheart/cauly/BlackDragonCore.apk	5138	com.blue.batterywidgetheart

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.blue.batterywidgetheart

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.blue.batterywidgetheart

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.blue.batterywidgetheart

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.blue.batterywidgetheart

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.blue.batterywidgetheart

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.blue.batterywidgetheart
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5138

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.blue.batterywidgetheart/cauly/BlackDragonCore.apk

Filesize
263KB

MD5
6d944249d01fba060411e46efcdfa2d1

SHA1
655b1f8f95fb13b508cc00b92bc4e4aa2be9c3b4

SHA256
37e6dedae1c02a100c20337ae4e41e8445c4e8ea1f91cdbc2687054518dd8394

SHA512
29232b847d464c32f079e08ef3d084dd61b90f09d99787b66532cfca33f1f48253728d5b304b46010abc037787671e04b3acb8ad2adc9769ee3c9903ea90aa40

Download Submit
/data/data/com.blue.batterywidgetheart/cauly/BlackDragonCore.apk__

Filesize
293KB

MD5
37e37ca339b7cf58adf7677dc1fa3d57

SHA1
f82f07ab67865b05d01f886c2bdb760eefa02753

SHA256
c2dbc22ab43eda9bdfa33bab87a5d3d8c53087d4477bdebd01b0e4c091a1e24e

SHA512
b538ca168a97cfed473feed46810fe064991346a9fa01ee3c4e58d5f59fb1b0be4f0a9249851cf5351f239f25f4645308ae8975130ad7f6850ee2ae6da6d239a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads