4eb2e7b17a0def4faef9e1b7b7637fb38c7d5531295b35fbd67c0b2119009593

Analysis

max time kernel
150s
max time network
162s
platform
android_x64
resource
android-33-x64-arm64-20240508.1-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240508.1-enlocale:en-usos:android-13-x64system
submitted
14-05-2024 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d24e43e2dfa26d1dfae77060b70a432_JaffaCakes118.apk
Size

22.0MB
MD5

3d24e43e2dfa26d1dfae77060b70a432
SHA1

141ae95c20da750488a403423a9257053fe03206
SHA256

4eb2e7b17a0def4faef9e1b7b7637fb38c7d5531295b35fbd67c0b2119009593
SHA512

a1425bbe3f03a5d9081d679005926c729ab77775225b23ef2eecaf10ba363934434099afcf9ef33e4435b4865e738aae48979d09836c4ba12e472a1a3a1a9987
SSDEEP

393216:1sppdv71TIDnFeXKZYvGrIyDpN2SLZA9uNw5NVPJzSBRDg:10dj16gYY+Uyec2JDua

Score

8^/10

banker discovery evasion impact

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.dailyyoga.cn

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dailyyoga.cn
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.dailyyoga.cn:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dailyyoga.cn
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.dailyyoga.cn:pushservice

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 2 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.dailyyoga.cn
Framework API call	android.hardware.SensorManager.registerListener	com.dailyyoga.cn:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dailyyoga.cn

com.dailyyoga.cn
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256

com.dailyyoga.cn:pushservice
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4364

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact