466228ab047df27e7cc156758806e1865e0212e62fb1f353635d141b86266740

Analysis

max time kernel
8s
max time network
131s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
14-05-2024 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4279c6c40ba08161699e0b6cdb58b742_JaffaCakes118.apk
Size

3.1MB
MD5

4279c6c40ba08161699e0b6cdb58b742
SHA1

ee47ef62512441c2a144296cfd32a05f6c270ce2
SHA256

466228ab047df27e7cc156758806e1865e0212e62fb1f353635d141b86266740
SHA512

16efc4318de3ef31b6c89f6b80e3df1f0d889d54351f421ea47d5b8ed5e51ec3ad0d8e87eb9029830921fe2c42483957e2d1523b36b6b20a16aab8314b9696c6
SSDEEP

49152:ckEqE3S/L5xaFZEVNdXKLb04lztbaD7fOnVYUzSa8XF8xaujr/J35TkacsMkelyh:1egrhl7WVAuPmV+Lkfdqq4ki00K1Ciy

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	tv.rgmgphj.thlkvj.uptvjnp

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	tv.rgmgphj.thlkvj.uptvjnp

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	tv.rgmgphj.thlkvj.uptvjnp

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	tv.rgmgphj.thlkvj.uptvjnp

tv.rgmgphj.thlkvj.uptvjnp
1⤵
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5056

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads