57f142689ec1ac61e26017f370aa718f78bb6150a2b38f221f12a3bcd1889e9a

Analysis

max time kernel
48s
max time network
152s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
15-05-2024 06:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44dfdad365f25447f8e79be1401e0c19_JaffaCakes118.apk
Size

4.6MB
MD5

44dfdad365f25447f8e79be1401e0c19
SHA1

783c6f2933604b23ef26c41d412a9405dfe95f8d
SHA256

57f142689ec1ac61e26017f370aa718f78bb6150a2b38f221f12a3bcd1889e9a
SHA512

c03ba7c62a41f29ec3c749dcb07ea8f1acaeeb5daa96a8d7aa09e0263649f0714b78f0b8895465619b5989e0b8538c33663540b2ebd43baab10ce5e72d5bbf45
SSDEEP

98304:ABFnZK1J+YHQnBsDWpkp7uGrCVEyG26EfLsm5YmZZIgajGFdZhMSiKbfyC1J:gFZ4+CQnBSJ21djXFd/ricx1J

Score

8^/10

banker collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.zz.zmmkt

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.zz.zmmkt/app_aaa_data/classes.zip	5119	com.zz.zmmkt

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.zz.zmmkt

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zz.zmmkt

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.zz.zmmkt

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.zz.zmmkt

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zz.zmmkt

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zz.zmmkt

com.zz.zmmkt
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5119

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zz.zmmkt/app_aaa_data/classes.zip

Filesize
214KB

MD5
e25caab92801bd1ab7f26fabf737044f

SHA1
9bd442d9f7a4c63a4118acf5deb7652b0a1a84e9

SHA256
644a85343ea715ccc73bdfbcd7cade6cfdfb4b1a30d1a2330bb2ba9cb03dde06

SHA512
6288c4cce3205513f3d520e1f055c1fa3dd6bd57b0c1af7ae09700f860524edfb264e2d2140541d2ea578dc5e66eff5c90b5e10bb19bcdd56146116f3e889535

Download Submit
/data/data/com.zz.zmmkt/app_aaa_data/oat/classes.zip.cur.prof

Filesize
792B

MD5
1f69d09c987d6a02aea2b0e4bb1a6d08

SHA1
4718219b745be6d1582c0ff5c0276fead8bc652e

SHA256
8981fef3515f4147a339f3f1dbdf7899c0361fc853a7c4de07bb807c7e066e12

SHA512
33224044f8c70e52f1f08619fb475361d8d47a119c41db72b90d0a54da57e515a12e1c936f7294a676b48bb9e64a342406b54573e0c9d250d05b3ba83b75a02b

Download Submit
/data/data/com.zz.zmmkt/databases/aaa_aa-db

Filesize
184KB

MD5
e3257f12a8259393fd94c010d72820f3

SHA1
6ffa97e5de59ad890e5206c17b7ae5a0a01d89f1

SHA256
3f052bcf2a8a86a84b98a2813b537185250231f8252470ed1685bfd2f454320f

SHA512
a15b684c7efd34cd598d998f8b94b9d65db46b3560643352a7bebf2e56783f8c85860ff07d1b7342fd71dae22e92155aad8717db1fef159c4ff6e23f3ed03097

Download Submit
/data/data/com.zz.zmmkt/databases/aaa_aa-db-journal

Filesize
512B

MD5
bf4854730128ded6152a996468b3de39

SHA1
858885aa1f1a52c240dc9b7419ac5046430e0e63

SHA256
cb2154efef4a0eee59e54968d9aededc05d908d699cba5f02c0c84d017d2813b

SHA512
a2dc20d67b2d1717c1bc69813db0a58ec2d31c96d7926bbf9425c2dcbe85f51be40b992f07161b6e31b603493dec0d0815344abb185784a82f2e998cb2e27f89

Download Submit
/data/data/com.zz.zmmkt/databases/aaa_aa-db-journal

Filesize
8KB

MD5
1db7175cf853bdc7af3fe7d24c018667

SHA1
d7f74f0dea504b7d6907b5dd4e1942b6b4d82f6c

SHA256
c97882aa742ea99960fa36f29acff91a3421a8bc88f1a1f6cc7b179360078938

SHA512
44a7f43f89c730e9e9fa4fde8bef96481893ebc8ffdbb6419ff5c3522405d3fa3cd826e6032ed8704a7c3c6262ef6fbb5b4a7d589419c338093b6373a6b669c3

Download Submit
/data/data/com.zz.zmmkt/databases/aaa_aa-db-journal

Filesize
8KB

MD5
59d8d990582c70aae7441b12c982bae8

SHA1
95e08e1fa5bcf0677774e0ea90ffb5a493234e23

SHA256
64faccb8b284ab9d6a208f2e2a81661c80f00a9f47712c80dbcfd5fba4ce0c20

SHA512
b3e096919602ff67c8bd18330853d5a29622a8b46820bf182fb4e1007d796935c010c0e82ab0413079b94ee8caf7d52026910b5bcba8aa1d489bf6b03b8c4aac

Download Submit
/data/data/com.zz.zmmkt/databases/aaa_aa-db-journal

Filesize
16KB

MD5
f449f71f8e6ff5bef19558253d512341

SHA1
907abc9b04cd66b3e67e5ba645a13ba3c2cdc0c2

SHA256
66808fa0d852def016f78ba8ae94080fb41a0d6f7223546431e1178b8336e883

SHA512
42ade381142e1647522e5ecfedec40d217115a582595f794855c08c7f049f07df2dac4638a1ed0bf1e4524b2981ed6d3b10ef1f27c127fd270866777f2bee374

Download Submit
/data/data/com.zz.zmmkt/databases/aaa_aa-db-journal

Filesize
12KB

MD5
d73e0755f00590586650b1d741f10d6d

SHA1
5f8ab6d14606c1223b803105185c6d7f489cf39a

SHA256
3d00f81391e2c41500b919f1284ea870dd10ee081c90789533bb06cf3484dfc0

SHA512
067075df65968fb20ba1b1424fd644d2af5b13054c1938512154918a34905b662d3231ff18fb4b96b7baf9b9af75740ad97973384738637a58754072b97cc565

Download Submit
/data/user/0/com.zz.zmmkt/app_aaa_data/classes.zip

Filesize
581KB

MD5
d0b802d7ca5d3e927341c19b570d0a85

SHA1
42e5f1fc49c18369e0447fd9edb53f75317dacc8

SHA256
a56a6203530dfa9cdd8b53d6acf8e4b2b3a90dd2b54b0f619fa6e25178be8216

SHA512
f37206593a04c1ec2c558105c203983d44692ad48877fa603245260895b8078941f45f8ed94064e6e3dfc9cc32b45f00c655a93ebfa5322dd14129a3650d7a39

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads