57f142689ec1ac61e26017f370aa718f78bb6150a2b38f221f12a3bcd1889e9a

General

Target

44dfdad365f25447f8e79be1401e0c19_JaffaCakes118.apk
Size

4.6MB
MD5

44dfdad365f25447f8e79be1401e0c19
SHA1

783c6f2933604b23ef26c41d412a9405dfe95f8d
SHA256

57f142689ec1ac61e26017f370aa718f78bb6150a2b38f221f12a3bcd1889e9a
SHA512

c03ba7c62a41f29ec3c749dcb07ea8f1acaeeb5daa96a8d7aa09e0263649f0714b78f0b8895465619b5989e0b8538c33663540b2ebd43baab10ce5e72d5bbf45
SSDEEP

98304:ABFnZK1J+YHQnBsDWpkp7uGrCVEyG26EfLsm5YmZZIgajGFdZhMSiKbfyC1J:gFZ4+CQnBSJ21djXFd/ricx1J

Score

8^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.zz.zmmkt

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.zz.zmmkt/app_aaa_data/classes.zip	4617	com.zz.zmmkt

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.zz.zmmkt

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.zz.zmmkt

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zz.zmmkt

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zz.zmmkt

com.zz.zmmkt
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4617

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1

T1407

Virtualization/Sandbox Evasion

1

T1633

System Checks

1

T1633.001

Credential Access

Clipboard Data

1

T1414

Discovery

Software Discovery

1

T1418

Security Software Discovery

1

T1418.001

System Information Discovery

1

T1426

System Network Configuration Discovery

2

T1422

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Clipboard Data

1

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Data Manipulation

1

T1641

Transmitted Data Manipulation

1

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zz.zmmkt/app_aaa_data/classes.zip

Filesize
214KB

MD5
e25caab92801bd1ab7f26fabf737044f

SHA1
9bd442d9f7a4c63a4118acf5deb7652b0a1a84e9

SHA256
644a85343ea715ccc73bdfbcd7cade6cfdfb4b1a30d1a2330bb2ba9cb03dde06

SHA512
6288c4cce3205513f3d520e1f055c1fa3dd6bd57b0c1af7ae09700f860524edfb264e2d2140541d2ea578dc5e66eff5c90b5e10bb19bcdd56146116f3e889535

Download Submit
/data/user/0/com.zz.zmmkt/app_aaa_data/classes.zip

Filesize
581KB

MD5
d0b802d7ca5d3e927341c19b570d0a85

SHA1
42e5f1fc49c18369e0447fd9edb53f75317dacc8

SHA256
a56a6203530dfa9cdd8b53d6acf8e4b2b3a90dd2b54b0f619fa6e25178be8216

SHA512
f37206593a04c1ec2c558105c203983d44692ad48877fa603245260895b8078941f45f8ed94064e6e3dfc9cc32b45f00c655a93ebfa5322dd14129a3650d7a39

Download Submit
/data/user/0/com.zz.zmmkt/databases/aaa_aa-db

Filesize
188KB

MD5
577ef6f690efb180b8216213be8cceaa

SHA1
8d4537c448eda406d7ac88d49d5484a5774c77d1

SHA256
077898c090af717c6fdef53ab544f11bf5e33ddb895a112d8b723456b68b5b39

SHA512
fe7429e5058e726b746edac636f1ae5563c4b924b86f54367bd620d34e2e85a9a3637782adb52bd56638d0780377d467636e3aae2efa0e9dab1e39e7e236c1d9

Download Submit
/data/user/0/com.zz.zmmkt/databases/aaa_aa-db-journal

Filesize
512B

MD5
4ed705e40d54599e4794701761e4c43e

SHA1
bf2deae29779c7beecaf298549851bd3cc5d3966

SHA256
ec8413a5e5a848f1ef9be665e7952c5f7506cfa791d6596af41e66d83c41715f

SHA512
ae3053eeb2b91f1312c5cecc7b0fd1927cab4694fe5ca5d7251565314ba45a8ec6493e14947c4a1a9a876fbb5e81b170ece247bd2cae01acd84ff45493abb562

Download Submit
/data/user/0/com.zz.zmmkt/databases/aaa_aa-db-journal

Filesize
8KB

MD5
40e7a4f7fa4d31a45f11b98ac2640a23

SHA1
b9db137e9860646ffeb2ae0bcc3733af164313a7

SHA256
f158470fa770716b479b14f92a64161099fde20dd036761e1ec97b7546b809c9

SHA512
3e6f2084644abe427ca19d8856507011412683395f8603b378c8954242c69d830afe453a8ed8408fc49e070fd72a8986ac6ce7747c1b66e1e47a40121c5148c4

Download Submit
/data/user/0/com.zz.zmmkt/databases/aaa_aa-db-journal

Filesize
8KB

MD5
231b202512a47bdcb80fd3c0b341a195

SHA1
ece7906b71aff6e8b4910ffc78276d5495ceb446

SHA256
91bd3cc8a2ea49218d0cda55db7ede8a01f64d9e467e0032682befb9bea8b140

SHA512
4f55fcfeac6393562b6ef3a9958ad13c2677618b1a9ea3af95facb1cd44658d630948d015fe8889e5d5beb3e3684227a3eedcfc5cc0e3e8a729a74c8424b25f8

Download Submit
/data/user/0/com.zz.zmmkt/databases/aaa_aa-db-journal

Filesize
16KB

MD5
cc717f2d595acc80ba21773b9599e52e

SHA1
63ff60bba9066d38f8b2494332020e95f92fa9e6

SHA256
41d40c0105653d3f12390ecdc583468a47dd31613832cd6ef6bc4d988009bf04

SHA512
29f8969458aed269b7f84dd65149729278a3543e118f3056468b05d115943eb9d8411d8cfc240f02459afcd92ca5ae446f1c8baf982cd24476f198bd7ca14d8a

Download Submit
/data/user/0/com.zz.zmmkt/databases/aaa_aa-db-journal

Filesize
12KB

MD5
d37e48fdca94ab3a450020d7f10b04bb

SHA1
801ba3fdf435567400bed28803402f6dcbd38bdf

SHA256
d2e6ee75d3a8e235e2eab13c60c7185523c3c366cca2caf948cb6452fc73852e

SHA512
23a95f4c30a2804ae2d88dd1beed9d715dcf43b590c096aecffe91c53d5f4cb4f763a97640bc1d1dfcd316c95ef69029708287c0eacd6ffc3c1b54abea2b4666

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads