d6a59eb5d35aa1f70928ff4a7d3b2d0e82e0191415abfadd4f43550351b6bad2

Analysis

max time kernel
2s
max time network
138s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
15/05/2024, 13:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4665bba22ab7ad3234995db6c6e96020_JaffaCakes118.apk
Size

15.5MB
MD5

4665bba22ab7ad3234995db6c6e96020
SHA1

bfeaec4aeddd58922fcd2ebaad47021813ad1ea1
SHA256

d6a59eb5d35aa1f70928ff4a7d3b2d0e82e0191415abfadd4f43550351b6bad2
SHA512

543b9fab0227ebf67f9d46054f48a94de991cf5f147bfe546cb4beb6a5ebacf6f8d4927cad07ca4ec846720d2eeb848b6aecc979a473a092050d54f8df539f16
SSDEEP

393216:yAIXMK/0UEDEhiioac1Lm96WkwakDSYTHqDOwoGEQsJipPFSItEC:yAEMK/0UEDETiLkTSMHqDUaxpPJtL

Score

7^/10

evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.baidu.chasehero/app_push_lib/plugin-deploy.jar	4499	com.baidu.chasehero

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.baidu.chasehero

com.baidu.chasehero
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4499

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact