Overview

overview

8

Static

static

6

58fb8f875f...18.apk

android-9-x86

8

58fb8f875f...18.apk

android-10-x64

8

58fb8f875f...18.apk

android-11-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    135s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    19-05-2024 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58fb8f875f3c9acf0fd0c4ee3c0a002a_JaffaCakes118.apk

  • Size

    562KB

  • MD5

    58fb8f875f3c9acf0fd0c4ee3c0a002a

  • SHA1

    7afd33c865c9c6074fca3ef720fb04c5bb86a3d2

  • SHA256

    b8b9868a24898c8cb39d90c6d38233efabff5b0daf67bbbb54d1e3d0751dd4cb

  • SHA512

    5406a148eb107934f56c562670c4097a1390547634e7636e978e0ac21a4e5fba2908637aaf954b972e3ab6d8a7b1a3555b3fff2589c0ed4993f247aa83fb9cba

  • SSDEEP

    6144:mXnEmVNxM4ReDzUjfk40/tbpZt2ixtxrEIcpnb1tX/LznGPgnYXfx0A1Yy78T0Pj:mXnEEM4cqi1bAixputzzGPgYXvP4lG

Score
8/10
bankercollectiondiscoveryevasionstealthtrojan

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Reads the content of the browser bookmarks. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery

Processes

  • com.loliqkzwuw.oldtf
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Reads the content of the browser bookmarks.
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4628

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.loliqkzwuw.oldtf/app_dxpvp/humltau.jar
    Filesize

    224KB

    MD5

    c0de4ca82aea8345ef36d4a527a69e73

    SHA1

    b104e731b2de1a1c31c0db4436540f31019a4d79

    SHA256

    521f27d3fb8e95c5e4472077d43404c5f77f35fc273c9576b3b6363a436d0054

    SHA512

    1348a491fc523a5dd8b7e78aa8803a9c75ffe23b0e65aba513c90448ae895eb0475523f252c7f78a80b7070e2c15b5eaf611f672f10cf0309e615b2bbd09ad01

    Download Submit
  • /data/user/0/com.loliqkzwuw.oldtf/app_dxpvp/humltau.jar
    Filesize

    558KB

    MD5

    c32eed2295fa9b67b3fedb648718b8e7

    SHA1

    c55ca4d640a1a71c93274f672873238ba84761e7

    SHA256

    9b8407b13048e946d49853d8de2bc529aa3ed1a29f86faf2d227f7e97424ef88

    SHA512

    0bdd5486e7f2daa0e00091c5af7749219260c2de8ef8cc062c565396780f3f3476b70dc4964f97463916db1a088790cd8737166c575fea7c7beec81e0a367582

    Download Submit