477d5262ee3a49ffcb3585602d188f7069f66dd8cf4a06e89e36c96482a53f33

Analysis

max time kernel
177s
max time network
162s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
20-05-2024 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

612bbfbfe1acc6b3a4c94bd322929c09_JaffaCakes118.apk
Size

1.3MB
MD5

612bbfbfe1acc6b3a4c94bd322929c09
SHA1

74d21ddc51cb37346f67009ec9f95c3cb7b5d380
SHA256

477d5262ee3a49ffcb3585602d188f7069f66dd8cf4a06e89e36c96482a53f33
SHA512

bcf57c0f213755780ffb6c20d69c30088f7eb538a87aa91764096fde74fdde4ffc43e880e89a036eee2c5b9726b0ee318ae854261dc586f7d40ca0e32af18282
SSDEEP

24576:ssQXoL0otaYtXMKCnEOn8wB7PvQGjXo+Fgjh8bq/13tdHbZKm51Ob83k:soQ7YtBCnEQfB7PvQGjrGjh8bq/1XHNS

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.cwut.bpbp.pvmx

pid process

4673 com.cwut.bpbp.pvmx
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.cwut.bpbp.pvmx

description ioc process

File opened for read /proc/cpuinfo com.cwut.bpbp.pvmx

pid	process
4673	com.cwut.bpbp.pvmx

description	ioc	process
File opened for read	/proc/cpuinfo	com.cwut.bpbp.pvmx

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.cwut.bpbp.pvmxcom.cwut.bpbp.pvmx:daemon

ioc	pid	process
/data/user/0/com.cwut.bpbp.pvmx/app_mjf/dz.jar	4673	com.cwut.bpbp.pvmx
/data/user/0/com.cwut.bpbp.pvmx/app_mjf/dz.jar	4741	com.cwut.bpbp.pvmx:daemon

Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

com.cwut.bpbp.pvmx

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.cwut.bpbp.pvmx
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.cwut.bpbp.pvmx

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.cwut.bpbp.pvmx
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.cwut.bpbp.pvmx

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cwut.bpbp.pvmx
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.cwut.bpbp.pvmx

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cwut.bpbp.pvmx
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.cwut.bpbp.pvmx

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cwut.bpbp.pvmx

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cwut.bpbp.pvmx

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cwut.bpbp.pvmx

com.cwut.bpbp.pvmx
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4673

com.cwut.bpbp.pvmx:daemon
1⤵
- Loads dropped Dex/Jar
PID:4741

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.cwut.bpbp.pvmx/app_mjf/ddz.jar
Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/app_mjf/dz.jar
Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/app_mjf/tdz.jar
Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd
Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd-journal
Filesize
8KB

MD5
cae47c15f0af6343686e886cbf557f64

SHA1
f6931779b1b31d70dd3c9c09e2e41005e7f2ac68

SHA256
4479f38028089cfccca03a1408a5e84a266a64c9621411b7151bb01d44a39f4c

SHA512
03b213def684898486136a94ea947d6e6725259125c239ac1dc89da0b559352deb4ffb6340c4ea5b984d871cbd7fdf40e364a4e94c7e4c0f5ec803380beb54ba

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd-journal
Filesize
512B

MD5
1d144b09c4f1e6ce5b0bd6b49ce52b7f

SHA1
48b81d4f9a9881e1f93e87af8dd28206fe19c4e5

SHA256
081858a0c0bbc80949df772c5fb33f8d61365b6930e366b0ac0caea25fcb1325

SHA512
e31d7f63fa25c7ccfbdc574edd587fdd4175ea6cbac6d9501bc50ba23def0f5353b027631b45dc1cc51dc4bbfc3885df52a65dfe4250a2cd0873c3b547c1445f

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd-journal
Filesize
8KB

MD5
959df8efdb8c82d649ae7b827f4db86e

SHA1
e7f7d96082daa11725be377d5e05bb81eb034c5c

SHA256
9ef0f57339b316dc6e9530ba469d705064cff78f2a964977538b3505621e874e

SHA512
3b3d943c2b6b208b391907966696eb037312281bef1fe94ab265ac271bc79b647f2683cb7629b8c4962c67e092c0a666035e42acb43b6f04a8fcf70cc662c7ed

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd-journal
Filesize
4KB

MD5
862011b0a2ad5936da2d5c44063af0e7

SHA1
7049a619c4298e119986875f9f326d009391047f

SHA256
ff61137d552d6f0aea529f4f9b9be4df2f2a125db47b1678997e98e4ebf1a88f

SHA512
f215c2d0050edd3205e559411c60f1409db3caab8b4340ee4aff57b64c6a0e6be25032de9914956a4c6d3ed0e333332ece984ac21741dc76b14707131c4e75c4

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd-journal
Filesize
8KB

MD5
54427bbcbda634912c0dcbc77a68d886

SHA1
709af992107865ece789f934e7ee86eb3ee96d67

SHA256
7edef20402281517c3dc8dee257d295b086d7197817e02dea1a97fbd188f78fb

SHA512
a7a6b13e66bca26de6b86962e8108b70a0237c05502ccf6c7f56ae4584327c4c7b6362225f50703b22f6b46d7f0cde5cba618d3a5fb046e34b5d9fb152e8d184

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/databases/lezzd-journal
Filesize
8KB

MD5
fd85dfda50a2b9dd66a30f6b8f05bd64

SHA1
78a2b7b20f5161c31bdc5559ff5cbed54b09faa3

SHA256
67cdb95983600bc562d91733544f89b039deb7e010eff77028fd0d7c8e87292a

SHA512
fc8b2df75113b17fcc5b74ccc21e9bb7d348a9ae5857486c080923f10c204cb8304517df48dd95549e8bf791b08e30eb7d11dcad308e744f0231065183765659

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/files/.imprint
Filesize
944B

MD5
72103d9f68df185cc1895d02e2acf77b

SHA1
f694235be03fc57e11b4bdb4d6bb5f6c70a8d692

SHA256
deaea2edcfc59ec2e20d11afdf778dadfe4a0ca7ca2cc30df65f224e2f10a493

SHA512
1b93d0324e8688409268e2a6de6366ba0a13e111462d8c32f16e7f58d54fea3eebb76334c1e58c18ee283e20c8ccf05db25c3607269f0dab6e7ad05a0e1214e6

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/files/.um/um_cache_1716245039663.env
Filesize
654B

MD5
b728a6f34f27233ed95c3cf38340ef36

SHA1
a55df5907167fe9eeff11e86fcc78014166e84b7

SHA256
4fb3fe73c4e8fe5afecb6335c075f3313f84a3a7b3427e6572789e1415ceced7

SHA512
d063a3c70595bbeb7e18598331500ff3b4fdb668d9e74284f17d1f96ce5279b3fd000ab0c1f60ca582a066a70667eb1dbd54ae9b3df9c1ec8213505a581e2323

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
ddb6096709c256e9a5f768c4e77e788e

SHA1
3fe107fcb2d4c09984abb1f44205017822fa5fa4

SHA256
b6dab9500f03a2cdb6e362611d27257790a8b2f52fed43e9e6fb0e4ec22b58c2

SHA512
9deb3c8ed7ab9c1705f97ee055d7114b92179e0049a45e6fd261bdf53fb4146f2c3b441ab541d37db7e8dd1e653f58f359da79140fedb5d3914e8fb7bb179fa1

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/files/mobclick_agent_cached_com.cwut.bpbp.pvmx1
Filesize
1KB

MD5
5f67a3e77625003318bcfe91cbb9683b

SHA1
8509fe22404cff4c1f17c2caeb61bdf7a654a3df

SHA256
52b98699f4e7eeb04a6e24f008fa9e1f34190c1f81ba571383d5c06fc3c92edb

SHA512
0042fa86d88d23190007cc3a45e8a5e7103fa21d61ef7b48c4e5d066028cfe2a37467def99e973cad468967b432588e93c6736a0dd133496c0da9a4dd448c7ad

Download Submit
/data/user/0/com.cwut.bpbp.pvmx/files/umeng_it.cache
Filesize
350B

MD5
a3d8106a2b5dd89e3bb3ae603ae9aeb3

SHA1
eda8944b023ce500facacaa00939bff78b31c986

SHA256
8a5115917839c65f0b8509215777a73fd010abb8370e3ef8c00b20676a84d0d6

SHA512
c8252c02bdd8dee4403d80c45310cd45487d2fe50d40f05e22b119d2bb5ca9d44d0338972db3f923f6a6773842b53ee0f7698a00d9c915388a14c5731c045ba2

Download Submit