01f454eb454d924091963f18395521aecd6e631b91c9c908068c3027ac057a95

General

Target

5c9edd57c00bc88ca1358487e8028e3f_JaffaCakes118.apk
Size

16.2MB
MD5

5c9edd57c00bc88ca1358487e8028e3f
SHA1

76fd5b28010529883eac5ca22a4c6104ea32ac3a
SHA256

01f454eb454d924091963f18395521aecd6e631b91c9c908068c3027ac057a95
SHA512

06c7d865705ca833824af2db572c0f6e81ae60e8959824ccca51bbaafd2ca2340ab829c43bded4689e2aefc648c4cc251129b7acb914a6f166623fb8aa642097
SSDEEP

196608:09sbfvLd0/baUmW6rU3cMSlJvbkgAnYWQ720Ji499rxBZuAhXXQkseiZs549q/Yc:EsL50TzmWc/vvb8nY7y0x99ZvVXQNq9

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk	4315	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/oat/x86/com.k.plugin.a.d.Agent_2000.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk	4246	com.j1game.kzfy.egame

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.j1game.kzfy.egame

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.j1game.kzfy.egame

com.j1game.kzfy.egame
1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4246
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/oat/x86/com.k.plugin.a.d.Agent_2000.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4315

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1

T1407

Credential Access

Discovery

System Network Configuration Discovery

2

T1422

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk

Filesize
59KB

MD5
42ea8a9db6274956166cf40ba8c3ad87

SHA1
7b32ed087a0f0a4d9304b7752be07577a3ee33f5

SHA256
69fdd7d3777f19aa6fe95fdcb40ed8706aa1b882580939bb844e410466377c35

SHA512
b21091df0c87a2dd24b7f0b96495bc184a576af8de0e0119bb62d3ac94dcfaced18a7b4c122209daf19ba62025ec8fafb3c01296154c7a8095da7a3ef9197007

Download Submit
/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk

Filesize
82KB

MD5
f32e610971b1bca5529c6353ac5eb7d3

SHA1
b9875cd1dd04c5108dcdd35b375b54b9f697566e

SHA256
bc3e5ae7540fbf5ca852583ec1956b8ba4bc372d69e281a1bf9835e6c02ceb99

SHA512
4a959c21006abeefb8aea24baac9efcc2f923c44ff3cdba9f504789001952006bd63a8317c8263407e7b650e6f8fbd3ef5227335da07e1e2dd08a6e2e579903d

Download Submit
/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk

Filesize
82KB

MD5
65ada09eed909bd6df7c0180fd53146d

SHA1
8b6f18e4353b98db307e17c2d853d3f90f7ecf8a

SHA256
197aeb0e38671101d11236097af97e6d18fcb21a6cce7f9517cacc4d6643274f

SHA512
a6192618ab25a61f66c081bfffea37ed2b2ad5be6681e3390fc6fdde8e6ad711fc9fdf826d90315b2aa2b58a2752ebe8f1bbdde279f45f13eb652d4c9dee0e30

Download Submit
/storage/emulated/0/.android/.crash/crash-2024-05-20-09-21-39-1716196899397.txt

Filesize
5KB

MD5
10b70b5906cec8a22f4d1a1326287faa

SHA1
a481b19b7a3933520514966fb7c4133fa66945ff

SHA256
db1b90054c09e62370c26be7245ee636f82fcb5711eeac9293636a2e7f24d55d

SHA512
15e0ba3ab1ded879e3bdfa60544258263c76d86f4326cc08ed7aec630e69f8425a4b9351ba0ec910a539fc10211f877cd1e65657bf083174926f48b5e5951238

Download Submit

Analysis

Sharing