01f454eb454d924091963f18395521aecd6e631b91c9c908068c3027ac057a95

Analysis

max time kernel
7s
max time network
152s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
20-05-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c9edd57c00bc88ca1358487e8028e3f_JaffaCakes118.apk
Size

16.2MB
MD5

5c9edd57c00bc88ca1358487e8028e3f
SHA1

76fd5b28010529883eac5ca22a4c6104ea32ac3a
SHA256

01f454eb454d924091963f18395521aecd6e631b91c9c908068c3027ac057a95
SHA512

06c7d865705ca833824af2db572c0f6e81ae60e8959824ccca51bbaafd2ca2340ab829c43bded4689e2aefc648c4cc251129b7acb914a6f166623fb8aa642097
SSDEEP

196608:09sbfvLd0/baUmW6rU3cMSlJvbkgAnYWQ720Ji499rxBZuAhXXQkseiZs549q/Yc:EsL50TzmWc/vvb8nY7y0x99ZvVXQNq9

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk	5218	com.j1game.kzfy.egame

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.j1game.kzfy.egame

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.j1game.kzfy.egame

com.j1game.kzfy.egame
1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:5218

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact