af3d873266dabd5f8544006b2e51cb9d4948761019ef0b56ae96b020d35b0d34

Analysis

max time kernel
165s
max time network
171s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
20-05-2024 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e9d52ebc08775652e8e220b72924e6e_JaffaCakes118.apk
Size

31.8MB
MD5

5e9d52ebc08775652e8e220b72924e6e
SHA1

d30d8355c9054ae790fcfda301ebf7f3ed0fab26
SHA256

af3d873266dabd5f8544006b2e51cb9d4948761019ef0b56ae96b020d35b0d34
SHA512

9c4d3009f3f54f2dd9c4af2cdc2b915487a85bc991bcb4378cb6d9ba17cd709efa4092509c62330c5c4ed0bc284c626d08e94f27f79079ae0091d0a1d6c36e78
SSDEEP

786432:HsOFoxZLRQgyC6CP6qPonH4e+/SUYJwOUm8h8Gj1:HsOFoxZ1QgyC6CeYe72m8hv1

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.cdbabyjoy.hitduck

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.cdbabyjoy.hitduck

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cdbabyjoy.hitduck

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.cdbabyjoy.hitduck
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cdbabyjoy.hitduck/files/mobclick_agent_cached_com.cdbabyjoy.hitduck

Filesize
197B

MD5
d53376167ada55e9c3076460238a7313

SHA1
0c35803a839009f36ff0d39efc8bb36ca432e95a

SHA256
41595ad7245769edcdce33d81b9fd95aee88d9f2278023170633cf213984c94c

SHA512
3c17c5128ebd614576414a322e08f9c4d895318896fbc514f45ec781164c32030518b002427de82d2c824f689bacad5e3ae73182809f0ca481afe5cec13fefd3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads