eb40eb2932f8bbcb5c9903a7bbbeb4d9f1a432914f3a6a24a2a1f182552089ed

Analysis

max time kernel
5s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63d3e0588dbb6ecd09706786d76ac056_JaffaCakes118.apk
Size

17.1MB
MD5

63d3e0588dbb6ecd09706786d76ac056
SHA1

d3497ab8f9d098c29c1669c52e81d0d3da5884c5
SHA256

eb40eb2932f8bbcb5c9903a7bbbeb4d9f1a432914f3a6a24a2a1f182552089ed
SHA512

4946c64a5a01a552c0ead0e4327f96dd0540afbe948696655c7613dd0b27c0537a7a4324eb7722694f7f7c7a5598d73bc31ae3ca8c59b13f1a7e324929a2e93c
SSDEEP

393216:xEv4O0M6iEYWDwCF+GUjvB7ObhnFGaLR2tzuM/DxwPaEsjV:xEvXgYWEoyvdenFGaLR2tRdwzsR

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.cardlink

ioc pid process

Anonymous-DexFile@0xd20be000-0xd275e818 4245 com.cardlink
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.cardlink

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cardlink
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.cardlink

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cardlink

ioc	pid	process
Anonymous-DexFile@0xd20be000-0xd275e818	4245	com.cardlink

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cardlink

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cardlink

com.cardlink
1⤵
- Loads dropped Dex/Jar
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4245

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cardlink/.cache/classes.dve

Filesize
24B

MD5
7ea4e8964042112157a7826ec0152e05

SHA1
7fd78073b9e2bf666256905dbbef3add4c311b1c

SHA256
f40592f9a1346a79474ab04571076302798d3076de625db4d021e77567a036bc

SHA512
dfa089c7db0565e49e90b0cdbf3cfda40299179f06dec4d423e5be3b8c28fca3abfa99c1bb14fea4bb277eab6378b5a42c7c7cb64d75fbc3b016c4858e95b840

Download Submit
/data/data/com.cardlink/.cache/classes.jar

Filesize
2.1MB

MD5
6d3de32a1770e7fc68dbb6fa4a728906

SHA1
c9110e812461c2b283bbf1851287d31fc9cfe312

SHA256
6ea1fef266c16527ba40dc3a39a6a3e679e35af3c459e92356f350e402537017

SHA512
356dc1602b5d2dbeb1a2b2ecd897d6f9589cd6fb163e2c438811182cfdf250c9df67904d8c7fc1ed08267e54d3081e68541f5708b37d87ad891f50c4569d4450

Download Submit
/data/data/com.cardlink/app_crashrecord/1004

Filesize
222B

MD5
a9dbfc6c23e22eeb63aa6ae3fa0a41d1

SHA1
9d36eaaaebcc954b1924fa8a56cab0fdf166715a

SHA256
8b71e3d2e84d348acfd2cc5aaa29bcc7d73a468b6fb31aa880bc93b688368426

SHA512
41dd5d831641d117cd9c68fcb52d1eebedd42a1e7ddf57e93e00bd7a24ed96cea297c96fca7c6a5886dda9cbb5441c2e737c5dc2db9de27a52bc78f646ffe0d5

Download Submit
/data/data/com.cardlink/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.cardlink/databases/bugly_db_-journal

Filesize
512B

MD5
d86e3715fe2946d892392fa336e764a3

SHA1
edd27fa36337b7a4835cca29f7ea6ceb607c4213

SHA256
310827f83fef5170952933da724d59db3c04d5e0ef45c6f5a8332bce6a8e2daa

SHA512
a817b484ff3d127cc59042eae8f244da32b506b1939efd7e5803314e90c691f6ab384d865eb2bf52587f007c6228fa12c036bf67069558e117e6c4a121118226

Download Submit
/data/data/com.cardlink/databases/bugly_db_-wal

Filesize
16KB

MD5
1f94e8bdc96781758eff494e56e846b4

SHA1
53d04ac9b7e46c31d84ef02dba39ba6f258c4397

SHA256
be7fa1cae8890b28cf4de47d1f7e2042aa665a6dc36fe1f1d0f9fe1118834681

SHA512
0d6a53ce8695a00117a97aebc15bc86c3e4df2a7a792a4c6f24de1ed7cc851703a6d9544d22248a7f60b9b19240123a1fbb881badfd1444b5c272b45d30af912

Download Submit
/data/data/com.cardlink/files/Mob/domain_1

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/storage/emulated/0/Android/data/.mn_410185822

Filesize
130B

MD5
f321656a466363e5192773d92000e401

SHA1
3a6abe9be1a6f4deffaa98fd27f3449c888d3c4a

SHA256
53efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c

SHA512
fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d

Download Submit
/storage/emulated/0/Android/data/com.cardlink/files/tbslog/tbslog.txt

Filesize
2KB

MD5
a4e1e9e5e662505b5bf7b6d89af40ed2

SHA1
a8517a610e991f683672736d44bdb89387378843

SHA256
e5ccaa1539fb2f404749aa4c1bd52bfc8d8e62a207c26190e09fa7282c6b667b

SHA512
96f0cf38d8ee21404c060783c019575f9517784aa1e002f07dac459024d28c8d5c275c39a034d8211d2584ddd1e1199efd3e729f7ea22dfe083b103e74c84090

Download Submit
/storage/emulated/0/Mob/comm/.di

Filesize
57B

MD5
70a42cba408700f9a6c01c7941a8829e

SHA1
eab01cc2c0671538795fb0b1146017dc099d0984

SHA256
499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f

SHA512
8900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c

Download Submit
Anonymous-DexFile@0xd20be000-0xd275e818

Filesize
6.6MB

MD5
93e9cc0d956fbf5710b1f73e96718844

SHA1
9cdd452861bd29003ae62118b1961980692c10b0

SHA256
5e2c273f277ac5014a6b012d82991ace496f95007362a44e9c9da53e873fe25d

SHA512
655d9f33b441b069307fbb98e8e363bbf7bccc39aa3276023258e016204ee0dc884a4dc18e3115095643867f29c21eb393458acf3fd1249e9879b6e14a85017a

Download Submit