7aca3425fda1f7c28b1f2fde53cc2fede89f0ef4c61c42cd11a7066474dd8e69

Analysis

max time kernel
178s
max time network
163s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68b5996d6f99defc534eac67d8d5e147_JaffaCakes118.apk
Size

1.3MB
MD5

68b5996d6f99defc534eac67d8d5e147
SHA1

51d4e0846551f5327a6d89675b4b8ebe5e4534af
SHA256

7aca3425fda1f7c28b1f2fde53cc2fede89f0ef4c61c42cd11a7066474dd8e69
SHA512

58450f303104e37b45f0c0b5e1ab7e59064fb0347d4676210eb384fdbf8142a81206f66060101eca9c71e3c40f4e8c7c0f6e20b0e6a83862ffb69860239d4d2d
SSDEEP

24576:2KtoL0otaYtXMrq9sDU0YIVWerxR3jzo+jcjDO1q/13tdHbZKm51Ob83j:uQ7Ytaq94UoWoD3jfAjDO1q/1XHNKmj/

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.mknb.oixd.gwuj

pid process

4621 com.mknb.oixd.gwuj
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.mknb.oixd.gwuj

description ioc process

File opened for read /proc/cpuinfo com.mknb.oixd.gwuj

pid	process
4621	com.mknb.oixd.gwuj

description	ioc	process
File opened for read	/proc/cpuinfo	com.mknb.oixd.gwuj

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.mknb.oixd.gwujcom.mknb.oixd.gwuj:daemon

ioc	pid	process
/data/user/0/com.mknb.oixd.gwuj/app_mjf/dz.jar	4621	com.mknb.oixd.gwuj
/data/user/0/com.mknb.oixd.gwuj/app_mjf/dz.jar	4684	com.mknb.oixd.gwuj:daemon

Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

Stored Application Data
T1409

Processes:

com.mknb.oixd.gwuj

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.mknb.oixd.gwuj
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.mknb.oixd.gwuj

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.mknb.oixd.gwuj
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.mknb.oixd.gwuj

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mknb.oixd.gwuj
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.mknb.oixd.gwuj

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mknb.oixd.gwuj
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.mknb.oixd.gwuj

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mknb.oixd.gwuj

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mknb.oixd.gwuj

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mknb.oixd.gwuj

com.mknb.oixd.gwuj
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4621

com.mknb.oixd.gwuj:daemon
1⤵
- Loads dropped Dex/Jar
PID:4684

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.mknb.oixd.gwuj/app_mjf/ddz.jar

Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.mknb.oixd.gwuj/app_mjf/dz.jar

Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.mknb.oixd.gwuj/app_mjf/tdz.jar

Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd

Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd-journal

Filesize
8KB

MD5
35e61c8e30c9b906a158f7fcc45027f6

SHA1
fdb6346d78e932d15860cd0cb7caf1a3ef50466e

SHA256
5b73af3f2ce630b554ca4117c96987607af2adc6528eeb17cd4a0f81297e1e17

SHA512
f2490d662d4e23765e2534e3047cd0f6b9c9178304ea135e0038c6df6adca91fade58758d1eb6fcf5501c4643c80b10b1997922a2adf155578df5d21bf929926

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd-journal

Filesize
512B

MD5
d3c60f3bf6b9dc6fe2f071204bce20e7

SHA1
34bae1e9f22f013ccd8cdb89d7734598c564432c

SHA256
476c1deecb29fa633eb98e832f5e2c05b1935d489686f7452b8b872eea775479

SHA512
921d8a3c048919e7d29fcb81596a2c8bdc66b49716aa48452a939c31df0c7adbade2ed754a04daa67bb33f6b5424041bfa73ccffbf8c3d0e8595fb1b79d99929

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd-journal

Filesize
8KB

MD5
1091af021afb115090171269b671a952

SHA1
948986a19162c18955d0c915e6fa433ad9a5ed17

SHA256
3ef3f9570dfdfca105fa18851da253cd7c2109b80d249e7716b8c6e981146a5c

SHA512
15235b30a9d5d5eec2aa6c3821afa2632d4b02587d417d72f7484fa4887dca0940eae8412004b43ba5bcffc46f24458b54385598b4498517faabf6ff793c6c29

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd-journal

Filesize
4KB

MD5
5e68190aa0c5ec1bb91766d91a9fb8f9

SHA1
e63a7f69dea7a53fd9d1462874fba28d17897342

SHA256
598824d21e7c82da4f77340401a789159f9d1d73d982bab462632953c7ddd05a

SHA512
8c97b595d43806748392bd8c3827c13068bcaca18aea30782d0fac63455eecbeb131fb53c2bdc34d703fcd7133863445b06a7ce7d8fe7c425a724ba89254d139

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd-journal

Filesize
8KB

MD5
40c9601c13c8d48d60aacd64a12c6657

SHA1
765b7c7bf958d519cf90dcfb9678a680e8010ffc

SHA256
0732b31472de12a6ee661da10a5eb9f67c816bac87a55323c5688176dc679a8c

SHA512
f2588987bc585cc33088ab1d023759351b0e532781061d2e7b9d1a08faeea7014f4e1bcd80e305baf38f0ac439a6fbe8f3c2d96a4a17e8eb0411b5c66e8b0b3f

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd-journal

Filesize
8KB

MD5
f3345c861a0b3870a906820d7e44b214

SHA1
44a0ca0f18750247d7ea2b0e3da81e978905245b

SHA256
0006f9a969d414d23db648eaa8421c2f40e0b7478278ddbd3ebe6ec6f3b8761a

SHA512
b91806eb476a7bc87579c8dd713abe7010f995c16585a6b14611536fe15d4c73b16fd9d3244b5e49f65c720d8eb76f5d781c1f3decf1a270ea3d49b5adad0357

Download Submit
/data/user/0/com.mknb.oixd.gwuj/files/.imprint

Filesize
944B

MD5
cc93fa731192bfab238088450df8e58b

SHA1
9304b2ff7858b147563d99a7e4ce260d0e428a42

SHA256
adac23ed7261f234bbed415effe4126bed0045f21b92d1e072eb6c5cf1fbe069

SHA512
0950ba2d13021186490527f63abd24703eadd44b0ea31601d6cd242d8b8428c6896365624b1fc75771e2698f8a19df51f3454b2e8580aee80335433d0f56ac31

Download Submit
/data/user/0/com.mknb.oixd.gwuj/files/.um/um_cache_1716413741534.env

Filesize
651B

MD5
de2436eabbbb844a4e66b9aacde89a3c

SHA1
765270a6e97709033a33dae3faee944a117bdcc4

SHA256
05ab0e96ba02f099fad0d7bf517d6da11423ce6661685d4c0bce68faac237e92

SHA512
08b2d4c1f5792986ca13f814073d8b7dc2ec47bea7b1b356ac3478bb584bf6e36bb61edb5dc99945902d196291a5877a8f5259afa3cd846aa873693a869faf3e

Download Submit
/data/user/0/com.mknb.oixd.gwuj/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
008a3a119c8304b37dd34218d0f29d9e

SHA1
d132c0e9dc7cd08f112e1f8f42d786c3dbe9bdbc

SHA256
69809a1d340bc842a058ad633c100797700cdced3f1a62c584aeb3765be622c0

SHA512
ecbd66b0b052473575ce32373d1e1f357b6283b957c7d207dc90da0105c6873ee41bf549adf6fe44d40eaa0d289ecafcd82d0ab970ba6473a2b79181c5d199ae

Download Submit
/data/user/0/com.mknb.oixd.gwuj/files/mobclick_agent_cached_com.mknb.oixd.gwuj1

Filesize
1KB

MD5
698a5194d4ced6ebc68b00a0c336d38e

SHA1
2fbd7c7c11ecf2861a94f375d619a43df211da02

SHA256
f4cb02268d5457a53dbf420ceb74c0766d8c47a384b8a37e7620aa9f37040e61

SHA512
ad52610d059e683e347633cce8c04d9eb11d6cc06bc42e39105817dde4ad20b9bc0d663564a6aa067443f05ad516e228d626c91c91863124653f449f9a1ba6b6

Download Submit
/data/user/0/com.mknb.oixd.gwuj/files/umeng_it.cache

Filesize
350B

MD5
077d9c989994581a2fae91ced88da12c

SHA1
126b36c0699cbc6ac93b4b2c04448a6b926ff705

SHA256
c5a258498afcdf0e31aa4d391d52091aed6e12fc6b31b6debd07ae57774fbbf9

SHA512
3b9415dea33be5fa2b92c3e1899df5bb308dbb3fff426f7144359d6159edb78cfe6060499de0875cbe6121de604111283954c892e2965a425d589e58aba30bb0

Download Submit