7aca3425fda1f7c28b1f2fde53cc2fede89f0ef4c61c42cd11a7066474dd8e69

Analysis

max time kernel
178s
max time network
163s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68b5996d6f99defc534eac67d8d5e147_JaffaCakes118.apk
Size

1.3MB
MD5

68b5996d6f99defc534eac67d8d5e147
SHA1

51d4e0846551f5327a6d89675b4b8ebe5e4534af
SHA256

7aca3425fda1f7c28b1f2fde53cc2fede89f0ef4c61c42cd11a7066474dd8e69
SHA512

58450f303104e37b45f0c0b5e1ab7e59064fb0347d4676210eb384fdbf8142a81206f66060101eca9c71e3c40f4e8c7c0f6e20b0e6a83862ffb69860239d4d2d
SSDEEP

24576:2KtoL0otaYtXMrq9sDU0YIVWerxR3jzo+jcjDO1q/13tdHbZKm51Ob83j:uQ7Ytaq94UoWoD3jfAjDO1q/1XHNKmj/

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.mknb.oixd.gwuj

pid process

4621 com.mknb.oixd.gwuj
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mknb.oixd.gwuj

description ioc process

File opened for read /proc/cpuinfo com.mknb.oixd.gwuj

pid	process
4621	com.mknb.oixd.gwuj

description	ioc	process
File opened for read	/proc/cpuinfo	com.mknb.oixd.gwuj

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.mknb.oixd.gwujcom.mknb.oixd.gwuj:daemon

ioc	pid	process
/data/user/0/com.mknb.oixd.gwuj/app_mjf/dz.jar	4621	com.mknb.oixd.gwuj
/data/user/0/com.mknb.oixd.gwuj/app_mjf/dz.jar	4684	com.mknb.oixd.gwuj:daemon

Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

T1409

Processes:

com.mknb.oixd.gwuj

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.mknb.oixd.gwuj
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.mknb.oixd.gwuj

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.mknb.oixd.gwuj
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.mknb.oixd.gwuj

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mknb.oixd.gwuj
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.mknb.oixd.gwuj

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mknb.oixd.gwuj
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.mknb.oixd.gwuj

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mknb.oixd.gwuj

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mknb.oixd.gwuj

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mknb.oixd.gwuj

com.mknb.oixd.gwuj
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4621

com.mknb.oixd.gwuj:daemon
1⤵
- Loads dropped Dex/Jar
PID:4684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.mknb.oixd.gwuj/app_mjf/ddz.jar
Filesize
105KB

MD5
23ba0b249042b7ba33e92c0199b0ea4a

SHA1
99b13ee9f7307316c2337953fceed87e9942b794

SHA256
1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

SHA512
0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

Download Submit
/data/user/0/com.mknb.oixd.gwuj/app_mjf/dz.jar
Filesize
248KB

MD5
a54a18b58c6720991c021f433dfb2a46

SHA1
d2ffa07919f92b6e04914e39843f08fdb2a75b68

SHA256
3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

SHA512
e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

Download Submit
/data/user/0/com.mknb.oixd.gwuj/app_mjf/tdz.jar
Filesize
105KB

MD5
293ea5f01e27975bed5179ba79d80eac

SHA1
c5b0806a537fd1cb753e11f1a9684933317716b8

SHA256
8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

SHA512
c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd
Filesize
28KB

MD5
fdb8a92e5060ce104e8f0faca55a47ce

SHA1
270d7ca30673e18cec1d2b9add71cba96dc426fe

SHA256
194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

SHA512
ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd-journal
Filesize
8KB

MD5
35e61c8e30c9b906a158f7fcc45027f6

SHA1
fdb6346d78e932d15860cd0cb7caf1a3ef50466e

SHA256
5b73af3f2ce630b554ca4117c96987607af2adc6528eeb17cd4a0f81297e1e17

SHA512
f2490d662d4e23765e2534e3047cd0f6b9c9178304ea135e0038c6df6adca91fade58758d1eb6fcf5501c4643c80b10b1997922a2adf155578df5d21bf929926

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd-journal
Filesize
512B

MD5
d3c60f3bf6b9dc6fe2f071204bce20e7

SHA1
34bae1e9f22f013ccd8cdb89d7734598c564432c

SHA256
476c1deecb29fa633eb98e832f5e2c05b1935d489686f7452b8b872eea775479

SHA512
921d8a3c048919e7d29fcb81596a2c8bdc66b49716aa48452a939c31df0c7adbade2ed754a04daa67bb33f6b5424041bfa73ccffbf8c3d0e8595fb1b79d99929

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd-journal
Filesize
8KB

MD5
1091af021afb115090171269b671a952

SHA1
948986a19162c18955d0c915e6fa433ad9a5ed17

SHA256
3ef3f9570dfdfca105fa18851da253cd7c2109b80d249e7716b8c6e981146a5c

SHA512
15235b30a9d5d5eec2aa6c3821afa2632d4b02587d417d72f7484fa4887dca0940eae8412004b43ba5bcffc46f24458b54385598b4498517faabf6ff793c6c29

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd-journal
Filesize
4KB

MD5
5e68190aa0c5ec1bb91766d91a9fb8f9

SHA1
e63a7f69dea7a53fd9d1462874fba28d17897342

SHA256
598824d21e7c82da4f77340401a789159f9d1d73d982bab462632953c7ddd05a

SHA512
8c97b595d43806748392bd8c3827c13068bcaca18aea30782d0fac63455eecbeb131fb53c2bdc34d703fcd7133863445b06a7ce7d8fe7c425a724ba89254d139

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd-journal
Filesize
8KB

MD5
40c9601c13c8d48d60aacd64a12c6657

SHA1
765b7c7bf958d519cf90dcfb9678a680e8010ffc

SHA256
0732b31472de12a6ee661da10a5eb9f67c816bac87a55323c5688176dc679a8c

SHA512
f2588987bc585cc33088ab1d023759351b0e532781061d2e7b9d1a08faeea7014f4e1bcd80e305baf38f0ac439a6fbe8f3c2d96a4a17e8eb0411b5c66e8b0b3f

Download Submit
/data/user/0/com.mknb.oixd.gwuj/databases/lezzd-journal
Filesize
8KB

MD5
f3345c861a0b3870a906820d7e44b214

SHA1
44a0ca0f18750247d7ea2b0e3da81e978905245b

SHA256
0006f9a969d414d23db648eaa8421c2f40e0b7478278ddbd3ebe6ec6f3b8761a

SHA512
b91806eb476a7bc87579c8dd713abe7010f995c16585a6b14611536fe15d4c73b16fd9d3244b5e49f65c720d8eb76f5d781c1f3decf1a270ea3d49b5adad0357

Download Submit
/data/user/0/com.mknb.oixd.gwuj/files/.imprint
Filesize
944B

MD5
cc93fa731192bfab238088450df8e58b

SHA1
9304b2ff7858b147563d99a7e4ce260d0e428a42

SHA256
adac23ed7261f234bbed415effe4126bed0045f21b92d1e072eb6c5cf1fbe069

SHA512
0950ba2d13021186490527f63abd24703eadd44b0ea31601d6cd242d8b8428c6896365624b1fc75771e2698f8a19df51f3454b2e8580aee80335433d0f56ac31

Download Submit
/data/user/0/com.mknb.oixd.gwuj/files/.um/um_cache_1716413741534.env
Filesize
651B

MD5
de2436eabbbb844a4e66b9aacde89a3c

SHA1
765270a6e97709033a33dae3faee944a117bdcc4

SHA256
05ab0e96ba02f099fad0d7bf517d6da11423ce6661685d4c0bce68faac237e92

SHA512
08b2d4c1f5792986ca13f814073d8b7dc2ec47bea7b1b356ac3478bb584bf6e36bb61edb5dc99945902d196291a5877a8f5259afa3cd846aa873693a869faf3e

Download Submit
/data/user/0/com.mknb.oixd.gwuj/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
008a3a119c8304b37dd34218d0f29d9e

SHA1
d132c0e9dc7cd08f112e1f8f42d786c3dbe9bdbc

SHA256
69809a1d340bc842a058ad633c100797700cdced3f1a62c584aeb3765be622c0

SHA512
ecbd66b0b052473575ce32373d1e1f357b6283b957c7d207dc90da0105c6873ee41bf549adf6fe44d40eaa0d289ecafcd82d0ab970ba6473a2b79181c5d199ae

Download Submit
/data/user/0/com.mknb.oixd.gwuj/files/mobclick_agent_cached_com.mknb.oixd.gwuj1
Filesize
1KB

MD5
698a5194d4ced6ebc68b00a0c336d38e

SHA1
2fbd7c7c11ecf2861a94f375d619a43df211da02

SHA256
f4cb02268d5457a53dbf420ceb74c0766d8c47a384b8a37e7620aa9f37040e61

SHA512
ad52610d059e683e347633cce8c04d9eb11d6cc06bc42e39105817dde4ad20b9bc0d663564a6aa067443f05ad516e228d626c91c91863124653f449f9a1ba6b6

Download Submit
/data/user/0/com.mknb.oixd.gwuj/files/umeng_it.cache
Filesize
350B

MD5
077d9c989994581a2fae91ced88da12c

SHA1
126b36c0699cbc6ac93b4b2c04448a6b926ff705

SHA256
c5a258498afcdf0e31aa4d391d52091aed6e12fc6b31b6debd07ae57774fbbf9

SHA512
3b9415dea33be5fa2b92c3e1899df5bb308dbb3fff426f7144359d6159edb78cfe6060499de0875cbe6121de604111283954c892e2965a425d589e58aba30bb0

Download Submit