436235cd3bbe71e25bd091b284108efa40ae6dfae440c734072df2c9ed980b6a

Analysis

max time kernel
179s
max time network
180s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

658732209be1e4caa0cb665d565634c7_JaffaCakes118.apk
Size

12.5MB
MD5

658732209be1e4caa0cb665d565634c7
SHA1

fb1b035e193a72948cbd39809956914e87ae630d
SHA256

436235cd3bbe71e25bd091b284108efa40ae6dfae440c734072df2c9ed980b6a
SHA512

ebddad57dbcb475993d94dc72dfd80cd1f93f49079fb0d85752e902c6e59d91449dcc3fde3167388c393bb3eed667d7f14ed2bbefe951945fcaa9189c8157e61
SSDEEP

393216:ugkayoeUsZBiqs0Onl+PKhsEWJP6XgWVcfa:TkaDelIDl+PIsXZUcfa

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

Processes:

com.smiier.skincom.smiier.skin:pushservice

ioc	process
/system/bin/su	com.smiier.skin
/system/xbin/su	com.smiier.skin
/system/bin/su	com.smiier.skin:pushservice
/system/xbin/su	com.smiier.skin:pushservice

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.smiier.skin

description ioc process

File opened for read /proc/cpuinfo com.smiier.skin
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.smiier.skincom.smiier.skin:pushservice

description ioc process

File opened for read /proc/meminfo com.smiier.skin
File opened for read /proc/meminfo com.smiier.skin:pushservice
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.smiier.skin

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.smiier.skin
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.smiier.skin:pushservice

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.smiier.skin:pushservice
Acquires the wake lock 1 IoCs

Processes:

com.smiier.skin:pushservice

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.smiier.skin:pushservice

description	ioc	process
File opened for read	/proc/cpuinfo	com.smiier.skin

description	ioc	process
File opened for read	/proc/meminfo	com.smiier.skin
File opened for read	/proc/meminfo	com.smiier.skin:pushservice

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.smiier.skin

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.smiier.skin:pushservice

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.smiier.skin:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.smiier.skincom.smiier.skin:pushservice

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.smiier.skin
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.smiier.skin:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.smiier.skin
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:5163

com.smiier.skin:pushservice
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5215

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.smiier.skin/databases/pushsdk.db-journal

Filesize
8KB

MD5
841ed177dc6c3f1f7e26d559c49161c2

SHA1
9306020e121e9ff18bebc1f52c2834e180d727ac

SHA256
14c215e2cdc6a4b42a609f430f9120c9b2326e8e401c94b6e60167df97bdbadb

SHA512
05503232540b3bd93431eec86ce0c8f31a51b5fd2473b2be01d1bd881098ea988f9297c03aedfa42907fb02795ee683621154f79248c5592553f3fbb09ef01be

Download Submit
/data/data/com.smiier.skin/databases/pushsdk.db-journal

Filesize
12KB

MD5
a3fe94cad628724b4cf089f3ef3908fe

SHA1
82943eff28139dcb61b12a7e9f1fadad3f4f9c9d

SHA256
77a4875be9bb0135f258ba8dd9a6e8d2ec56fd9af43f9cd79e8f512a2c261c25

SHA512
c8747c53d354f36f7e34a199940262292163b06784badd414fcbc4b2271d6f6fcc2622bbc99fff279d24132eac9f100d52d39634b87b850fe7bad7e39849800b

Download Submit
/data/data/com.smiier.skin/databases/skin.db

Filesize
44KB

MD5
17ee09a3c697d8417e438f964ea58b5b

SHA1
d76a44cf9c373e0e739927f6d32c0a6a673ed360

SHA256
9107c6cb17236850cf1d55241f52c38b99459ce97acc6a006be5d98a068f1af1

SHA512
1485520735ee6f9833f29ec755b77d838f84e9a9f17baee020744708c2b997722ebbdb1dcf272cdda9ac41047ae67fbc301dd1c6d0d041a4968f2c3d1d0b3fc3

Download Submit
/data/data/com.smiier.skin/databases/skin.db-journal

Filesize
512B

MD5
b6b02d45802c165bc84ddd151a7b1d13

SHA1
45c8f944f149335047896567484cea9e6bd59161

SHA256
27dcee4d03d7a75a025f49c01e06a082ee03709abe2a2bd05d4b4f950b64d9b7

SHA512
0672be85bdb9f0a8583c55a4bbf51ae7331d9a1a4ea970ffe59bb0d6e416b6b328f221a34694d8c73cff8e5f07d8c7611399a128716618ed0695003ea3539e58

Download Submit
/data/data/com.smiier.skin/databases/skin.db-journal

Filesize
8KB

MD5
4d05bc8a986492e6e469dcf5076c13f7

SHA1
7f40027c6a2ef5a6f4ccb72d1208201c2aa0f0b9

SHA256
ba53b0ddf5cd1697b94dd2225f9fee6bb834c40c8302e04383790e38084c224c

SHA512
84c88e0320d138cbaf0fa0b3be0360b91830e5d83230e53c939bf9b996d944432656624911b6c5e33524309be8ed0afa57b52a1a6aa098c404244a13b310a083

Download Submit
/data/data/com.smiier.skin/databases/skin.db-journal

Filesize
8KB

MD5
64968a22f4b513967000546296f1c97f

SHA1
449bcada5ea37115c9640227638a4ed4ebf92423

SHA256
dd7f19ce3a24aa0fe8019a87ea6c5eb0c1651d5898dd8fbb7563b463544eb008

SHA512
0a4a4812d2b113cd073f09a07f6e6d50fefba09656df1ade064ca506fda52448aaeef113d664706790e5de51f73aa3907d991e701b73006e76c41c174455c516

Download Submit
/data/data/com.smiier.skin/files/mobclick_agent_cached_com.smiier.skin

Filesize
121B

MD5
494279494593519a38710f9d74b90f5c

SHA1
50c056b12c0829df6b889123724fe15c29f34eff

SHA256
51caa170dc4bddb9bf5bb3dd567a0d344ef011038755d1c23a19f550d377b8b8

SHA512
aba2291923a8a1a3187c39ecfda11caa5cfc2fc47c688a2631cc8d3326501b1ef04f200802716da09756abb1278f2d82aec707675076e8f475927c9b96fe638e

Download Submit
/storage/emulated/0/Android/data/com.smiier.skin/cache/xBitmapCache/journal.tmp

Filesize
4KB

MD5
96da77e73f32f0250d228d6a1869c29c

SHA1
453b81b7a2e7c9a168543fa21503b7e6e53f4e00

SHA256
2f3f629abbb0cff5ff5d907c34bff37fd01aec9b84b55ee8d505bc9955058682

SHA512
b4676448f3e4dd038b25e6391a094bdebf5b2b7572abe74b0862c7464e9376b532a6535fc041f5f6ed1c2c46baee75e7bdd9634fc07c094fd94ed41ecd5c31be

Download Submit
/storage/emulated/0/skin/Hospital.txt

Filesize
2.6MB

MD5
384af309e8436475716b02502908e590

SHA1
c5cfd9968dff755519e647ab67de97bd4a0ea678

SHA256
f58ae8fd601660b71d54264aefc85ad73c1c1f1365f12f4d433f7310ea0cf965

SHA512
0b8419d4feb13c4ab8596de659fbc839d02ac763b6f6a5af893d8b916380c4cfd5b5d01236bb7fd520e1969f512f7db26f34448abefe1d2a72cae157bfcc0b9c

Download Submit