fe4c2338651b29188135bca69f4099e15267e1323ac91df124396314bab69923

Analysis

max time kernel
7s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

669f75912bcf9479e422717333d57e6e_JaffaCakes118.apk
Size

637KB
MD5

669f75912bcf9479e422717333d57e6e
SHA1

38d048d7692a3b9cb576a35d9b0d1a05ca4b96af
SHA256

fe4c2338651b29188135bca69f4099e15267e1323ac91df124396314bab69923
SHA512

129210efddb7284a5e972f5a6238a0e28bceb30092d2890a6fecfe95a32ef248124558830429767cbc175b539fa8a8d6c0e78b48ddb9ddcbb4f35c91faced011
SSDEEP

12288:i7CJFrjndITBkvvoRoj7Edwk+XCtryrVRjKoR1UK+3/JUgb1EaR46Ku8Dq8HJUYU:i7CnrbwkRnEwXXUyrjjKoF+B5yaR46KO

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

cn.net.rjmgpnju.hqjtkt.prvt

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone cn.net.rjmgpnju.hqjtkt.prvt
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

cn.net.rjmgpnju.hqjtkt.prvt

description ioc process

Framework service call android.app.IActivityManager.registerReceiver cn.net.rjmgpnju.hqjtkt.prvt
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

cn.net.rjmgpnju.hqjtkt.prvt

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.net.rjmgpnju.hqjtkt.prvt
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

cn.net.rjmgpnju.hqjtkt.prvt

description ioc process

Framework API call javax.crypto.Cipher.doFinal cn.net.rjmgpnju.hqjtkt.prvt

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	cn.net.rjmgpnju.hqjtkt.prvt

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	cn.net.rjmgpnju.hqjtkt.prvt

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.net.rjmgpnju.hqjtkt.prvt

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	cn.net.rjmgpnju.hqjtkt.prvt

cn.net.rjmgpnju.hqjtkt.prvt
1⤵
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4248

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads