0c278aaf3bd91d69f4db29757a5766a6f712e920cb1769f89ebe47d521c18357

Analysis

max time kernel
179s
max time network
151s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6681e57f5436ef60d17d9b354dfb16a0_JaffaCakes118.apk
Size

10.9MB
MD5

6681e57f5436ef60d17d9b354dfb16a0
SHA1

f13c1840c82a19248e2c8c29644a1e95dc80e6f7
SHA256

0c278aaf3bd91d69f4db29757a5766a6f712e920cb1769f89ebe47d521c18357
SHA512

5e6e34d905d9e1424a9768f875da95becbc1eebfc84474582df3fdd81e58725e6ca0e366bc7cb7d647338a564ac0e183099dd8f02649decee117f5a42413d9b9
SSDEEP

196608:enilNfysKvvC68Y1NOENyEYd4MdFFRQZ4cHT5Un/nKFtUbXwBk0PRN3ftBWPiNeE:bwXXRFmdgFUCtO6RN3/WPeeQmP/k

Score

8^/10

banker collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.mobineon.musix.lite

ioc process

/system/app/Superuser.apk com.mobineon.musix.lite
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mobineon.musix.lite

description ioc process

File opened for read /proc/cpuinfo com.mobineon.musix.lite
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mobineon.musix.lite

description ioc process

File opened for read /proc/meminfo com.mobineon.musix.lite

ioc	process
/system/app/Superuser.apk	com.mobineon.musix.lite

description	ioc	process
File opened for read	/proc/cpuinfo	com.mobineon.musix.lite

description	ioc	process
File opened for read	/proc/meminfo	com.mobineon.musix.lite

Loads dropped Dex/Jar 1 TTPs 11 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.mobineon.musix.lite

ioc	pid	process
/data/user/0/com.mobineon.musix.lite/app_working/startapp.dex	5163	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/startapp.dex	5163	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/yandex.dex	5163	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/yandex.dex	5163	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/facebook.dex	5163	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/facebook.dex	5163	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/adcolony.dex	5163	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/adcolony.dex	5163	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/vungle.dex	5163	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/vungle.dex	5163	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/cache/1582435991586.jar	5163	com.mobineon.musix.lite

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.mobineon.musix.lite:player

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.mobineon.musix.lite:player
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.mobineon.musix.lite

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.mobineon.musix.lite
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.mobineon.musix.lite

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobineon.musix.lite
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.mobineon.musix.lite

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mobineon.musix.lite

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.mobineon.musix.lite:player

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.mobineon.musix.lite

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mobineon.musix.lite

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.mobineon.musix.lite

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.mobineon.musix.litecom.mobineon.musix.lite:player

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.mobineon.musix.lite
Framework service call	android.app.IActivityManager.registerReceiver	com.mobineon.musix.lite:player

Acquires the wake lock 1 IoCs

Processes:

com.mobineon.musix.lite

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.mobineon.musix.lite

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mobineon.musix.lite

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.mobineon.musix.litecom.mobineon.musix.lite:player

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mobineon.musix.lite
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mobineon.musix.lite:player

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.mobineon.musix.lite

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mobineon.musix.lite

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mobineon.musix.lite

com.mobineon.musix.lite
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5163

com.mobineon.musix.lite:player
1⤵
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mobineon.musix.lite/app_working/adcolony.dex
Filesize
303KB

MD5
37b5582108382d2ed012ab205ae79e17

SHA1
8973c56f72132634c487ab889cff4a17cdfc6ebc

SHA256
0d4176c543e9d6d6f02b0b2834b3f499042fd2dcc6529eed71478b7ffc5f61df

SHA512
fcdbb11f96b3ea16043c9d4fbfde0be642793b6aad23e8ebe0392c5c17317f110fb5ffabb4b8140f2fe3170ba2e498cb642db56e6a37f7cecaae349fc6fa5f5f

Download Submit
/data/data/com.mobineon.musix.lite/app_working/facebook.dex
Filesize
207KB

MD5
85c8edfb5743ca37d63489a2b2808099

SHA1
2effc4cf76c44ebe32cadc9a9cdfd94afd0a2ef1

SHA256
dedac9fdd8941207f57e4380ce5e9f107cb1902403f83d5882fdfb36d875569f

SHA512
58aebd7fad21533a67a51bfcf137a3b0811d93d7b240b1226829951f22d80ba1aa2571793916d10ea6d97156dfa01514f56fc9ff8826030f8f67f45d3529352b

Download Submit
/data/data/com.mobineon.musix.lite/app_working/oat/startapp.dex.cur.prof
Filesize
85B

MD5
3017e8fead1394c0f9dd33661a920362

SHA1
f1dc3677d7837cc07e192ce2542ceebcb8c6db20

SHA256
d73c98585462e9f8afb9e45e0ef6654779c54ec53c8ffeb5107d36ba980546ef

SHA512
3747bf33d51def1c99894bb722e846366edc3465e40dfe1ce9bf0f88ed21ee8fc09e64391f53e4c355ae315452255df76c97273dcb17a291769d1de6500d3d95

Download Submit
/data/data/com.mobineon.musix.lite/app_working/oat/yandex.dex.cur.prof
Filesize
70B

MD5
0a30414600f9c1749c9d09f21be2857a

SHA1
2d3264c4685a88d619bed5fe3b5bf31a117105c8

SHA256
63409dbf839a963bb051db0b6f4fa408846830bb8b0771a6d0c7ec0b53ea3b89

SHA512
ec34a8d273fdc95ecf2780b2cd590eef6935318a0a0f5aa1444d5f5a26a90c5fcb50e214602f736f089f821de10a68c50f741642c7a12ce6e4cc69ef2d3a9e25

Download Submit
/data/data/com.mobineon.musix.lite/app_working/startapp.dex
Filesize
544KB

MD5
a7ce3758ab5597482c4d81f7b9c696b2

SHA1
a197b161e1130cbacef099094f2a5d26e0f136d3

SHA256
94f0616813e653cae87216f49f3f8f4988be5f792932e61c5c5a908fec858d62

SHA512
c6dce2a63682b09d69fcbfc0dc99cd5ad705e1236cb7a03e099b8e83c97ce50cce206cf912819082a70c8e6946e2f8d96055cdc65af573d62b07dca9636c8b03

Download Submit
/data/data/com.mobineon.musix.lite/app_working/vungle.dex
Filesize
694KB

MD5
4da56a4d98f4e4fa0f6eb8a56f4184e5

SHA1
907a6c3362ebd00e1eebbf158e025a2c03ad9abd

SHA256
8c90b442f00138496607e307e83da5a20e5b0d15c015b788902af25e50d3b7bb

SHA512
b1430ddd62068fd084a4b48a8562712eff06972b486ec4adaf204e8541f33caf0808b980927bae1f137b2aac364f9d78be1dd99f986c4db6fbf959def84acafa

Download Submit
/data/data/com.mobineon.musix.lite/app_working/yandex.dex
Filesize
258KB

MD5
c9a1db3fadfbd6980ad0b9ec0e60635c

SHA1
bfd7abdb28be7b5107426d9c0a43204efb89bd7f

SHA256
0c92b22ed8607b60f88a397ac257d75e12b2f4bee1902983ebefeff9f14332ee

SHA512
bc854a56f34c72323c1b101a1bf22260415d0a428c0befa588e45a41f80e96ef0d7337081db5caf5156d81ad135b9ccfbf5f3b4915120bfa5ea2ceeded553f71

Download Submit
/data/data/com.mobineon.musix.lite/cache/1582435991586.jar
Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/com.mobineon.musix.lite/databases/media_db
Filesize
12KB

MD5
07822d45eb13cc56d4a3a7ba23805cf9

SHA1
e38e7fc31a0e6f1121a693f8f38a5250c5139b12

SHA256
b97a2ca9e70103e2e59fd175af804636f2546a2b937e15e8de1cacb02ccbca1d

SHA512
690e34e9fd2570203f817978a2ab55190d809ea3459aae0e6bf948a116015dadf8496a10d5938aee5e0905927455ac38e66d4fd9b7df0158aa0b16c311b80002

Download Submit
/data/data/com.mobineon.musix.lite/databases/media_db
Filesize
72KB

MD5
dac91b65b2f57d62e2e80d15f7d4c6ea

SHA1
313f142649ca48a4f2fe5c3fa9449b6f37fffe29

SHA256
883c5763f58c7120317145ed1b6d9f350d82d2a6afb2ba9d5f02ab8bcc9afbe9

SHA512
9df2633e88c9135faecf7549a08c4d2a19051bc51f01a70893fd65c49584c75d1e1255c23d92817a9f3f8ebef30259bb347551963960960ccca244f275585502

Download Submit
/data/data/com.mobineon.musix.lite/databases/media_db-journal
Filesize
12KB

MD5
baf2046bb209530fa68cd0d8f64847f0

SHA1
b0d9d500bcdceb550c4d8157f22d93bb52eb61e2

SHA256
8adf74c5553ebbec4c90fdc441697e32fe04290bed1b873360ffd3fcf9194f58

SHA512
4cd686031f1b512b7ce1a64f6a7b752adb54f6df3b092bc6818e01586defdde9403ca2bacdb036ad9651b0c9c40b8bd3cf920e5bb6af3d949c04981e4d0cef22

Download Submit
/data/data/com.mobineon.musix.lite/databases/media_db-journal
Filesize
8KB

MD5
ef75ce8a40eb88b9d9eb1850f74cef0f

SHA1
343f8b373cee67d671fbe155d03fc87212b41298

SHA256
9a0906663d78ead060edc1cc59eaab1da6e57c3cb931eed0fea8efded07cceaf

SHA512
5b9758d041fe94846ab0f264646fbbc403004290345ae19d98d7d7b0171323ec197630f3776f8e37b6a5b80560b95669833d3d2e17689a94b275abd4b38b911f

Download Submit
/data/data/com.mobineon.musix.lite/databases/media_db-journal
Filesize
8KB

MD5
f2541dd8ad4758bb8f05becc5572cf41

SHA1
03bc1cf3e5c17a9fb6a3ae2b7613658348916419

SHA256
4ba6addf531e0c9ca1dfc4860b3b816e2610e0ebd23e160d0bd738be39bbaeea

SHA512
6a4713e431ca504907161d5b1202f765867c0eac87995a880493ab288820e5ca4ae24af773842cd55abfeae23ee4cce1ec662099fc137c718dc2e4e030355c2c

Download Submit
/data/data/com.mobineon.musix.lite/databases/media_db-journal
Filesize
4KB

MD5
e6d031a8b96191f1d4c9e09f0200e011

SHA1
d3d1e936905afd91ac2f21399a6bf6ebbab1db22

SHA256
672f3b22c1f73cfe2ed453828e93f2db0e25ee4cd87d3eb03c70468e329a86a1

SHA512
d0e9354c168abf8c35d36ec6c21e2947911ae9ead194fb3a900b5ff71372535d1c9c9ad7a9a4448acba5894730c1ee6ffc75515c6186e5499c4807888391b935

Download Submit
/data/data/com.mobineon.musix.lite/databases/media_db-journal
Filesize
4KB

MD5
cc941a801913e820f74277f5dd3671da

SHA1
fd4a4eae9554404451037aa9ea76cb3e9f1e8c14

SHA256
b74db07967b4bd6ec017be2cde263a1f3216277f919da423b96b1380a4174382

SHA512
1e6106a7e778e3d9527c6c7403adbc31c42fdbccaf0eb1d490bf189f3186ec702ce756d9d58ec7c4991732820406a279fd13a0b786845e7ae22d92625628220b

Download Submit
/data/data/com.mobineon.musix.lite/databases/media_db-journal
Filesize
8KB

MD5
681393f76602246d682d427b1d64e3b5

SHA1
db78577a0ae5540267b6c4117d8497bec4705008

SHA256
341a6cdafde98d702c6f9ac6c1e77336f562bfd1426a0ed7605125252b8efc94

SHA512
b5c9976fd2d35d90ff0a8eaf7e42feb972f12fc8989bda2f65977c7e2f6d2d3ef19f6c47f015acbdf2fd7bada93b9827e00db0cbcbd89a0a7903aa43c454b025

Download Submit
/data/data/com.mobineon.musix.lite/databases/service_media_db
Filesize
12KB

MD5
1044076a1658bdaffa4e1f3d4a63a810

SHA1
1abfa02de75b4272577c7e6155343b9a7853b6cc

SHA256
76a1289787f368afe34c903252e6e26ff781e32c51edce72cb4e518d1d62de01

SHA512
a87451c1fa9e92ea5e6310c7fa45e99bd5f2861491af21931dffe5dc7354fe57e6a77e75eb92a6de12e42dc4944bd665853ebffe0ad60d246ecd46f4bac917ce

Download Submit
/data/data/com.mobineon.musix.lite/databases/service_media_db
Filesize
20KB

MD5
de6b647434eec1d377ca68142b2867b4

SHA1
8c9cf391a25fb610913ba8e70ea48d71cb5e2034

SHA256
0fa82377bd46ca4c4a4a05186fcba6e8ec83170d98c5d76db34c991c47533d10

SHA512
da591fc37df5b0054975275a8fd7ce817aae7bdbd9247fcc86bc0bebafc712ffd330c08bcaaa591e81f9aa9af723f338e4c6c45918a7764c374a40ca581c8ac1

Download Submit
/data/data/com.mobineon.musix.lite/databases/service_media_db-journal
Filesize
512B

MD5
4540e204252ddcba1f92c06cb9571417

SHA1
faaeaff440fe481411524e0f2b27be44d09e5d48

SHA256
93d514cffc4f3495516fbd9b15c81c38dfb09927362855863ef31f837f5c904f

SHA512
289922979a9aa7c2d334d1303e8e4a223d1d3fb7ae3c13f0e933621f8cc988b8a8c9e4ceea71d879ceae62a9551c2fa6883c8cec6cd68f37775f51671ca8be9b

Download Submit
/data/data/com.mobineon.musix.lite/databases/service_media_db-journal
Filesize
8KB

MD5
b139d5693bde6e2f3652605c522804a8

SHA1
0653bde25a9cb699433983214a2d3366bab18aad

SHA256
5ea860aa4a9dd07fe90215bd319123e84ec1337a95eb805dae0c601cc40db61c

SHA512
d7feb15957c7fea02743d7d8642c4818a339181c74fae1d76c72ec67c72b5e4c796fb7731d2124d15db4cadf4e0920d640a9375dd7496e8c16bf86cac22394ce

Download Submit
/data/data/com.mobineon.musix.lite/databases/service_media_db-journal
Filesize
4KB

MD5
a8632e4625401ed49706daee554146d9

SHA1
cef472bafcd2459d355a2eb41146997c51ace9ce

SHA256
5e8b7272a58a3ecaa9100a5dce041218550ebe20d1a5dd54cc65f4fa23d26b29

SHA512
9ee32f95dbbac262846ae7dc5860b3e0e711e16f4d539ad8d63fc3883d78ea79120aca4aca48babe44db2e5426a799933fe1cdb7c6fbe52e321a05608d474ce3

Download Submit
/data/data/com.mobineon.musix.lite/databases/service_media_db-journal
Filesize
8KB

MD5
7fb61a7ca5fa300e985fec096021b6b3

SHA1
dbd43e01d08317ec0bb0ec37585e72b8dae838fa

SHA256
8a65e826b23fa07dbb68bd15fd21896225a85baee05fad5cfb943feee1067e0b

SHA512
96c7cb15cc71ecfc1f3c1a7d9de56f1e402137b2058f3d13f84eb0d0c6fbe417ba94a7dfb5426fc5c6066daf9f0fc44e89d762d06a10a29b4364e47ec0204dd4

Download Submit
/data/data/com.mobineon.musix.lite/files/.YFlurrySenderIndex.info.AnalyticsData_X2MF926N2483VKWSBQQD_216
Filesize
88B

MD5
68a178acdc23b250743dc2d9be9519dd

SHA1
2369b2b69eb5ae9ad0274c3bc2df02877aa6bdfc

SHA256
c9e6ac89900c317d30292b6b00d84735c2e78a52d531c3b92648e268fae5d605

SHA512
073b810e3ea980d517031f25e7a2f61e599eccf92aa6f7c761ee827865e0253e78ec73d0af17e958701f68c3e30bfad15fd8510a751a1f8743862d5e53bbfc80

Download Submit
/data/data/com.mobineon.musix.lite/files/.YFlurrySenderIndex.info.AnalyticsMain
Filesize
72B

MD5
211b4b70a4c03f623171f5b2e23b07a3

SHA1
b7a48dfeb22f103391edf7ba70d288a0b22338d1

SHA256
80208ea2b4768e6f45bde1366d59efedfcb459690b32e3179291e7e33a75bcfe

SHA512
f5bc1c82e93b3dad54d16644b8165e5e4b9ad043491e1e94620eab51cf0e8b5d143c3611f43e41a8ec7d2d32b35c0ce04a48ce6ddaaac79ae4cbe746b965bcba

Download Submit
/data/data/com.mobineon.musix.lite/files/.yflurrydatasenderblock.e5a88c39-4158-436a-9c79-f35258d900a7
Filesize
274B

MD5
989cbd5a9b0db9755ba7b882a006bdb9

SHA1
2ee2589516926a098928a268ef36262f93f55248

SHA256
8bef7b326a51dc4ff415e8558b26b91ecc95c32190fa13e424dfe056e6bc0f9c

SHA512
e83a828d84b91ce51b4904bc05895dfc7285776c34fe7fa88a48e790e62928ce73f93e698041d36b4ff48cf6099b1a900de27cc4a3b07947f45edaf769a99747

Download Submit
/data/data/com.mobineon.musix.lite/files/.yflurryreport.4eb29873733ca3b9
Filesize
380B

MD5
cc0a560b1bb923fc9e435c2f11d563cf

SHA1
a0f7fdf660febff15afe567ecb7439b3edb78dcf

SHA256
56ae1d1199f8129fb6f917718709875fc4ce5f301c3460d4e77f339f33c31c77

SHA512
a5a64d9ff4d4f08f2e97986a67b3db955f8bef749818c1e51bb79633ec18a18080d44a5f55107fff40c6bcb5f17477ac53bd34ad8e9ba3e7d25dcbad2fb5e10e

Download Submit
/data/user/0/com.mobineon.musix.lite/cache/1582435991586.jar
Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit