0c278aaf3bd91d69f4db29757a5766a6f712e920cb1769f89ebe47d521c18357

Analysis

max time kernel
178s
max time network
188s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6681e57f5436ef60d17d9b354dfb16a0_JaffaCakes118.apk
Size

10.9MB
MD5

6681e57f5436ef60d17d9b354dfb16a0
SHA1

f13c1840c82a19248e2c8c29644a1e95dc80e6f7
SHA256

0c278aaf3bd91d69f4db29757a5766a6f712e920cb1769f89ebe47d521c18357
SHA512

5e6e34d905d9e1424a9768f875da95becbc1eebfc84474582df3fdd81e58725e6ca0e366bc7cb7d647338a564ac0e183099dd8f02649decee117f5a42413d9b9
SSDEEP

196608:enilNfysKvvC68Y1NOENyEYd4MdFFRQZ4cHT5Un/nKFtUbXwBk0PRN3ftBWPiNeE:bwXXRFmdgFUCtO6RN3/WPeeQmP/k

Score

8^/10

banker collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.mobineon.musix.lite

ioc process

/system/app/Superuser.apk com.mobineon.musix.lite
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mobineon.musix.lite

description ioc process

File opened for read /proc/cpuinfo com.mobineon.musix.lite
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mobineon.musix.lite

description ioc process

File opened for read /proc/meminfo com.mobineon.musix.lite

ioc	process
/system/app/Superuser.apk	com.mobineon.musix.lite

description	ioc	process
File opened for read	/proc/cpuinfo	com.mobineon.musix.lite

description	ioc	process
File opened for read	/proc/meminfo	com.mobineon.musix.lite

Loads dropped Dex/Jar 1 TTPs 11 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.mobineon.musix.lite

ioc	pid	process
/data/user/0/com.mobineon.musix.lite/app_working/startapp.dex	4618	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/startapp.dex	4618	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/yandex.dex	4618	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/yandex.dex	4618	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/facebook.dex	4618	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/facebook.dex	4618	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/adcolony.dex	4618	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/adcolony.dex	4618	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/vungle.dex	4618	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/app_working/vungle.dex	4618	com.mobineon.musix.lite
/data/user/0/com.mobineon.musix.lite/cache/1582435991586.jar	4618	com.mobineon.musix.lite

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.mobineon.musix.lite:player

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.mobineon.musix.lite:player
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.mobineon.musix.lite

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.mobineon.musix.lite
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.mobineon.musix.lite

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobineon.musix.lite
Acquires the wake lock 1 IoCs

Processes:

com.mobineon.musix.lite

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.mobineon.musix.lite

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.mobineon.musix.lite:player

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.mobineon.musix.lite

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mobineon.musix.lite

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mobineon.musix.lite

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.mobineon.musix.litecom.mobineon.musix.lite:player

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mobineon.musix.lite
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mobineon.musix.lite:player

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.mobineon.musix.lite

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mobineon.musix.lite

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mobineon.musix.lite

com.mobineon.musix.lite
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4618

com.mobineon.musix.lite:player
1⤵
- Makes use of the framework's foreground persistence service
- Checks if the internet connection is available
PID:4683

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.mobineon.musix.lite/app_working/adcolony.dex
Filesize
303KB

MD5
37b5582108382d2ed012ab205ae79e17

SHA1
8973c56f72132634c487ab889cff4a17cdfc6ebc

SHA256
0d4176c543e9d6d6f02b0b2834b3f499042fd2dcc6529eed71478b7ffc5f61df

SHA512
fcdbb11f96b3ea16043c9d4fbfde0be642793b6aad23e8ebe0392c5c17317f110fb5ffabb4b8140f2fe3170ba2e498cb642db56e6a37f7cecaae349fc6fa5f5f

Download Submit
/data/user/0/com.mobineon.musix.lite/app_working/facebook.dex
Filesize
207KB

MD5
85c8edfb5743ca37d63489a2b2808099

SHA1
2effc4cf76c44ebe32cadc9a9cdfd94afd0a2ef1

SHA256
dedac9fdd8941207f57e4380ce5e9f107cb1902403f83d5882fdfb36d875569f

SHA512
58aebd7fad21533a67a51bfcf137a3b0811d93d7b240b1226829951f22d80ba1aa2571793916d10ea6d97156dfa01514f56fc9ff8826030f8f67f45d3529352b

Download Submit
/data/user/0/com.mobineon.musix.lite/app_working/oat/startapp.dex.cur.prof
Filesize
85B

MD5
3017e8fead1394c0f9dd33661a920362

SHA1
f1dc3677d7837cc07e192ce2542ceebcb8c6db20

SHA256
d73c98585462e9f8afb9e45e0ef6654779c54ec53c8ffeb5107d36ba980546ef

SHA512
3747bf33d51def1c99894bb722e846366edc3465e40dfe1ce9bf0f88ed21ee8fc09e64391f53e4c355ae315452255df76c97273dcb17a291769d1de6500d3d95

Download Submit
/data/user/0/com.mobineon.musix.lite/app_working/oat/yandex.dex.cur.prof
Filesize
70B

MD5
0a30414600f9c1749c9d09f21be2857a

SHA1
2d3264c4685a88d619bed5fe3b5bf31a117105c8

SHA256
63409dbf839a963bb051db0b6f4fa408846830bb8b0771a6d0c7ec0b53ea3b89

SHA512
ec34a8d273fdc95ecf2780b2cd590eef6935318a0a0f5aa1444d5f5a26a90c5fcb50e214602f736f089f821de10a68c50f741642c7a12ce6e4cc69ef2d3a9e25

Download Submit
/data/user/0/com.mobineon.musix.lite/app_working/startapp.dex
Filesize
544KB

MD5
a7ce3758ab5597482c4d81f7b9c696b2

SHA1
a197b161e1130cbacef099094f2a5d26e0f136d3

SHA256
94f0616813e653cae87216f49f3f8f4988be5f792932e61c5c5a908fec858d62

SHA512
c6dce2a63682b09d69fcbfc0dc99cd5ad705e1236cb7a03e099b8e83c97ce50cce206cf912819082a70c8e6946e2f8d96055cdc65af573d62b07dca9636c8b03

Download Submit
/data/user/0/com.mobineon.musix.lite/app_working/vungle.dex
Filesize
694KB

MD5
4da56a4d98f4e4fa0f6eb8a56f4184e5

SHA1
907a6c3362ebd00e1eebbf158e025a2c03ad9abd

SHA256
8c90b442f00138496607e307e83da5a20e5b0d15c015b788902af25e50d3b7bb

SHA512
b1430ddd62068fd084a4b48a8562712eff06972b486ec4adaf204e8541f33caf0808b980927bae1f137b2aac364f9d78be1dd99f986c4db6fbf959def84acafa

Download Submit
/data/user/0/com.mobineon.musix.lite/app_working/yandex.dex
Filesize
258KB

MD5
c9a1db3fadfbd6980ad0b9ec0e60635c

SHA1
bfd7abdb28be7b5107426d9c0a43204efb89bd7f

SHA256
0c92b22ed8607b60f88a397ac257d75e12b2f4bee1902983ebefeff9f14332ee

SHA512
bc854a56f34c72323c1b101a1bf22260415d0a428c0befa588e45a41f80e96ef0d7337081db5caf5156d81ad135b9ccfbf5f3b4915120bfa5ea2ceeded553f71

Download Submit
/data/user/0/com.mobineon.musix.lite/cache/1582435991586.jar
Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/user/0/com.mobineon.musix.lite/cache/1582435991586.jar
Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/media_db
Filesize
12KB

MD5
02f4782f986451f9097decf8e7d1946d

SHA1
8765008c7efc125bbd21560654adaf002647ea5d

SHA256
58c172ef6bf40940c0266ea1b8e7d80af98bbdda5010f90807832b1cc6f59272

SHA512
10af644c05d4092944f7a148966ff447d5e1231526a8241773262531283bab33c4fbb61371dd8bd3e60e0be9661078f8f6e9c0179124341d06131e5e70be2ecd

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/media_db
Filesize
72KB

MD5
73abcccec45af9b36164a771dd3f1e33

SHA1
1c64b8a8289693736797930c56b5d867ffd221c6

SHA256
1690ff7b687e07afbae4407d85df049bd055876f9cea86601916dd3541cc1f8e

SHA512
5f2fcf3793e5691f7262cc0e6e0d4f2ef288deba97a8dd301b36c632d7381e78c70f130fb46a362a22022c37a5c5b5444e38b4ed541284d2cecf039d3bf67b64

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/media_db-journal
Filesize
12KB

MD5
0ec2b0d27293c864b0a3796bf56b6857

SHA1
856f0146278c7a059a4b7f35a27f5b9b67a96f51

SHA256
de78edea11eaab2488efcc178399a727691db752db1472e163ad43640fb664c2

SHA512
8ebf6509fab244bb97db8cb4208b60c546e5957567ad73eed5534231fc22941fe3746283c03a5261b7a300882a8201a240cce587aed69e580a76fbaf9464ee1b

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/media_db-journal
Filesize
8KB

MD5
8359a9a59b07e4db7ff8ca015a17edc0

SHA1
bdc1518f95d7e3445cb2c8348cb9b5d7add55125

SHA256
73a4548075b02ed7acce57c03ab19d627931fcfb0ec2e211a5fdbe699461c4db

SHA512
79248e878bc54b0ff039ec58121901e4ac0ea06d44d835bd7f5bd3457030999222e04427ee5c7792dd7dc938afdf44555ba1f82b0acb554c48c271003ec6e6a8

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/media_db-journal
Filesize
8KB

MD5
ef4b18572c06e131a58daadb54fea3c6

SHA1
14ccb1754a3375b13a41a9f7c618549457ce7af5

SHA256
52633f63e7b8b804313669c144ae4151dbd54233ad7cdbe39bfb70483ba13903

SHA512
c47679e3029fc2c52aaf68e87bbf175773fc27d8840dbff7992beeedb4d472bdd7a83dfea00e1e1ccb0c70080d67384aeac999f53a1a4236bb253b5373f01285

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/media_db-journal
Filesize
4KB

MD5
693f2ae19866b77b70d3c41d364c2037

SHA1
50c386450be8f436556e51ac39fe1dc41f4aa368

SHA256
7ac5d3737af26850a06365d4aff06ea7bd7224f0861b640e93cec992803ef14f

SHA512
3a18e075563dc007ee38cc6aaf1d1e512cfe5cb92357131456b26320ca4f2e8860513ea21635a9cc57ded36caa0355bdcc528f8202a7741835c56e413089e7f4

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/media_db-journal
Filesize
4KB

MD5
200116d5fb17f54934ebc24b43c508db

SHA1
e93172bfdb72a981c115ef653152f8ca46592f55

SHA256
2809f2f27f4f7d91c9b8b749f0f5132d3db3035ba274041939becff4a858c88a

SHA512
4fec58307f42ce7d0858dd36391b36274d95a9cb33f1e70d57db2661a5aa7f124cbecd29733239529b55aa0ca511107e3ef5a7cd7b0dc0d9c90a26025918c43c

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/media_db-journal
Filesize
8KB

MD5
b5fac3b5c92086d31e3a07c68256fd3f

SHA1
d6fb1929f3418b05cde13799caf3e632b6f7f698

SHA256
b5357c1ce79d88ba8a9241fd3d1f16537383e8a0ca53f55f001b561d8ef61f78

SHA512
a782d1cd2d09876bfafd49f61ec06c55ad5d2ac88b68d007791cb2de20dc863a50c601e75c49290a94bde0f281aca6516fbe69ea400b41d7d8ce66db7d1c78f2

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/service_media_db
Filesize
12KB

MD5
e2c6230809b9ce5913231449b4d5e80f

SHA1
032b265fd739b95b6a59fa5f508f3f7cfd106803

SHA256
a68812b8004f60622fdc0a17257a3d9d516b898cde02389dd620366e4ef35f3e

SHA512
2fff13576148b55688695bda04064c81890c80d9fca80013b921697274afa89bde7cf1301aae0268e428852981e7008b0e7e0379089ca0f171000d2b895c34c0

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/service_media_db
Filesize
20KB

MD5
07766c8b7f36b04601cb3008e4785424

SHA1
bce7c6d529af8e5ef68d72729127948cd2c57ea8

SHA256
19a6a15aa47b503ef951a57cc3ff5a4ef0d75a0b9d683a566204066612d536f8

SHA512
76c39a5078543cb90ff1b8ce8d1e0e3634690d217535673ea5ada1e57c50662b804f196ba3bdb9234d628b685e1fa3f7b32954fc4e2c0f482fb6d86f20c50ee3

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/service_media_db-journal
Filesize
512B

MD5
84aef6ebd283fc795e3aaa2b64ea8258

SHA1
3383c65cdcc61dd0b165474d61434dcf8625e510

SHA256
519c56ac71131a3343b921b4b8b367d6fc3f1daa2acc6fb7899b060c20190775

SHA512
212f9242c704f1171872e73a3a4775f3b944da2a421f951bd871afc1fb5e2f13a75a4b0b9491d63ed55f9273f1c661f05abb64be5e290de93be5e138972c63e0

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/service_media_db-journal
Filesize
8KB

MD5
4e34d3b07d3cb93599b1bc60e29e90cf

SHA1
3f004652c8494b768cab2f3add69f8988da07b33

SHA256
37bb32cd254df9a5d86fe29f26c6807e5c0bd6181311175932a508cd0f758fd0

SHA512
4a7648b68e77bcb3df9ad1e370f3a82d207189a1871ed9103dbd337189793529b3f88459d50ff1cbd8fcbdf3937462f20332bcb687999736b8bc2ac8a272cbcf

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/service_media_db-journal
Filesize
4KB

MD5
2b56b6508c2a2871e04589e70c16ab67

SHA1
5a30163a30ac633f7b62790624d9d034432add5a

SHA256
3fe98f5c7753b62d148a28a216836d964d5ec8269d002ab11302d722027e63ae

SHA512
16fbcf5f280fe29de4719f1c2980f352ecc593cfca1255189adff3cc7a3a279fff387f0f22f08170f34fe34dba209bec67e73d5dc238fd42d58fb9a627f01983

Download Submit
/data/user/0/com.mobineon.musix.lite/databases/service_media_db-journal
Filesize
8KB

MD5
40ffa570ce41db14d43be30e86ae8a52

SHA1
8ff677c7ab73ecc5a493f90c4e8772bbf607c3ce

SHA256
352586b5cf9372f4ab062f4e896883a925a003a8688aeed92947bb251e57039f

SHA512
89b101c0989d569261fa5fcae027facddf4dd70fe75ec702991901947ad6b73f79ba29bb1beb4d37fd6a4316cf2481ba3d78d66e09a03a4f6a12a3c29d42369a

Download Submit
/data/user/0/com.mobineon.musix.lite/files/.YFlurrySenderIndex.info.AnalyticsData_X2MF926N2483VKWSBQQD_216
Filesize
88B

MD5
5173252d518433827d3075cf2f547ebe

SHA1
a3d4e0ebc6f28de680d0c23b9631736cae62b826

SHA256
8499486eb841cf3b5ab9c6f560774acc9f9c21c249a51a9414d83a03f6e9bb27

SHA512
fe91c45304eb27a4655952b5946967830da808746496be28210c778ffcbee9fe4878d8fb6d8db7889565c548b882c42d309214927405fd24c6e58a5cba861bea

Download Submit
/data/user/0/com.mobineon.musix.lite/files/.YFlurrySenderIndex.info.AnalyticsMain
Filesize
72B

MD5
211b4b70a4c03f623171f5b2e23b07a3

SHA1
b7a48dfeb22f103391edf7ba70d288a0b22338d1

SHA256
80208ea2b4768e6f45bde1366d59efedfcb459690b32e3179291e7e33a75bcfe

SHA512
f5bc1c82e93b3dad54d16644b8165e5e4b9ad043491e1e94620eab51cf0e8b5d143c3611f43e41a8ec7d2d32b35c0ce04a48ce6ddaaac79ae4cbe746b965bcba

Download Submit
/data/user/0/com.mobineon.musix.lite/files/.yflurrydatasenderblock.150ec9b0-d0ee-4d61-81e3-12ca3bfadbca
Filesize
275B

MD5
3d9d22ecee157fe2b5e080111d3dd369

SHA1
95dd041b1c16e73b855e54553f092ab58e213317

SHA256
dd9f088795c9ea8f651944ea7b3ee2bd8f691aef5cf24887e1a5078e0a92953a

SHA512
22ae3b8b01101687d02ca91737ec8e586a79cecbb9a8d6d774aeb258e1043cc3eb883231e74ae67ae003b47019d9957fd66ad91e13182322a0fa5ad7229c5322

Download Submit
/data/user/0/com.mobineon.musix.lite/files/.yflurryreport.4eb29873733ca3b9
Filesize
374B

MD5
3e5e21b1d8cd8fabd33686ca5b8bbfa6

SHA1
ac6fb9f1aaed7d378f7520f9780264b5be3782df

SHA256
bb940f0dcc48024ad4652b22707a5c1ad0e20d48a99c4388c65dbdf1000b6381

SHA512
73ca8112632d0e4677535b6f29b080013399817630ee68949d664ce2f4787d5fef6aa8a5fa27ff1326b15ca20a39330814445475ed295b605710caca3b59aa7b

Download Submit