Overview

overview

7

Static

static

6

670b7698a2...18.apk

android-9-x86

7

670b7698a2...18.apk

android-11-x64

7

Analysis

  • max time kernel
    10s
  • max time network
    149s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    22-05-2024 11:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    670b7698a2152cc5a8a147496f204a7a_JaffaCakes118.apk

  • Size

    6.7MB

  • MD5

    670b7698a2152cc5a8a147496f204a7a

  • SHA1

    e6546290b7525703f6eca0a7da7f24b0408deba0

  • SHA256

    e21dab5f7d50298b27605fc99048e58514b81f8ebcea037c1ad9c387c4be6908

  • SHA512

    448fdc861c30e662db6c40d02e400413a42a072a5bcd8085f71cffa9edebf301a938d71a25e8629842a2072bf356e87d88e393b771d4f88eb5452f3c4a9f14b6

  • SSDEEP

    196608:ZjvR2BsUHQVGC77HUAg3LH8HRR6wDRPTr14fVZL:Zjp4oF77HWoHXpu

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • my.geulga.textch
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4218
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/my.geulga.textch/files/oat/x86/pmy.geulga.textch.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4280

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/my.geulga.textch/files/gaClientId
    Filesize

    36B

    MD5

    10457d53c0f767421a0c003f42dadb6a

    SHA1

    dd73c04a9037cfc35434fc120cf76d7fce0ff0ef

    SHA256

    7943429f4b2ab336bece9543dc93c82edaa170358d3e5fca5658097978fc36ad

    SHA512

    a6866d5f93ca5f4009af79f0ac6b0e6393f982ca93e79e12bf265f7ce875dd5a53c7ceb925d2a4fe9cb32f118484d98769ac77e9d233b629c98980ec799b6fa3

    Download Submit
  • /data/data/my.geulga.textch/files/pmy.geulga.textch.jar
    Filesize

    204KB

    MD5

    52f68b0c7257fe691edd634c1a497d35

    SHA1

    1096cfd29a7018e4407fe8380085a5377959b55b

    SHA256

    981f08023b9e5aa31eb5e3838ef292cff913c5604bf0de3d1887ff8264232041

    SHA512

    01f6ae87ef0dcd5b74bda81514d0fc80ac26b4d5a26a65fdb876be76dc322c77f1354da9433f8775c05faee7e8633c29dcd6b1fff15ca02740330b64cbfff7bb

    Download Submit
  • /data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar
    Filesize

    474KB

    MD5

    ce8aac17d6eb129dd4c47cec73cf8db5

    SHA1

    8e4a6a3724cdb0dabd485ede175790dd5b1fc121

    SHA256

    b553c4d326b46b010806c58c0db089e645f9bf37605c65bd4f449227fead2445

    SHA512

    500fe3017453b4d066d1a43f9dfdd5a287b6e785f1bf4128d18854e6cd149c20cc4e41e2f3f9896c13c4503b09e93d8dcb651b44f0e16dd2f5b0a9ad5f494d4a

    Download Submit
  • /data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar
    Filesize

    474KB

    MD5

    be9ed268e617410d3564cda544bda591

    SHA1

    ccd5ab6f758b78937e358b62bd4a89aa8a2b2084

    SHA256

    dcaaa64a5b3e1a77981f9c25e8c3b18c862d485c0830df25fe35b6f590dcf7ed

    SHA512

    5e971dcaf1740942f44e5f0d948670eab3b4e70aaecc5dcac539b0bc1136ab1510116981f0b58a5d990a843c0b1765f5adde90c6e608fc22026212c6884e3051

    Download Submit