e21dab5f7d50298b27605fc99048e58514b81f8ebcea037c1ad9c387c4be6908

Analysis

max time kernel
9s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

670b7698a2152cc5a8a147496f204a7a_JaffaCakes118.apk
Size

6.7MB
MD5

670b7698a2152cc5a8a147496f204a7a
SHA1

e6546290b7525703f6eca0a7da7f24b0408deba0
SHA256

e21dab5f7d50298b27605fc99048e58514b81f8ebcea037c1ad9c387c4be6908
SHA512

448fdc861c30e662db6c40d02e400413a42a072a5bcd8085f71cffa9edebf301a938d71a25e8629842a2072bf356e87d88e393b771d4f88eb5452f3c4a9f14b6
SSDEEP

196608:ZjvR2BsUHQVGC77HUAg3LH8HRR6wDRPTr14fVZL:Zjp4oF77HWoHXpu

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

my.geulga.textch

ioc pid process

/data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar 4626 my.geulga.textch
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

my.geulga.textch

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo my.geulga.textch
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

my.geulga.textch

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo my.geulga.textch
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

my.geulga.textch

description ioc process

Framework API call javax.crypto.Cipher.doFinal my.geulga.textch

ioc	pid	process
/data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar	4626	my.geulga.textch

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	my.geulga.textch

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	my.geulga.textch

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	my.geulga.textch

my.geulga.textch
1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4626

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/my.geulga.textch/files/gaClientId
Filesize
36B

MD5
38c0bfdf5778283e67220532711a9445

SHA1
995c4a567571991165fea92e578a45bbbc550fed

SHA256
456e54a179e84764d4259f01da5d12cf63ee59ddfea6db6bdd6b5f135acecf7f

SHA512
e5f2b27558e7c4f0af5aa57af5c28fc37e7280317c26fd60b69873a145a5e7f2962980458e030d41becc0579a5df9569c60367891a2c4df1f185f6488620bd8c

Download Submit
/data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar
Filesize
204KB

MD5
52f68b0c7257fe691edd634c1a497d35

SHA1
1096cfd29a7018e4407fe8380085a5377959b55b

SHA256
981f08023b9e5aa31eb5e3838ef292cff913c5604bf0de3d1887ff8264232041

SHA512
01f6ae87ef0dcd5b74bda81514d0fc80ac26b4d5a26a65fdb876be76dc322c77f1354da9433f8775c05faee7e8633c29dcd6b1fff15ca02740330b64cbfff7bb

Download Submit
/data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar
Filesize
474KB

MD5
be9ed268e617410d3564cda544bda591

SHA1
ccd5ab6f758b78937e358b62bd4a89aa8a2b2084

SHA256
dcaaa64a5b3e1a77981f9c25e8c3b18c862d485c0830df25fe35b6f590dcf7ed

SHA512
5e971dcaf1740942f44e5f0d948670eab3b4e70aaecc5dcac539b0bc1136ab1510116981f0b58a5d990a843c0b1765f5adde90c6e608fc22026212c6884e3051

Download Submit