e83844fabd0f98c30c98901f65dfb657fa8a3bd0e5f6b7eaaafadf29fad1546b

Analysis

max time kernel
19s
max time network
143s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66ebd45845c6fd22fbe0dc7f224d06e4_JaffaCakes118.apk
Size

31.4MB
MD5

66ebd45845c6fd22fbe0dc7f224d06e4
SHA1

d8cb9ba95f9f08fd07c6cbf7d9a00433d02fac28
SHA256

e83844fabd0f98c30c98901f65dfb657fa8a3bd0e5f6b7eaaafadf29fad1546b
SHA512

34204d178ce9fb9a50be303924c3eab2f15f4b1e3c9a6552c237476a08a124b681e3186859216c8c30d1dc2d57a227f66de80859f1343d1c896189f19467b9ff
SSDEEP

786432:sHP2eMQKheERrhdFPcj0Nwve1JfOf+SfNL4duVPCRNgkUjOE6ApwCbBcuYL:mKkoPcswvOxmBZ4duQRNgyCFNO

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.gameloft.android.ANMP.GloftFWHM

description ioc process

File opened for read /proc/meminfo com.gameloft.android.ANMP.GloftFWHM
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.gameloft.android.ANMP.GloftFWHM

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.gameloft.android.ANMP.GloftFWHM
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.gameloft.android.ANMP.GloftFWHM

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.gameloft.android.ANMP.GloftFWHM
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.gameloft.android.ANMP.GloftFWHM

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.gameloft.android.ANMP.GloftFWHM

description	ioc	process
File opened for read	/proc/meminfo	com.gameloft.android.ANMP.GloftFWHM

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.gameloft.android.ANMP.GloftFWHM

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.gameloft.android.ANMP.GloftFWHM

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.gameloft.android.ANMP.GloftFWHM

com.gameloft.android.ANMP.GloftFWHM
1⤵
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4317

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal
Filesize
512B

MD5
955177304aa9345da2fea3c0fd633523

SHA1
32cab1781236c0ed34dfb01abfab45ab4a0be339

SHA256
5e106436cd7c81c3326701d1e4fc14268ebf9de271c576b933c2beaeda023a71

SHA512
d278125e7f82ce09496887b2156a6fd96ded46af9e6932cc01eedd53877960424f99e44615a58936685846c1ee7e62e0441dd076905f946ba188045e3d47a915

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-wal
Filesize
64KB

MD5
cf69cb819ce07afa4fc534adcc33b618

SHA1
7d8a5ec5c4fe125f8357f2975855b3d1ad0dc663

SHA256
58f0405b560ca45ec4caae6056300b4565b6470cde25da73c6926aba43ac54e4

SHA512
6e2caa350b3e817163b53e53011e5fb33589bfabf4372ce8491ed16eeb536dbd7b618fae84d252695e65df9c4e581d28571acf819156d044725bfd0e087afdb4

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/files/gaClientId
Filesize
36B

MD5
a68d49933c3aaa839f0febfa85516ef6

SHA1
04a78a863c9d810e522cd9ca344f9f11a5fd3513

SHA256
827aebb70bd01891b6919181066a2ff5ef5be188a9c0c8713f47d3b18e3e45fe

SHA512
2081c283ec014ce98d954f0e6e95c5b763fb862cc9c67d4dbbc1f70fae1d3bd44c7d17d9c2d725dcf2eba447cef14289bbd349855f5ad8e325f042df0c012e77

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/files/gaClientIdData
Filesize
32B

MD5
265ffdbfe1e867b777b49549d685153c

SHA1
e2e81e739b6177cba969927b2d1d7de9947296bb

SHA256
0e4ff5819464c705ac03d74eaef91526d03aaf9b27bdac96c60ed2116bc03aaa

SHA512
5170ae9a084fdbc93116034429f8f563956417244e7e1f7ce9810ebe0cb69de03dc940bb8ecb3d055d53f1380f4918ad9279f2e88fdbac01e8f03219822c70ef

Download Submit