e83844fabd0f98c30c98901f65dfb657fa8a3bd0e5f6b7eaaafadf29fad1546b

Analysis

max time kernel
51s
max time network
170s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66ebd45845c6fd22fbe0dc7f224d06e4_JaffaCakes118.apk
Size

31.4MB
MD5

66ebd45845c6fd22fbe0dc7f224d06e4
SHA1

d8cb9ba95f9f08fd07c6cbf7d9a00433d02fac28
SHA256

e83844fabd0f98c30c98901f65dfb657fa8a3bd0e5f6b7eaaafadf29fad1546b
SHA512

34204d178ce9fb9a50be303924c3eab2f15f4b1e3c9a6552c237476a08a124b681e3186859216c8c30d1dc2d57a227f66de80859f1343d1c896189f19467b9ff
SSDEEP

786432:sHP2eMQKheERrhdFPcj0Nwve1JfOf+SfNL4duVPCRNgkUjOE6ApwCbBcuYL:mKkoPcswvOxmBZ4duQRNgyCFNO

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.gameloft.android.ANMP.GloftFWHM

description ioc process

File opened for read /proc/meminfo com.gameloft.android.ANMP.GloftFWHM
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.gameloft.android.ANMP.GloftFWHM

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.gameloft.android.ANMP.GloftFWHM
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.gameloft.android.ANMP.GloftFWHM

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.gameloft.android.ANMP.GloftFWHM
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.gameloft.android.ANMP.GloftFWHM

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.gameloft.android.ANMP.GloftFWHM
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.gameloft.android.ANMP.GloftFWHM

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.gameloft.android.ANMP.GloftFWHM

description	ioc	process
File opened for read	/proc/meminfo	com.gameloft.android.ANMP.GloftFWHM

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.gameloft.android.ANMP.GloftFWHM

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.gameloft.android.ANMP.GloftFWHM

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.gameloft.android.ANMP.GloftFWHM

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.gameloft.android.ANMP.GloftFWHM

com.gameloft.android.ANMP.GloftFWHM
1⤵
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5170

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing

Filesize
20KB

MD5
8dd59b526bc79a3d7bc97d6970579314

SHA1
6f14f7dea83cc2370be250310d5fa04e92f5d861

SHA256
16b5a9d1e18c80d0443eaa663c78b4468bbcc99486c46e6971fa67a48f53dbd4

SHA512
56b8781c1496bc74e802cb02d7a196ef7ecdedd43d5a54c1443cced80d6743cccdf2845fa01cbe9aaec585c0c432d31490b238cd4238baaa2f1c08c4ef092b4c

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal

Filesize
512B

MD5
750d9917bffdb87e86aa3ef45a527783

SHA1
b23a0ac0a02249677abfc9886c1e8160fe1f6d00

SHA256
d38139365a4c51b97b2549348a206f545036392b216aa39f1aef793f65c32197

SHA512
e02a5d42e13c668f840342573b8c8992a55f1703aaacdec7a0243023bc7bf097ba81ba7d0466a6bb20375d2d64bf21217899be34ef8146f08234eac88e0ed6ab

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal

Filesize
8KB

MD5
5912b475b7c5fc4379670a4e8fc7fbb3

SHA1
a22f0fa2b3141f96376f37db9435a2493d16e47f

SHA256
bd0e81e6e68787df38065de11907034c24dd88a46f2aa31ec915892ca26bff7e

SHA512
aa5a2d6cbfc5e7c196c5b2715e113c27e2ae523e2a8b965545d0aa4076d1c2026b72c7b341552ef4f902ee995f474252d0f7abcc2a8b572885a449035e5e0944

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal

Filesize
8KB

MD5
83679d52c4dc4ba273198e26bbe0bdc6

SHA1
c6056415458a1ad5adfb07e00136aafcf42fe0ac

SHA256
f329ea4aae48a0a222aec999cadca156750a77020e84715fda37f04a51948635

SHA512
46a32da4db5fe32c66577cebf3d38d1809a4ff26b30ac74bc4b8b30db20230de5369ec4972016e0ec6aee6f33e763789328bace3bb00f287591920d5cc3f1275

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal

Filesize
12KB

MD5
edc835fb623c99975ad250d802754e49

SHA1
f1a81ec0cf0557e24696f06e930c030ea80695aa

SHA256
5d4039f13b547632bd690b442927c4161fbcc56c8164bcaf943735c52ea9ae26

SHA512
0c882b8c88ea7065e718e4761b9dfbaa359a392585f457e2ba0b14690d769ab0762f3bef6e10762d56c1b8ba22d821d36634302cf31d5abcb725e933ab745f94

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal

Filesize
12KB

MD5
a71c99fec9ec55a723d38273de46e631

SHA1
bbbda2398dcba4da077181edd813f4591aa46587

SHA256
d2f8637c2fef3a40034745b7a9e6214b28e8caf97a8977c44fbf61527067782d

SHA512
1ab0a78efaea1f0cd33e5342bd6eceb36ce2a621b7c8d67fb6bd13c9a1a0ec2e3702a28987c37f1300b528f2fcd20db471303f9d90516d0feefae06ceb822008

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal

Filesize
12KB

MD5
dc2a92dfa4c567c7fb4fa95961c44774

SHA1
a8d3cca3682256d7897bd29a0501617d598ffe77

SHA256
4cb5c2fe80596b7b91651f0afe61bfa457d669585cebc19b4f8c3237544ad45d

SHA512
78e19122e231cd319e5acc000bd9ef61e37c1ef6d58ef994ea870f1560caab5999b7f0169ca744f890cf5f7cfd16378c340378d3f068d9b09343152efe880588

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/files/gaClientId

Filesize
36B

MD5
6e127aedab6c38479689b22ed5b57fbe

SHA1
d7912fa49fe19314f1683b2bfbb74d300c34d4bc

SHA256
ba889002562f58aefd4c9a1c41f8dbc1377b108d91c8ff3cc6fbddcc7977419f

SHA512
874971f555a2c968f29f07260b83eaca46522b513e1c0856a87a53ea8ed6e85f2cb0a7bc2afd0508666d2770897b68b29426e8abc5f734f7b3a839ec8c7403a1

Download Submit
/data/data/com.gameloft.android.ANMP.GloftFWHM/files/gaClientIdData

Filesize
32B

MD5
3f992548b201d8c64dafd65461098446

SHA1
3a749af513904a918c46bace0ef71dcba4ff23c0

SHA256
084edeb8b90e8965136d23472136ac7d4711f65a3e535dbb2afa4025439ce5dd

SHA512
03d257234f7891bafa6e6f8a99d3d9bf1150d37966d8082759678de89484cb4e88c04d493b0dee7b69b74b0f4246147ab95db1b1e9dd4f0bc7ba11d9d072e20c

Download Submit