cb401f2cfb0ce7043a59ed05bfd32b47883510dc5d021273e959d3b46f56db73

Analysis

max time kernel
151s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68b05526f2abfa65a1b4763fcfbe7846_JaffaCakes118.apk
Size

277KB
MD5

68b05526f2abfa65a1b4763fcfbe7846
SHA1

c8f3fc30243516b94c8361078629d4630d3992d2
SHA256

cb401f2cfb0ce7043a59ed05bfd32b47883510dc5d021273e959d3b46f56db73
SHA512

f47a6a341a97ed43fdb4f26926e86414cd75f697436530a4c50587d60b743081b20846aca381bedb480806e253e7447fca11380b6758303f01004ac1f994d9fc
SSDEEP

6144:baPjXkq6rg5A1LnU2UFPHXX40oYi+/cLzdZEy+ORy70TCrVkRuTjG:erXkgiDoP3I09i+/cLxZr+ORq0TCpHTi

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.sostation.size

description ioc process

File opened for read /proc/cpuinfo com.sostation.size
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.sostation.size

description ioc process

File opened for read /proc/meminfo com.sostation.size
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.sostation.size

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sostation.size
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.sostation.size

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.sostation.size
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.sostation.size

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.sostation.size
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.sostation.size

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sostation.size

description	ioc	process
File opened for read	/proc/cpuinfo	com.sostation.size

description	ioc	process
File opened for read	/proc/meminfo	com.sostation.size

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sostation.size

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.sostation.size

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.sostation.size

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sostation.size

com.sostation.size
1⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4290

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sostation.size/files/mobclick_agent_cached_com.sostation.size
Filesize
120B

MD5
cc393c00bdf28a132cd11040414240af

SHA1
75f5dce37eb257f57640dc213100ac3eb30e11ff

SHA256
838110f645214db2e8ae26c138f71a39318c702c3beb2df90950e82262e68b4d

SHA512
5b068d4308dd09a3726e2bf6a95ddeaa37be2043f8feb0c61b0b25696fdafc01c3fb639249b96712f52dee702ad3bc00b5f894ed8b4b70af80949e3113677ef5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads