Overview

overview

7

Static

static

6

692f0b74d1...18.apk

android-9-x86

7

Analysis

  • max time kernel
    20s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 00:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    692f0b74d1b32af24f14771af3bb43d6_JaffaCakes118.apk

  • Size

    2.0MB

  • MD5

    692f0b74d1b32af24f14771af3bb43d6

  • SHA1

    30c4e2237022adb32ce400c08678923c72b59fd7

  • SHA256

    9839252678e14aaae4b2a6a9c73c03d20567c9064ea6c87128d83c90b3b8688d

  • SHA512

    2418a423efe0ba218752bbe1243e0bfcaa77310e75d724a3549bfea94837bf9cc0f44137a9f145c0032d9eb8bd3fbc87fd46eb2d27e7e11f767203a5f6d8a635

  • SSDEEP

    49152:QgY1VQ8tzgrdB5p2cIJNN00Nme8IdzyQfG3tdB6hFkWbuvWd+O:NY1VQ8tzedDp2cYN00NHyXdB6hFhqvpO

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.game.cy.kuuhjbk
    1⤵
    • Checks memory information
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4292
    • getprop ro.product.cpu.abi
      2⤵
        PID:4322

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /storage/emulated/0/Android/data/com.game.cy.kuuhjbk/files/tbslog/tbslog.txt
      Filesize

      14KB

      MD5

      0f952f803263411e9acb4afbec4fb7a7

      SHA1

      6545cee14a2e2fa429c61d5d8f7374e27ca51b3a

      SHA256

      ff662b45f353e00059d20b1441962e89d57f5eb55908278673b29f88ddbe361b

      SHA512

      988c8e0f6eb2c3f0c97eac863181ccd0fcf4c76e40e21947e5c48e3e841ee62e1a8728adc43254c7207fbcf0ee36db6af891e433e43cd3daf6a822ef4496699f

      Download Submit
    • /storage/emulated/0/_ATOKEN_QYCHECK_
      Filesize

      32B

      MD5

      395e0bb0876f4fe7c8287fd1bb63d351

      SHA1

      77d5f6ec3af5edc081b4d30b4646b89368618708

      SHA256

      afd8373139fb47562dd88b217ac5bf626c70383a8ccaf97693bbce5bf40a34dd

      SHA512

      4b048f236f5200941e3192d23c058829fdc995a8a0606d47ef6f895fc56b42d2877e7f0363693d26149552665b31ab6057ad7b9e5aba3f44c47093b4250ae033

      Download Submit