f7dcea67f15ed1a461dea73515e7ecd467e86901da7b72280aa23396aee76d98

Analysis

max time kernel
179s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

696acdf4d4b9d7a79de1f8522a466bed_JaffaCakes118.apk
Size

307KB
MD5

696acdf4d4b9d7a79de1f8522a466bed
SHA1

1202ab7d8a6a4a9f5f74a3e7c992b0d53d1fd72a
SHA256

f7dcea67f15ed1a461dea73515e7ecd467e86901da7b72280aa23396aee76d98
SHA512

bc840a616b288695ff0a05045195bc669cd0c60968c3b632e709d2319f771f98ae5c4773f676112a1c5e04fea2dcb645ea9b550bc478604232732ab6ffb9b00b
SSDEEP

6144:V1UFRQ98qOm76nUgUHuzie9rx4g66zG6uPPJ2Jfo2Cd8IHcDi+NSYIS6tODNafj+:V4Q98zqcUgxr91qUACmcDi+AtoNQI

Score

8^/10

discovery evasion impact privilege_escalation stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.mfvbrdnoufqa.sjoknuyhv

pid process

4257 com.mfvbrdnoufqa.sjoknuyhv

pid	process
4257	com.mfvbrdnoufqa.sjoknuyhv

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/oat/x86/xrvjofqdyznwk.odex --compiler-filter=quicken --class-loader-context=&com.mfvbrdnoufqa.sjoknuyhv

ioc	pid	process
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar	4284	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/oat/x86/xrvjofqdyznwk.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar	4257	com.mfvbrdnoufqa.sjoknuyhv

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.mfvbrdnoufqa.sjoknuyhv

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.mfvbrdnoufqa.sjoknuyhv
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Tries to add a device administrator. 2 TTPs 1 IoCs
privilege_escalation impact

T1626.001

T1640

Processes:

com.mfvbrdnoufqa.sjoknuyhv

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN com.mfvbrdnoufqa.sjoknuyhv
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.mfvbrdnoufqa.sjoknuyhv

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mfvbrdnoufqa.sjoknuyhv
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.mfvbrdnoufqa.sjoknuyhv

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mfvbrdnoufqa.sjoknuyhv

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mfvbrdnoufqa.sjoknuyhv

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.mfvbrdnoufqa.sjoknuyhv

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mfvbrdnoufqa.sjoknuyhv

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mfvbrdnoufqa.sjoknuyhv

com.mfvbrdnoufqa.sjoknuyhv
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Tries to add a device administrator.
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4257

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/oat/x86/xrvjofqdyznwk.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar
Filesize
72KB

MD5
1b1683635d89f047d9435216c0e86ac6

SHA1
ce3396d69b1f12d90a96856e44af44b39d4457c4

SHA256
6d074002cc6881334426a8e6cc0e89eef43e1868c483304e5dedea54a13567d9

SHA512
bb76c25dfdbb72aa2760dde982dff7df0ec793b4f92274280c5ea0570b9fc2ef3bdbf9572100e1e7846d5647a7a44b8c8f2190d5d29d7ef7a7a541cf1b473e67

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt
Filesize
26B

MD5
faeddddb915a91458b244d8deb45b678

SHA1
42bc41430d6d924fe03cb74144000b16f42fdaca

SHA256
02eb5f88a4856cfb954378a7b548b5f66489e6b60e7fb95335d3646e4c2862ad

SHA512
2756f73b1cfb97779f021bf762f632a4ae873bac6a86a3f17c57b59e3b2613ad26c6404f67bd573cf436ffd2c10f9c19dd96eb609437d855172333c809ebc9de

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt
Filesize
125B

MD5
0bba5c9f1feef2c996080ade4a941f25

SHA1
25935c5a4abb56c72ec5cfea295fbbffe8f80618

SHA256
05ea688644193f0bfd5241c74ba091fb833fa6b9014f1c03186c1e11108c9287

SHA512
f58bdb9af560a45cb19eee3ccb2c0d45d7fa4cbb178e35459f4e95c4394d536662d41bbf1d050f6fb7340a2862f93c94b2b4dcbdfaf66f5aefd360809872f607

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt
Filesize
29B

MD5
c315bb7269a8cc6538975ec0c5719645

SHA1
9a845b5abdf4502d21accf9872826519c1ec0ffb

SHA256
81d0a5f2d09407fee79d12d1c89801b652e692a7df4eada6eb7d6bf8aa9cc8d5

SHA512
49de1be51d33cd4cd016b0736f4c88bb6bf8b96cfa211c3d82a0a0d7905f3178bb6de9cc43264a9ec325602e3166ee838efe24a7a7fddf258b5c4441e8d7c131

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt
Filesize
30B

MD5
10757c1bb7be6b2cf3bccb445ea1c78d

SHA1
4e1c2c2fd46a83e039cfad83c132e6a364833c38

SHA256
a84746a18e0d182efaa20ef8ba7c8d8768a0f56bb74c290caae87210220f94e9

SHA512
06a559576e2a51f961cfa08087faca78b3949ff79875cc5b4db33c61263871ebb1bfa4f8385ea17272e039d4db6de7455b2c669be1f308e8a4da45f8aad69789

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt
Filesize
28B

MD5
3e1a248f254feba725d92d220c641f2c

SHA1
f4290eabcb01c26c73fd60f74b73ac0d5b73c817

SHA256
76bcaec03e8d4e253ad77501f1cf5fb32206795256b725319ea9ce4b92216914

SHA512
b462d80677991873ee6b72f3a5f96363cff7bb8841832fb3709670c4ab17623a66bc472cff1e62a36743e91c86c47746e99a0d3196b3a92080623435b7719e1c

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt
Filesize
21B

MD5
171c90bd194e5ccf06aeb3c50cab8be4

SHA1
b1395388671604b232d791eacb5632882dc9f379

SHA256
199e66fd1146c1db36d95f20909243179105e59a4cf08730323adf6ba807daf9

SHA512
67f1a101395a2b5a74c5612df23df8fa6e6aa7c0b13ed5128110bf45bf0969d5f44552d9163dfb8b629fa2a9ee8e2f323bec6c19cd2d9a9ecc3579768ac24fa2

Download Submit
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar
Filesize
175KB

MD5
f9a2d71963c8086c1373dc0ab5f8f32e

SHA1
023363564d9ec6aa619e7b6f22a803bf2895ad7f

SHA256
8b7384c5ad6df6b7b6c2b00edf35fbf98ffdb34ddd213b4e1e18ffd74ed0f134

SHA512
2133be34f45ea17ceb58a3ed5cba3d7c1dae083e817361fc28e4a621d689a8e264d44a9c3f1bc83ad65cf4a5ff83a01271d87bdb2b957d4fd940a740c6491f3f

Download Submit
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar
Filesize
175KB

MD5
22f62d2e41de9ce2adb98b137ad0dd36

SHA1
eb1e4d87caf423f5700970659c951b652ee47a36

SHA256
78711e8c7534b7eabadc7508a2cef300f34b3a604d398ce4335b6552e345f4b0

SHA512
423991cb95de329fc98d9a290b3446cb9600cb1c119e351eb42976c60c72fa5387bf39d77558ecfb7d5b41262553b0436b2022ddb8c5065eb23231dac275f5c4

Download Submit