f7dcea67f15ed1a461dea73515e7ecd467e86901da7b72280aa23396aee76d98

Analysis

max time kernel
179s
max time network
132s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
23-05-2024 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

696acdf4d4b9d7a79de1f8522a466bed_JaffaCakes118.apk
Size

307KB
MD5

696acdf4d4b9d7a79de1f8522a466bed
SHA1

1202ab7d8a6a4a9f5f74a3e7c992b0d53d1fd72a
SHA256

f7dcea67f15ed1a461dea73515e7ecd467e86901da7b72280aa23396aee76d98
SHA512

bc840a616b288695ff0a05045195bc669cd0c60968c3b632e709d2319f771f98ae5c4773f676112a1c5e04fea2dcb645ea9b550bc478604232732ab6ffb9b00b
SSDEEP

6144:V1UFRQ98qOm76nUgUHuzie9rx4g66zG6uPPJ2Jfo2Cd8IHcDi+NSYIS6tODNafj+:V4Q98zqcUgxr91qUACmcDi+AtoNQI

Score

8^/10

discovery evasion impact stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.mfvbrdnoufqa.sjoknuyhv

pid process

5100 com.mfvbrdnoufqa.sjoknuyhv
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.mfvbrdnoufqa.sjoknuyhv

ioc pid process

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar 5100 com.mfvbrdnoufqa.sjoknuyhv
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.mfvbrdnoufqa.sjoknuyhv

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.mfvbrdnoufqa.sjoknuyhv
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.mfvbrdnoufqa.sjoknuyhv

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mfvbrdnoufqa.sjoknuyhv
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.mfvbrdnoufqa.sjoknuyhv

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mfvbrdnoufqa.sjoknuyhv

pid	process
5100	com.mfvbrdnoufqa.sjoknuyhv

ioc	pid	process
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar	5100	com.mfvbrdnoufqa.sjoknuyhv

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mfvbrdnoufqa.sjoknuyhv

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mfvbrdnoufqa.sjoknuyhv

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mfvbrdnoufqa.sjoknuyhv

com.mfvbrdnoufqa.sjoknuyhv
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5100

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mfvbrdnoufqa.sjoknuyhv/app_dex/oat/xrvjofqdyznwk.jar.cur.prof

Filesize
314B

MD5
7008a4a277fcb13639a3ebad9d28092c

SHA1
6e9bf78bc0a1400ab5be43de3e38e4ce38ca6451

SHA256
4d0481f83dd468d54394fa20cdfc458cd63c8dc6203b4f8cd7925ac5b7294305

SHA512
43ab3b35215faa06ef87018e086311c6a29707ac359674e4899e3c5ddda8fd8d5c33e25b25b1ac26388a148017d147afe76891a00d23f71e03cca3d45513a744

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar

Filesize
72KB

MD5
1b1683635d89f047d9435216c0e86ac6

SHA1
ce3396d69b1f12d90a96856e44af44b39d4457c4

SHA256
6d074002cc6881334426a8e6cc0e89eef43e1868c483304e5dedea54a13567d9

SHA512
bb76c25dfdbb72aa2760dde982dff7df0ec793b4f92274280c5ea0570b9fc2ef3bdbf9572100e1e7846d5647a7a44b8c8f2190d5d29d7ef7a7a541cf1b473e67

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

Filesize
29B

MD5
c8aab49990236b4a8f4df9dcddfdf3c3

SHA1
1780396e705b5566f69e0c16f193104528e412f8

SHA256
7fbb26c6aa55b8b1662b29ec53fb93e2d67f8717075341d93466a8496c9b1f62

SHA512
0d11d64bd60a5620cac657ddf33529d0c1e0b6ee1011cfb84b4c332e4fa5de6c818b44dbc582f4c7257b35fee7fadb8ffad688e2fa5b68a1a6f11637b57fe617

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

Filesize
30B

MD5
3900a1c5ecc36554fcf44e56ec5c1de9

SHA1
4a2cb00148cc0d274a0b1cca88d751f9ec562280

SHA256
3bebfc7f80e3b5a857eaeb8600592e527c1572529281b84fcd79ba7a45fb26b3

SHA512
d85eb1b857aa8c07c4ef9b6a7fdfad20c9a853e27fb8200015121c6c514bd54d6c2ee91260569cdb3c9a2fcb89d46e52abfa6cd9a505bba929ccc166a5460457

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

Filesize
28B

MD5
6ea07d0bb74188630615187c28a0fd7e

SHA1
a3430fa7016e360bbc07a55fc0f489fb96a1d231

SHA256
01eda37809f53a3dfba6e18ba9c58e1efa1d076cfdd1269f81d2e7e28d116994

SHA512
d27612d49b5f756df607c0391dd4ddcec8e3cca932d595348960c5ef72e24c6a66036d68f922f07d565f7569f5e762a0b288ec90158156def518d03d46ce3bac

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

Filesize
26B

MD5
e5de44a70fd9849170901eab715ee538

SHA1
5a46201a001a5c1da96951b81d422353df9e539a

SHA256
206c878b216fb159227f570149bbbaa029a4d542e0e9dbe2cf740748faa1e71b

SHA512
ed20ef02b032f4ee756277dbe60fe7471f3edd4da22e7af17aa33c248476ae601974c77c7f0f9f9d0a59bb14689cfadd5719f8d75275584acd8d7cbb1336b4a3

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

Filesize
28B

MD5
9c8705a3fea1d604673869401610e688

SHA1
0c4183ab6575e78ccc9448193b042d7958892fd6

SHA256
efcae36f89bbbf6930915122814266ea91c7b619ee3d176d5fb296e4fd605c95

SHA512
19ac4afaefd0bbf828ca9ad380d7835e6652b8d2aa459b47b2588aafc171e96fb9449037e968be7ff4182073e052e7ed1eabf740dba659c784c5beae3d36a277

Download Submit
/data/data/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

Filesize
125B

MD5
f1a92499d281bac989eac93a4350dc26

SHA1
2752e18046ab67bc289f80b93d7527cc01af086c

SHA256
874d008bfb310d8a952d6e350ad276ddb330732645e030072eededc915aa734b

SHA512
f31ace10f93d28b0425cc4a5a5651ee19d5f9f398730a2a0a5c0785b45db430e748e1377951fd03913bee1ece28fe4d492145f652d5a17fa4a9c70c5a7f4c4eb

Download Submit
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar

Filesize
175KB

MD5
22f62d2e41de9ce2adb98b137ad0dd36

SHA1
eb1e4d87caf423f5700970659c951b652ee47a36

SHA256
78711e8c7534b7eabadc7508a2cef300f34b3a604d398ce4335b6552e345f4b0

SHA512
423991cb95de329fc98d9a290b3446cb9600cb1c119e351eb42976c60c72fa5387bf39d77558ecfb7d5b41262553b0436b2022ddb8c5065eb23231dac275f5c4

Download Submit