f7dcea67f15ed1a461dea73515e7ecd467e86901da7b72280aa23396aee76d98

Analysis

max time kernel
179s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

696acdf4d4b9d7a79de1f8522a466bed_JaffaCakes118.apk
Size

307KB
MD5

696acdf4d4b9d7a79de1f8522a466bed
SHA1

1202ab7d8a6a4a9f5f74a3e7c992b0d53d1fd72a
SHA256

f7dcea67f15ed1a461dea73515e7ecd467e86901da7b72280aa23396aee76d98
SHA512

bc840a616b288695ff0a05045195bc669cd0c60968c3b632e709d2319f771f98ae5c4773f676112a1c5e04fea2dcb645ea9b550bc478604232732ab6ffb9b00b
SSDEEP

6144:V1UFRQ98qOm76nUgUHuzie9rx4g66zG6uPPJ2Jfo2Cd8IHcDi+NSYIS6tODNafj+:V4Q98zqcUgxr91qUACmcDi+AtoNQI

Score

8^/10

discovery evasion impact stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.mfvbrdnoufqa.sjoknuyhv

pid process

4676 com.mfvbrdnoufqa.sjoknuyhv
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.mfvbrdnoufqa.sjoknuyhv

ioc pid process

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar 4676 com.mfvbrdnoufqa.sjoknuyhv
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.mfvbrdnoufqa.sjoknuyhv

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.mfvbrdnoufqa.sjoknuyhv
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.mfvbrdnoufqa.sjoknuyhv

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mfvbrdnoufqa.sjoknuyhv
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.mfvbrdnoufqa.sjoknuyhv

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mfvbrdnoufqa.sjoknuyhv

pid	process
4676	com.mfvbrdnoufqa.sjoknuyhv

ioc	pid	process
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar	4676	com.mfvbrdnoufqa.sjoknuyhv

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mfvbrdnoufqa.sjoknuyhv

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mfvbrdnoufqa.sjoknuyhv

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mfvbrdnoufqa.sjoknuyhv

com.mfvbrdnoufqa.sjoknuyhv
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4676

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar

Filesize
72KB

MD5
1b1683635d89f047d9435216c0e86ac6

SHA1
ce3396d69b1f12d90a96856e44af44b39d4457c4

SHA256
6d074002cc6881334426a8e6cc0e89eef43e1868c483304e5dedea54a13567d9

SHA512
bb76c25dfdbb72aa2760dde982dff7df0ec793b4f92274280c5ea0570b9fc2ef3bdbf9572100e1e7846d5647a7a44b8c8f2190d5d29d7ef7a7a541cf1b473e67

Download Submit
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/app_dex/xrvjofqdyznwk.jar

Filesize
175KB

MD5
22f62d2e41de9ce2adb98b137ad0dd36

SHA1
eb1e4d87caf423f5700970659c951b652ee47a36

SHA256
78711e8c7534b7eabadc7508a2cef300f34b3a604d398ce4335b6552e345f4b0

SHA512
423991cb95de329fc98d9a290b3446cb9600cb1c119e351eb42976c60c72fa5387bf39d77558ecfb7d5b41262553b0436b2022ddb8c5065eb23231dac275f5c4

Download Submit
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

Filesize
29B

MD5
57db2fea5b9201101471c6393a8512c6

SHA1
7f2a8fc100ce59d77ff4e19cf66785083501c8b8

SHA256
a362969583c82c2adbb3825e82efc189796a3b7d6c16482b6643513f9afb24d7

SHA512
32b4093e1ec600a1a3db0c73a65baf2bbc9b92a06ec0b903205a65baaad252f5f93d38d1bb3a6df29752271590cb51755fb2e42082dc78f77cd1367761a8171b

Download Submit
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

Filesize
30B

MD5
10757c1bb7be6b2cf3bccb445ea1c78d

SHA1
4e1c2c2fd46a83e039cfad83c132e6a364833c38

SHA256
a84746a18e0d182efaa20ef8ba7c8d8768a0f56bb74c290caae87210220f94e9

SHA512
06a559576e2a51f961cfa08087faca78b3949ff79875cc5b4db33c61263871ebb1bfa4f8385ea17272e039d4db6de7455b2c669be1f308e8a4da45f8aad69789

Download Submit
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

Filesize
28B

MD5
3e1a248f254feba725d92d220c641f2c

SHA1
f4290eabcb01c26c73fd60f74b73ac0d5b73c817

SHA256
76bcaec03e8d4e253ad77501f1cf5fb32206795256b725319ea9ce4b92216914

SHA512
b462d80677991873ee6b72f3a5f96363cff7bb8841832fb3709670c4ab17623a66bc472cff1e62a36743e91c86c47746e99a0d3196b3a92080623435b7719e1c

Download Submit
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

Filesize
26B

MD5
0b5cd65a0562124440879ea2821b0d71

SHA1
86f9afc4d0948e05e307aa9b1592df4b62af064a

SHA256
647199d63eeaa9d64b4bbea8fc1213f86b887003c41f355a040581b329309d6c

SHA512
8cd047ac3f1ced7c3d717aa9101af0abec9dfb5df850da18da726dd5be164324b8a6b4de8ab9b09c1faffdb74bded75cb5721111c1493cc0165ca16645b3d6fe

Download Submit
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

Filesize
28B

MD5
9c8705a3fea1d604673869401610e688

SHA1
0c4183ab6575e78ccc9448193b042d7958892fd6

SHA256
efcae36f89bbbf6930915122814266ea91c7b619ee3d176d5fb296e4fd605c95

SHA512
19ac4afaefd0bbf828ca9ad380d7835e6652b8d2aa459b47b2588aafc171e96fb9449037e968be7ff4182073e052e7ed1eabf740dba659c784c5beae3d36a277

Download Submit
/data/user/0/com.mfvbrdnoufqa.sjoknuyhv/files/ls/lt

Filesize
125B

MD5
0bba5c9f1feef2c996080ade4a941f25

SHA1
25935c5a4abb56c72ec5cfea295fbbffe8f80618

SHA256
05ea688644193f0bfd5241c74ba091fb833fa6b9014f1c03186c1e11108c9287

SHA512
f58bdb9af560a45cb19eee3ccb2c0d45d7fa4cbb178e35459f4e95c4394d536662d41bbf1d050f6fb7340a2862f93c94b2b4dcbdfaf66f5aefd360809872f607

Download Submit