Overview

overview

8

Static

static

6

6a53afad9b...18.apk

android-9-x86

8

6a53afad9b...18.apk

android-10-x64

8

6a53afad9b...18.apk

android-11-x64

8

Analysis

  • max time kernel
    15s
  • max time network
    186s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 08:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a53afad9b130b9e638b87cb73511eff_JaffaCakes118.apk

  • Size

    1.1MB

  • MD5

    6a53afad9b130b9e638b87cb73511eff

  • SHA1

    d28372524527075c2a7d164070a0667c81d674cc

  • SHA256

    25b5c2b5082c457b24bf0f5d864c1bfe66288b13bcf80f1a83a7120d4925d6ac

  • SHA512

    89777f853938e60147faa6a3681a936dd5a728bdb6899e29ffe8cba77586f19c5cd1fc8ad3286e55e8d076a2c0ddcb4fc5313b03a4c873e333823f13c3604792

  • SSDEEP

    24576:nvhPfuRAYqtQqXHi87RQrm9WAqav2zVxrLpCGEBH9Blrhvp+eVRtvqa:nFuRAYqtQqXz7uaU8KxHp9EBH5rhvkeL

Score
8/10
collectioncredential_accessdiscoveryevasionpersistencestealthtrojan

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.pwftbnbf.jymrapzl
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Requests enabling of the accessibility settings.
    • Checks if the internet connection is available
    PID:4238

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.pwftbnbf.jymrapzl/app_files/wxnjmipwvd.jar
    Filesize

    249KB

    MD5

    a251a6f587e5325dbf8d0fecab2fad79

    SHA1

    6b07a19ffe6098f35939142e2043886ee33e45cf

    SHA256

    6b25d7527aa055903da664c57da1eb7ea151f181512e1058f347998d91b3b2dc

    SHA512

    db4c73fc8aa2dd936817a6262914d4337cd90bf5b4bc95fccb0bd94fc3141ea0d28495c0524144c02aa2b6ceaf17c58ad29ef2277a35b1b9b9ff8b97fc9f6cb1

    Download Submit
  • /data/user/0/com.pwftbnbf.jymrapzl/app_files/wxnjmipwvd.jar
    Filesize

    562KB

    MD5

    8da2f672a25d714a64157f2c8c417fe5

    SHA1

    e1fd7b06a25cc81a07721f249129a7b8922c28b0

    SHA256

    8b438cf3c2b2a503a0b1d004d73bcdec5828c4e0073d8c53495158e3bdd4dcf6

    SHA512

    a37f82f5e4ca0ad79fc6a6baaf7fdaa25828c830b87a63bb4359a6757de80ef2fa2631b94f0d8747f71c812f53057b1e76aec46b1997e998dd465d1cebed371c

    Download Submit