25b5c2b5082c457b24bf0f5d864c1bfe66288b13bcf80f1a83a7120d4925d6ac

Analysis

max time kernel
15s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23/05/2024, 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a53afad9b130b9e638b87cb73511eff_JaffaCakes118.apk
Size

1.1MB
MD5

6a53afad9b130b9e638b87cb73511eff
SHA1

d28372524527075c2a7d164070a0667c81d674cc
SHA256

25b5c2b5082c457b24bf0f5d864c1bfe66288b13bcf80f1a83a7120d4925d6ac
SHA512

89777f853938e60147faa6a3681a936dd5a728bdb6899e29ffe8cba77586f19c5cd1fc8ad3286e55e8d076a2c0ddcb4fc5313b03a4c873e333823f13c3604792
SSDEEP

24576:nvhPfuRAYqtQqXHi87RQrm9WAqav2zVxrLpCGEBH9Blrhvp+eVRtvqa:nFuRAYqtQqXz7uaU8KxHp9EBH5rhvkeL

Score

8^/10

collection credential_access discovery evasion persistence stealth trojan

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.pwftbnbf.jymrapzl
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.pwftbnbf.jymrapzl

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4238	com.pwftbnbf.jymrapzl

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.pwftbnbf.jymrapzl/app_files/wxnjmipwvd.jar	4238	com.pwftbnbf.jymrapzl

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.pwftbnbf.jymrapzl

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.pwftbnbf.jymrapzl

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.pwftbnbf.jymrapzl

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.pwftbnbf.jymrapzl

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
8	ip-api.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.pwftbnbf.jymrapzl
1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Requests enabling of the accessibility settings.
- Checks if the internet connection is available
PID:4238

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pwftbnbf.jymrapzl/app_files/wxnjmipwvd.jar

Filesize
249KB

MD5
a251a6f587e5325dbf8d0fecab2fad79

SHA1
6b07a19ffe6098f35939142e2043886ee33e45cf

SHA256
6b25d7527aa055903da664c57da1eb7ea151f181512e1058f347998d91b3b2dc

SHA512
db4c73fc8aa2dd936817a6262914d4337cd90bf5b4bc95fccb0bd94fc3141ea0d28495c0524144c02aa2b6ceaf17c58ad29ef2277a35b1b9b9ff8b97fc9f6cb1

Download Submit
/data/user/0/com.pwftbnbf.jymrapzl/app_files/wxnjmipwvd.jar

Filesize
562KB

MD5
8da2f672a25d714a64157f2c8c417fe5

SHA1
e1fd7b06a25cc81a07721f249129a7b8922c28b0

SHA256
8b438cf3c2b2a503a0b1d004d73bcdec5828c4e0073d8c53495158e3bdd4dcf6

SHA512
a37f82f5e4ca0ad79fc6a6baaf7fdaa25828c830b87a63bb4359a6757de80ef2fa2631b94f0d8747f71c812f53057b1e76aec46b1997e998dd465d1cebed371c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads