Overview

overview

7

Static

static

6

6a574bd205...18.apk

android-9-x86

7

6a574bd205...18.apk

android-10-x64

7

Analysis

  • max time kernel
    179s
  • max time network
    189s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 08:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a574bd205a965a3dd98c73f298d18c8_JaffaCakes118.apk

  • Size

    22.7MB

  • MD5

    6a574bd205a965a3dd98c73f298d18c8

  • SHA1

    6215d46e938a8ed2283670ccd574adec4b663c37

  • SHA256

    4f741736c872428c891ee892f9fa4b0ab7a98662b9b73556641a7ead144352c5

  • SHA512

    85cee1ccbe351565c6acd818118db25629e113d9deeaee9038d99d347b0dd4bb8e2d48dbcc4cf17b0c08ae867309ea2ae7b0399404ecb4c50a81313bd5e8a669

  • SSDEEP

    393216:033IeLpluNKBBj+Jol/XA1imiZa1cmE9dl2uFPV2TTVPEgkbRhM0mDdp7j8wS/4+:OIIXuNKBBj+wdY1cnPjFPQV8gw7LUXS1

Score
7/10
discoveryimpactpersistence

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.songcw.employee
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4309
  • com.songcw.employee:pushcore
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4337

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.songcw.employee/files/jpush_stat_history_pushcore/normal/nowrap/c0fea652-509d-4e19-8f1e-8d5f9df49f32
    Filesize

    202B

    MD5

    a03e2b01395bd0f36e8891d75e4be393

    SHA1

    a3a3f728ba2d1f62a4f25280933f44ecbcfa0bc2

    SHA256

    b3de89cc6afc1efcfe19c3d9a532be345aa40bb123975356cc7fb42fe43bf483

    SHA512

    02e6c014018d436267e635c8ebc13d9c56097211a73a005a4f3d18a1b611078b459bb7dd0e9463f3c2eafcc43f99b7edf5db446b9ef2f1cf5f2449d9032a6138

    Download Submit
  • /storage/emulated/0/data/.push_deviceid
    Filesize

    159B

    MD5

    306b4217c837344b9a44eca7ab94dee1

    SHA1

    128d65404b0c238d2165697ec3c42ae2cde6ec7f

    SHA256

    c737c36445b9673eeab98f882129d007d4bb0d5dbf380a6bf5cffbb79ccfea4b

    SHA512

    f086ca279951bbc80e3ca321af471e238dde1e60b0610bf4aafb5866e0199e3c404a0cd3ee03bc9faf9d17900eb2c26ca2bd858d14a608fd95227b5ddc962812

    Download Submit