Overview

overview

7

Static

static

6

6a574bd205...18.apk

android-9-x86

7

6a574bd205...18.apk

android-10-x64

7

Analysis

  • max time kernel
    177s
  • max time network
    190s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    23-05-2024 08:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a574bd205a965a3dd98c73f298d18c8_JaffaCakes118.apk

  • Size

    22.7MB

  • MD5

    6a574bd205a965a3dd98c73f298d18c8

  • SHA1

    6215d46e938a8ed2283670ccd574adec4b663c37

  • SHA256

    4f741736c872428c891ee892f9fa4b0ab7a98662b9b73556641a7ead144352c5

  • SHA512

    85cee1ccbe351565c6acd818118db25629e113d9deeaee9038d99d347b0dd4bb8e2d48dbcc4cf17b0c08ae867309ea2ae7b0399404ecb4c50a81313bd5e8a669

  • SSDEEP

    393216:033IeLpluNKBBj+Jol/XA1imiZa1cmE9dl2uFPV2TTVPEgkbRhM0mDdp7j8wS/4+:OIIXuNKBBj+wdY1cnPjFPQV8gw7LUXS1

Score
7/10
discoveryimpactpersistence

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.songcw.employee
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:5240
  • com.songcw.employee:pushcore
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5293

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.songcw.employee/files/jpush_stat_history/active_user/nowrap/1528f11c-2117-44db-ad5d-7b3050b6416f
    Filesize

    159B

    MD5

    2322aa986672b44b7e4bea59972f0d74

    SHA1

    ca85dbcdf5a0b2def635f61afaef1bb5f6bf6da3

    SHA256

    1ccfbcde4c81ff40e97aacbd082f4f61f8372a2357da6bfb22c959a050d14886

    SHA512

    92cf4214cc6e7540631d3b33d28e7d8048a60cc2a2c515420e674d0ea01d78299f0ab08ee8cf58d102299268f118f82288959a50d98728974405a0b8e80c84d0

    Download Submit
  • /data/data/com.songcw.employee/files/jpush_stat_history_pushcore/normal/nowrap/b0153131-6450-41f5-b8e4-3c61cdda35c2
    Filesize

    187B

    MD5

    db93ae0beca9676e453d3fa7d05a82f2

    SHA1

    74b97ea5e8ae28f19a7ceffa926095a328a4e3ce

    SHA256

    14146ba3d336fe635f65f3990b50f39022e66edb985efbe106fdb3708620c794

    SHA512

    f2b53f6d1ce4094c4623a7246e8c5947a8d2402eb74e2dd9e0f73e11ccb440ea839d96dc775408e183abbca5fb5206f1927af85cee083006badd7d3a29bb791a

    Download Submit
  • /storage/emulated/0/data/.push_deviceid
    Filesize

    32B

    MD5

    7519e63d74670ca44e5c9eab16eaaf69

    SHA1

    6b2f30f59f4b7717f4d5d6587e426f30ef36e200

    SHA256

    62f63788229204b713f71283d1720e933e00a5c618947f92bb15939e0258af39

    SHA512

    43cddc15f810bc9fb5f6cf8982a451e0c92288fe06d12bd3021f16c571f9475118c96441e5df023f8e8c4e41422defa9f84e749718ef352e023cec1b7b253a24

    Download Submit