6f2fc19bc5e3a07229333c27bfbd77486695d3cfd2d7d2bf6fe8d4fd9d2857f7

Analysis

max time kernel
12s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a8f1a7e55c2eb9b6f4b867e224deac6_JaffaCakes118.apk
Size

30.4MB
MD5

6a8f1a7e55c2eb9b6f4b867e224deac6
SHA1

5c663487f96703e69f38d3fd6534c0dd68a973bb
SHA256

6f2fc19bc5e3a07229333c27bfbd77486695d3cfd2d7d2bf6fe8d4fd9d2857f7
SHA512

c57c78366c4a7eeb12e71d170b0423e0025cb3b53d0074c7cd2020765a598ce1e43ca1b3cbe20914de3c388fcc258892b7fd3c7198a603c3b112be0fcc5104b6
SSDEEP

786432:UfmAKUQYVKI6f7i1foGbsU1ok8IoqR2yAcTJt:km7ji1Al0ok8Ioqcfcr

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.robtopx.geometryjumplite

ioc process

/system/app/Superuser.apk com.robtopx.geometryjumplite
/sbin/su com.robtopx.geometryjumplite
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.robtopx.geometryjumplite

description ioc process

File opened for read /proc/cpuinfo com.robtopx.geometryjumplite
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.robtopx.geometryjumplite/system/bin/cat /proc/meminfo

description ioc process

File opened for read /proc/meminfo com.robtopx.geometryjumplite
File opened for read /proc/meminfo /system/bin/cat /proc/meminfo
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.robtopx.geometryjumplite

ioc pid process

/data/user/0/com.robtopx.geometryjumplite/cache/1582435991586.jar 4259 com.robtopx.geometryjumplite
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.robtopx.geometryjumplite

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.robtopx.geometryjumplite
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.robtopx.geometryjumplite

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.robtopx.geometryjumplite
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.robtopx.geometryjumplite

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.robtopx.geometryjumplite
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.robtopx.geometryjumplite

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.robtopx.geometryjumplite
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.robtopx.geometryjumplite

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.robtopx.geometryjumplite
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.robtopx.geometryjumplite

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.robtopx.geometryjumplite

ioc	process
/system/app/Superuser.apk	com.robtopx.geometryjumplite
/sbin/su	com.robtopx.geometryjumplite

description	ioc	process
File opened for read	/proc/cpuinfo	com.robtopx.geometryjumplite

description	ioc	process
File opened for read	/proc/meminfo	com.robtopx.geometryjumplite
File opened for read	/proc/meminfo	/system/bin/cat /proc/meminfo

ioc	pid	process
/data/user/0/com.robtopx.geometryjumplite/cache/1582435991586.jar	4259	com.robtopx.geometryjumplite

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.robtopx.geometryjumplite

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.robtopx.geometryjumplite

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.robtopx.geometryjumplite

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.robtopx.geometryjumplite

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.robtopx.geometryjumplite

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.robtopx.geometryjumplite

com.robtopx.geometryjumplite
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4259

/system/bin/cat /proc/meminfo
2⤵
- Checks memory information
PID:4476

logcat -d
2⤵
PID:4547

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.robtopx.geometryjumplite/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/com.robtopx.geometryjumplite/cache/__chartboost/CBSessionDirectory/cb_previous_session_info

Filesize
189B

MD5
bf2bbc7e1242ce25628429668921c320

SHA1
351128cc10f251086a3e2ee32ee28a8103fc46fa

SHA256
23a595070675c84e2913c8d8b4f1d75268f208b61d403e8c5f60cae3882195d6

SHA512
a489f2405093dfbaeeb9f47869ef971aca2707b712927743657d2f6cbd4f173b7273d1d8af77c60f80227bd34df559f53c2e33c5ad8b97ad30ab3bef4465637c

Download Submit
/data/data/com.robtopx.geometryjumplite/databases/db_default_job_manager

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.robtopx.geometryjumplite/databases/db_default_job_manager-journal

Filesize
512B

MD5
ecf7dddba91aa483b71e1cbcfadafdda

SHA1
aff1aae90069e36a15ae47f93cf020954d6a3008

SHA256
38fb24c1a6e013f0cc9ae738018e4ad0c676cfd92d6c8e9236eecf22ea92fb23

SHA512
4626bc0f84f41f63d4d0f94bc992477873b09e6b63226b2fae86f002552046739084724dd8cc03b4d3342c58fcc4205a8a3ebd3ea0fadbca557ad28266a5a730

Download Submit
/data/data/com.robtopx.geometryjumplite/databases/db_default_job_manager-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.robtopx.geometryjumplite/databases/db_default_job_manager-wal

Filesize
32KB

MD5
6be6733fb19f537c31df871476c12bea

SHA1
178660185134802996c89d0f5d959ed7723a135f

SHA256
62f0a1569a9738d2f7eb4a1476004dd6ddad55f7b267684052ee7e9f52c978dd

SHA512
d29ff5a59fbfdd4aa66757a3848ddecfd77efdc6c553d4d92f91b8cfdf55e6e9cf1c8445b3dd7ddd408bd570ab5ad2d036855a452cecd7ded8071f6488fc6d62

Download Submit
/data/data/com.robtopx.geometryjumplite/files/Mint-lastsavedfile

Filesize
34B

MD5
0e461b6aaf85ad82b6e8528cb14986ec

SHA1
859bb9fb613cd924f23c8afe88d3fe75f1129c40

SHA256
8139c23c044d0de9d3a6127684b361561aa679120dbe5a3ff62b41b01cf2aa07

SHA512
c575b57400439e211c1e45af0ed75f2d51745fe44a6f9f7032b702f3a437c59892c641897160da06e975f08456b8559922c2e5020c145f523c4b150853705933

Download Submit
/data/data/com.robtopx.geometryjumplite/files/MintSavedData-1-1716458122481.json

Filesize
22KB

MD5
593c6b9df584b35ba1d454a2c3bdb0c2

SHA1
2c88c5876314b0a41f82d266f7bbdf4feddfd30d

SHA256
598b64d8254c5f97e06cd55358c15342960c32b2abcdcf6fdc57ef597ea5f505

SHA512
130ac19534280f077e2d39daa7334fdb098f433a7ccee91d09b07af8691753463d213bae93e5d06c51158d26b6c66f74c5abb1aa9f795711429c625b169307a0

Download Submit
/data/data/com.robtopx.geometryjumplite/files/MintSavedData-1-1716458122481.json

Filesize
572B

MD5
0a38084d2a23bbcfb4340cda4e3134b8

SHA1
a3aa2e3f97f79c650fd20e4ce7716133a5ebf296

SHA256
ef1bda578398ff5ff6f69befea0ad51bfa4aa6e90999173d26ce90f3b112a6f0

SHA512
a2ac42c58db4a085281faa35834549dc206fa94d4c545728e4cb62910b64c497ef24ad8d4ada78bb62e4d6e4790e5b82619c1c988b75334a8edd58b382f9e80e

Download Submit
/data/data/com.robtopx.geometryjumplite/files/crashCounter

Filesize
2B

MD5
b026324c6904b2a9cb4b88d6d61c81d1

SHA1
e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e

SHA256
4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865

SHA512
3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

Download Submit
/data/data/com.robtopx.geometryjumplite/files/lastCrashID

Filesize
33B

MD5
f1f1681c44208983e903805e77dbc351

SHA1
df6ad713d69df1ccf77c686bef9ca4a2b918ec58

SHA256
516ec3583b10c94b8e13b3f18ba00fdb250f162bc7bd4b3256c2bc3bf780abdc

SHA512
a77afe38080b1a816e9f74da45f739ed3cf78d59489beb4748279d22f7e44f9275b8f5a754eb6c02706af01b2dfa3c8b01bc50f774e83ea1763a90f0f3d905b2

Download Submit
/data/user/0/com.robtopx.geometryjumplite/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit