e234f089be392da49552b5c18fa1a70107f4e756367a81ce4a0d9cbdaa577328

Analysis

max time kernel
4s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ab5af9b9805059e6e95885d63c8f06e_JaffaCakes118.apk
Size

17.6MB
MD5

6ab5af9b9805059e6e95885d63c8f06e
SHA1

5e828074e808b067ae57e5bf0d6b8fbde05f63a2
SHA256

e234f089be392da49552b5c18fa1a70107f4e756367a81ce4a0d9cbdaa577328
SHA512

5edd419ac68f7818a804ae6674708028ce382a658a74c7963953b646874cd1a1c0c6a6f03969ab16542c4d0d17ab2def1876c4b961882fd7cbdec2a39b1b6001
SSDEEP

393216:L8CQ5jpGjrZQXDSl8wMdlL7GfmhFmbgwkfOKp1alrEso:RKpg2XDSlfwt1G/4Otdo

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.sdf.nkenke

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.sdf.nkenke
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.sdf.nkenke

description ioc process

File opened for read /proc/cpuinfo com.sdf.nkenke
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.sdf.nkenke

description ioc process

File opened for read /proc/meminfo com.sdf.nkenke
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.sdf.nkenke

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.sdf.nkenke
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
collection

SMS Messages
T1636.004

Processes:

com.sdf.nkenke

description ioc process

URI accessed for read content://sms/inbox com.sdf.nkenke
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.sdf.nkenke

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sdf.nkenke
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.sdf.nkenke

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.sdf.nkenke

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.sdf.nkenke

description	ioc	process
File opened for read	/proc/cpuinfo	com.sdf.nkenke

description	ioc	process
File opened for read	/proc/meminfo	com.sdf.nkenke

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sdf.nkenke

description	ioc	process
URI accessed for read	content://sms/inbox	com.sdf.nkenke

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sdf.nkenke

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.sdf.nkenke

com.sdf.nkenke
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Reads the content of SMS inbox messages.
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4275

sh
2⤵
PID:4325

sh
2⤵
PID:4371

chmod 777 /data/data/com.sdf.nkenke/lib/helper
1⤵
PID:4350

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sdf.nkenke/databases/qy_db_pay

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.sdf.nkenke/databases/qy_db_pay-journal

Filesize
512B

MD5
d3f7f90f3bd7160b7d7b9fa2a5d48d68

SHA1
05da7dfe0602f6ba4e472e795115685fb1844222

SHA256
1688a4493fd3d9843d60d31320d8e351f0b66d46820493cf4b8f86e9fe7306ba

SHA512
d3937ce062bc1d0529f2add2fb38273f4accc81c063e364f921f70016e2cadf083e3151a52d563176488f62ad047d28115a58115ebd951e9341ce37c6bfd266b

Download Submit
/data/data/com.sdf.nkenke/databases/qy_db_pay-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.sdf.nkenke/databases/qy_db_pay-wal

Filesize
40KB

MD5
770870cf3ed7eb592c135e104f1b3bcc

SHA1
f29f930274d798f51881da5faacd69c185898ca7

SHA256
1bf920d7e0f84e76eebb0cf1dac0594c20877819308fa6d2add0d976cb0b5d16

SHA512
2ae4244fc53d39e9a11ee5a3ac9cec503feeb7e3846529ef5f710551e433a0e54ba55a96704c732efdf16b25afb97d443ff5fee9e958d6d9f73b4b2e55fa3dbd

Download Submit
/data/data/com.sdf.nkenke/databases/talkingdata_app.db-journal

Filesize
512B

MD5
9bf9e688d8f7f0c2810a50165e360db9

SHA1
f38ee6fd805e8a98cedb58cbba96a1bd021a9ce1

SHA256
79b3ea03826d6a4b69f5d1cced4750fddaf1f6fd45367edb7a4d81cf0b6be69d

SHA512
5db3a4bea011ac07fa8f99eaaba098eb67d01d96db0b93193330b036f5603762d4e32fa01246f58cebb40f09c0300c3382049a091cc9b936a561cacde0e98b42

Download Submit
/data/data/com.sdf.nkenke/databases/talkingdata_app.db-wal

Filesize
48KB

MD5
3e848d52111f8958ced5613f97e599b5

SHA1
1107435ef39dfec2c91a85f051ee1a0406dd0e7c

SHA256
b89fe181f3be00eb0f8b2fd47c92887b94c76b4278757377f2be0c8743033a2c

SHA512
770df11072d985cc11a33113e3384cd956132fe970cbe4bbe5222d5bc5fd36e5f9f4bc32e968153885a42b5cc772c78ce9bdfec6b310119b832cac6dae6e0c4b

Download Submit
/data/data/com.sdf.nkenke/files/talkingdata_app_process_preferences_file

Filesize
19B

MD5
4158648e7d3ca73172d8b0dd7f3e515f

SHA1
26e8cd2718fa645cb57dec416f3a1e8b4707afd3

SHA256
70a9aa657c0f6818882954a701f3a3b5cf48f3e1dff57ed915429dda6ac31b48

SHA512
31bfd890eb361f93479644963d8e72cd083df81584644e18c5cefb5e7ae5544dcc602260ff248bd7c5aa41de3a345a958885ba4d89c71a3e147db68e82343aac

Download Submit
/data/data/com.sdf.nkenke/files/talkingdata_app_version_preferences_file

Filesize
2B

MD5
4e732ced3463d06de0ca9a15b6153677

SHA1
887309d048beef83ad3eabf2a79a64a389ab1c9f

SHA256
5f9c4ab08cac7457e9111a30e4664920607ea2c115a1433d7be98e97e64244ca

SHA512
e053886e1b797bc5a80f932302f0201265a599d82e2502d41941d6e652614ef88fa058e009094d26655f880200df12c2100f690254fd1e5bae75d7441763cd33

Download Submit
/storage/emulated/0/.tcookieid

Filesize
33B

MD5
2514f47360809720325ff4080539dd23

SHA1
fd31e71e844f72137fde507c485eb568100ec05f

SHA256
27d4627434bf8fc92e19f4972d77a5265f3b58f13cfd1b887273566387a75826

SHA512
7def34b1a19e80a5ae71a9b3843e4fae25d076b2fdd84d3b7449fd602d399bf156fef9dc8255759fb413b76d763782914f90b3e78364407827d8f113fe49d242

Download Submit