8c8beccce2bccea14fa6fd1426ced3963b13a713aaacf163e4f51b21bb081649

General

Target

6aa26f32182021ce0cf3d363f24e9a04_JaffaCakes118.apk
Size

1.7MB
MD5

6aa26f32182021ce0cf3d363f24e9a04
SHA1

019963bc8671295ad271be3f5d101dbf7ea8648f
SHA256

8c8beccce2bccea14fa6fd1426ced3963b13a713aaacf163e4f51b21bb081649
SHA512

860dcd5e35d17ba0222975ecbac202fdf4df3c59355d6901fe02c21603c8d6cfe3e88141c2549ce6c986ebdb0bf197c47762ee2c8f93a6fb35f5b6a5d368fab8
SSDEEP

49152:UWH486el8BSg2Rw37ZDqAx9iIemx1F4Hrmhkxlgr5PkclxdXx45qv+M5GQdQXsJ+:UWH486el8B537ZmAx9ivmH4mhTr5nlrK

Score

8^/10

banker discovery evasion persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.youstara.market

description ioc process

File opened for read /proc/cpuinfo com.youstara.market
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.youstara.market

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.youstara.market
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.youstara.market

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.youstara.market
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.youstara.market

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.youstara.market

description	ioc	process
File opened for read	/proc/cpuinfo	com.youstara.market

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.youstara.market

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.youstara.market

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.youstara.market

com.youstara.market
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4308

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1633

System Checks

1

T1633.001

Credential Access

Discovery

Software Discovery

1

T1418

Security Software Discovery

1

T1418.001

System Information Discovery

1

T1426

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.youstara.market/cache/ion/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.youstara.market/databases/nixiba

Filesize
24KB

MD5
e390bf3ac68e78b2eaa9e892e7c4f548

SHA1
c8fc6aa4a39137c4e68b1b47ae1b85dc0adaf0af

SHA256
2961e5ec0a79442a011aa7821d7c58ae614980f2baba3704ebaf7d58ad5c27dd

SHA512
778b9da92bbfeb3fc4475b500f21a73dced3ad68e8e86917f5ae2c10f429523b6060c7f752bbb55db330e04bb171b0d673871245ac1c562746021b1976fc00f9

Download Submit
/data/data/com.youstara.market/databases/nixiba

Filesize
24KB

MD5
7ec7bb8a3e4d5863a2c61d8c51deb56d

SHA1
44575cd0b72afbc1c1b8b9260a9f94c1eb00aa8b

SHA256
e09c01c62b6688f862442128f314ef5a4eb1f55bb0401ab84acbe48d966d66ba

SHA512
18a646cdcf05094c7b86e0b3332302f37b8e4c0d1f29736a673d5623a9ab2843e3a65094611531c2c6120e54748bb7ccbf45c4dc7d0a9127eb012ad4615e6868

Download Submit
/data/data/com.youstara.market/databases/nixiba-journal

Filesize
512B

MD5
ed0d052b4dd29222149dffa3d8d18c0c

SHA1
06fb2a7933785276d04809f44b404b9fdea9171b

SHA256
50cd62fde6d2a77a7a841606427e291f850b2e33e769c91acc742fd4b618de70

SHA512
fdc36182e8a4285086cb4aa102709c3a1b3f84b58c42e35a4ca853d8743408e26efcb083537836e62c03379f246d308ec6d5b3f359d76c950977e0acfacf97c1

Download Submit
/data/data/com.youstara.market/databases/nixiba-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.youstara.market/databases/nixiba-wal

Filesize
36KB

MD5
9e806d2f42b408d0791a6e6f74955537

SHA1
39893f024be0e0fcd8d448c1b4fe07abb7785bf5

SHA256
6df12dc84e54f48790a8054084053bee752cc1900e4ff023447e9f2487f0bcc5

SHA512
40d5be2e553ba428ccbae62b8e94d0aff3952d98988d7989e9b7912fee1c4d75ff2c97c47c31980815616043b4060ae634e6547264de6c1fcf4a199e68e0f4c6

Download Submit
/data/data/com.youstara.market/databases/nixiba-wal

Filesize
8KB

MD5
03b7afb4ba36c32f3b01947f3188d838

SHA1
4904b345c5911246903ba54a1ad2092d553227ce

SHA256
6d19e56baa30e80f39ef5e154524ca23adb8a28a648c4b260a77a817dfedb305

SHA512
8dc105dede9ca7fefae58bc3219488ef0e3eda3fa7cb182319966078dd7950c8e20c5e02cb07758f2dd61adcc6a989da6fcab8e0edc38c03a6835f36f3e7b873

Download Submit
/data/data/com.youstara.market/files/mobclick_agent_sealed_com.youstara.market

Filesize
577B

MD5
794ca5892373c70b63718c15129a5475

SHA1
2c1ba8fedb548fd4c565d706d5f8f1e0d7ddd802

SHA256
816060a3c98eb775b451f674abc0a89def9ea32486970ebd79e757dad38ce12b

SHA512
e1109a750c2b8667b94837b0a160e64e430c4065103db0009fa0a99611ae6c47df640514a1d6d836eb77b9a313c85887c69feabb57d4efa1c68110ccb168142a

Download Submit

Analysis

Sharing