6a1e18b3e89f839ad328390d9d5b7098f6bae8d9655cbf0bcef6e78f062e1ba9

General

Target

6b75dc28c2b41397a37440c3cde3af5c_JaffaCakes118.apk
Size

24.3MB
MD5

6b75dc28c2b41397a37440c3cde3af5c
SHA1

aa179bfa7f5948fdf0ffaff4ab54b551f62a084c
SHA256

6a1e18b3e89f839ad328390d9d5b7098f6bae8d9655cbf0bcef6e78f062e1ba9
SHA512

25400588711d84e65a9f21aa15976839f7215ab3c4a2777fc8cb8ded4dd219d761266abb4a3a7db97b3630675c986f0e3e1312f53575e5f0a5ea79362a720d37
SSDEEP

786432:PiqWTt+RHkaE6qCASb7ZtugnJXBJt/cTf+:Pa+9/xaKCgn/++

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.ymcx.mastermarket

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.ymcx.mastermarket

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ymcx.mastermarket

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ymcx.mastermarket

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ymcx.mastermarket

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ymcx.mastermarket

com.ymcx.mastermarket
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5173

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1633

System Checks

1

T1633.001

Credential Access

Discovery

System Information Discovery

2

T1426

System Network Configuration Discovery

1

T1422

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ymcx.mastermarket/databases/bugly_db_legu

Filesize
96KB

MD5
2cd3bf9309fc322a5dedd5b8c5ea284b

SHA1
8fab9210bc168bd4168e3785cc3e36da9b5e2b4b

SHA256
4584eeff2ed5714e88f63c0304364613b41d40452a00836dc13ca01bc0a1e0f8

SHA512
12688877424bc3072b3a835a19cc59c3bc998ae39a68aa43db5fb4e5367432b6d4d7fcafbe6632b9da529ebdae90ce448d7af129a6eede0c3900164cfa7a5547

Download Submit
/data/data/com.ymcx.mastermarket/databases/bugly_db_legu-journal

Filesize
512B

MD5
efbb55164fb8b1844cf18422fd441d3f

SHA1
fa352d8e7b04d363253a9ff8ed0a8bb76ef080bb

SHA256
876c6d7665e61c02e1ad5c9bc02adbe5c66aa02e8c4b332181b3d398be8176ca

SHA512
4f40f2ce1d90cc761d7617c92e88adab85a9c7c91e64d7019d1b5271c6f8f6562b0d717457abecfb863b6c14f79e671e36c137ebffebf14dbc99f20397beced9

Download Submit
/data/data/com.ymcx.mastermarket/databases/bugly_db_legu-journal

Filesize
8KB

MD5
1c2388fc155c7f69f4585a13ecda3f0a

SHA1
b948886ae0d23265c9ad005eccb246e74c01da74

SHA256
45aea813e4cd09420b492f88229cdf8be84afb9131e6030e36f13f57c30dc32f

SHA512
3e012a894461a9f83eb3806533de0b164b975196f265144736f63cb9ddb8c91026f98d4b941acae09ded071af4f3dc59aa91994e7f2ce37b8fd606a36b65f0bc

Download Submit
/data/data/com.ymcx.mastermarket/databases/bugly_db_legu-journal

Filesize
8KB

MD5
bbe70a5eca28de4e3764c003fa1cfb65

SHA1
4f7ce5d4fce2f2c7e52242ace4b2bcfced1c2d84

SHA256
471d80c82c39b94b2d6f12d591ba3f8186186b84d7ce2b8efd73da0ddd3d13b7

SHA512
2416445cfff3204942ba302ec6da3687c4aa0860c35d52f37c93231ae405f1762321283b1ee771fd2f074b1037aba9a12ae99bc6f1b68b08cb6a8b48835b5635

Download Submit
/data/data/com.ymcx.mastermarket/databases/bugly_db_legu-journal

Filesize
8KB

MD5
7f7ed883f68648f32f7d499d57eb077c

SHA1
b9636864257906ea9911baa65ac3d58cabe3d620

SHA256
080663f4089970ebb14a7c76aacbd5b2d235fabcd5b83ecdbd26e4bcfe6254d3

SHA512
850ff811b2542b100a3a2d7bf6bf90d7f5f28dbfa4e7c1bf3dc418fe783cf8eeae7ac9a044d3c9843195dd707e40e43da79f823d20c83122702533dfacd809d1

Download Submit
/data/data/com.ymcx.mastermarket/databases/bugly_db_legu-journal

Filesize
12KB

MD5
dc163c0b91913e89c112105b567759ce

SHA1
00b6ffd3d433bca79e55d5544b5d5e52d37878ce

SHA256
b6b44d7a1490fae6a0002de5e9316c19e5c007db9183ec21a040f29eb46de496

SHA512
82974f096c7ad7135327330fb0dd6419d8d605cb01877830a6eb973fcf27cd9249fbb51cfb24f14cf59823e310ca188f8ca9fede113a917a718242ca2a7859fd

Download Submit
/data/data/com.ymcx.mastermarket/databases/bugly_db_legu-journal

Filesize
12KB

MD5
f89cde6e75a5adc3e12ba3777e96bee9

SHA1
9dae335c2ac4d30b888229adeac3af0a17b64392

SHA256
d7b9041f95eb933ef6a4a2fd83ab5ae5bb3b2894c26974e30e4486dfbf5ffed1

SHA512
eb88fc958374650535e66f110da537e4a89cb398459fe4789ef1fc559309b2dfe4a5a302aa0083ccb6d095b6acf12809a4496b4f97b95e3bba1260862d3b4806

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads