Overview

overview

8

Static

static

6

6bec060cc0...18.apk

android-9-x86

8

6bec060cc0...18.apk

android-10-x64

8

6bec060cc0...18.apk

android-11-x64

8

Analysis

  • max time kernel
    36s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6bec060cc0c3aa7ddd3d4de005dbdabd_JaffaCakes118.apk

  • Size

    602KB

  • MD5

    6bec060cc0c3aa7ddd3d4de005dbdabd

  • SHA1

    a8e7abe5e7aaa8a0b6d52aae5ee6d4c1c9e2380b

  • SHA256

    75ef78181b828392c9d8ba2fb128cc71d3a20217f7b35d9b9eae5e25a260b5bb

  • SHA512

    45b35235249716bd2d1b1132ebcdd10cf9f0c24d7017bf34c39a8d630d8ce4e2602f19f69d9c7d1d087739819baeab1b0ae6a00ee83f426f88429c23e04e917d

  • SSDEEP

    12288:AuEaFZvkGGNUuWW1NVwCKn6GAx1d9H1BxyMGl9fDHxUNYL0NpX79s:PEaFmFN9v46flH7xyVfNGFf9s

Score
8/10
discoveryevasionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • feifei.tnd9.meta.face
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4273

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/feifei.tnd9.meta.face/app_ttmp/t.jar
    Filesize

    276KB

    MD5

    9aaea567e0c93e51718ba7eade0e83df

    SHA1

    0005116aad1779361b70093db00fed5ac090ae23

    SHA256

    b30a95dff6f65f444472971c8aaf895ffc8e66e0117ce242ec4cb8a8a519a5ec

    SHA512

    2aef1034335d8752f4e25ce6c5823ce03019536cc6e51ee61b5291c77a0f356a2517e0cbe7f2c4cc2d897115dc856449a342cfdc247c9d34d313187d15b2f890

    Download Submit