Overview

overview

8

Static

static

6

6ccd389ae8...18.apk

android-9-x86

8

Analysis

  • max time kernel
    35s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 00:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ccd389ae873556ec2d65ef93d52f74d_JaffaCakes118.apk

  • Size

    19.4MB

  • MD5

    6ccd389ae873556ec2d65ef93d52f74d

  • SHA1

    f0261db72297c49a254b98df202d811bb6ae3362

  • SHA256

    0db138fdf9b4608d71c9aa2a8870d2c7469ca89e1b431ab329c59592d512da63

  • SHA512

    8e2216a48ed335f4c934170a25d113b803917ff66e99f3b0672292a572e4bc6197350fe8b3995b90f49739583db7ea9200dcf80329cc392b0ca708a4ca9d0f60

  • SSDEEP

    393216:3wVhPltzhcSP1Zzq3zwwQuMYTUplp6qOsfGxQkFLDvwlt3NLw9ug:3wXbZFq38e9T6Osfaol7s93

Score
8/10
bankerdiscoveryevasionpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery

Processes

  • com.yyq01.wxg
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4278
  • com.yyq01.wxg:remote
    1⤵
    • Queries information about running processes on the device
    PID:4313

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yyq01.wxg/files/jpush_stat_history/active_user/nowrap/54207c40-30ec-4c03-b204-21eaecaa9029
    Filesize

    159B

    MD5

    49d15f5fdb9599d2b7048b8d0d66742b

    SHA1

    a11939ebc6c93656a390725718d336f3dc2c2f66

    SHA256

    e2ef9d14b97e4108ee81b74623e5580c309c27f9e89c1ca1a213c28e8f286be4

    SHA512

    dfec9379a7b38f076516c930191ac0b1350e08eb7ba2018297866f1c7722ea4b471c3396c6f6649018b38483464e23c89b0e85043990b7e2e544ad57524a85be

    Download Submit
  • /storage/emulated/0/data/.push_deviceid
    Filesize

    32B

    MD5

    d89097760a18ecb3c5ad4039bc540949

    SHA1

    c36f2a551efafded5e29e1bc4af2e293d1c82d39

    SHA256

    b853790a2a0504145a65270aa5b4f03a7c64bc4e52dc7e1b1f389d85b8e88356

    SHA512

    843048fb2fff8bec206d423d03abedd36ef3b0a51fd8160acd34be0c2cde26795b1e9d535a10577f413033591676867b5e57b8187724e555d0aff017d92a21b8

    Download Submit