144c9521adf253acff2730d902232769c16e6751c5d635e2d051e7baa7f296ef

Analysis

max time kernel
178s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d49d6a3cae1f0f1d4c11889da516612_JaffaCakes118.apk
Size

21.1MB
MD5

6d49d6a3cae1f0f1d4c11889da516612
SHA1

4dabcf907b91bc368a552b198a699ba8b777524f
SHA256

144c9521adf253acff2730d902232769c16e6751c5d635e2d051e7baa7f296ef
SHA512

42bb6c84bcce0b4a386ae509c0c16fd0db05918b0887f6eba2174e6b3041dae08d629e675ff702c8189444a268467b0419692decda836af79924c78065faa485
SSDEEP

393216:8T9Jwe6d+tphRJGl4JmVQgM0MovUkqPP4tc8JuL5o+bNJfxt2j0Vvg:gieptpVGq2MovIX4KVpbZ+0VY

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.turner.StevenRhythm2016

description ioc process

File opened for read /proc/cpuinfo com.turner.StevenRhythm2016

description	ioc	process
File opened for read	/proc/cpuinfo	com.turner.StevenRhythm2016

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.turner.StevenRhythm2016/app_app_apk/StevenRhythm2016.dat.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.turner.StevenRhythm2016/app_app_apk/oat/x86/StevenRhythm2016.dat.odex --compiler-filter=quicken --class-loader-context=&com.turner.StevenRhythm2016

ioc	pid	process
/data/user/0/com.turner.StevenRhythm2016/app_app_apk/StevenRhythm2016.dat.jar	4304	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.turner.StevenRhythm2016/app_app_apk/StevenRhythm2016.dat.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.turner.StevenRhythm2016/app_app_apk/oat/x86/StevenRhythm2016.dat.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.turner.StevenRhythm2016/app_app_apk/StevenRhythm2016.dat.jar	4274	com.turner.StevenRhythm2016

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.turner.StevenRhythm2016

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.turner.StevenRhythm2016

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.turner.StevenRhythm2016

com.turner.StevenRhythm2016
1⤵
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4274

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.turner.StevenRhythm2016/app_app_apk/StevenRhythm2016.dat.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.turner.StevenRhythm2016/app_app_apk/oat/x86/StevenRhythm2016.dat.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.turner.StevenRhythm2016/files/OqvJoNfbB
Filesize
374KB

MD5
5b0a768ecc16b2ff1e2052f9513f560e

SHA1
fb7ea54aa9941109496dbaa1c75dee69531465f7

SHA256
ad865ac66accc7f260d032d859b8d29e76d9f0b8a2b1d3ce329faa0e9910d48c

SHA512
ffcecdb1d33b73f90013de74dd986548d29dafe607106d09d6bb1daec5a604133e44aeb3f45031d74d3700a5ccae5d20aaa10e08b5aa9e1d060336a075dbc72a

Download Submit
/data/user/0/com.turner.StevenRhythm2016/app_app_apk/StevenRhythm2016.dat.jar
Filesize
512KB

MD5
9d96e7310ba6d1dd1d7e001ed656a9ed

SHA1
1199b9a0e2f2161ba8b58428ba296efea2c0c189

SHA256
a1f509ca500bc8af061a1a45dd9c99ebc71825fc162e49e682a6e6c4058fb408

SHA512
667c93879edf413f459cd2286def8f841cd461eae0b6eeaeaa44bfaae6a972e2afd11c0fec9a4013952726167e0eab9551acbef49f9dc61d3ee27782a7e372ec

Download Submit
/data/user/0/com.turner.StevenRhythm2016/app_app_apk/StevenRhythm2016.dat.jar
Filesize
512KB

MD5
b4f07f47faa2008817f0fad4593370fe

SHA1
68ccc69d588eb676cbb55dfeda59dbfaa3be332a

SHA256
031102935bc6781bf7d0a670404e45501c9c4acf15a686dc12ed666c0bf7f78b

SHA512
134b9d86b0f724f2ee237e27477846f3a8de1d3088e285d4d3ded3a3ed0e968476dc056c9ca530f8cfa6270b8c47eb9e2c1434b5ec82916d74ddc75906736cb7

Download Submit