Overview

overview

8

Static

static

6

6ddf697f91...18.apk

android-9-x86

8

6ddf697f91...18.apk

android-10-x64

8

6ddf697f91...18.apk

android-11-x64

8

Analysis

  • max time kernel
    95s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 08:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ddf697f91f1641eb996a569bedbf2bb_JaffaCakes118.apk

  • Size

    6.5MB

  • MD5

    6ddf697f91f1641eb996a569bedbf2bb

  • SHA1

    e954b0e852304fa2d000f919537c03cf8226eed6

  • SHA256

    1f3f7cd20803b59b5aa5894f9f90940f24cafe8fb7b5ffe77cfff09e1b3e2e7e

  • SHA512

    3ff60e10d908d91d9107e5f7337a5104a04b25b36e10ff7291057ce247a5a205e4d35ba341d9b9606d7f7c0800091c7fd2006094396cbd131518e18c686899b8

  • SSDEEP

    196608:Woz9N4MOAa2AcNZD0hic3GjTcEeNM9VbRIM:pfhUmH5gMTRL

Score
8/10
collectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 2 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries the mobile country code (MCC) 1 TTPs 2 IoCs
    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.gameneeti.game.terrorattack
    1⤵
    • Checks CPU information
    • Checks memory information
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4253
  • com.gameneeti.game.terrorattack:vserv
    1⤵
    • Requests cell location
    • Checks memory information
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4346

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads