Overview

overview

8

Static

static

6

6eb9f3ad05...18.apk

android-9-x86

8

6eb9f3ad05...18.apk

android-13-x64

Analysis

  • max time kernel
    179s
  • max time network
    186s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6eb9f3ad05408d99680f326d07d17a43_JaffaCakes118.apk

  • Size

    7.5MB

  • MD5

    6eb9f3ad05408d99680f326d07d17a43

  • SHA1

    f65aece0b21d29601291c8585dc361d7dbdcd55b

  • SHA256

    10384255c298d073bb93dea288b6d88fa83ea722a81c1b15cc784e5042fb6696

  • SHA512

    e41b86cfa6dd2d4b2032cb05a4f39a25e2d8cf478d45d21f597ea72e9e3ece93618d0b871457324245f0f4bf806fa444b2c35cc66f5783231a972877d923c5d9

  • SSDEEP

    196608:qlTTb1VF4n6s2iwQEZY7BkZatBOfd8ocnJoLrQA0AxoPG3nZTbXkAG:wTTbju6piwQBNkM2X3QQxoExLkv

Score
8/10
bankerdiscoveryevasionpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.zuimeia.suite.magiclocker
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4249
    • ps
      2⤵
        PID:4304
    • com.zuimeia.suite.magiclocker:pushservice
      1⤵
      • Queries information about running processes on the device
      • Checks if the internet connection is available
      PID:4280

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.zuimeia.suite.magiclocker/files/com.zuimeia.suite.magiclocker:pushservice
      Filesize

      2B

      MD5

      d751713988987e9331980363e24189ce

      SHA1

      97d170e1550eee4afc0af065b78cda302a97674c

      SHA256

      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

      SHA512

      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

      Download Submit
    • /storage/emulated/0/magic_locker/magic_locker/images/journal.tmp
      Filesize

      31B

      MD5

      8c92de9ce46d41a22f3b20f77404cc1d

      SHA1

      8671a6dca00edb72be47363a7071be65cf270373

      SHA256

      68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

      SHA512

      30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

      Download Submit
    • /storage/emulated/0/zuimei/air_locker/video/guide.mp4
      Filesize

      2.2MB

      MD5

      6c89424862fabf9d783686239d21765f

      SHA1

      1cce8bb3829185c68936a124fd84adcfeeb2011b

      SHA256

      5d4befa7736e2435ebfa1df4dffc53f55d2515e91706b4cbae903081066e95ae

      SHA512

      5860346773e3a10531613294a4beb750fbb273a446fe254916f16ba3fc47c63a505e1cbf453d127a8ecb5003c651169f9a24d34577ae9ba2f1f92b19f45a6a20

      Download Submit