Overview

overview

8

Static

static

6

6eb6ba6d2a...18.apk

android-9-x86

8

6eb6ba6d2a...18.apk

android-10-x64

8

6eb6ba6d2a...18.apk

android-11-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    148s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6eb6ba6d2a6486165d21d3b462d13b39_JaffaCakes118.apk

  • Size

    271KB

  • MD5

    6eb6ba6d2a6486165d21d3b462d13b39

  • SHA1

    8116605f3397e54b01344e1e2f693512fa90e473

  • SHA256

    aa6f1fc3bb6d24fa88a1b94be985cd10d03467e484ae10b35a3af7253d3e27cd

  • SHA512

    dcd5cefdb666b1e0e1998c812c00e01f47fc67aad8ef01c65fc08150a19afdc5af076c3000b6af4995487a3a301bc2b2d6cb5087d802e263511a967d565e8f35

  • SSDEEP

    6144:VgIuwTsBRA3mnpcABMLe0HQ0NEKq/ZaRaw4IzEsS/ZXBc24nS5fNT:VgUTsbHBMLeH0NCYa/IvcR8nKT

Score
8/10
bankercollectiondiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.Bangkok.wgib.jsswzieurohvqx
    1⤵
    • Removes its main activity from the application launcher
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4225
    • getprop ro.miui.ui.version.name
      2⤵
        PID:4450
      • getprop ro.miui.ui.version.name
        2⤵
          PID:4481
      • com.Bangkok.wgib.jsswzieurohvqx:RemoteProcess
        1⤵
          PID:4284
        • com.Bangkok.wgib.jsswzieurohvqx:guard
          1⤵
          • Schedules tasks to execute at a specified time
          PID:4655

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.Bangkok.wgib.jsswzieurohvqx/app_tfile/fields.jar
          Filesize

          146KB

          MD5

          d68d0de648acf867fc7a328f3ba9ec61

          SHA1

          8616de93f234e6c9fd541a64a1835e3cc9d90267

          SHA256

          019feaf1e8612507b326deac0f012c2d86faaf978e5949a15c4616205ecc1259

          SHA512

          d5cbbaa91470a32c3e5bbd1a39ab49f04fa2526fe05c7e437591aebac80948d0fa063d6beb1a0da4de21ca89de0852c9ff95eb81fb703b88bbd49dce08d3eb6f

          Download Submit
        • /data/data/com.Bangkok.wgib.jsswzieurohvqx/app_tfile/oat/fields.jar.cur.prof
          Filesize

          437B

          MD5

          4c993d9a3b714e3b3485bbca63f290b0

          SHA1

          32b3c9255431d891f0e95d28fba8111169c3dcd9

          SHA256

          7698f86dabb8f7b378eaed21779cb71481c436f10d9f270289fa5a225ae13477

          SHA512

          72f7db852a8fca235886fe1a9beafedc6a5996cc6b778ee96f817fcd9ed3e370784318832af3a4e76ef0eda2126f31db779bc7e2dd1ed5521f51cfabd3e1a14f

          Download Submit
        • /data/data/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx
          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

          Download Submit
        • /data/data/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx-journal
          Filesize

          512B

          MD5

          b24e6103d6d23557e76ca014c2c8098a

          SHA1

          c1b82c84e5c986f994ce72df35fdafde95ea954b

          SHA256

          1647f9805fe1f1297738217bd255170bb75710f298f4ea89ea167ae712f1ddad

          SHA512

          6dc1e8f5a9b672683e3ef65bba1bc490d458d0c06d7aa8fd030f308ba35f54d41ea6db3adfc71242150af4b0e247a3b1001ce038b5004395c4fc1c43490f2a84

          Download Submit
        • /data/data/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx-shm
          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

          Download Submit
        • /data/data/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx-wal
          Filesize

          48KB

          MD5

          57c65a66482fb8138bb51e27ebadc783

          SHA1

          af0bd69c87a1b94f1e5daa652dcb5434e153eabb

          SHA256

          04af2360305d0c2ba83bf659ee12a0211fd2a6c1f800f7d5be28ecce07deb658

          SHA512

          80c4f7b26668ce3ba13be51ac1a189e7277227c8a8359bda298866d8b196afcecf87d1b902969ceafb2485fa2512e0a696463403ae844e5812d462912dbfc22a

          Download Submit
        • /data/user/0/com.Bangkok.wgib.jsswzieurohvqx/app_tfile/fields.jar
          Filesize

          298KB

          MD5

          f2b4315e6df8b8407f7edd5dcbf43376

          SHA1

          f125042d426cdb025092830007801d6a04217f3a

          SHA256

          a0828b2ced584eb0097166421a856d8839822d9610432141977a804cb2f25b3c

          SHA512

          5d7464e8970a44fa87ecd45be3a196f975cc0b8a5f29e5e37ffd766994287b1855404d57297b12bb9fbbb5463aa23f3511638548e2b1685526be9f383e137066

          Download Submit
        • /storage/emulated/0/Download/sdsid
          Filesize

          4B

          MD5

          b8c37e33defde51cf91e1e03e51657da

          SHA1

          dd01903921ea24941c26a48f2cec24e0bb0e8cc7

          SHA256

          fe675fe7aaee830b6fed09b64e034f84dcbdaeb429d9cccd4ebb90e15af8dd71

          SHA512

          e3d0e2ef3cab0dab2c12f297e3bc618f6b976aced29b3a301828c6f9f1e1aabbe6dab06e1f899c9c2ae2ca86caa330115218817f4ce36d333733cb2b4c7afde7

          Download Submit