Overview

overview

8

Static

static

6

6eb6ba6d2a...18.apk

android-9-x86

8

6eb6ba6d2a...18.apk

android-10-x64

8

6eb6ba6d2a...18.apk

android-11-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    24-05-2024 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6eb6ba6d2a6486165d21d3b462d13b39_JaffaCakes118.apk

  • Size

    271KB

  • MD5

    6eb6ba6d2a6486165d21d3b462d13b39

  • SHA1

    8116605f3397e54b01344e1e2f693512fa90e473

  • SHA256

    aa6f1fc3bb6d24fa88a1b94be985cd10d03467e484ae10b35a3af7253d3e27cd

  • SHA512

    dcd5cefdb666b1e0e1998c812c00e01f47fc67aad8ef01c65fc08150a19afdc5af076c3000b6af4995487a3a301bc2b2d6cb5087d802e263511a967d565e8f35

  • SSDEEP

    6144:VgIuwTsBRA3mnpcABMLe0HQ0NEKq/ZaRaw4IzEsS/ZXBc24nS5fNT:VgUTsbHBMLeH0NCYa/IvcR8nKT

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.Bangkok.wgib.jsswzieurohvqx
    1⤵
    • Removes its main activity from the application launcher
    • Checks memory information
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries account information for other applications stored on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5069
  • com.Bangkok.wgib.jsswzieurohvqx:RemoteProcess
    1⤵
      PID:5156
    • com.Bangkok.wgib.jsswzieurohvqx:guard
      1⤵
      • Schedules tasks to execute at a specified time
      PID:5540

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.Bangkok.wgib.jsswzieurohvqx/app_tfile/fields.jar
      Filesize

      146KB

      MD5

      d68d0de648acf867fc7a328f3ba9ec61

      SHA1

      8616de93f234e6c9fd541a64a1835e3cc9d90267

      SHA256

      019feaf1e8612507b326deac0f012c2d86faaf978e5949a15c4616205ecc1259

      SHA512

      d5cbbaa91470a32c3e5bbd1a39ab49f04fa2526fe05c7e437591aebac80948d0fa063d6beb1a0da4de21ca89de0852c9ff95eb81fb703b88bbd49dce08d3eb6f

      Download Submit
    • /data/data/com.Bangkok.wgib.jsswzieurohvqx/app_tfile/oat/fields.jar.cur.prof
      Filesize

      414B

      MD5

      6d7147b93efab5a3ee62666844a94dd4

      SHA1

      ec78eae10ba3dbebe3ea4a0d9dcce729b66956b3

      SHA256

      4ac8745fe0a17efe878ea25811d9417bed6bcaf45d442875c08db844ab082d2a

      SHA512

      e8fef2fdd5daec6ebb0c98613c7ad82f56fa99c0bd820eaf66d29f395ed259036cd4371aad6d6f6d411afb79c24a1d5838ad488440484ee181f1457e2385be25

      Download Submit
    • /data/data/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx
      Filesize

      36KB

      MD5

      ae8aa93151da27ce1348c21d6ea98a45

      SHA1

      d187ce29f387717ea0c7d2919a77945a6f04a954

      SHA256

      b5023c1c2354845e52c945166be1111d7565a000e57ea18d8ce2943c73580e81

      SHA512

      7bc212292c6dd5192e2d714d1e06c3109f133bf0f5bddb4dd4113a4b9ab3a8db3ba7e1cab4a7da44724361b8d7d53cdde3d50506cf7264fb00d7b4521014c85a

      Download Submit
    • /data/data/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx-journal
      Filesize

      512B

      MD5

      b704302414aa2438865ed8e1a2de683a

      SHA1

      60cc4391a9fb14f8dcdb22afa93fb382e691e768

      SHA256

      ed60d52752f57029f1a703e4adb38d6a5fc708c9f6f877f67b03aacbfef673e4

      SHA512

      3d443f1cbfba78f6241bb9af5611571ae64be4ff6cbe00ce90d2777cea54f743cdc6efb3962f722e5de1467c90b65d41d1aa4a7602e3a02fbe7b38c01e71b095

      Download Submit
    • /data/data/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx-journal
      Filesize

      8KB

      MD5

      1dfa0717990a19588c6adcc0a5d79571

      SHA1

      e9ef8bf9090c56753c35cf01311b06141fa17b75

      SHA256

      5fe42b402231da6e90a6c556754335a637199315a16983ff11283130d94fbc95

      SHA512

      38926422c47a513d0a2355d1eb8c972ed1a9e5492659a8fcef823e310918139e458ae542ba615d6992ab993215cf5e531bc70f6edea8ec85f4a8333c6728b8b7

      Download Submit
    • /data/data/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx-journal
      Filesize

      8KB

      MD5

      76b632761e300652ebfb7d7f26c54b13

      SHA1

      baf4c07d0ca4e8631c70c816c98fa22e54cb53bd

      SHA256

      13702445795ca13580a1310123410e99bce232e6e558b9efcca2405ab386774b

      SHA512

      86b6f54cfa629f460a3cb89a2dc143983fbdc7d2f39f25713fe3b467690b2f8397c9d8869934b82790958d56f9fbcde7ca25111c63e6b301f209192c5b2fee6a

      Download Submit
    • /data/user/0/com.Bangkok.wgib.jsswzieurohvqx/app_tfile/fields.jar
      Filesize

      298KB

      MD5

      f2b4315e6df8b8407f7edd5dcbf43376

      SHA1

      f125042d426cdb025092830007801d6a04217f3a

      SHA256

      a0828b2ced584eb0097166421a856d8839822d9610432141977a804cb2f25b3c

      SHA512

      5d7464e8970a44fa87ecd45be3a196f975cc0b8a5f29e5e37ffd766994287b1855404d57297b12bb9fbbb5463aa23f3511638548e2b1685526be9f383e137066

      Download Submit
    • /storage/emulated/0/Download/sdsid
      Filesize

      4B

      MD5

      b8c37e33defde51cf91e1e03e51657da

      SHA1

      dd01903921ea24941c26a48f2cec24e0bb0e8cc7

      SHA256

      fe675fe7aaee830b6fed09b64e034f84dcbdaeb429d9cccd4ebb90e15af8dd71

      SHA512

      e3d0e2ef3cab0dab2c12f297e3bc618f6b976aced29b3a301828c6f9f1e1aabbe6dab06e1f899c9c2ae2ca86caa330115218817f4ce36d333733cb2b4c7afde7

      Download Submit