Overview

overview

8

Static

static

6

6eb6ba6d2a...18.apk

android-9-x86

8

6eb6ba6d2a...18.apk

android-10-x64

8

6eb6ba6d2a...18.apk

android-11-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    24-05-2024 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6eb6ba6d2a6486165d21d3b462d13b39_JaffaCakes118.apk

  • Size

    271KB

  • MD5

    6eb6ba6d2a6486165d21d3b462d13b39

  • SHA1

    8116605f3397e54b01344e1e2f693512fa90e473

  • SHA256

    aa6f1fc3bb6d24fa88a1b94be985cd10d03467e484ae10b35a3af7253d3e27cd

  • SHA512

    dcd5cefdb666b1e0e1998c812c00e01f47fc67aad8ef01c65fc08150a19afdc5af076c3000b6af4995487a3a301bc2b2d6cb5087d802e263511a967d565e8f35

  • SSDEEP

    6144:VgIuwTsBRA3mnpcABMLe0HQ0NEKq/ZaRaw4IzEsS/ZXBc24nS5fNT:VgUTsbHBMLeH0NCYa/IvcR8nKT

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.Bangkok.wgib.jsswzieurohvqx
    1⤵
    • Removes its main activity from the application launcher
    • Checks memory information
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries account information for other applications stored on the device
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4585
  • com.Bangkok.wgib.jsswzieurohvqx:RemoteProcess
    1⤵
      PID:4626
    • com.Bangkok.wgib.jsswzieurohvqx:guard
      1⤵
      • Schedules tasks to execute at a specified time
      PID:4972

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/user/0/com.Bangkok.wgib.jsswzieurohvqx/app_tfile/fields.jar
      Filesize

      146KB

      MD5

      d68d0de648acf867fc7a328f3ba9ec61

      SHA1

      8616de93f234e6c9fd541a64a1835e3cc9d90267

      SHA256

      019feaf1e8612507b326deac0f012c2d86faaf978e5949a15c4616205ecc1259

      SHA512

      d5cbbaa91470a32c3e5bbd1a39ab49f04fa2526fe05c7e437591aebac80948d0fa063d6beb1a0da4de21ca89de0852c9ff95eb81fb703b88bbd49dce08d3eb6f

      Download Submit
    • /data/user/0/com.Bangkok.wgib.jsswzieurohvqx/app_tfile/fields.jar
      Filesize

      298KB

      MD5

      f2b4315e6df8b8407f7edd5dcbf43376

      SHA1

      f125042d426cdb025092830007801d6a04217f3a

      SHA256

      a0828b2ced584eb0097166421a856d8839822d9610432141977a804cb2f25b3c

      SHA512

      5d7464e8970a44fa87ecd45be3a196f975cc0b8a5f29e5e37ffd766994287b1855404d57297b12bb9fbbb5463aa23f3511638548e2b1685526be9f383e137066

      Download Submit
    • /data/user/0/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx
      Filesize

      36KB

      MD5

      ebfd4869bb86abd638bc48b891f3e1c8

      SHA1

      a27f262fe7a41ec9976d457416447f8b78c80e03

      SHA256

      5f49bca53de766023101cc1ac8dda79a83c485fce8d9138452b39d1853d2fe0f

      SHA512

      062fd15e0a34619071834f2d81889e6a100c3a707e53621b16d584182a57c690f6a24a73e19fb77678d857fde477935811a963998a73d7ffe971d6ebd9cafb07

      Download Submit
    • /data/user/0/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx-journal
      Filesize

      512B

      MD5

      937a49ee6fe3be93480274627c11c794

      SHA1

      d519bd15ad04fbd5a4cf8c75cb11b97a46690bd0

      SHA256

      90eb3ab398ac8f9d28e9132556f1306c15283728e8d3a2be2b63e989b676a64c

      SHA512

      e79ca636ee4ccb3b685aa2f9ba0f6c5b930c8655b8011638169ca3a36ae2efa867005eb672bf492bc9e93ca790e081ed857921a4d1b2c3d20b16b21a22ed9741

      Download Submit
    • /data/user/0/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx-journal
      Filesize

      8KB

      MD5

      9118a0106ad55730717b4eeab7ec2fa6

      SHA1

      bf4595a1140f970bb2209407b7fb46640b3e8589

      SHA256

      0520494c564cef9470a8076d1a1851d73c3cfe935cbe4315528490859f76768e

      SHA512

      8e4869fe2828007c4f2b3d68a3f2e811a4e2fe3021e48fc4f20a565c7c4fe9160675aa501f4a911965948ed59a29bf0102476e9a6985a7746b25e8f28350346c

      Download Submit
    • /data/user/0/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx-journal
      Filesize

      8KB

      MD5

      08101915bec287c41d7f4d9d36e29ec2

      SHA1

      c198c6c7ad4a8a02114a60059192cb7ce2412b9f

      SHA256

      4f63b41f47cddb01088784af7b6bf014e8be3f7bf0787816edfd1166dddd577f

      SHA512

      44189fd5a8e8ed3eeb736ea3bffa22e38f79104c62f077c2390aaa68697347abc76142881eb987085e558978ece186694ddd45a8c46083dbb600abcffb585ed7

      Download Submit
    • /storage/emulated/0/Download/sdsid
      Filesize

      4B

      MD5

      b8c37e33defde51cf91e1e03e51657da

      SHA1

      dd01903921ea24941c26a48f2cec24e0bb0e8cc7

      SHA256

      fe675fe7aaee830b6fed09b64e034f84dcbdaeb429d9cccd4ebb90e15af8dd71

      SHA512

      e3d0e2ef3cab0dab2c12f297e3bc618f6b976aced29b3a301828c6f9f1e1aabbe6dab06e1f899c9c2ae2ca86caa330115218817f4ce36d333733cb2b4c7afde7

      Download Submit