beb8ab2de046cbba059eac4e57ce65f97101b757f8e3032186fb28e0e2caf0ed

Analysis

max time kernel
51s
max time network
148s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
24-05-2024 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ec0c88bffdc25f8d2f105bd8bffe4eb_JaffaCakes118.apk
Size

113KB
MD5

6ec0c88bffdc25f8d2f105bd8bffe4eb
SHA1

c2ba3a5ce58bce18a20f827767257d6e93c3fd03
SHA256

beb8ab2de046cbba059eac4e57ce65f97101b757f8e3032186fb28e0e2caf0ed
SHA512

005aa9a5ef84406e66acfaabdcdfdac1b077c41877ace2120e4179ce62b1fd2195840b906316e18e2fa31aa496aef41ed528cfe6662076a1f1d5cab8c606c18a
SSDEEP

1536:qNpst2E4fWRTli8GE3MFDeKwJCj0wjAoq/jJV7kzwHOlvx5VYj0dZIzwimdbHg8d:6JEphddueKICAoq7JV7KlbVY8OGWgKBg

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

cn.mmb.link

description ioc process

File opened for read /proc/cpuinfo cn.mmb.link
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

cn.mmb.link

description ioc process

File opened for read /proc/meminfo cn.mmb.link
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

cn.mmb.link

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener cn.mmb.link
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

cn.mmb.link

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone cn.mmb.link
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

cn.mmb.link

description ioc process

Framework service call android.app.IActivityManager.registerReceiver cn.mmb.link
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

cn.mmb.link

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cn.mmb.link
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

cn.mmb.link

description ioc process

Framework API call javax.crypto.Cipher.doFinal cn.mmb.link

description	ioc	process
File opened for read	/proc/cpuinfo	cn.mmb.link

description	ioc	process
File opened for read	/proc/meminfo	cn.mmb.link

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	cn.mmb.link

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	cn.mmb.link

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	cn.mmb.link

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	cn.mmb.link

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	cn.mmb.link

cn.mmb.link
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5092

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads