67e62234a3eb07a02fa8b48fc8b98d3173860d73cd0be4e2a35f26bed650f865

Analysis

max time kernel
49s
max time network
129s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
25-05-2024 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7334a596810fed970cf990a74cfaffba_JaffaCakes118.apk
Size

11.8MB
MD5

7334a596810fed970cf990a74cfaffba
SHA1

47258eaff968c66268c02d5bd85e0fa06cbadc6c
SHA256

67e62234a3eb07a02fa8b48fc8b98d3173860d73cd0be4e2a35f26bed650f865
SHA512

83c2d1d7c49aff558f8d9264e2e421b303dc0261e2444f18534aaaf76ef95ce2ca0aec867ca2fa04f83f696e26c7e479b08325394e0f9d4af094a5a2541382bd
SSDEEP

196608:f9Sw+nVfQbWcGaAttoWqEjuGo/WyVrNgZRWqJHAB1uNX0/5e0cQtxQo:f9KR0BGr37Sx2ZRhHm0yxFcQbR

Score

7^/10

persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.nd.android.pandatheme.p_shishangxiaoxin20160517

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.nd.android.pandatheme.p_shishangxiaoxin20160517

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.nd.android.pandatheme.p_shishangxiaoxin20160517

Requests dangerous framework permissions 17 IoCs

Processes:

description	ioc
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

com.nd.android.pandatheme.p_shishangxiaoxin20160517
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5107

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/pandatheme/dx.apk

Filesize
7.2MB

MD5
0f950dfda38eefaeb6de94e093ad9d7f

SHA1
b19d618f2b33358581e494f4df947b872c0ea210

SHA256
b2becd583a525a93c4944ec984fdd1528eaf7c36632ac5bc3bb8c7791d40f586

SHA512
d2b632e688c9de2e3efb4f50fe86fc73924dbefc8d4b9d90729a4ac8ddf6ca2bac69c7ff86db77cdb3ec255d6be657603fd388a92aebbd9df00ef31fae1e192d

Download Submit