b2c267e0d91d4f15d185a34d48dfb14088793ef171e30ee471f1c298eb0a77d9

Analysis

max time kernel
177s
max time network
185s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
26-05-2024 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76193469540de5433b5666e3f182bb95_JaffaCakes118.apk
Size

17.3MB
MD5

76193469540de5433b5666e3f182bb95
SHA1

94161d76172fa8db106595768759529e411f78c9
SHA256

b2c267e0d91d4f15d185a34d48dfb14088793ef171e30ee471f1c298eb0a77d9
SHA512

bfd8c87c84851e2fce0165f48f0b0992a77d3cdf8c82c79a1e42d33b22419a2358dfd92d089574948e1554577534d31a27d067dd53239e7a5916fd86592cfedd
SSDEEP

393216:y0cDqQF8YuONY7dLGvO6HBAKOqR4gV+UNb+m4iSs5A:y0Vu+GGE2glN0sG

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.nbxuanma.educationbox
/system/bin/su	com.nbxuanma.educationbox:remote

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.nbxuanma.educationbox

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.nbxuanma.educationbox
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.nbxuanma.educationbox:remote

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.nbxuanma.educationbox

com.nbxuanma.educationbox
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4274

com.nbxuanma.educationbox:remote
1⤵
- Checks if the Android device is rooted.
- Checks if the internet connection is available
PID:4395

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.nbxuanma.educationbox/files/jpush_stat_cache.json

Filesize
148B

MD5
ed43908e311c96c966c6600118fda2d8

SHA1
e05655c1690d5519d0125de6e0d76b83a51d26e4

SHA256
e7ecd37c5150fd7ea2684a8310564b51c14dc66a85de4c66b3de535de2b77eed

SHA512
9f60b9f3970c7dc91115e66d338804b0b753aecbcfadf7ec3a960c13b171867c7fb7d0d176333b820446a2e3b8a3e8d9ea5d566b2662b414c1ee5fccdc4a4a63

Download Submit
/data/user/0/com.nbxuanma.educationbox/files/libcuid.so

Filesize
109B

MD5
fb9a69822ebc18a7b1dc043cdbf208df

SHA1
55f3ffd6dd3aa5d82880423e171f6f4ebddd19b7

SHA256
8b337fe1c644483766deac2726add87f0d694311f643e5423180143f4aede243

SHA512
2fb5e6e1fa4a6ca3ad9bf6e9d40d39d9efbda3977c1dfb6703235a2e6f99f0dcd186f81083ad5ab08bcf52fc093934b1343a6814928a2c4bf117772319d7e835

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads