0899426954fd20fde989059939cbe3bcd4107684add0d2a59a4aebb2c76b6285

Analysis

max time kernel
179s
max time network
183s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
26-05-2024 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

763df9b3295a069871970145cea7e88b_JaffaCakes118.apk
Size

13.3MB
MD5

763df9b3295a069871970145cea7e88b
SHA1

bef1696d190bb252512b16c6dbe3eb14a681d6a0
SHA256

0899426954fd20fde989059939cbe3bcd4107684add0d2a59a4aebb2c76b6285
SHA512

201b943468615875160e6af89220370c596a8e544cc2d84d41396b77c9c8d17bf8554b1c7a7750fbd2419f9df1938c45cda289ebb5073bda12648edd3742938f
SSDEEP

393216:CFWLs8q+84oS8AklNChbtubg/RUbZEo4NoAi:Q9soS8Akl4yb8R1oN

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.kyle.rrhl

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kyle.rrhl

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.kyle.rrhl

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.kyle.rrhl

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kyle.rrhl

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.kyle.rrhl

com.kyle.rrhl
1⤵
- Requests cell location
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5105

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kyle.rrhl/databases/access.db

Filesize
20KB

MD5
ca953143ffabf69fa538745389ead044

SHA1
40d2277650be6c194480477490fa5b4675ca095e

SHA256
421cd24a344f7fd2f0911829fc70f93221fff76bdba482d75da222cff481654c

SHA512
0dc617e9ec3c75b7428ad8855982d50f028e8bb9085a0ed988ea0353c9d860cd00ee2abd096dd141112f0d84d93a26eaafc71ca4988ec58e31b18815b2f075c4

Download Submit
/data/data/com.kyle.rrhl/databases/access.db-journal

Filesize
512B

MD5
285aae294d42e83306862a2c3e29dd4b

SHA1
5524bfb40b9ee553f820a9d4f60fec2c1bf55c8e

SHA256
3e08d5f426f1e5e22b70f4bf297b17954170277fbaffbea9f462364832f3c60d

SHA512
c8ba3d8648d01dcb22c31e68d6138405f1bee9689ff26bbc5c9aa17ab02eec2d271e4047f6e8848d5c865fb1258bd539f068e420d700004fc1031eacc1082f08

Download Submit
/data/data/com.kyle.rrhl/databases/access.db-journal

Filesize
8KB

MD5
e9620f7e14ef8ea8ad0c2c009ce90d3f

SHA1
fb969dd9015de16b3f3a1b37e4121f1cd2666eb4

SHA256
2e6995ab5d9a34fbdf9ffe8f9579e4e157ab3b421ff36e507d2f457de3f8d286

SHA512
07e20ba61ad628e6bb88fdb9c04232df17412bf2d27f1099f842aff00c01248e0eb58ba02d2082c61b7292faa1102c4d5c91a33750b0d749d9134b67b7eb6b8f

Download Submit
/data/data/com.kyle.rrhl/databases/access.db-journal

Filesize
8KB

MD5
e5644cd5c38dbce76a7377cb6fef4030

SHA1
9163f051145834abbda53f2e2e990f1ec84b3d2c

SHA256
94bbdb66095d68b6dd5b3d877611db6726ae26a6ca7a544f37d6e7d0cc3bb454

SHA512
e72bb211b32d66098d0e18559050196e7d87105368dfb33d7da6dfc567279bd96529c26ca5e910d9e2de03e6dd6c1c595db9ed5555ef72abae0f930a78893a2c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads