8ff3425f4fdd36628caec9b7839fe643093eb4f793a49927ae2166033ee1111f

Analysis

max time kernel
12s
max time network
135s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
27/05/2024, 07:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

786df312c2f223c112b748037795ec40_JaffaCakes118.apk
Size

9.9MB
MD5

786df312c2f223c112b748037795ec40
SHA1

6b7097eb16e078930873a19cfa49cc90e1fcfc81
SHA256

8ff3425f4fdd36628caec9b7839fe643093eb4f793a49927ae2166033ee1111f
SHA512

13c42714e4fedaaaa9ab450751282829c5690838dbb9af925e5ec9ece44ba5a968497dd2891e18e846876a1d4df379e82876848a99a3ade61eec40033b078f71
SSDEEP

196608:xhEdHNCB/zsBzrZqy/UPKvflvswxCPaOzV5I53R6bYQh89qgjAN5My4LbmC5:QfDBz4y/UPKFEOOx5In6Hh8MguR4LN

Score

8^/10

collection discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	to.talk

Queries account information for other applications stored on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	to.talk

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	to.talk

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	to.talk

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/data/phones	to.talk

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	to.talk

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	to.talk

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	to.talk

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	to.talk

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

to.talk
1⤵
- Checks if the Android device is rooted.
- Queries account information for other applications stored on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Reads the contacts stored on the device.
- Reads the content of the SMS messages.
- Reads the content of the call log.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5201

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

SMS Messages

T1636.004

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/to.talk/databases/mixpanel

Filesize
28KB

MD5
caf8df69768c07f3f50f95dad4e9d0d5

SHA1
2106296a9e84fdca64fc029f843b16328ef8299f

SHA256
a2392c518dcb8e1fcf487050bdf26b3011311dbd751bbb5aae25f980a75e4b92

SHA512
e902c31f14eb39421fa2f41d44c0a45a7733e5e81aaa720db0154f057f6c150c6d044c81b335fd6890e886a5bb29aa750d2d1448130bb63249952266696a4e78

Download Submit
/data/data/to.talk/databases/mixpanel

Filesize
28KB

MD5
592b3238b503709c77a89d842dd87ba3

SHA1
5de1fa3cb6ca155b9bb59e8f84ca470d418f2a6e

SHA256
4ad89a162c2a91e293d4d68bdcc4a404b4a77cd36fabd0967c87edfa2a9500f4

SHA512
0fd069a3f8e3bdc0bfab90883bcdc7ad8673e1c31ddb0cae5cea372b360ec735d394ca53434760ef43cc1a37eeffe1fb52c181111cde897b87b130198b87b9bb

Download Submit
/data/data/to.talk/databases/mixpanel

Filesize
28KB

MD5
044347b332f653e78e16aee09ac686c5

SHA1
fcb209c3a46ec2e09df0ab62cdfb7c65640a63cf

SHA256
ec81771ffcc093a82d1bf90fd2e1f6f2058ceaabe6b600674c4a9728d880ecc6

SHA512
8b2c948f5e81dfacce05bc9c5ca41eaf6ae9bb73e47d0a76241f633bc33d90f937456d6ee0bb96a191002e33f55249d3a22d0f85a09a8351fa52ef7b4dfe387d

Download Submit
/data/data/to.talk/databases/mixpanel

Filesize
28KB

MD5
8a5a869c5beefbbdd7c34a9e90ca3182

SHA1
0648b06875326007543dd78f0fc8ce7388de309e

SHA256
fcd2fe2f22f33b7f58726d2fbf519045a36d0276bb7babf15548bea410f5125d

SHA512
4e851b2313abc9a52e8b035de256251be2eaee30eb1e5a936f73493d63bad235794dd7bb065ae1b5976b6a7e56c3cfa8db46619287d497eeef4445e11d611509

Download Submit
/data/data/to.talk/databases/mixpanel

Filesize
28KB

MD5
add2a9e0dbec359b843fa9c409927b6a

SHA1
97150d24982f8bb92cf8f992418d5ea6f0435ccf

SHA256
86ae767ffc0078ad1bfebcc06a71716302a1e258a06714d0fe33c64006d7ab13

SHA512
0c47e84e72abd0a6aca8011dd94e601ba59a84f10e683561e9872cb35da5038138fd0db392c4cbdea855b9ea3a56ece40bba770f0398bf03e8408ec5659b210d

Download Submit
/data/data/to.talk/databases/mixpanel

Filesize
28KB

MD5
cabd1f5406a7b704586450bc5a1501cd

SHA1
12dce7ccc33673805bea7e9456ecb36781551539

SHA256
1654d3179cc066b203dd53127a0ce217a1b039cf0181e9cdb011aca6e3de221d

SHA512
1e69e63818f9a33d5e46acbfbe5ad8d21e9a44d58197241c1e7e34fb8b2d33922b635e3e19a9e3f4f7f454cc0051ef324e994d68a18b10e0fab4b07a7e105fb2

Download Submit
/data/data/to.talk/databases/mixpanel-journal

Filesize
512B

MD5
ed6b0b94c6043f35b7951d69f8539c03

SHA1
a2c1518036d4300d69dee12baadd935c2dccea04

SHA256
79e5b644517347b738b6e70812c6b3d5f91986f8ea33eda383a5956c5599e3a9

SHA512
bcffa3bd794cc37bc62da4c27db67faeda25e1cf5f8e12603481634162c7dee07fdf12f5f5c72cfad8ac396620b1dabac420bcbd66fbdca4634929d26a7b099e

Download Submit
/data/data/to.talk/databases/mixpanel-journal

Filesize
8KB

MD5
269c8ee2f818af6957febd1a96e5e7ef

SHA1
f3651e9c405273c037439fa3f4367d323ca04a15

SHA256
c4a52f7ed2f973e1d73b94c6af147ba5d17c2ec89d107cc3c7d5f187921025c6

SHA512
91834490311fe51eab3fbefff73273c6513bcca450067199f90124acabb90744cf6b7779f210afe06f12c343d8c6326e1a5b84d2bb2be20bbe2670220c92af5d

Download Submit
/data/data/to.talk/databases/mixpanel-journal

Filesize
8KB

MD5
918f978f0f46fcc632d12d21280f1777

SHA1
235baee18ca76a68e04d82684e60c5580477c854

SHA256
6b4723c91edbd8de0cda0aefeb237b37a5b0f607d965c2ef80bab8a37adfc2f8

SHA512
8d51ee099ecf09c4a704b7f2de86a86f614cfeec0da3e8fb23c2b41657253b8068a699ccc543d329c86a1275ab24f6a5cc288b1be76839a70184ed2b54125db2

Download Submit
/data/data/to.talk/databases/mixpanel-journal

Filesize
16KB

MD5
501a5b3769c67df632c72f9c2bb7bebe

SHA1
21377a002dba7e5907fe3cc3af5fe87e35ad4598

SHA256
83023290856f0913e85b45f302759af51f707ae4e48722ac9d1d3dd521074252

SHA512
e79e2887b4bc7add426e7d8e8ac909e34eb106baa95433f87dbea4896faea5d26b22487fd9c058f322822c82af6449ffc830234aee9e50c45422fbb129223611

Download Submit
/data/data/to.talk/databases/mixpanel-journal

Filesize
16KB

MD5
e09ae51f794fa12bf5b4a2a450706dbe

SHA1
d8819b4ac7375387dfb5d659841477809dbaaec2

SHA256
9ec3edd4796a2d3217df85a89c6d22e1b2c254a0cd3bd73d7affbaeca717e5b0

SHA512
a926bf78cee3b66716e483f88bf709f9b7641f456794371a54cc32854bf54fa8fbeaecfad09c32989748183fa7d8d0ca6e0cd973da6e8bdb99300251df49cb36

Download Submit
/data/data/to.talk/databases/mixpanel-journal

Filesize
16KB

MD5
017223dc7bb263a0de0234c2b7792129

SHA1
23d597b019fbf9c4cd0085aab92d6beacab63cbb

SHA256
df2e4929274b1f163a3a53fa48e722fcfb916f8ad19a220f6414893611f4ee02

SHA512
c5580e5a10a1c2497f518b0503b23ae0a506d82cf4c1aeb7678a678a326498e65e588afc2d4178f49be8e8029e31b5e80f9342ccec83797afc170bfaa05fbc4c

Download Submit
/data/data/to.talk/databases/pwdb.sqlite

Filesize
120KB

MD5
f65f8cec2ffd45daba97125971508e80

SHA1
71796f016d03788e79b717617345233527fa5e3e

SHA256
18661a686323adf2241d9d3c1e8e00c8defae125ada7be64d00a382e6dce3e82

SHA512
4c18b4454362f832c979a2d08ba9d78db0dfe184bfaf38836bbdebc9ac85905b3cfd2db51a0916174d8bca3ada1269600aeb720908f1a18bfb7fc11c40d163fe

Download Submit
/data/data/to.talk/databases/pwdb.sqlite

Filesize
4KB

MD5
0aa8005f9388abae53141cecba8adbc4

SHA1
e03125aa47dc633ce9f867375663e7814d071de2

SHA256
f463288639edd8b2836b26423494d63e848d2daa51b70127edd82e843955e7a8

SHA512
d7f758b256a621e128bb6b02824ce7e84902fc7b75e1c38f514426aebcabd83c1af36b735f1b6a92fb307544f7760d7d3add9ae40ee6efa3d5c953c434bbef31

Download Submit
/data/data/to.talk/databases/pwdb.sqlite-journal

Filesize
512B

MD5
e576f735bb53e11a584dce52bc87123c

SHA1
ce91a6ba8b09c4c2fbe78c9e5b22a5cad83fb5da

SHA256
e40fcdf08350248894cb1fbfa2b082320b3666886c23ee9e52f2dd499f69ae02

SHA512
8faaf0026de7110fbd64b20240f1d2a4fb57a15b147f261f9fdae2ea14d59d112b7d53952609b93edec10ef653266acd7a775f1641a09f4951913e015dac0fd5

Download Submit
/data/data/to.talk/databases/pwdb.sqlite-journal

Filesize
8KB

MD5
fd6b42fc7ebe0cd0b5f2e03a4ba3df2d

SHA1
2672f4fd247f44cb7c68199f69affbed488c8d78

SHA256
8770d7bbddbaaef7ae624543f6e95365c765079bb23b621d6e8c0c535e6dad45

SHA512
3733848b62ed4388b56084962a701cbb403124f0aaf30d5fdc68a552dac1637dea0d9636a099b9337cc6c84c66fa086590911b44ab5d970a4ffbc88d0cd46c29

Download Submit
/data/data/to.talk/databases/pwdb.sqlite-journal

Filesize
8KB

MD5
0a9b65a6bfaab48a9a84497b8cdd5152

SHA1
b87cf5b6aa52f2eb254ebc0d44835339085a4de4

SHA256
e68911660a1a2202bf7fb9fa4167bfebc893cce3c36febda6e4cf03bf5484020

SHA512
361d5acc8494defc64ac65787d7c7033ea19aa25a74236b548ed991576243ead308df402cb7b889dea50a0d174fcdcbb850624bbea64813b8f41f6b09aeecb75

Download Submit
/data/data/to.talk/databases/pwdb.sqlite-journal

Filesize
4KB

MD5
44f46590624f71c5b18322ee8c099512

SHA1
7772900d3ab936d6fbd48b02589b344d41d7d57c

SHA256
c69a272d7e3b2ed21914fc1b167ef7305ac32ec02d4e005d91a2cb427b2d32b4

SHA512
5a69f5201d3ae29129678b88c754ac93a689687bd1032ff4e14a06dfe7f039cdaaa66b11ba0bfea6f46e4130ca41d76cdb4944612872ccf7c348ec1c645b4b77

Download Submit
/data/data/to.talk/databases/pwdb.sqlite-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/to.talk/files/Ping_1716796625521-38411

Filesize
53B

MD5
746dd1256225ac0ed9baad3dbf76a239

SHA1
a4671d83026c92c8f846a399c3e9e14a86f33b90

SHA256
5c5d1213e394d2ba79f72ee1775e2ee62b8b1811c36c8c9a9980df57318ebbf0

SHA512
0f6b80d497c43918ad71537954f5edce5b9960c9b848bad573a4aea10411ee47349ab0ca8acde72d183ddaaa2afe8a1801234c42d3e34bbd06b319f76150ea02

Download Submit
/data/data/to.talk/files/crashCounter

Filesize
2B

MD5
b026324c6904b2a9cb4b88d6d61c81d1

SHA1
e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e

SHA256
4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865

SHA512
3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

Download Submit
/data/data/to.talk/files/gaClientId

Filesize
36B

MD5
e94d4842b88196ee0ec6d181b23c226f

SHA1
de57164b233cd839eca3c1890c0d014e99970336

SHA256
0ad8ad4c95b9df961ca77822da970dd72ddb4ccea4cbd96a6469bedd89c21032

SHA512
c2427327f4bfbea886eb64f32c32730ab19d8b8a172f9a2445de8ce3773ac35cb487998c9816ff87f745b4892e984a853b25187368eeecef28795ae2d62d8f47

Download Submit
/storage/emulated/0/.bugsense

Filesize
33B

MD5
8032133db7018dd22d268c22d966a04c

SHA1
02b1e011a0524f37485dab7f929e43106cdc1f2c

SHA256
223dd38e1a0ba7cad0044c68c580f2dcca2ee967cb13a4fbd10da80dfcbc9173

SHA512
5d37f206746bf6b32cc06b63a21028239b53926be2361d52a38f0ca20a5b4a3a5a54bffed78079c3707e10205e676daae42e98c4514255d090b6dcf3b3f2b6aa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads