641e1ef23200bc85bd6661ef8fa0d1a8339099ab61862a91d8046c177c379ece

Analysis

max time kernel
19s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
27/05/2024, 09:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

78b0fe43e19dc40f134ff0bfff0d6162_JaffaCakes118.apk
Size

1.9MB
MD5

78b0fe43e19dc40f134ff0bfff0d6162
SHA1

54f9cb6f49a2422c267b6da19b0f3cbd9c57e40d
SHA256

641e1ef23200bc85bd6661ef8fa0d1a8339099ab61862a91d8046c177c379ece
SHA512

b337e8ec15e6540c87ea56d36b92a6d4b6a18f609c3f5eb3e117e9cd6a27689791835345f2a2feeff2d02bbd852e6884ac11f4d8c7fc8b4cb33b1ca02da48f60
SSDEEP

49152:I4K0J9N0KmxDr9jrC56HmxmhDCRpv58qR0BSyr:66Vet2xUeRpeb

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	cn.zhui.client1547403

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	cn.zhui.client1547403

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	cn.zhui.client1547403

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cn.zhui.client1547403

cn.zhui.client1547403
1⤵
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4310

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads