Overview

overview

8

Static

static

6

79a76edb82...18.apk

android-9-x86

8

79a76edb82...18.apk

android-10-x64

8

79a76edb82...18.apk

android-11-x64

8

Analysis

  • max time kernel
    30s
  • max time network
    148s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    27-05-2024 15:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79a76edb82bc0d6f4d66e34f56e4022b_JaffaCakes118.apk

  • Size

    4.4MB

  • MD5

    79a76edb82bc0d6f4d66e34f56e4022b

  • SHA1

    87e29564f1b08b451c8f5b0ca6e51f3c3caae402

  • SHA256

    b5ee5dd9f0cb2828251c387bf1c1f333da706b66b53972ca9b140259bd4219e9

  • SHA512

    0f020a323f4da67652423257a28437a4ee18024d0169d77ff0673822aec86af8680de3fba345452650d6dbfe05d8342915c93f74bb1d25c966aad741af299ebe

  • SSDEEP

    98304:VL3poecuT4tkt/Ps+2dyacf5m2/wYomLN7q2pYs:VL3poecu0tkt/Pd25cf42/wYomJm2pYs

Score
8/10
discoveryevasionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • greenway_myanmar.org
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4272
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/greenway_myanmar.org/cache/1582435991586.jar --output-vdex-fd=77 --oat-fd=78 --oat-location=/data/user/0/greenway_myanmar.org/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4317

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/greenway_myanmar.org/cache/1582435991586.jar
    Filesize

    9KB

    MD5

    e8e0527a01aefdb89afd2c508f131da1

    SHA1

    f1103e6b260c657ceb3d95f1b023af3fda8b133a

    SHA256

    f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

    SHA512

    fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

    Download Submit

  • /data/data/greenway_myanmar.org/databases/rg.stocks.positions.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/greenway_myanmar.org/databases/rg.stocks.positions.db-journal
    Filesize

    512B

    MD5

    0ebcb51e7e6a7f0a061676f3f9e541d1

    SHA1

    275b357d40a30df6c32dee6a8959e6077df054cd

    SHA256

    a02b92d11591c9f11462a668aeaaa71ace71cf29548e9ac3bcbbac205f9f8e63

    SHA512

    0e488458f5edc509eaabfccc4d601b041872eac57361e74f0bd720306a6e8d5e8a60d4e2d4595c449e5caa49902f0fd36fd232a6b63c90868f806a2d4855bf21

    Download Submit

  • /data/data/greenway_myanmar.org/databases/rg.stocks.positions.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/greenway_myanmar.org/databases/rg.stocks.positions.db-wal
    Filesize

    40KB

    MD5

    654ecc7ba7cfb6ece8e0d0b17921643e

    SHA1

    9677b368a2bf2271f362a7a89ba18e772aadf06a

    SHA256

    1839f5fe08bc908109baa9806cdb3c2e564a59b7c5498f393bbf1a842977c9e6

    SHA512

    35b850a6874d1e5dd4d515f566ff25f926e2ccf2d67a304f0de4a390658e1af6772ca5e6924fbb2d8fc56631edac867d5a26f4540b296ebd4a7416bf2709e1ed

    Download Submit

  • /data/data/greenway_myanmar.org/files/gaClientId
    Filesize

    36B

    MD5

    f4a6d04da62dcc7655ae4c5d3cfb9d2b

    SHA1

    9acae47d7a070710f4abf9e1e212448069310f03

    SHA256

    bb47901a4b6d3ee85c03c128b9a7f6a48ea59fc5f92c5aca10048d979adbbcd9

    SHA512

    bd21da6ee018ce8c0fd9efb6ed0222a0091a15301d2a4d8a92fa42448d217365ecde16ebd7496d87ab65a384e2c89df1a23c888857bdd045107cdb692ed22aff

    Download Submit

  • /data/data/greenway_myanmar.org/files/uKVoCGKFu
    Filesize

    354KB

    MD5

    8ee1e715b6b2757be250911db3721c1f

    SHA1

    69c8458dd02820be4ee04e0647e82728ae458ef2

    SHA256

    413c7e4847a159701fb1c03e4718cc7633e606041d6d901046bb08e76199b1c2

    SHA512

    6bd940da64b0d34563ac456bd374d1fbaee059b91217de28dc4185116a505888d5cc132a71e8b4c42f4a7266ef099555937c6442cbd9a58308caf25c2c30a79f

    Download Submit

  • /data/data/greenway_myanmar.org/files/uKVoCGKFu
    Filesize

    631KB

    MD5

    3e2c71529b63308b1bb39d36d3ead38c

    SHA1

    335ab4d6504e54a49f839aa9696cb82933b152e2

    SHA256

    803bd0b3847baf5cebdc00a8a49a6bca22c72469c3aefdcf3c25315ef88a9f78

    SHA512

    a9b7de9b7fe5c23e14bf273f2d322e448c494b4a73e430ee3f667c744b40f1ba1a6b604898f107b91290fd56d07781530f36a34e49231459fa213e4de890019f

    Download Submit

  • /data/user/0/greenway_myanmar.org/cache/1582435991586.jar
    Filesize

    20KB

    MD5

    2048eb6124a452540ee51dae4145aadf

    SHA1

    d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451

    SHA256

    105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864

    SHA512

    bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

    Download Submit

  • /data/user/0/greenway_myanmar.org/cache/1582435991586.jar
    Filesize

    20KB

    MD5

    fde2ee00cbd121cfab5290b078aa3ceb

    SHA1

    e2b77d5320e155e413d040a8c20020962065b2f8

    SHA256

    2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

    SHA512

    a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

    Download Submit