b5ee5dd9f0cb2828251c387bf1c1f333da706b66b53972ca9b140259bd4219e9

Analysis

max time kernel
155s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
27-05-2024 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79a76edb82bc0d6f4d66e34f56e4022b_JaffaCakes118.apk
Size

4.4MB
MD5

79a76edb82bc0d6f4d66e34f56e4022b
SHA1

87e29564f1b08b451c8f5b0ca6e51f3c3caae402
SHA256

b5ee5dd9f0cb2828251c387bf1c1f333da706b66b53972ca9b140259bd4219e9
SHA512

0f020a323f4da67652423257a28437a4ee18024d0169d77ff0673822aec86af8680de3fba345452650d6dbfe05d8342915c93f74bb1d25c966aad741af299ebe
SSDEEP

98304:VL3poecuT4tkt/Ps+2dyacf5m2/wYomLN7q2pYs:VL3poecu0tkt/Pd25cf42/wYomJm2pYs

Score

8^/10

collection credential_access discovery evasion impact stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

greenway_myanmar.org

ioc process

/system/app/Superuser.apk greenway_myanmar.org
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

greenway_myanmar.org

pid process

4646 greenway_myanmar.org
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

greenway_myanmar.org

description ioc process

File opened for read /proc/cpuinfo greenway_myanmar.org
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

greenway_myanmar.org

description ioc process

File opened for read /proc/meminfo greenway_myanmar.org
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

greenway_myanmar.org

ioc pid process

/data/user/0/greenway_myanmar.org/cache/1582435991586.jar 4646 greenway_myanmar.org
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

greenway_myanmar.org

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener greenway_myanmar.org
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

greenway_myanmar.org

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses greenway_myanmar.org
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

greenway_myanmar.org

description ioc process

Framework API call javax.crypto.Cipher.doFinal greenway_myanmar.org

ioc	process
/system/app/Superuser.apk	greenway_myanmar.org

pid	process
4646	greenway_myanmar.org

description	ioc	process
File opened for read	/proc/cpuinfo	greenway_myanmar.org

description	ioc	process
File opened for read	/proc/meminfo	greenway_myanmar.org

ioc	pid	process
/data/user/0/greenway_myanmar.org/cache/1582435991586.jar	4646	greenway_myanmar.org

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	greenway_myanmar.org

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	greenway_myanmar.org

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	greenway_myanmar.org

greenway_myanmar.org
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4646

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/greenway_myanmar.org/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/user/0/greenway_myanmar.org/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/greenway_myanmar.org/databases/rg.stocks.positions.db

Filesize
28KB

MD5
d92935cda043d816ea5eb716a76e2905

SHA1
63f962205f78163f25ba10d460089781e97405d3

SHA256
8ad81f83f74b3491dbc5ac6a4ef08e76f3d1562d584ccb79ec63971adea7320e

SHA512
b861a9fd25897f199e5327941f60f87368fc6ddb9ee963d499f6420cce153450ca68ff49ef9a478311298d0d2da752834f6562ec9335f01d14483f9d200bcf23

Download Submit
/data/user/0/greenway_myanmar.org/databases/rg.stocks.positions.db-journal

Filesize
512B

MD5
8fb7e8291778b9cb716dac0666f694f8

SHA1
115380c0e285e813130403d606a52e24f5cd257b

SHA256
eb3baa27a33ab1534d14966d06527264e40cf1fb778f651341dcea9e97f583b8

SHA512
7422caa72dc7555e94e50ef6d96fc99604d774c0181c3992052e695c303dc1f3e9dd3931d8ee450b90e3ca8730a5b09f68bde8c61030ec117881ab415577f257

Download Submit
/data/user/0/greenway_myanmar.org/databases/rg.stocks.positions.db-journal

Filesize
8KB

MD5
15aa4ea8dfb5849344026cc310f689fd

SHA1
abf925d194dd09d7a41f2a16e3a6dd84d34a4723

SHA256
0610d7657d915b40e2dac7d971fce4bc12706a9c4b4db932f79bcc8938b3298a

SHA512
4d44d0ebf15598b241922a7f110b27bb4336e3f2019bac167a04b093d5c59bbe7f8eb98cc2b9f426b917174545403cf59f488e5d1adaf0c56b5647242f8be09f

Download Submit
/data/user/0/greenway_myanmar.org/databases/rg.stocks.positions.db-journal

Filesize
8KB

MD5
0283385dded0b27c287a833311ce734e

SHA1
03d3f9148acde8e456fc47131c39f7e716da95ec

SHA256
faaa73e86e1ec0d8f58d31107d874d27b6a65a5f60b95f394c3ec91ec2ab617c

SHA512
563472eef2b82683c32cda8a649eff72ba6ae582f05891450dd53fee4e61702886a02b0477a038acbd357cf38ec2a34cb8cba38c77a1191cbe239ba99ef73f90

Download Submit
/data/user/0/greenway_myanmar.org/files/gaClientId

Filesize
36B

MD5
927da81f18da1c46404bd3ce064deb28

SHA1
2f5a6758ee584495508afd7dca1d1cf3406b43bb

SHA256
1777098a02336a0ae8e5482a35e1a4462233a74ed0c427285335d96182172f01

SHA512
7c8f908d8742a7766fcece0a4647f8c6fdf31d5c7ffd9f2aff71d383a4765e3a6327a3af00dd93cc987f652de9862542b81514e20918aa5730d984e71395e4b6

Download Submit
/data/user/0/greenway_myanmar.org/files/uKVoCGKFu

Filesize
354KB

MD5
8ee1e715b6b2757be250911db3721c1f

SHA1
69c8458dd02820be4ee04e0647e82728ae458ef2

SHA256
413c7e4847a159701fb1c03e4718cc7633e606041d6d901046bb08e76199b1c2

SHA512
6bd940da64b0d34563ac456bd374d1fbaee059b91217de28dc4185116a505888d5cc132a71e8b4c42f4a7266ef099555937c6442cbd9a58308caf25c2c30a79f

Download Submit
/data/user/0/greenway_myanmar.org/files/uKVoCGKFu

Filesize
631KB

MD5
3e2c71529b63308b1bb39d36d3ead38c

SHA1
335ab4d6504e54a49f839aa9696cb82933b152e2

SHA256
803bd0b3847baf5cebdc00a8a49a6bca22c72469c3aefdcf3c25315ef88a9f78

SHA512
a9b7de9b7fe5c23e14bf273f2d322e448c494b4a73e430ee3f667c744b40f1ba1a6b604898f107b91290fd56d07781530f36a34e49231459fa213e4de890019f

Download Submit