13569bc8343e2355048a4bccbe92a362dde3f534c89acff306c800003d1d10c6

Analysis

max time kernel
154s
max time network
176s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
28-05-2024 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e0671fc66f9a482000414212bf725e3_JaffaCakes118.apk
Size

833KB
MD5

7e0671fc66f9a482000414212bf725e3
SHA1

5c6c19a5820a9c799332155d366c2cd31a2e0be1
SHA256

13569bc8343e2355048a4bccbe92a362dde3f534c89acff306c800003d1d10c6
SHA512

785d914c9de6f9ac0da3398d7edc9ce110b07a25572d08b3cf8fb19fcc15a9dd625fd47d3fe6da08f975b5726f1aaf2d1f90435153ec2b1d03963fa9065e79f1
SSDEEP

24576:gnHCL7qRbyZKskka9P5RZo/k022dEvP/KjP15Ibe4D:AMuR2ZJk89jPLIbp

Score

7^/10

discovery evasion impact persistence privilege_escalation

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tvone.untoenynh/app_fogdqxpss/puqiklllaj.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tvone.untoenynh/app_fogdqxpss/oat/x86/puqiklllaj.odex --compiler-filter=quicken --class-loader-context=&com.tvone.untoenynh

ioc	pid	process
/data/user/0/com.tvone.untoenynh/app_fogdqxpss/puqiklllaj.jar	4318	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tvone.untoenynh/app_fogdqxpss/puqiklllaj.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tvone.untoenynh/app_fogdqxpss/oat/x86/puqiklllaj.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.tvone.untoenynh/app_fogdqxpss/puqiklllaj.jar	4290	com.tvone.untoenynh

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.tvone.untoenynh

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.tvone.untoenynh
Tries to add a device administrator. 2 TTPs 1 IoCs
privilege_escalation impact

T1626.001

T1640

Processes:

com.tvone.untoenynh

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN com.tvone.untoenynh
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.tvone.untoenynh

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tvone.untoenynh

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.tvone.untoenynh

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.tvone.untoenynh

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.tvone.untoenynh

com.tvone.untoenynh
1⤵
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Tries to add a device administrator.
- Checks if the internet connection is available
PID:4290

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.tvone.untoenynh/app_fogdqxpss/puqiklllaj.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.tvone.untoenynh/app_fogdqxpss/oat/x86/puqiklllaj.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4318

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tvone.untoenynh/app_fogdqxpss/puqiklllaj.jar
Filesize
34KB

MD5
b30f63d751e58accea36d408ed680632

SHA1
3c8afa7e98a674c3be9e0f9ae37c0dd408b09e2c

SHA256
75ef5147279ddef2e7a9cb0c264b9055ef638904dfb93c3a5faef977fdd23326

SHA512
7fd4e755f5fb3619d301babcc0e7c854c51129bfc1db7319fe899398b4c5c62646b4687fb04bf0a3b0cf08d8bfce39e4ca2cbac3ecdbebfa4908dd3374475d13

Download Submit
/data/user/0/com.tvone.untoenynh/app_fogdqxpss/puqiklllaj.jar
Filesize
72KB

MD5
6d99e3cdcb65ef5b9371dcccde3b79f6

SHA1
f3d1362bfdbe4aa794bb4ac3ecdd9149bcf6c2e5

SHA256
8fc33db2b981bbe96b32f72d11a1299ab91370ede9e6568589a7ca175ac414ca

SHA512
1f2d2d2a232f2c73670a5db0886e4b6d892f623737a340e5a24718b19604d5a538543977a6ba62836cb3188508fb337424c38d498ae0190effbb3e98cfe158e7

Download Submit
/data/user/0/com.tvone.untoenynh/app_fogdqxpss/puqiklllaj.jar
Filesize
72KB

MD5
cfe79f8009a3b37a758d886f089cd9a4

SHA1
36e2c2f751eace6a3f57fd9e2f3a39052d5ec2b1

SHA256
62b6663264b1bf3261faa8e7cd444f100ce73644522533a95135861f325f576f

SHA512
01259731514f79e22dc4e314935e5c0e1e8fa9861ff18ff42ad52aa20a64606aa48934310199b9a2e217ecfee2a9ad551f64909a929a4d591e90ea18423c4727

Download Submit