29e028d52b0a5b8e7b3d627028828cdf2e0b4ccae1dfaaeb3884cc7babbe17ce

Analysis

max time kernel
178s
max time network
190s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
29-05-2024 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81e943f671ed37ace694fa916cad0436_JaffaCakes118.apk
Size

2.8MB
MD5

81e943f671ed37ace694fa916cad0436
SHA1

b1a6808d74b3640686e9afca82d821c4503d120f
SHA256

29e028d52b0a5b8e7b3d627028828cdf2e0b4ccae1dfaaeb3884cc7babbe17ce
SHA512

64e4421361a6171e2a864c28a3e38578fb9dad12aefeb0e0015603e4b03a623b033259e5fecce5f9a045d773c4905914581374fccd356a1fa00418652c376373
SSDEEP

49152:mSGVCfKa+EJNNpyCXxGc5ujWFhS8fjvBWdIRfj9XqLJdYDX1RpkyFCH+:mDC53vKCX+qvVWm1j1qL/eXHa2CH+

Score

8^/10

banker collection credential_access discovery evasion impact persistence stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.main.haha

pid process

5147 com.main.haha
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.main.haha

description ioc process

File opened for read /proc/meminfo com.main.haha
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.main.haha

ioc pid process

/data/user/0/com.main.haha/app_ttmp/t.jar 5147 com.main.haha
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.main.haha

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.main.haha
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.main.haha

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.main.haha
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.main.haha

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.main.haha
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.main.haha

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.main.haha
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.main.haha

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.main.haha

pid	process
5147	com.main.haha

description	ioc	process
File opened for read	/proc/meminfo	com.main.haha

ioc	pid	process
/data/user/0/com.main.haha/app_ttmp/t.jar	5147	com.main.haha

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.main.haha

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.main.haha

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.main.haha

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.main.haha

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.main.haha

com.main.haha
1⤵
- Removes its main activity from the application launcher
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5147

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.main.haha/app_ttmp/oat/t.jar.cur.prof
Filesize
370B

MD5
8d4f3f7b0c8e549fbb3878281eef9289

SHA1
c8f5f462fbb60e73d42f777eae72bc07f3cedb26

SHA256
7ddea11a56e9cb5867f2ddea7d5b061bf81a3036654beb838c0253385f3c8c49

SHA512
a669a182026b837eed8e12cc5090cdb5ce2d3f96b57bc1b8372bf4714746e97e3d68e27770bb91bc62c69326975898b4adec9c28ec3be64dcf52004cfe3a9390

Download Submit
/data/data/com.main.haha/app_ttmp/t.jar
Filesize
172KB

MD5
39f7c5d4a7962708aa7d98bf2fadfc27

SHA1
cb348f750596b2e54705eb7d20b9fb2cc9d8807f

SHA256
e303dc3a3e31e4d525840e20486b6a99821e330b75c11e61c0f78d56f5dd9558

SHA512
55267b2721b056f9dab24c9f29df40db648cc3bd2eef0f4464da5545e6540f3f18cd8cdd9b7e7c77fe7a4fe37a08eb1bde482edbdd7eb364dd840f7f83740caa

Download Submit
/data/data/com.main.haha/app_ttmp/t.jar
Filesize
172KB

MD5
cf9c7fb39d30b43019bfac428a3269ab

SHA1
912d7b2f83d9d0eae24d5b4cf1a5033cd2b8a283

SHA256
9031644073855d5bc7ad4ac8f211b472c7b52b8a5b743e85b40d1864f95a09af

SHA512
2450ac53f0f2ecec5d32ce0fb90ce4ed051d25319965d6758d90e0ede8cc813d445911e7511f140510d3ed19390a1effb9c1758861a95cecde8760abe127590f

Download Submit
/data/data/com.main.haha/databases/com.main.hahab
Filesize
64KB

MD5
71586bab4c6a7dca467914d271895b8a

SHA1
f083b665810076c6e41d2dadb275c8faaebcbe03

SHA256
ef2cc4f547c88246456110a2b082060201c303cc82aa6c689151b311d1690d13

SHA512
acb240351cf8bd0722e828a49e0e932adc10a4bb6570657b3a4e83d6e3f14eb44c9d8e566f3e6d442251066fa6d0e82d73fc87eea1c1bc0ff1c53be835358a38

Download Submit
/data/data/com.main.haha/databases/com.main.hahab-journal
Filesize
512B

MD5
7dc2e038a18a69bc84fd949a5ed9a0a0

SHA1
f0255eb1cc95dc70ec619cfe9dd06ce1e3c31955

SHA256
8d5e98c583edb52d037d67a9e2d1fc86a8933bf86fbdfe624797bde1adcc031b

SHA512
98e962106a3c39fac12451318c7927a5b8eb380f1e1524e05fca615f439faa275e5b18350f9c4acab317dc3636b617aabf100916be0afb40d57fb29ff71e02a7

Download Submit
/data/data/com.main.haha/databases/com.main.hahab-journal
Filesize
8KB

MD5
f2ad811f9fffa02c08689f6b920168d5

SHA1
f4dd705188b14efa41b4da6bc5da0d7b93d21dda

SHA256
e318535346d65b4d32986c352cee5225a1268f4516f9d9160c67143c6d868749

SHA512
f48efaafe962bc0a5fee1095d0e28948574bdd75b983ec18817eceaaa75c1c7a444d843c36dcfb5eb7b24ceb116f4106180bb71e9ff1ae5f0a3e60b3b83ca408

Download Submit
/data/data/com.main.haha/databases/com.main.hahab-journal
Filesize
8KB

MD5
f4f5ca1a1660077f6a94e88b963c592d

SHA1
4a9168aef39574367d642a5b852d417e700be8ea

SHA256
46bfe078b4d7e2308148190b52fa668be8d274dcc518467b16610240229207a6

SHA512
4c22560896f59b1258317d45761e7c06b77774c51aa8c311b577e00639627fa50f27857689692382832f728e73c25c33e70d42f001e8a6efafba7c51199a356e

Download Submit
/data/data/com.main.haha/databases/com.main.hahab-journal
Filesize
12KB

MD5
bd44c69bb98691eb67c152909aea0bbf

SHA1
8cb36f250f916b7fab356f9c59278bf284b1c0b5

SHA256
c6b7002fbc0b5d7be27da0377a4f429831e2be33c0b003ea6591d77935652d71

SHA512
e7f6646bac91e1c2d8f1a6d8d1e4af91257c0ef1ae226fff8a35f53544c6fedc571e410df54f49a23bb4b0bbc565664589be7d5f25a9b4708146a6b618659d0b

Download Submit
/data/user/0/com.main.haha/app_ttmp/t.jar
Filesize
363KB

MD5
71f79ba9526f0b6a04ff423212d75238

SHA1
ff505b3673f566a812ae925acc84157a1b6f34d7

SHA256
ab9672e93263e2459e8381f5216b8d8ce928c7bff5fd74cca8ae6f32977e557f

SHA512
b8df08dabb951a4881c0bb7cba6b80b76eeef9776fff51730daa8672f0afb6fa514b9c8bb8981b93db698698a83b77391e16aa612b55cf1150d6c18881aa2253

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads