753b11580c3784d4929254749564d20e35be49393046afad48c0d6896b4faabb

Analysis

max time kernel
179s
max time network
140s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
30/05/2024, 04:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

830fe816d05e094ac76238d6d5b874b4_JaffaCakes118.apk
Size

1.1MB
MD5

830fe816d05e094ac76238d6d5b874b4
SHA1

1bc170a260ce45bb0f7d3dcffabfdb3092953195
SHA256

753b11580c3784d4929254749564d20e35be49393046afad48c0d6896b4faabb
SHA512

be4c11203693d2d7ad5945b23632f65d718ed466534aaf80422b8da9cfedff35056bb6c5415ceda3f7a2f85e2fbc4005be6b5f4def8d935334c4f6b6d536232c
SSDEEP

24576:DSvVaOGTdwdNwa/Z+xlU+GZUPFHFWmQHK2z86A8qQGhj9RFahmPOl:D0+dwdNw6+xlOUFlWm+K4p8khb

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.imober.ting

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.imober.ting

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.imober.ting

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.imober.ting

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.imober.ting

com.imober.ting
1⤵
- Requests cell location
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4474

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.imober.ting/databases/book.db

Filesize
32KB

MD5
7d277fae228d1c7293d402256fb58a4d

SHA1
0560ab7265074053f5b8e6779d7f0f85a2516940

SHA256
297d014651a27cbaa1a8dbac6a72fd23a079f8004fdb709a83c83b0d20f01342

SHA512
4f9f3ace18cb17634bc2142a8272c1e10eaa85d152b09f2b8b63b9de9230227e1e3eb4aa5052ba040badee8092eb73b1ba239a14a67384fcdd3675f2ad1f75bb

Download Submit
/data/user/0/com.imober.ting/databases/book.db-journal

Filesize
512B

MD5
1fe7da8bcee819002cd3a5744fa4f44c

SHA1
2233d9e6e02b034136063e39dcc6b0441bd9c17a

SHA256
f5c9765d48aa1706189c85f6b11b009760fca838551c91c428f566b4bad337d4

SHA512
515ee64b76f89334e3a938f0790bad6043b7c2314edb714d2e5943e1327bbcea171eba13cb282448887a52c571a699dc1e0eb7d4fbaa3b8dd82b07710b180d13

Download Submit
/data/user/0/com.imober.ting/databases/book.db-journal

Filesize
8KB

MD5
9123df5d00003d20fc019f068856604c

SHA1
54bcaa52cda3409b2a18e32919fc9d5becae525a

SHA256
7ca5dc6f88324317e8ab14dbef2a60ec3a2d06d8f24d368700bbc2c41ee692b7

SHA512
549b835915318a2de19b1de6c6d47bb090a0598e409acd2d8befd8a1f4ea50d87e5759e524b6d845100694282dff590b21430597f142b085978bec0ebf53afe2

Download Submit
/data/user/0/com.imober.ting/databases/book.db-journal

Filesize
8KB

MD5
a34459d8fd8e8677b6ede65a6c563764

SHA1
1ab1038ef0efe24261efaccaa633f1c4026d538a

SHA256
c848601178a087beba5ba479d04f2e22df3d8964c7d2ad6c6f5e9ecf2749df5d

SHA512
93b2b8f74ed4a7add66f1214097d81e0c70ccaf50409ff398d8839054adceca45699928b027dde65c2b773a86a8988db7bbde0f33a8fa0d69a6023da661df2c2

Download Submit
/data/user/0/com.imober.ting/databases/userconf.db

Filesize
16KB

MD5
e9f5e0d0a6227b052e320ba64b36520b

SHA1
787723e1e121a8194f84d4c7b86927d67d815ccb

SHA256
dbcd5c88076ce672b4f3096c1df5405d9efabcb19cefacd66fa012f67528d560

SHA512
28608b5d222c316d701eee5002e9b52f7260027329b8927c9ef5b97bf995820b6d44ec710e155fcedd83fc68cbebe71d1737d2c4d5f5fa7f01d3a59850e7559f

Download Submit
/data/user/0/com.imober.ting/databases/userconf.db-journal

Filesize
512B

MD5
ae2fc2f60eb24505a1558948ba2ecf2f

SHA1
80236fb14fdaf5fa42af8606cea94816c5b79471

SHA256
3b7a21eadf212192ecdfe84fbb3e66fc10df90d8280bededc0472c969e25ac90

SHA512
46003e0d47ba547b4d95d8fef2ba45ce147aa8ff1c66645735c0eba39c77f02d3351cfec1e7dbda546557e600d6294c361598ad4bf5779edbcf0861bfa134eb1

Download Submit
/data/user/0/com.imober.ting/databases/userconf.db-journal

Filesize
8KB

MD5
aea67ae9946362b3aad0d5add53e94ad

SHA1
ac5f5cffdc773e56565f7ea94ed89ddc62e8ccff

SHA256
eff3adf43ecbe064eebc69712f84b40593175750f103fdcfa8e3ceaa001b6fd7

SHA512
6e3c98163c20d4fbae623762120ceb67e4996672a53ace6c61f11584e7a440849597360f80bc1e7ef54891c11dd02778e0cb5fff871d9f9b114d24683643f82a

Download Submit
/data/user/0/com.imober.ting/databases/userconf.db-journal

Filesize
8KB

MD5
b1572eb7810b80b9e1af39ad369406e3

SHA1
d9062a4d22244028ed082db77f077db4524c63ce

SHA256
e92faef3fbc9885412291f216bfa1a0f1704d1186cca3593ff48d850fb026b45

SHA512
74755e16a887267e7c263b5c8b330c6dfc9ba473417ffb3120deda4353930fa1a039f136cdf4ec9ed455911df2871fcd0af8280fd595e6a841558db6e8ec5721

Download Submit
/data/user/0/com.imober.ting/databases/userconf.db-journal

Filesize
8KB

MD5
3a95e636ca96472d086680e356b0de15

SHA1
4237d4182da0bfa226ef0364281691b1ab6c1be9

SHA256
27394da3a6dc83ca4e7d6b1fd97d89ca84d8a4b651f3380e98c85336ee98dbbb

SHA512
601bb10ef6852928602a08df4a4b3b2c9748e722320103aab624a8545b7c0d664633c491e2230fbfe64789ccff69a7afe0928035c376a3bf79d4ea2e5c4335ea

Download Submit
/data/user/0/com.imober.ting/files/E2FDAA28C7344D2F9FAA4A0FEC1296AA

Filesize
118B

MD5
15d01e348a7cddcef3b571989cae8737

SHA1
8f7ac927d0b696fffea5d49293d7128c9111c9ed

SHA256
b9a08c7a5f1bc7f0e2a2c807dfb2e7deade9022b6e4a14227cf906704d900903

SHA512
23c2640d1f50f2989e12b2ce0804a283873c5016d8dbedbd6f36f007a448125b68d3dbe735e1727367ddabbbdaeac778c0d7a0480fa1f12ef756e5cf6f579189

Download Submit
/data/user/0/com.imober.ting/files/E2FDAA28C7344D2F9FAA4A0FEC1296AA

Filesize
118B

MD5
5038c193f7a7d9acfe3a0e408b71374f

SHA1
3f789df41447844ecdab6479dafc630c8bcdab32

SHA256
a11b95440df729d36c9ded5f2e011c024a8929c6ba451209e5980949285f8423

SHA512
7798fc1e11143367453da46fcc1e394d69f113e5321042c6fcfe01671d6942214f89b729b8cfa76eb9c76ccb8beb24f9c1b61550352c1cad33d0d408a677073d

Download Submit
/data/user/0/com.imober.ting/files/E2FDAA28C7344D2F9FAA4A0FEC1296AA

Filesize
118B

MD5
8d8aa7992ba3d6b4f842d30b8f97e4e2

SHA1
fe9210afbe680cf72641ccbc379132a52d0f824b

SHA256
fef4dea33f707a1033dca595ea4e8acb6a712d95930f32730504ef83edfcb378

SHA512
dcec24652cc1779f5f1ca01738dafdbbfa4c9d1476867f6de587ebb25de39725dd52d879fb4ac58752a4ddbaef9ab1e3b0e157aef92f92f0243da1fda1ab4d5e

Download Submit
/data/user/0/com.imober.ting/files/E2FDAA28C7344D2F9FAA4A0FEC1296AA

Filesize
118B

MD5
46da5b91c69c5fd00efac503af72eb04

SHA1
b676eceabf80b75d0113fa9c97cb37bc990e18ee

SHA256
14856f6525ac74af42a12c4c8e774e7a78a8d945c0342f06e24dc99de99fc181

SHA512
1bfe16337a9f39b6ac89a5e9db5dbfd01102c97fd13d80862d28a4bc9725d9bea1d8664c7fdbe010b6b7c3fdfac637454faccddaaac5cb12727bf98148999ee4

Download Submit
/data/user/0/com.imober.ting/files/E2FDAA28C7344D2F9FAA4A0FEC1296AA

Filesize
118B

MD5
4147651d07392681a0ec7183688768bd

SHA1
240c5465042dce6bf12f40fe9df2d67192018211

SHA256
5aaf84ffb03fb092c5e2e6ebdc17de71f70c46e3916fe71f7c0cc332a2a69a0b

SHA512
8d741df329e795252a588053076353fe70eb05cd6572a57b98bcb3a46e97b5de7e8c24aa7b9b974619d26c54273919e57e0c19b5ccd0a6f2ae464b2d238952bd

Download Submit
/data/user/0/com.imober.ting/files/E2FDAA28C7344D2F9FAA4A0FEC1296AA

Filesize
118B

MD5
dd5d299871c6e361bbcaf0a3ce00e6a3

SHA1
0b7ec4b17a1ddcaed410f955142d1a8fc5ffa7c4

SHA256
9666ac4febec2cdb1c5ee601e03505e7e30e98dcbdee362e905f5f580c5dd837

SHA512
6ffdfade6bc4949268c2e422339a563f5dfb73130fccab251cfe9e8907580ac3661e6cf99c55b11d62f8b9c3f2b767f023fb7301bcc196412a1c9be575f59473

Download Submit
/data/user/0/com.imober.ting/files/mobclick_agent_cached_com.imober.ting

Filesize
100B

MD5
1749c155a7300438bb8cdf4c7630960d

SHA1
02c259dc271483084b05cc19e658f277de1f6526

SHA256
9e4fc85f102dffe9a45f28b405762d4864a1726a2fdb390757e836fd57dbf5b3

SHA512
bd05da34724240299971546714f99205663cc1b15888f2d75465cff9717e09f49ffb7271165c93a9ac2b7179fd61a2a48b6a6e9869b497d8521485a3a21adab2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads