Overview

overview

8

Static

static

6

840af04291...18.apk

android-9-x86

8

840af04291...18.apk

android-10-x64

8

840af04291...18.apk

android-11-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    30-05-2024 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    840af04291bf6f8c239c5178e1674772_JaffaCakes118.apk

  • Size

    263KB

  • MD5

    840af04291bf6f8c239c5178e1674772

  • SHA1

    35322bd708e281a3af6f33a7a48cf01f969f123c

  • SHA256

    0516416947f71b9af9dbc95a72b0d4fd0fbff816c97bca163deed795cd75d02d

  • SHA512

    30a41c2a1ff09f2e7a0a479d7cd2b160d498398bc43ab0f338dae1a822e5611e3932ad21c60c836d8956003ad68497a5d9b47834107398305ef46ddf641696f2

  • SSDEEP

    6144:bRIZPNvivXSCeVvnD2IJOsBFaw4IzEsS/ZXBc2Y4MT5fNq:bRI3i6tQIwsBFa/IvcR9Uq

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.news.geynci.jxvlsxqrljv
    1⤵
    • Removes its main activity from the application launcher
    • Checks memory information
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries account information for other applications stored on the device
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5107
  • com.news.geynci.jxvlsxqrljv:RemoteProcess
    1⤵
      PID:5151
    • com.news.geynci.jxvlsxqrljv:guard
      1⤵
      • Schedules tasks to execute at a specified time
      PID:5635

    Network

    MITRE ATT&CK Mobile v15

    Initial Access

    Execution

    Scheduled Task/Job

    1
    T1603

    Persistence

    Event Triggered Execution

    1
    T1624

    Broadcast Receivers

    1
    T1624.001

    Scheduled Task/Job

    1
    T1603

    Privilege Escalation

    Defense Evasion

    Download New Code at Runtime

    1
    T1407

    Hide Artifacts

    1
    T1628

    Suppress Application Icon

    1
    T1628.001

    Virtualization/Sandbox Evasion

    1
    T1633

    System Checks

    1
    T1633.001

    Credential Access

    Clipboard Data

    1
    T1414

    Discovery

    Software Discovery

    1
    T1418

    Security Software Discovery

    1
    T1418.001

    System Information Discovery

    1
    T1426

    System Network Configuration Discovery

    3
    T1422

    System Network Connections Discovery

    1
    T1421

    Lateral Movement

    Collection

    Clipboard Data

    1
    T1414

    Stored Application Data

    1
    T1409

    Command and Control

    Exfiltration

    Impact

    Data Encrypted for Impact

    1
    T1471

    Data Manipulation

    1
    T1641

    Transmitted Data Manipulation

    1
    T1641.001

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.news.geynci.jxvlsxqrljv/app_tfile/fields.jar
      Filesize

      138KB

      MD5

      cceb8db3b057d24673d49eda229e9892

      SHA1

      b18f6353b2156410249079a3b7b86ef3a530e8ee

      SHA256

      e900cb4c3fe9d8f45196a7457e9645c65b0f3cde820f4161950252cff67a4d97

      SHA512

      4a42cde3165a706e823caa1362001ed8aa647caf22325a4f2554c64fc4ebcd79afe44fe5eab5474221806f26e7aca9d2901026de6e597ef62fe867f123e4bd57

      Download Submit

    • /data/data/com.news.geynci.jxvlsxqrljv/app_tfile/oat/fields.jar.cur.prof
      Filesize

      369B

      MD5

      6de41202d76cfb91657a014430e7f33d

      SHA1

      1c066a98ee1dae3493881522b42a6978ef72ffee

      SHA256

      51491488aa5999f64c4d74c50676559497e9890b2a3978cdc8f07dc782e945ec

      SHA512

      765ef4f4ca7a832af8677b8cb38b705a5cf809b6d321f7d86bcb03471d5e55d8c9b8dc04dbad9f89b10febd5e87b29d29e1bd36fa91259ba00ea863ad1225236

      Download Submit

    • /data/data/com.news.geynci.jxvlsxqrljv/databases/tbcom.news.geynci.jxvlsxqrljv
      Filesize

      36KB

      MD5

      ae8aa93151da27ce1348c21d6ea98a45

      SHA1

      d187ce29f387717ea0c7d2919a77945a6f04a954

      SHA256

      b5023c1c2354845e52c945166be1111d7565a000e57ea18d8ce2943c73580e81

      SHA512

      7bc212292c6dd5192e2d714d1e06c3109f133bf0f5bddb4dd4113a4b9ab3a8db3ba7e1cab4a7da44724361b8d7d53cdde3d50506cf7264fb00d7b4521014c85a

      Download Submit

    • /data/data/com.news.geynci.jxvlsxqrljv/databases/tbcom.news.geynci.jxvlsxqrljv-journal
      Filesize

      512B

      MD5

      f73b480a1e40468ed99bcda714e34841

      SHA1

      b2a896fcea6b3dc0de3d8f0b8691e39190d573a6

      SHA256

      f33c1163d7751baf812a38db05fee58923cbf0cbbab0aa87384b95d5869341f1

      SHA512

      7178acbeb9f0fdf3b6448d9d951c3c69ce619c866f482d1722047907ae47756e743610822a637060f167238dc06c7b8b70a5a6b6d8355ce01c820bf2ca4c29b9

      Download Submit

    • /data/data/com.news.geynci.jxvlsxqrljv/databases/tbcom.news.geynci.jxvlsxqrljv-journal
      Filesize

      8KB

      MD5

      43b8ceb059d9c8cbb797bc482378f3c0

      SHA1

      649b643d338b26c45ddb4b2444f040a99498d647

      SHA256

      b5db74194260aa59aa504b5f3936013203feb79f06f0e707f62758cea07fd8cf

      SHA512

      3e3f86b0c32405140fc908dc9140b88fb78aa38f9877186a74c8dd495d2eccc58b50658b99e08e0d1cce8c939e8534527a31dd1e8df1064e2fdb0c424b7e6502

      Download Submit

    • /data/data/com.news.geynci.jxvlsxqrljv/databases/tbcom.news.geynci.jxvlsxqrljv-journal
      Filesize

      8KB

      MD5

      7afa5fc55cbeeb40cf0711cc89224344

      SHA1

      43bc158e3f6acf3fbeec01861e12c8b867b01f20

      SHA256

      928c1b13d3b414b61a838c612ee3073b315bb0ba03bdcf8683419bd3f961ec79

      SHA512

      e13f16d040184a421c1149c44a4a0087f1868c4aaf227d328079e2d13450e0c4a769c64786fb4d87d950556db6815298971158869642073f1faaba9f4614cad4

      Download Submit

    • /data/user/0/com.news.geynci.jxvlsxqrljv/app_tfile/fields.jar
      Filesize

      281KB

      MD5

      73b11c4c10150bbd4f29ad012dc11dde

      SHA1

      65c83ad32c29f9811c32eda75d7fcdc92ef42dda

      SHA256

      52132037e9b950a9cb48d6374ee2c6747a6bfe776e13a726395771f1b40ee9da

      SHA512

      3e53b1ee22a00e60896da86d2695195e0965c93d190c4d1c0dba2eb5c611d670ee7693a9f8756858255e2b170cb82a753719dd4d6a827af437309b7a1dcc6f01

      Download Submit

    • /storage/emulated/0/Download/sdsid
      Filesize

      4B

      MD5

      b8c37e33defde51cf91e1e03e51657da

      SHA1

      dd01903921ea24941c26a48f2cec24e0bb0e8cc7

      SHA256

      fe675fe7aaee830b6fed09b64e034f84dcbdaeb429d9cccd4ebb90e15af8dd71

      SHA512

      e3d0e2ef3cab0dab2c12f297e3bc618f6b976aced29b3a301828c6f9f1e1aabbe6dab06e1f899c9c2ae2ca86caa330115218817f4ce36d333733cb2b4c7afde7

      Download Submit