9a92119cb1c773a429a9a5c8a7fca58dfab009e63438187ec563df2dd6ef3935

Analysis

max time kernel
164s
max time network
191s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
31-05-2024 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85d3c03b2c7ac1e551ae38466de07f15_JaffaCakes118.apk
Size

1.4MB
MD5

85d3c03b2c7ac1e551ae38466de07f15
SHA1

452c24559d4d726b10e1a00a8395382dba9fc2e8
SHA256

9a92119cb1c773a429a9a5c8a7fca58dfab009e63438187ec563df2dd6ef3935
SHA512

bbb98cf2ab41acf52b50e1817111337af792e06f8bf1b4ef043b799339fac7a5901c0a53833352368e4ac5c18f33d6f53b8777ac0398d226b26e9ffe7c255b32
SSDEEP

24576:kWUrkvqd6YeVuPLEeB83HVTdmgq3MJLgRPPhSOoXl0IYc1fTr2SmX5umVy7:did6YeYYocHVTdmgq4LgJ5wS+1M5umVw

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	jnix.huahua.gh

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	jnix.huahua.gh

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	jnix.huahua.gh

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/jnix.huahua.gh/files/__pasys_remote_banner.jar	4529	jnix.huahua.gh

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	jnix.huahua.gh

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	jnix.huahua.gh

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	jnix.huahua.gh

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	jnix.huahua.gh

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

jnix.huahua.gh
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
PID:4529

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/jnix.huahua.gh/files/__pasys_remote_banner.jar

Filesize
231KB

MD5
c601107d24f96646ae86f74b0fea880c

SHA1
8a8ce84fe5b6e186ddcd69c8757de4fb1aae7ed1

SHA256
939120d702d97dc47c6963d98dc1d2694e0fae5f5d5199c0755f54741a3c2a16

SHA512
b573a0d74ea8c6e99c3ebad4ac7b42ce46940231f8a90c9b19c887c6c20356235241068d187aab2bae9914c3df84cbe80bca13b5b6d070247353f5e5eb282f33

Download Submit
/data/user/0/jnix.huahua.gh/files/__pasys_remote_banner.tmp.jar

Filesize
114KB

MD5
2ad9fb4b2d9b333883b7e38f61c2fd2f

SHA1
5b85041452d173ed0d81d25b9ca78608a998e328

SHA256
b9310a99f1b60959f6b725eea74623dc491adec55da740c17e8c7e02f35818f5

SHA512
6fc04e1e22ebf8920b4928a8086cf3e0814d155f79f80d71622916f6a0911262382710e5ee2acea653db4b387730e201134592cb9992b14f3aef8b09d83bda90

Download Submit
/data/user/0/jnix.huahua.gh/files/oat/__pasys_remote_banner.jar.cur.prof

Filesize
388B

MD5
ac00d742f6bf7cfeb7fc50b7019a740a

SHA1
bf376925e09c9a88b646dd302d9ad8406e6d3e56

SHA256
26f0c688dcac49984b79f318652e586fc40cf09c7b0066ce94c18d2b2f478f41

SHA512
97938be4ff9cc21645dc99adeaadfe41fd081251fd43151d1d0ff7da18401ea55932269eed04ba04ca19216f901ac5f131e9e0fc24004569a1d0bffa5e444ddc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads