af3a56a931a304947106f0e475a2f4ac454b24e10ad8523e47a57ca0f91a6e6a

Analysis

max time kernel
179s
max time network
160s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
31-05-2024 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8833b5c53ab3d220cfcb5a723ef0e1c0_JaffaCakes118.apk
Size

1.8MB
MD5

8833b5c53ab3d220cfcb5a723ef0e1c0
SHA1

2a2b117ba9789e05c7eb8a431110cba980c4f588
SHA256

af3a56a931a304947106f0e475a2f4ac454b24e10ad8523e47a57ca0f91a6e6a
SHA512

9b378d86d8f87e5c8a835ac55a5b3f5d070cb1711a7237e18876679fff04c66aaf5fb914341709d0a1046b9ba940786aa3fa94acd1bcf09eebf5c3e6ae234f62
SSDEEP

49152:mEMVVh4WtHS2QQko/BaWbyGpPw0I8l6uB31LQBF7Vl:mNZd3lej

Score

8^/10

banker discovery evasion impact persistence privilege_escalation

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.plexnor.gravityscreenofffree/oat/x86/.odex --compiler-filter=quicken --class-loader-context=&com.plexnor.gravityscreenofffree/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.plexnor.gravityscreenofffree/oat/x86/.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁	4325	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.plexnor.gravityscreenofffree/oat/x86/.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁	4292	com.plexnor.gravityscreenofffree
/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁	4352	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.plexnor.gravityscreenofffree/oat/x86/.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁	4292	com.plexnor.gravityscreenofffree

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.plexnor.gravityscreenofffree
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.plexnor.gravityscreenofffree
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.plexnor.gravityscreenofffree
Tries to add a device administrator. 2 TTPs 1 IoCs
privilege_escalation impact

T1626.001

T1640

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN com.plexnor.gravityscreenofffree
Acquires the wake lock 1 IoCs

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.plexnor.gravityscreenofffree
Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.plexnor.gravityscreenofffree
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.plexnor.gravityscreenofffree

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.plexnor.gravityscreenofffree

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.plexnor.gravityscreenofffree

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.plexnor.gravityscreenofffree

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.plexnor.gravityscreenofffree

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.plexnor.gravityscreenofffree

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.plexnor.gravityscreenofffree

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.plexnor.gravityscreenofffree

com.plexnor.gravityscreenofffree
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Tries to add a device administrator.
- Acquires the wake lock
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4292

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.plexnor.gravityscreenofffree/oat/x86/.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4325

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁 --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/data/com.plexnor.gravityscreenofffree/oat/x86/.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁
Filesize
2KB

MD5
254158aa405538310a2c7f0d2975ae82

SHA1
86ec39317aa612876d5b885079433d79de96e50a

SHA256
fa3e87d9779f860ac034182c5d70060697fdb68262fb7d345bed97d1db7ec48c

SHA512
07b17a4e93c62c365703227e9a8c0606aa922a505cc36c76ba8d4f5ef3365524bbd69eef688a6425c755841ae116cfcf0081cc6806de73a43eb498a414ee5868

Download Submit
/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁
Filesize
3KB

MD5
a07b3c15a2b5d6ed706fd2bb32188f30

SHA1
4af8f54f63d8bb9bb42c6887f3bc1a56c756b539

SHA256
5ad6825ac105be18ba1a6d3e85297c300b12eb225ff73d29b72b9188d7a3ab4f

SHA512
4083c9cdd9a5a1e76112c52259e97f4ac49742f368635c1a717fe4d1eaf511a37e2b74a553bd8c359340b3d8316b0cb198ba47f1406f6061140025939a80c951

Download Submit
/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁
Filesize
3KB

MD5
f56179025ae7eae2d729accc44f67a72

SHA1
f957cf417cee1d44b0d4d173e346bc7d83c9e815

SHA256
07c43fe3e41590bc1f31d56d943641d0c5b9ac7062b686e844a471d52b9a57c7

SHA512
86241d1f0efff602251f6bec1c5d0834fb88a62c12eab4da0b03c26438ce84d03a47fe921a83350ea9674035775c6360debb1e6bbc0b964cd192008427b56f0a

Download Submit
/data/data/com.plexnor.gravityscreenofffree/.傊鯻뗁
Filesize
8KB

MD5
4a6638940a09a510f37028ad22f5c078

SHA1
73586c7f70fae7486b4d7d4d97bfc75ce29b4feb

SHA256
6ec306de221298a2de39650c4970431bc34e82e8b3e7fcadf4998c9cb82dd06d

SHA512
ec83d9faa8996b2dbb57d290984bbad99dc3b9cee24452d38479d9d02105ea1dbaad3dc61aaefff72abcdab554d559d4afd8b703e2529c105fd7fb2daf73aa93

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics
Filesize
16KB

MD5
0bef6b7a46c12faa8090b47ecf02bfc9

SHA1
8e4043a3c3be2f52eec27ed18b956c21c1a69828

SHA256
6af3af14cff8f813d98fa7def414157982b84581a79454a201742b0c99003705

SHA512
d2c7951ef334815a952c8671d11e0b643af381df0deab43f5915915dfff20be8abfc5e182c445c98a7f57f7a8e67199412342598df850c7e64ce446c36fc9a74

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics
Filesize
16KB

MD5
1e936585d7ff2c64a467884fc96a81f8

SHA1
39f81960309d1371411ba814581d0555d4e58e7a

SHA256
36c19a1cb453902b9c60d4d67c95eb0f9c54856e7f9c646ac07cc105ac6464dc

SHA512
faeb921341b7379e6986207112479086d19fef5bc497bfca56a41052b1a8df16a9b10176e8a9e26bdcebf967c23238df6f11ba01906a15f6df6f6db32d7b71bf

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics
Filesize
16KB

MD5
fa8182591895d3623593161be1df88e9

SHA1
ff3c1f85c5d37452486bd28a11212c0f77eb0e30

SHA256
c3763de217ef7478a3a7e3c351000041ede012766f6f56b89b8d2fba90c8f48d

SHA512
ada6dd8b55222d479740b23372287cdea1f8b8c308df0105ddc0b00e8d57c3fc9eca7f460ebda95828a32337973f6933b1fcc5e803ea5a06d60a680586685e31

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics
Filesize
16KB

MD5
7a01a3249cd739e54bc67ef76579d557

SHA1
133b3a2b13c7ea3714b860bc8630b1d284f48dd4

SHA256
8a94074a5fe926012a9bbdfeba937cb07bd444893d3917933f870c33bd2b0d83

SHA512
05f3a8d1f52bbd9d45e7d08dc36872983896d17228c77a2d654740fb0bd6c3cebc872baff8aa3f29893254addae4e44a84b8b08d32125dd5ccebd48e3f95cfec

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics
Filesize
16KB

MD5
d51ba193309275e1b2da57798923adb0

SHA1
b3a46204aca16d5338b0a4de1871594a391968a1

SHA256
162f442307f6c0c3cb03a7f742240d7a029ef5d41c888bd5231d814573762981

SHA512
628de8a9890c1e357b787edd6c406ded49bbcbeed7c99ad3d1793840f4c97123b1387471628e54d21a9cebb3246c36a3acf7b8bc1ac8ec4d98ff2c652140264c

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics
Filesize
20KB

MD5
a8dd9ec6fbcb5603d0b43af3fb844288

SHA1
e20293fd9d0098df0b7948b534007841aae723b9

SHA256
9870461a6d66e37de6475b9dcb9736ddd5e4f4f2d9b0c7bc0517ba3647c6025b

SHA512
c5a548be3eba18de0ec8de3357d0fccfc3e4b159151cfc3f1b9a3624937b11a2d98ee68967510db5d2524262508acc20248ba9da0eca39bd339687f232254a58

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics-journal
Filesize
512B

MD5
a70e83f962e620de76b0c0e0e1938c67

SHA1
cfe91b52fa35e8e1b4032edeb25c6b9d367705a7

SHA256
e2c10ab72122693e4e3e921f372f9e9f4c831cdd663a75e024e8b6dd12298652

SHA512
20198835c6340cec604f23148c1b7ec0bf70483e2501fa524776bc944010a234d442806e1ce2c10feb70fecf594896b1027c6ff3551f07f2584228aa1e538026

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics-wal
Filesize
4KB

MD5
370cc37f5f2008002b3cb1fb3a3ab64f

SHA1
2b2e6881444ba2511170d6894085a49e8bb56881

SHA256
3a44ac53f3307754e54b38cc07c20e551eccebd10a6416b941d361ce9c33582e

SHA512
796119634f11189027af20cc94c30f185ec8c67504a12d72fbb3d077217110f37560e84945074548b965f51d9269a37d8438dcc0432028260893ab2258af80b5

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics-wal
Filesize
4KB

MD5
fbc4ee02625960aac78ad5e5856aef91

SHA1
a55c4eae69cf46e646c93fc491ea2b5cc6a02f93

SHA256
e8c62687b8a274e63df81773f8e17236909fcf332c80e8529ae4d6c8eb63d41d

SHA512
caaa6adf177c1210a2f75a9df92e94070874520f4ee27f25a7d361396e26c452a49ad76bd0bebd32d14dc6a697b2122fb2cb54800b6f24b976beb9e227d04a5c

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics-wal
Filesize
4KB

MD5
d1df1d83d7dbcfe4c5f604a76a130e66

SHA1
a26ad9a979b1eafac80346587f28eb80532134d9

SHA256
7b4ada27e1fb2c4df23479f3ee405cd873418c366137192b0aebce62a5c99f97

SHA512
02e226c40699e25d182062f5f6d0efa760463d8c58d6d82d1df7e14fefd440f8d07513d410af8bd883d2b9f892b0e0da5e73f10eda770ccd262e7b7be8ffda50

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics-wal
Filesize
4KB

MD5
88c2dfe144dabd116f5ae762b740563d

SHA1
a074e963f3e58faa003ac24f6fb76cceaddf8ac2

SHA256
1b2e08822cb5b4905bd1287de5f752de5f31089a203f18a9ae5293fb1e7bc57e

SHA512
297e02ff965ba0075704570e667a6e640ce908b5c373ad00f4529cbce34e7c6f8bfb16e8dba4ef26c017f67b950ff24cab657a1f8fafadf0c0fc84857a208627

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics-wal
Filesize
4KB

MD5
c6bea5a03c774553021fc22a52d8e60f

SHA1
76cc2d61d796c2647a92867dffc069296c607c57

SHA256
9c8de0c683f63bf596ab678574f08869ca8e3770b97497423f675df7250f9c8f

SHA512
0245fd48adef80e51f416663e478d2e485a6b66dbee363c7abc83ded9c90791362fa10abea02f38cb4f674bcdaa0a580564e408d7525daf662db688622ebbc53

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/analytics-wal
Filesize
40KB

MD5
a2d4ab27572762e4df7f280aa5174ac4

SHA1
a765373b94adce1759880df0233fa4c72a124b84

SHA256
7e2670a1c89aec8860326d6b65ea0b389768da8113e88f2ca37c38f14db9cdc0

SHA512
302c4e3e9d4e01d0e7c90c371bfa691cfa0e58d36473d02ae2fe2dda8f9f68e40eb44059c8be9df7046b86efc54a9c99c83cce99d6407b0b9c4e628ff2d255bd

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/gravityScreen
Filesize
20KB

MD5
ee8a1d1928973bcb281746f28a7bde78

SHA1
716fbd69ac914a4ab288ec04a47624e430a38814

SHA256
a996ac84d4f387370e0b5ab9c406b7295effe0ecf084f8647da8874124480691

SHA512
9612c62df2b7f3c11c9bf281e65ed615367020a6430036a2a4a811a7de6d9ff9ad3ff7d7712c66ee8a01e458cba05822eb029cae47cc4c4814865ccc44fdaa07

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/gravityScreen-journal
Filesize
512B

MD5
73dbe1639dfd76348fea8b3256f2c099

SHA1
f95c89f6c295aa715d9163664ffd9335468aefd0

SHA256
babe89cd21954643140b7b04e12a095bbb0ce8617d5c530cf18b5c046663b40d

SHA512
b0af71cbb8213224d791aec0b6c09e679619f6cf218c4fa46c258fd0bad933aab52273b88607767b460e068b4592c21a31dfc4ba5297b69209bed3ebee30ed88

Download Submit
/data/data/com.plexnor.gravityscreenofffree/databases/gravityScreen-wal
Filesize
32KB

MD5
dee182d6955767573723218226f873f3

SHA1
8cbc2a25e10d79caf216d3c6d8da1af235367cf1

SHA256
b9655616b98b291b7141530dfc0ad8dc6a36478b89b94203f36b751521947536

SHA512
363b74bb0a91296efe5e6a0125fe0367f4bf05c0ff9e378d4e314a221806bebbdee7175ef60f69852bb565cb7cd2fff7e0923dfe06df6ac878d893bbf08bae05

Download Submit
/data/data/com.plexnor.gravityscreenofffree/files/gaClientId
Filesize
36B

MD5
0e08934e7339970c6dc1b68d55adb7de

SHA1
9654983f07b5382c2127f51b49e15307e9de6b43

SHA256
fd34635f309e0464934bf2fab74841287de35ef7ad79f00f49ad758606dd5f92

SHA512
c24893d4d2c691a92e4ad21cdcff134fe07c09d2047a07d427e9e940323f0e2bfd79239aeba8eb6e0aee9fb992e4ab7341e93862eeef17ede73f80d411771260

Download Submit