af3a56a931a304947106f0e475a2f4ac454b24e10ad8523e47a57ca0f91a6e6a

Analysis

max time kernel
179s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
31-05-2024 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8833b5c53ab3d220cfcb5a723ef0e1c0_JaffaCakes118.apk
Size

1.8MB
MD5

8833b5c53ab3d220cfcb5a723ef0e1c0
SHA1

2a2b117ba9789e05c7eb8a431110cba980c4f588
SHA256

af3a56a931a304947106f0e475a2f4ac454b24e10ad8523e47a57ca0f91a6e6a
SHA512

9b378d86d8f87e5c8a835ac55a5b3f5d070cb1711a7237e18876679fff04c66aaf5fb914341709d0a1046b9ba940786aa3fa94acd1bcf09eebf5c3e6ae234f62
SSDEEP

49152:mEMVVh4WtHS2QQko/BaWbyGpPw0I8l6uB31LQBF7Vl:mNZd3lej

Score

8^/10

banker discovery evasion impact persistence privilege_escalation

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

com.plexnor.gravityscreenofffree

ioc	pid	process
/data/data/com.plexnor.gravityscreenofffree/.栗잌섦	4672	com.plexnor.gravityscreenofffree
/data/data/com.plexnor.gravityscreenofffree/.栗잌섦	4672	com.plexnor.gravityscreenofffree

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.plexnor.gravityscreenofffree
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.plexnor.gravityscreenofffree
Tries to add a device administrator. 2 TTPs 1 IoCs
privilege_escalation impact

T1626.001

T1640

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN com.plexnor.gravityscreenofffree
Acquires the wake lock 1 IoCs

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.plexnor.gravityscreenofffree
Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.plexnor.gravityscreenofffree
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.plexnor.gravityscreenofffree

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.plexnor.gravityscreenofffree

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.plexnor.gravityscreenofffree

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.plexnor.gravityscreenofffree

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.plexnor.gravityscreenofffree

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.plexnor.gravityscreenofffree

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.plexnor.gravityscreenofffree

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.plexnor.gravityscreenofffree

com.plexnor.gravityscreenofffree
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Tries to add a device administrator.
- Acquires the wake lock
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.plexnor.gravityscreenofffree/.栗잌섦
Filesize
2KB

MD5
254158aa405538310a2c7f0d2975ae82

SHA1
86ec39317aa612876d5b885079433d79de96e50a

SHA256
fa3e87d9779f860ac034182c5d70060697fdb68262fb7d345bed97d1db7ec48c

SHA512
07b17a4e93c62c365703227e9a8c0606aa922a505cc36c76ba8d4f5ef3365524bbd69eef688a6425c755841ae116cfcf0081cc6806de73a43eb498a414ee5868

Download Submit
/data/data/com.plexnor.gravityscreenofffree/.栗잌섦
Filesize
3KB

MD5
a07b3c15a2b5d6ed706fd2bb32188f30

SHA1
4af8f54f63d8bb9bb42c6887f3bc1a56c756b539

SHA256
5ad6825ac105be18ba1a6d3e85297c300b12eb225ff73d29b72b9188d7a3ab4f

SHA512
4083c9cdd9a5a1e76112c52259e97f4ac49742f368635c1a717fe4d1eaf511a37e2b74a553bd8c359340b3d8316b0cb198ba47f1406f6061140025939a80c951

Download Submit
/data/data/com.plexnor.gravityscreenofffree/.栗잌섦
Filesize
3KB

MD5
f56179025ae7eae2d729accc44f67a72

SHA1
f957cf417cee1d44b0d4d173e346bc7d83c9e815

SHA256
07c43fe3e41590bc1f31d56d943641d0c5b9ac7062b686e844a471d52b9a57c7

SHA512
86241d1f0efff602251f6bec1c5d0834fb88a62c12eab4da0b03c26438ce84d03a47fe921a83350ea9674035775c6360debb1e6bbc0b964cd192008427b56f0a

Download Submit
/data/data/com.plexnor.gravityscreenofffree/.栗잌섦
Filesize
8KB

MD5
4a6638940a09a510f37028ad22f5c078

SHA1
73586c7f70fae7486b4d7d4d97bfc75ce29b4feb

SHA256
6ec306de221298a2de39650c4970431bc34e82e8b3e7fcadf4998c9cb82dd06d

SHA512
ec83d9faa8996b2dbb57d290984bbad99dc3b9cee24452d38479d9d02105ea1dbaad3dc61aaefff72abcdab554d559d4afd8b703e2529c105fd7fb2daf73aa93

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics
Filesize
24KB

MD5
9adef10b8241abbcc8add0a7238ce63c

SHA1
b3dc87546eeacb5d963c047733b926eea08c3647

SHA256
1d2a28597e565142dbc74ab79e2a060925907fc30702d349d3afa95f3ca14dfa

SHA512
794e991025bf72595320cd2f4b48847ed5c11c93325d90edb6ba4bc240973d7e7413676ec3728e2e110550a2dcd018986544c0329aea65e3f665547fef1abf73

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics
Filesize
16KB

MD5
23a0070091c6354f582e939ba31b207f

SHA1
5af55c5a3e565867056d3db66f8939b32d3c5278

SHA256
e2d3a46b239c50e609e52852e10cc7f01770f00d10025f9c2cbc12e4b0cbcfbf

SHA512
70f32cd1d54b9942de7f4a4f7bad8bb669931d9294fa4a1b4a3277c3d81d1a0efe464beaedff9958c6d159e3096b66670279bc5bb4ebf89d96acfd6732ea7cf1

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics
Filesize
16KB

MD5
0f3c0b0db0d5a163db2a17a00f71f895

SHA1
84f4fd17ad285536b7ea48a4571557e393842c39

SHA256
0b103bab380a57421e51c2186071adee350550457c31504cf09602a4d42b4c74

SHA512
d6f4188054e10cd0d5e11ff6a0f1683cccf2e8aa7cffd28d7b77bbe73a4eb3e0496cfbb8ba95872ef87d81e2bdb1db3f0bf30219c705aa195191ae6130a6ca29

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics
Filesize
16KB

MD5
5cf835bdc9dc100bfb9d97f6c6e65825

SHA1
65f809fb7aba0e4834e90f2861e38649e81786d6

SHA256
e0912ee7d479c0c965eea24e331ce419128ee47d0e67b3eb325b128dcbfed2ab

SHA512
56aecbc5c6462c85b3c86ab847672ec1db65bdb2d64d0613b431843abbb3242d57531e45523e844c824a5cbb71597fee0fc3a483b57f8b20e04f48f4b9ad7c71

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics
Filesize
16KB

MD5
b986397df15452635ad197717e1db422

SHA1
a45ac20ba0bdbb133825946e42095cb45afedb2a

SHA256
35cc5ae05049c8bbe1fe912f0cc06744b121b1beb3458e725b8875d451ae50ae

SHA512
7b650d353744873e4bb05721e162cc759f1174580ed65ae29f2415c2b58486d6a34157ff19318695cd6a506a696c5f566503bc5a2c6e2923eddea11e59e94e26

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics
Filesize
20KB

MD5
a7882a0c512556c79f44860cdb822e30

SHA1
22a1e3c6d8e0cc6e8eda770cc78cf61a9c970df5

SHA256
df34d40e7e540ab5f30a4c445ceb78d6e4265e5df1636994e503642bc65c64f1

SHA512
dfba1a3f1c5d97b8fa3ad5f7f5d7dd331b1195ac713d6f2a697e9e639b8b8621cd4288f8464a6430d7eea55d523d3fce7f80b7bfdeca5c98b6e98bc401e8a402

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics-journal
Filesize
12KB

MD5
7f2f3acaab65ea918a4c05b82525d087

SHA1
da9f9e19d393232782bf67f60c42820f41314ad1

SHA256
51f86e3286fb61240c2497b1fc0d4ec6239d5740806643e54d5b75554383560e

SHA512
c3360d2795fc0692b66a0d4269a0ad2510a6096325587243329abc5b8e74fed5214677c671e3b256f3a644142a2aebeea5975e57acf3406749c670bb7aed3529

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics-journal
Filesize
512B

MD5
496cdd5e92e045b9dafbafd49f013db9

SHA1
f5a02dd2e7c6a9753ca5d3617cd88bfe1a5623cf

SHA256
c14453601b57393901dcdd58664b6842091447f266b3899d4ef768750d106764

SHA512
53c2087cff7bc5793f1d8b0e49dad4fcfed1e9c96e695d0e2c28b79de5e31d68da24f0db750a13ea3fe2e000e087b560e39b9328dbe9e90edad790653af8eea1

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics-journal
Filesize
8KB

MD5
db66cbe632f863ada63db9d34ab8f9e5

SHA1
5a24367a99a65a3ca50e868c42f33c3d425c92fc

SHA256
376732f4c3af47c380c765793a030b028989cbc5979c98ac54b31c2819517d88

SHA512
6ff271ea5290f19d2135687c4810ce27b0161a754e8a2a7e38796509837fcced147f162201b5a71c72b6aa8cb8cc9813daf056c08a3368be6cefab322016fc6b

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics-journal
Filesize
8KB

MD5
28a2b567b2b80954a517936234af7442

SHA1
a6ffb85a73e201be56ecb8a89fb65e9c136fe0e7

SHA256
49dc3b4de6d1266bf842983515730197970a1675fccf0ff49b71cd387820fa35

SHA512
df572938a616968482604f544a6f82b39578d268fa616fd575c0e39fc054c80d940b5b78a6435fb41a97c1f1171a367c3d6314b56220be4aca81868a1e960e61

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics-journal
Filesize
8KB

MD5
ddc83d94e1d1c6aa74c7a95209ca708e

SHA1
b041bb573f53a13a07c6f8b86e609e962cdbd26d

SHA256
67a8b12d964206a2ef4fe9429c19b2df9131b860a90fadd7a457e671eb5316d0

SHA512
564cce1d9eb0c115bc08faf9ad42412e9e3d61f82d9cc6f27a1c8870b594d14112c3792e26bd9ad5c34cc2e50578f23a7c27e4f97a86964ceb141252a5d3b4ef

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/analytics-journal
Filesize
8KB

MD5
027479c912ec478b0891346c04a8b692

SHA1
0a9f6d28511174144222e8fe52e93934e4b526fd

SHA256
f0263644401e3739d72f8bbc3cd9729d28de1e7ee135d6e37e2c0a4462412219

SHA512
865f7e962579d9455b0e3c6481eb8f9e7d2b9fba4f7774ff856febe3df107dcad8baf15e50196573b7b359d45c87278284f796ebbdc9b4f411d2cfeb7c95d43f

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/gravityScreen
Filesize
20KB

MD5
6ae000e997ab738e5cf3da677d4d2b72

SHA1
185cbfa1a4a3edf662b2701808bba68facc7e9ea

SHA256
9c13632957909bc44c61494d74be97a44310af6277ffff83b0e365b39613d3b8

SHA512
9853d3a89c42a69ceeb43dc5196ff79ed5a2ecbee2a20b32ee1a5d6caf0bb3f0b1671ceb22564429fa99e237211079496da22b77d3bfe451fa6d70570eb98042

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/gravityScreen-journal
Filesize
512B

MD5
7321e3c56e2a9fb0ba1edbcbd98d845d

SHA1
9242f9a5db36cf007a42f661ba59a07271494eed

SHA256
c15548977c7f3fa938c5d75e61d7218f81d3e00b0486e2c5ea17a0b8ae944a44

SHA512
7135f6678586004759be5d498dc3e1bf97b6bbf039c438ebc9da06adbe9272254e622f95ad9f38bce2fdb8b75bc8250018a5880e93c0a944ec1e9838eaa42a84

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/gravityScreen-journal
Filesize
8KB

MD5
9f005821dfdc5f692d7274c56c0ca291

SHA1
52c2fde8c31cf786aed3581d87c9bd5a9591d3bc

SHA256
42f185de608c1d27ad3f2331c150852bbc54a9410f86e7c585b7a782fcc64348

SHA512
fcea88d5fcf2fc718424dfe734a2512513a814bba59bd484fa24b40d6b69ef00abc91b96bdbe5f3a8bbcf7570e7c6304c1da1b57f91af97156a5f55e10983a2c

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/databases/gravityScreen-journal
Filesize
8KB

MD5
0178f75ca8e8268c19128df590fcafea

SHA1
ca134b68a9eb22d88b7626dc197aa50f09661371

SHA256
c91e47bd5c02ee3d0b6916b8a2e0a8e81be42ed1442212a120d815a41447a553

SHA512
c00f3e669d9b454259a9fcd0ef473e1ca8d90307d89b424f5b1090bc23ccc5b72da90b54c2a90a9153bb0a34aeba035fd3334bfca66ac5fb32ca378a2ee7bc70

Download Submit
/data/user/0/com.plexnor.gravityscreenofffree/files/gaClientId
Filesize
36B

MD5
a6e9f735b065047fa0c5943c76d012db

SHA1
5bb19fcd8504c9040fcd78d12935a0452ad475c3

SHA256
a42dda918b0382e0f7724fd01d3b239578d8c6590b735382f85d82af53e76482

SHA512
9509c588210a28efcd43b3149752a037bf277216cc5f4343b8df88c20662ec392f4e9a66be2bc3c61eb96650e818864d432b8f3c6937cabc80d4eae840c179c1

Download Submit