dc88eced4277dfe7504f55af81a611cdbd14192be43cfc44db7e7dff3530bb54

Analysis

max time kernel
37s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
01/06/2024, 11:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8a50575df22c9b0b836bc82ce18528ad_JaffaCakes118.apk
Size

554KB
MD5

8a50575df22c9b0b836bc82ce18528ad
SHA1

a76e70aa0a46b482c11bad014478e9b16b2f4284
SHA256

dc88eced4277dfe7504f55af81a611cdbd14192be43cfc44db7e7dff3530bb54
SHA512

ed5b0037c6830efd0a1dbd6f6cb2128b18f9c7489a821ca4979816bf95a574a0f314be91659aacb65a67d79ee95b14464932109a39b29e22efa56e3018ca3d0a
SSDEEP

12288:2cd5ZUOBSBGDYK6/MO614kukdq8YdaQ+XSU2BsQLU8mdLuSKs/M9yiB:vxnSQj6m1Z44POsUUjnML

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	/system/bin/cat /proc/cpuinfo

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	/system/bin/cat /proc/meminfo

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.idiom.russian

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.idiom.russian

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.idiom.russian

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.idiom.russian
1⤵
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Checks if the internet connection is available
PID:4330
- /system/bin/cat /proc/cpuinfo
  2⤵
  - Checks CPU information
  PID:4376
- /system/bin/cat /proc/meminfo
  2⤵
  - Checks memory information
  PID:4397

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.idiom.russian/dictionary/idiom_russian.db

Filesize
116KB

MD5
ce186d6dc30428025b9938e5f7c3c1f3

SHA1
f1786b1913b267b361e32a14315881c9118bea7c

SHA256
1c9f5280ee167b1df8c2b07e2f66530c06d717018a5f487579b69e420d71c13a

SHA512
a1ccbf11840608519331a434feac5f7a3788f81bdebd8af07f73956ac1290c96f7dbb3bcb5d38996be76240ec33b18a9de5ba68483af9d7011def744de217f13

Download Submit
/data/data/com.idiom.russian/dictionary/idiom_russian.db-journal

Filesize
1KB

MD5
5a5d64b07ba0a9ab5c7dc0720f782e42

SHA1
83806c15818693d2e4661b57b8f2edd5470c08ec

SHA256
aefd6af8fe05b86ff3192429c1fb00f36568ba07f8b68a40d7ec3772fb4a74d4

SHA512
0938448259539ea25d7fa05858801389ff80d970a87fc444eab33713b59efb14bcc77b16b60c66c7f90e23f58abd1c634836da16c1d0402adf46400fd417cdf2

Download Submit
/data/data/com.idiom.russian/dictionary/idiom_russian.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.idiom.russian/dictionary/idiom_russian.db-wal

Filesize
6KB

MD5
2bad755a830a1b38281f75e9f21aa104

SHA1
602aa0744ddcb81c129135e00155e6a316774f14

SHA256
22e2fa2b8ab8f97fc7286dae50f64ae21d43c27e77d71db14a504d6ea3095f67

SHA512
4b01fb32875c7f2c9209afa60ea214d800c6b1443425764db19b5f11e9d53204a3de7d4bbe7cff3f7ca04bcf2d5de303cd251016a2cfc6f510a3067c19c32c82

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads