Analysis
-
max time kernel
179s -
max time network
183s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
-
submitted
01-06-2024 16:29
General
-
Target
8b0c89faf2b07b6ba36f7a81b7c79bbc_JaffaCakes118.apk
-
Size
989KB
-
MD5
8b0c89faf2b07b6ba36f7a81b7c79bbc
-
SHA1
c3e4aab40dc6fa16c1246dee2ac79009a5243c6f
-
SHA256
51d55e7e57b18fe8f4bd5f2b30566063b634c7f9b1efbee083407e29ec6446c3
-
SHA512
6c69c2e9eba47c1e2ab5091a7fb5be2cdc2a8a33d87b36ff4c07ba200ad358844e4d6157757231f88e724b7925c4c8565ae72f91a46f513819e6be0ef7b296e5
-
SSDEEP
24576:MLApizZWrqvgb3NwBifWu8GLjCMazxxgUHdRC69:8PZOiGGif7BjCvxDRCm
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.vaukcxeuyx.lvfzcrplmxu1⤵
- Removes its main activity from the application launcher
- Requests cell location
- Checks CPU information
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.vaukcxeuyx.lvfzcrplmxu/app_wybrolv/dtkfskytdr.jarFilesize
344KB
MD598edb99186a9ad3e4f164e35118a85d0
SHA14cbb0a10d6aea00b7bcc588460348f24793f8d4c
SHA2566a568079d8281fc451e377c6f37a1f7e5f1d98acfe3918603addada434f1b3c0
SHA512a63c4e43a8fce749d9fc7d4252790c78335069b533696ad67afa1541b32206c7117a35acaddb664960a42450d24ac7fb4902d8eb8731651e01279fea8ee4e990
-
/data/data/com.vaukcxeuyx.lvfzcrplmxu/app_wybrolv/oat/dtkfskytdr.jar.cur.profFilesize
1KB
MD5bac636140998ad2e895c7eb83a3472d1
SHA14830efc3e7bcbefc6ed4dbe547a0520703126e29
SHA256c909f7a9b7f8e82c69f95062976892e11c51760f4899fc424bba4355a0cdcef8
SHA5129b5111d5d6ea61d03c657ee3e1dda9ded0ed711b19a6aae637e949ec2d6b795c0c6c0884c464e35a41b3e25f9bba5515e3c45e0c0157408440d8fd461ae42104
-
/data/user/0/com.vaukcxeuyx.lvfzcrplmxu/app_wybrolv/dtkfskytdr.jarFilesize
829KB
MD5c95df19d6d33737c16036c9780c884eb
SHA11d12570e83369d36eff19a17348197b67a41b30f
SHA2565a442bd439821f13ab9a7d5dc6b6b5c85080d367cd6bd4266ffc9c826eec851d
SHA512de70b8aa435cf97e2f93b9ebf613b8ba1f7020257adc735a6601c040a2b433ec2b4bbaa72c42da5913528d9888714a9576b53bce08c833369fa69032cecd1ef3