Overview

overview

8

Static

static

6

93180381ac...18.apk

android-9-x86

8

93180381ac...18.apk

android-10-x64

8

93180381ac...18.apk

android-11-x64

8

Analysis

  • max time kernel
    179s
  • max time network
    172s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240603-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
  • submitted
    04-06-2024 02:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93180381acdc9d04a9dc73535ea6fbcc_JaffaCakes118.apk

  • Size

    697KB

  • MD5

    93180381acdc9d04a9dc73535ea6fbcc

  • SHA1

    341f4cbe80014892f47d282bd145250c9ae47ba1

  • SHA256

    eed27b67213d85848905bf61a5a117253bc623686e78923aa4f87c5e5431724d

  • SHA512

    b0c2c5d1cabc397b551214a54483a5d2d7a4a7603e0badfea5d2739d48b8fd04e10df1b00dd37341843ebae240b6b86d1a924819e091fbb5ceeee19b5a939cf2

  • SSDEEP

    12288:q2lsH0pYrDA/9ybLeWDjn+NZNMjQzdvBbeiTCLi7Q5Cvvk8I9ksjGn50:TlISCD+NMjQzdQZYI9kgGn50

Score
8/10
bankercollectiondiscoveryevasionimpactprivilege_escalationstealthtrojan

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
    collection
  • Tries to add a device administrator. 2 TTPs 1 IoCs
    privilege_escalationimpact
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.hsdxlpwka.zshvfp
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Reads the contacts stored on the device.
    • Reads the content of SMS inbox messages.
    • Tries to add a device administrator.
    • Acquires the wake lock
    PID:4503

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.hsdxlpwka.zshvfp/app_dwuaubfhob/oat/tzxvzxenl.jar.cur.prof
    Filesize

    190B

    MD5

    e89bce332fad114e2c9a5aeac44cdb80

    SHA1

    8ea55f46154aae4801d27d4d6103eee13558f076

    SHA256

    0b73d316a400fdfa7eb4daf2a62d660d341e8660fbdb18dae2b7acf02500b825

    SHA512

    ec746f77a5bebb9490e2e0c3b452679d84f7ad516e86e94cf0e9b32986d6d493c146dc0ea69677d77ef1c2e9c9273fc7ff90b0b1791f3149117e96edeca2ef4e

    Download Submit
  • /data/user/0/com.hsdxlpwka.zshvfp/app_dwuaubfhob/tzxvzxenl.jar
    Filesize

    78KB

    MD5

    6d1ec70684bd943b2891bb83d6c17aa6

    SHA1

    a13d8f9e7f0327f693f3026e45608aa014661c9a

    SHA256

    0559ae0fc3dafcf2d4f4744325b782682da597c7d3628bed112f0c7344e83cfc

    SHA512

    0c853bfd54fe4f94ffaa2dce41ac92b4b28944eec50118ec56f397eff2ab0da436000ed83daca73853b1629a09babbbd21b7aaf470ae8567156a9583ae2d8028

    Download Submit
  • /data/user/0/com.hsdxlpwka.zshvfp/app_dwuaubfhob/tzxvzxenl.jar
    Filesize

    179KB

    MD5

    aec2737ee9622bb4d6cfc0707dff4d14

    SHA1

    f92828999ca098e1e58d50da8d1309dae53e8f15

    SHA256

    f62e571f4f061eda53c50f7475a8da0e6b037a2e2c14796666e0cfeec1156c28

    SHA512

    b78d80167cce29c3919c94faff158aeee036a67401a54b64c8a1486779a5e6747c662ce6d535cbc900f710281fcdd67fcfe751b6afdd4856e5605e61d0de24a5

    Download Submit