Analysis

  • max time kernel
    24s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    10-06-2024 07:46

General

  • Target

    9a6e7473d3ea60ac7587580675aab6fc_JaffaCakes118.apk

  • Size

    13.5MB

  • MD5

    9a6e7473d3ea60ac7587580675aab6fc

  • SHA1

    19e49e8858f27050777ffccdbfb1470e1f8a791b

  • SHA256

    770830abbfacbc0763adaa6dbb80a32c8db62a97adbbf002f9be020f613e4da7

  • SHA512

    bd7b79cbe0e50a65c51ba3a451e2da71868671607b89f6f419f1352081a63b5e85fe3128f9e5b324b6790a4348f4af28e5aa6092a5490e32138f43de46c77aa5

  • SSDEEP

    393216:EuaI8d3LRtq+nZq1q5b0g7HVXPrVZPolLMATbv+w1z6xVUWR18L7X:E5dbjq+cARL79PrbPuLMAvF6xO5LL

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.mcmlmpnimlmemmna.lei
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4274

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.mcmlmpnimlmemmna.lei/files/AdDex.3.2.0.dex
    Filesize

    250KB

    MD5

    c5e1dd0a8096e3883a437597fa0b3713

    SHA1

    d24a7d387943916a37c8d613e3e5502aa053efdc

    SHA256

    a717d86d76a8bb7fa0eb718bbdd5fd176a80ee7571c65ff999ef72f11d1adb8e

    SHA512

    fb3cdb82eaec7f8f76b6e8b4d48df43efc8448771bc9419eb19ffdfea075f029bbc33dce2706ce042aaf2d698a29e77e1899cb8b6c60d96528a1fb1bdfcc86e2