Analysis

  • max time kernel
    107s
  • max time network
    139s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240603-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
  • submitted
    10-06-2024 07:46

General

  • Target

    9a6e7473d3ea60ac7587580675aab6fc_JaffaCakes118.apk

  • Size

    13.5MB

  • MD5

    9a6e7473d3ea60ac7587580675aab6fc

  • SHA1

    19e49e8858f27050777ffccdbfb1470e1f8a791b

  • SHA256

    770830abbfacbc0763adaa6dbb80a32c8db62a97adbbf002f9be020f613e4da7

  • SHA512

    bd7b79cbe0e50a65c51ba3a451e2da71868671607b89f6f419f1352081a63b5e85fe3128f9e5b324b6790a4348f4af28e5aa6092a5490e32138f43de46c77aa5

  • SSDEEP

    393216:EuaI8d3LRtq+nZq1q5b0g7HVXPrVZPolLMATbv+w1z6xVUWR18L7X:E5dbjq+cARL79PrbPuLMAvF6xO5LL

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.mcmlmpnimlmemmna.lei
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4561

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.mcmlmpnimlmemmna.lei/files/AdDex.3.2.0.dex
    Filesize

    250KB

    MD5

    c5e1dd0a8096e3883a437597fa0b3713

    SHA1

    d24a7d387943916a37c8d613e3e5502aa053efdc

    SHA256

    a717d86d76a8bb7fa0eb718bbdd5fd176a80ee7571c65ff999ef72f11d1adb8e

    SHA512

    fb3cdb82eaec7f8f76b6e8b4d48df43efc8448771bc9419eb19ffdfea075f029bbc33dce2706ce042aaf2d698a29e77e1899cb8b6c60d96528a1fb1bdfcc86e2

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    111B

    MD5

    1aa8bf20b06e2020afeb21601e8b6092

    SHA1

    38ef6667d6ac125b0c7fe3b364ee21f3e0b4121b

    SHA256

    981287be46bb5ee46a7111bec973e719dd7d44b96e1c85ea76f69fa9431503f0

    SHA512

    d7406fea631de71997c0eed332b521df63299aa8eb7f106df096f2b31a51706bba01d315e5da846ed3c4ae2e9506b07dd71d15faf8d0518eb9e06809b075bde2

  • /storage/emulated/0/.DataStorage/ContextData.xml
    Filesize

    213B

    MD5

    466d6b08f4241f021948c02715c1db59

    SHA1

    74ecc826e3b6706f5c3bffac4f3a86d44b26fb1e

    SHA256

    317d7cee5bc2b864b8e58c07e8123847009e4ca262b888d14536d832d74b3556

    SHA512

    5bedaba0689b446764e96e7077c1119ebc9c52145f6d18785604b5375f8b75b3de57bc51229f813d86a4b5122126fa5586294f4dc8f7851c2b07081206f74b2d

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    111B

    MD5

    fb3a04aec717dad4f41fbe862c301b96

    SHA1

    5998b047b670b9fea29532a19cf55c1e1fade606

    SHA256

    1a8ae4b662bd2210cbd38a4d02cc90904f3ca78c7c146cbdc9515ff0a96aad80

    SHA512

    2e14f2992c321aebf34f5e5cc15ea5b9713d69d4be5566e7bf361501b9a8601eb236c6c0702b328022484cff5ad62eb1efb31988e602218d98c6ed65fcefb121

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
    Filesize

    167B

    MD5

    3a0a7347b2aa7caea75a5668dd99e469

    SHA1

    5eabf335df3616688ba8529e5507b207ea9ad147

    SHA256

    03fdba8d55db740d75e908da76d1cd5c50ffa6a65134d7f855c2ef29ddd816fd

    SHA512

    5ee5830f65fa9ecb1e427ef99a9468613bd2abfc165b8d9527059a7ebe10f3eafbdef1d350d9d7688eb481f2033aad8c367a1ac1a78d4f50b6ad5ff21ed20621