ede0f85cee4a2e3fb6b23de922055a758de78a12ba22a3e8ad1087703fd6af78

Analysis

max time kernel
9s
max time network
147s
platform
android_x64
resource
android-x64-20240603-en
resource tags

androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system
submitted
10-06-2024 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ae837da8ace09359db1c22803e159ee_JaffaCakes118.apk
Size

9.4MB
MD5

9ae837da8ace09359db1c22803e159ee
SHA1

82e6b28c767419eb27b94ae99178692f5e6e403b
SHA256

ede0f85cee4a2e3fb6b23de922055a758de78a12ba22a3e8ad1087703fd6af78
SHA512

38adae51ac08ed9e0b444d7af3e927d24d5fa4f3acb61de961e8d9a8cbdd8a7b71e7cc7d5462b44697a14c3ef3df1d423ae5387e7aeeb1dae33ee474bef79ae9
SSDEEP

196608:k4fYOOwHw8aBljU1x8CjKryuMXtiIJHRSwWDNRHRewNwU:kKJQ8aQJjKry1oIJHRS3HRe8p

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.nlm.nlmmaster

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.nlm.nlmmaster/mix.dex	5129	com.nlm.nlmmaster
/data/data/com.nlm.nlmmaster/mix.dex	5129	com.nlm.nlmmaster

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.nlm.nlmmaster

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.nlm.nlmmaster

com.nlm.nlmmaster
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5129

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.nlm.nlmmaster/app_bugly/rqd_record.eup

Filesize
356B

MD5
f4d883b0c659ea52ed7d107ed02bd580

SHA1
99abe52a5b14da53d33c5a48da095e2a3c9ca2fb

SHA256
7aed857fd960066ecac9d3d820bb2555c8a4b33f8f0f5849c3771ef72fd0d18e

SHA512
ec938b7965f79d33b82e4a90f10bc3d2acc56a9db026dd459a2613fb0b5b1f01403e01b15f921d0edc4f69c1eddb4afb086ff86ca45fb160cbc93c697980c147

Download Submit
/data/data/com.nlm.nlmmaster/app_bugly/rqd_record.eup

Filesize
1KB

MD5
2fdfe05081041895d756ff6265262de4

SHA1
d8522a0f34272e2a525d3ceaa4d83fe8c9f4a2c0

SHA256
768e71022e9fcf218abb5547d6043f8776d1cae13e538afabc43fff29909bc2f

SHA512
8c60537d6accf7b65dbbc3eb89b3aaa14fc46a385e498cbc3cd41705cb71477407c81b30bf4d48ce38d2a291996df68778860faa0298618c99948631624689cf

Download Submit
/data/data/com.nlm.nlmmaster/app_bugly/tomb_1718028059990.txt

Filesize
19KB

MD5
614c8f2dd11537bedd6919bcc57bb004

SHA1
4e0c9f8b615a944f1a8489826ac67efaf0fa232c

SHA256
8dc9c25accce2fa57469164db53e4aa1a95e16fa5a9179f3a0959abf237a7caa

SHA512
ef322e27d7238d29efc7085d7b75e459d877d32f11edca62c91563c765308b390f7ef82401f16c3dbf36eae2004a9ae7b33342411d005d5b8f4020cf06db1b1d

Download Submit
/data/data/com.nlm.nlmmaster/databases/bugly_db_legu

Filesize
60KB

MD5
c192151c8378290753e03c65a9cfd545

SHA1
35a4fa172abcb89990b401ee708bd94e5876ac87

SHA256
73bc173f5f65dd34ee842f2eff75500310159d3b608f4aa01b76edb237b0025c

SHA512
2277c7d1716dabe6036d15831979c22c862c2107649cccf5327bcb8ff56570c44f111d6378b897ee124f61f273014586368ae281199f70aab0cf6ce3bde3bd87

Download Submit
/data/data/com.nlm.nlmmaster/databases/bugly_db_legu-journal

Filesize
512B

MD5
78fce74087557718c339a912605b806d

SHA1
4f57fe5202e1df4fb5ecb96537907aa959d4fb66

SHA256
1135a5a135d5e6743e7c0f9afed1799e4418ab30103e21fb3e5b522029fb192c

SHA512
d225baf595dbb0b7097201896749b0515c88ff2245a0aaeee40f436161c12b5bd53f0e9bbb2744004d8533747af458986f6eea9e2d39251e460f055a3dd843ac

Download Submit
/data/data/com.nlm.nlmmaster/databases/bugly_db_legu-journal

Filesize
8KB

MD5
181d21daa0ae795b53d6c29c2ea26479

SHA1
15c97cb7403c5aeb08a7baa7cae42a041e072cd1

SHA256
b01e1f5fa13fcf75fe1cd4254dea869742a70c77f4bdc9585a52263b7f19409a

SHA512
5a19edcf7fa506c5e9baac0277869e9fadda095f0b5b5fe0953b1a611429aca3b5d9550d4a358a209e260b18b18f4e04a36351c02f0f6d6081dab705efce4def

Download Submit
/data/data/com.nlm.nlmmaster/databases/bugly_db_legu-journal

Filesize
8KB

MD5
d11e5f1e9ebf9215b4610087431545b3

SHA1
9b75292d43ce04a8575a4032b28f241c5b31a478

SHA256
91c4a96d56145b4da6abf394937044de140b2eb94461877674b40c5c3d02fadb

SHA512
871bd8e88ea883731a02498c696290cf9493bb7a7a1ec992d055fb87f3cbf100acbc4f382a2e4b5e0267c32427c297078fb6279ffad901a8fdf9d94cbedff6fc

Download Submit
/data/data/com.nlm.nlmmaster/databases/bugly_db_legu-journal

Filesize
8KB

MD5
be4d6cb86bd892b27fa19140652d1ded

SHA1
e6b9a6c23068bae25ffd961e0c6633a8228b9a68

SHA256
63ffe57dfcbeb02755370fdfe66f6fd7faafcaa3ce48d2dae6f1229781649847

SHA512
cbc7610526034a95b3976e733742899c98a1e39f03509fd0c966bc1e8a2f362e7b63f6ff732b024ba49a101e747006080cce5bd9eadaa77c4ce7dba787b713de

Download Submit
/data/data/com.nlm.nlmmaster/databases/bugly_db_legu-journal

Filesize
12KB

MD5
72b5e42b83d11c781353447a4c7ed405

SHA1
2e29468b18c53e49215a3430eff4357d43d00687

SHA256
172eae44f218458cedd01c4cdf52a4ce3800d32a0a5bd8ea1cab7e5f9ca1cd11

SHA512
ae0a6251e30e34262e637f6757da9204b8a15c19993a2bcb25a9aabe3aa2c7bb28c62d72d1f5b8575bcedb92cae38ecd9ea71a10f6658925806132efa7ba7f5f

Download Submit
/data/data/com.nlm.nlmmaster/databases/bugly_db_legu-journal

Filesize
12KB

MD5
ad0a94dac4d6a00b9aa1f12f581c04d2

SHA1
bcfa129c27083156387bd1c5e666872c416b7ea7

SHA256
f0d9d7329191d5bd89a27d59194980d7a664f942777dcc155190c197dbdb4073

SHA512
c0d109a53d32013781f7e5103b243ada2440b2c759b22a8ae7b1ecef761f25eae5d35b114b9f8dc6676d223b205883ab22cd6ca4ad80c5ba386605423489dab7

Download Submit
/data/data/com.nlm.nlmmaster/mix.dex

Filesize
292B

MD5
63f77f99bd2c2b772a479923bde11974

SHA1
c7632e7d301e4463fafce85f84e9c3d7da3fdbbe

SHA256
4c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615

SHA512
3aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads