a81233ada65412d9800f95c21b2ffaadb8d51781c8dea9e63c7a4d8413003985

Analysis

max time kernel
87s
max time network
177s
platform
android_x64
resource
android-x64-arm64-20240611-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611-enlocale:en-usos:android-11-x64system
submitted
11-06-2024 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ed620e2c9c7eff79a4cd0682e66c000_JaffaCakes118.apk
Size

6.8MB
MD5

9ed620e2c9c7eff79a4cd0682e66c000
SHA1

9664d1083dd5bc5e7d22e2811f61e4357c7a3a91
SHA256

a81233ada65412d9800f95c21b2ffaadb8d51781c8dea9e63c7a4d8413003985
SHA512

309040ad454c0e7040580c6643e51fb5b761a6dd0976a2b9e65a3e3176a4d993f9e34ab64c7499f100ee42ea686c5d44cac9cd38f268f032a8c1b3e221e49070
SSDEEP

98304:RTJxbcOsJbue0+/gknVmbOMZHzi8gsBwOYdts+D2M0/7t1y:RdxbPsgkdx8g3FDHIt1y

Score

8^/10

banker collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.android.vending.billing.InAppBillingService.COIN

ioc process

/system/bin/su com.android.vending.billing.InAppBillingService.COIN

ioc	process
/system/bin/su	com.android.vending.billing.InAppBillingService.COIN

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

T1414

T1641.001

Processes:

com.android.vending.billing.InAppBillingService.COIN

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.android.vending.billing.InAppBillingService.COIN

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.android.vending.billing.InAppBillingService.COIN

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.android.vending.billing.InAppBillingService.COIN

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.android.vending.billing.InAppBillingService.COIN

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

T1430

T1627.001

Processes:

com.android.vending.billing.InAppBillingService.COIN

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.android.vending.billing.InAppBillingService.COIN
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.android.vending.billing.InAppBillingService.COIN

Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs

Web Service

T1102

Processes:

flow	ioc
17	sites.google.com
20	sites.google.com
29	sites.google.com
16	sites.google.com
18	sites.google.com
28	sites.google.com
19	sites.google.com
21	sites.google.com
22	sites.google.com
48	sites.google.com
51	sites.google.com
37	sites.google.com
43	sites.google.com

Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.android.vending.billing.InAppBillingService.COIN

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.android.vending.billing.InAppBillingService.COIN
Reads information about phone network operator. 1 TTPs
discovery

T1422
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.android.vending.billing.InAppBillingService.COIN

description ioc process

File opened for read /proc/meminfo com.android.vending.billing.InAppBillingService.COIN

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.android.vending.billing.InAppBillingService.COIN

description	ioc	process
File opened for read	/proc/meminfo	com.android.vending.billing.InAppBillingService.COIN

com.android.vending.billing.InAppBillingService.COIN
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Checks memory information
PID:4571

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.android.vending.billing.InAppBillingService.COIN/lp/lp_utils
Filesize
113B

MD5
d806ad8bf2d114c3c2a929777a1586e2

SHA1
282d137a000ddb7275c1b70eed49c555d01efb24

SHA256
716fb9b508fca7565f530bf1577ceff1122248a7df9d3a11e2220a45ed77f587

SHA512
5cf3f28a99b35089ea0a98381694212854c29090078cf4afd1e404b0975acceccd1ea1ddfa926005a6b0ec9979e4f0e5683baa75ac209deefe7fcce5cf758003

Download Submit
/data/data/com.android.vending.billing.InAppBillingService.COIN/lp/xposed
Filesize
89B

MD5
b668e60ffaeb51e47b00e302b2a19209

SHA1
50e94e34b64cd625230724c17cc4bae9d26b7aab

SHA256
b024e9b44b18afcd7e405bf94a542019c4b6ca3c048a6a4f7d72247ef3bb4c02

SHA512
f4c6a60ecb2b32abd7120b109f3ece20900f692cf5f4cfd68ac4b406a6ee81b03fe61b594490ed144ad9e323f64e7cdb005f1b446a1cec5566e129d5272ef3f0

Download Submit
/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB
Filesize
652KB

MD5
64057b4e9f4b3ca8009a0e6c52054c62

SHA1
e6685e9e781502e9e61f6cae0a40a21f9dc9da94

SHA256
d47a8ea5e6278b9819279b007e97710ccbb6e329c9bb0ad52bb631dc3b1f5bd3

SHA512
91d7412bcf14c690b73255989fc549f836ccdf8b83116dfe412b167d3f9307a5bd3d6a0353e4c95fb4c5493b02278889eeb7ae230b0a57956a2bd5b74ae80045

Download Submit
/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal
Filesize
16KB

MD5
8760e4a665acce95a1179a54758dd270

SHA1
020b4d6b3ddbc0e2483a7e20f68ab99855564659

SHA256
19c4a49c9a80517b5f9e7ef6a391ba7c1eee7d5e0a5123637183f9f0679c9ee7

SHA512
7acbf9afaba55ffc659f29f68ec250fd7e9849b09aec69df2159e680060234576c726761c5d4e0555b032243bbb46a5e69c03cf657c2a9ee1fbdefdab2b4bede

Download Submit
/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal
Filesize
28KB

MD5
78e40999d55ea73cac851f1d455a91ff

SHA1
24de15d9b3b07a0f4b72b5afcb737a25631357e7

SHA256
46329f2f84f51147ba41c707021036f4eb69395e3c6d3575849819ca3d581a75

SHA512
e93293679a05bf5e97c6fc3904baac4109fe27903df3ab35d3d209587686f4ddf442217f1ca4683a8e93a2fc9dbc22edc5600f96c1f22182db03e3b547ca1049

Download Submit
/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal
Filesize
512B

MD5
018fa8d377de706ed080ccda17077b1b

SHA1
708912d160baf654ddedbe97b696694fdd787586

SHA256
9cfaac6e53911251768f77725e493ece8c1096445d1f777e0766bcf868f98e8f

SHA512
ace4c80d6a0d9de3129af857e04c3c616794780896aa928d98bd1888c337e8301b55689c87ec58b4a6cd4874b2264c992c025683a72c4c70f3e0a81c65c14168

Download Submit
/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal
Filesize
8KB

MD5
4647422464371647d5cdafa3e1080be1

SHA1
89af2c83244457838ad4971f15a77389d5c4aad5

SHA256
dbf270be49193967b765c5170824ddb8e7aa204d1a30c14867262e3b1d57acbb

SHA512
aef71fd6da99f4c61e460f5e292dfa71bc59cc67686a9c0be6313f74f3b4a77848a321d5f0df097363f09e503d00070cc1a7210eada7ecc503904c33ebc19443

Download Submit
/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal
Filesize
8KB

MD5
01e5c7e5d32218adcd8ca414e06f6913

SHA1
e1897bbf1c9e02766cfdb737434065df415f70d0

SHA256
990ef37a6e2d6abc801bf1b3f0935845df311019fbea1f5c4c04a8e35a3e283c

SHA512
f2a677174af40d41779569839f9a965eb9b64104a0af3fddea520f6c39a6879f7373e824c08823893b8dede5732b4bbdba2a3065571837d841676eaa0f921835

Download Submit
/data/user/0/com.android.vending.billing.InAppBillingService.COIN/databases/PackagesDB-journal
Filesize
12KB

MD5
fe0bc615e6a16ce95d34bba2dcc7b201

SHA1
6ebd106a2269adbb2cd6bb9996f16b3aa830fbb8

SHA256
2cee9652eeda4a7a323965bcd224fd082a5239291cd659ddaa1e072c680de962

SHA512
c9310f53387a26847ac75929c978959453fc2a63de56803c301156b17ec431169ffca615bb8d7931395cc2220c77387ca6033c484878c29dc1048b11debfa92c

Download Submit
/data/user/0/com.android.vending.billing.InAppBillingService.COIN/files/shared_prefs_sdk_ad_prefs
Filesize
181B

MD5
5f1a61cd768d1d0d2ba1f41af39ed1d6

SHA1
e9efaab032c07d485ba10b77448eb05eafb5a8ce

SHA256
323711ea097e99a032b55fd7c52e319f64c28762778f63760046ba3f368bc082

SHA512
2a89c90459c010d2e0a943bc5fd085d0472d9c167e827dc7d25843b66a88e284330827767c4978a96ac3c763fa18242bb225590973fe0ca2fd321d28b04e4d12

Download Submit
/storage/emulated/0/Android/data/com.android.vending.billing.InAppBillingService.COIN/files/LuckyPatcher/AdsBlockList.txt (deleted)
Filesize
1KB

MD5
50dcd85ef074fb8121f155bc19b3c7f6

SHA1
c45c2b45cf49fabbeb7d3f12328e57d531a75f37

SHA256
02d3782e856f4d3bbacc764cfcd1fd4b9d50492b5ef93f24e8811a6a494df48d

SHA512
118c0f05b6342b52c0671cc1ba52f6df977a39835cd03f5e6d2a015a572a11c3f7eebd23a9c0a209497631296d07250416c28b9b21f91448d2970efc010a4dee

Download Submit
/storage/emulated/0/Android/data/com.android.vending.billing.InAppBillingService.COIN/files/LuckyPatcher/AdsBlockList_user_edit.txt (deleted)
Filesize
29B

MD5
302f7b6d9a4ffeccdda9ef94184c8326

SHA1
d4038ca0629f57b7e5c4056e74a395e5598aa16a

SHA256
5b36134b695f0a9a32f570b08cc3ef74e0687a0d2aa228853bc0346f77bffebe

SHA512
299fda4936acf6479e22f9166d545976d5d99ba6fe7a5b7298cb336cf730eb7790524e4569fe64bc03c598c7e4117f163ddffc2e2889439f709c4d80ff665039

Download Submit
/storage/emulated/0/Android/data/com.android.vending.billing.InAppBillingService.COIN/files/LuckyPatcher/Changes/changelog.txt
Filesize
40KB

MD5
b0908140975d51549d437a7712975674

SHA1
297d9d15014ea8ba5c173466eed55ebbf3cf39dc

SHA256
0cdd78e3c4b482e79d857811e7108ed2b447bf4f9daa892ed1afb566af88ec12

SHA512
fe6465aa08225d92db7a12b331c7b36faf2abfe48c1ffbca22d4035179e149f492d6c801af7f78e7ff31ad99bd5e2a2260e62070cf415db35bf83f3968d95b97

Download Submit