a738ab4d58c5b56868e4c2566869f0421c1ca85aa7b65ff453e42cb57cdaeb36

Analysis

max time kernel
179s
max time network
164s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
11/06/2024, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f7b17753a7948fcd9e614919c8e4cd3_JaffaCakes118.apk
Size

26.4MB
MD5

9f7b17753a7948fcd9e614919c8e4cd3
SHA1

6ed38632079904370a4f305b24bf5c16966435d4
SHA256

a738ab4d58c5b56868e4c2566869f0421c1ca85aa7b65ff453e42cb57cdaeb36
SHA512

9b476179c60f5af6b44521db95ac9f89fb506cc3b43a78322c6d3c7edace85f0d9c27a9d2f7fb687b273e87dbd82ea63433d94a9a3967972df3554821dbf7ca9
SSDEEP

786432:7vQo0SINqSJtaVzTCPgoIgrj5wiCOCa27dj4y1x:7cjNECrppLn2N4yf

Score

6^/10

discovery persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.kairosoft.android.animestudio_en:ngds

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.kairosoft.android.animestudio_en:ngds

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	net.kairosoft.android.animestudio_en:ngds

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.kairosoft.android.animestudio_en

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	net.kairosoft.android.animestudio_en

net.kairosoft.android.animestudio_en
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4265

net.kairosoft.android.animestudio_en:ngds
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4300

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/.ngdslog/net.kairosoft.android.animestudio_en/pushv2_part_one.log

Filesize
1KB

MD5
0ea1faad3d2f96cf1ab0f3cb7ce1bf8d

SHA1
264efc174958e523ddb25ee2065c127bdefd07c1

SHA256
543a94ff2ddd5f4f23218310f31086c29a7b950de6edb5ab5688ecadd230dea2

SHA512
ce555054a84d3d198c06e79b8eebc140999b858ac05360b673da7de58fc782299b2b8a1a541503615c7caf852ddcd4a45cf8a943fec9376a52908755f358482b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads