1302973d5142b89e212e177aeec161e384aa3262a2c2d7c2af8c9274f92e9bde

Analysis

max time kernel
76s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
12-06-2024 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9feb2c1ef3bbd3146e1953e2f1ca22a3_JaffaCakes118.apk
Size

791KB
MD5

9feb2c1ef3bbd3146e1953e2f1ca22a3
SHA1

519b62943ce2bb41c6c417731db0ab2d53699c00
SHA256

1302973d5142b89e212e177aeec161e384aa3262a2c2d7c2af8c9274f92e9bde
SHA512

5dedf6332269db31719695364cbe4dfa21d4201a9eb6f6af9b0a8a4b28ba87cac5e82c51f939034dd1f0230de5c94f3f4481d867cccc69af1b4c5911c1e2a3d8
SSDEEP

12288:b1/GTSV6NGB5MND8JU3S96LRgh/jvtootsA5tpL767u5uat68vAK3twIxhOoHVEk:15sGBGuyi9jrV9sSt176yHo8htQ+5

Score

7^/10

collection discovery evasion persistence

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
evasion

T1633.001

Processes:

com.ishow.dwjtd51

description ioc process

Accessed system property key: ro.product.device com.ishow.dwjtd51
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.ishow.dwjtd51

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ishow.dwjtd51
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.ishow.dwjtd51

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ishow.dwjtd51
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.ishow.dwjtd51

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.ishow.dwjtd51
Reads information about phone network operator. 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.ishow.dwjtd51

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.ishow.dwjtd51
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.ishow.dwjtd51

description ioc process

File opened for read /proc/cpuinfo com.ishow.dwjtd51
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.ishow.dwjtd51

description ioc process

File opened for read /proc/meminfo com.ishow.dwjtd51

description	ioc	process
Accessed system property	key: ro.product.device	com.ishow.dwjtd51

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.ishow.dwjtd51

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ishow.dwjtd51

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ishow.dwjtd51

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ishow.dwjtd51

description	ioc	process
File opened for read	/proc/cpuinfo	com.ishow.dwjtd51

description	ioc	process
File opened for read	/proc/meminfo	com.ishow.dwjtd51

com.ishow.dwjtd51
1⤵
- Checks Android system properties for emulator presence.
- Requests cell location
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4233

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads