Overview

overview

8

Static

static

6

a020523ae4...18.apk

android-9-x86

8

a020523ae4...18.apk

android-11-x64

8

Analysis

  • max time kernel
    114s
  • max time network
    189s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    12-06-2024 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a020523ae458c0c098016f13eb4faaa1_JaffaCakes118.apk

  • Size

    14.4MB

  • MD5

    a020523ae458c0c098016f13eb4faaa1

  • SHA1

    3fa7fd81982444a8c139b5e927c22e0b05861af8

  • SHA256

    368087f68c00f498702217b0b45f8c33515eac375aec671f7a1e54b658308f8b

  • SHA512

    6c40dae943620028bcd8cc70575f710335637b7805112d9abfa5a5c30fc72ae73bb63a1e282628059ed6c5fec1f2a2c6f0ada5b8fa24bbfcdb69515171c7eb0e

  • SSDEEP

    393216:2GqcVaXLDOtKaClkuIpiw3x2KcFFMsUz+yF6:0SaPSKaCVIp7l0FP

Score
8/10
bankercollectioncredential_accessdiscoveryevasionimpact

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
    evasion
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.msapps.ftdgdx
    1⤵
    • Checks if the Android device is rooted.
    • Obtains sensitive information copied to the device clipboard
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4414

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.msapps.ftdgdx/databases/vungle
    Filesize

    76KB

    MD5

    a464856525ce2164b35dc07a50f2a94b

    SHA1

    81645f1eed3e463a3661996d653018aa326b3a4c

    SHA256

    e32376e11a44c8ffde9b6b2fb67f8ed2f83b761432b5844e1dfc571e6aa29274

    SHA512

    3362aca93c08db70118857fbee9899cf46b2089c5e306cbef9dd5862b79249e8662b34a4392d33bceeefbc7d02d27cc7a9c211e35090f303aaabad70b368a935

    Download Submit
  • /data/user/0/com.msapps.ftdgdx/databases/vungle-journal
    Filesize

    512B

    MD5

    01e0e89d0e7afa9a2973e3dcdcb03617

    SHA1

    ffd33c8712c6f33e44ce6c4ea2ca47dcb29ae411

    SHA256

    4781a44188ccc9b6bfb81bb0a22d3b37b9908e573e0e163b7ac46cd5004a44bf

    SHA512

    fe5cf9f97fb13e7f4e7d6fbe681b35bbf20262bb206d1d288d1fdcd28b8e4275a49a1ceb98f20fb0385c4e2d6c9de6a17951a9cccada18d055bdfda5f4aaf2a8

    Download Submit
  • /data/user/0/com.msapps.ftdgdx/databases/vungle-journal
    Filesize

    8KB

    MD5

    33e0f7732d3d6dba6ac42c5413e6988f

    SHA1

    9c3552fc304439fb482ebbebc352c6a0dca3f732

    SHA256

    1deec67a094fef0a8bca64a70d02b7d0f23071befc790aef7d07b342f85021ca

    SHA512

    ce07f73b41e18c89beb49234395123dbb26d0ef51fc09f8cf272080b00cd27d849eee011271a834d1049ec3fa3a5a2e280298a1eaa534e3307a07d6b79fc0f7c

    Download Submit
  • /data/user/0/com.msapps.ftdgdx/databases/vungle-journal
    Filesize

    8KB

    MD5

    c765bb40255942dfb78485580138abcb

    SHA1

    0a006715c8efd3ba68818ee188a9520df9f07101

    SHA256

    6a37a6ea1074d44fe80bdbb1d54a26553eae490ca45f36312cec478d2e3cbfc0

    SHA512

    3a00edaf1cb3eb0485d933d4db468acb51ac9e503df6e525394301f28094aabae7cdca78eb9b99ce574dbe699d8cacd251dc34f3b83578b20f857aa560b47da8

    Download Submit
  • /data/user/0/com.msapps.ftdgdx/files/.YFlurrySenderIndex.info.AnalyticsData_62GSSXFVDSWXMBV73XWK_182
    Filesize

    88B

    MD5

    41261770dc5e554ed45025877f539ccd

    SHA1

    8aeb52a47aaaa55a35902746ee6876a665368c56

    SHA256

    2ac2890d732560f9514d32bebea44eb2ac01c9d6c3ecd215f209b05c07617386

    SHA512

    86d88f06926c9bf08f2ba8bc8d727249e58a4c142460363d149c514bccb668a002e185cab6cdccb73a917ef510d4ff77cb2381f0d0a1117676f19e7ef05b4698

    Download Submit
  • /data/user/0/com.msapps.ftdgdx/files/.YFlurrySenderIndex.info.AnalyticsMain
    Filesize

    72B

    MD5

    dd1a8e84a33f52267be5afba0225272f

    SHA1

    422a6cb5aa8e5205d776d502d6b71376cceec2e7

    SHA256

    3674c1ebb896af3fc00aa5392bd76d66c6e31b5c942acf4e84f8ca72dc4f271a

    SHA512

    0192f79c9b3730700f84cce0d0579e1d15d1a640eacc3b5b93f95833a86c3cdaa736fb70d42f41a7aa05018579975ca8b8f45779205abff67a9eed3a35d89879

    Download Submit
  • /data/user/0/com.msapps.ftdgdx/files/.flurryagent.611b5edc
    Filesize

    58B

    MD5

    4d42524426cbbd40960a13d36a8ace1a

    SHA1

    523e39ad429f9e7440e1d08f23d72b01bb6b9d1d

    SHA256

    43b6e8f1d6c920d4ee6d945fae705fd5e938484207c8b2ab0b0dfb57f22748f0

    SHA512

    eb2ded43f2999c570fda693cf6ff36e8d5bf8a903ba86630e2bd60590f9a4ea3d98340672326f8126b01f3fb32bd1dab1148851fedd13afd568cd8334c1d4c48

    Download Submit
  • /data/user/0/com.msapps.ftdgdx/files/.yflurrydatasenderblock.7104b9fb-14dc-4dd6-b4a3-31a178cbefea
    Filesize

    305B

    MD5

    78af77bbffb97430a661446b29120b98

    SHA1

    f3821ed3a9618c22ba38a2b04b909fa9a1581ce3

    SHA256

    7023b48d906cc66699ddbf451c6ab16c1d48cb96cab58e88e4692691b10e99d3

    SHA512

    7e8f958ca237d841969025c946ff8efaa1fd996a9100c11529f6d0e9bc3fd3f0d9be0ae90b475d79ac34aab8feecca3cbc24ecbb8f9688907514386756201c1b

    Download Submit
  • /storage/emulated/0/.chartboost/.adId
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

    Download Submit