2e9b09f15e141f72f5562e5a163f7f6e7d7889d35bab6e041c49a34c8171124f

Analysis

max time kernel
154s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
12-06-2024 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a064cd29978962f9786f5090e37dd793_JaffaCakes118.apk
Size

3.0MB
MD5

a064cd29978962f9786f5090e37dd793
SHA1

edc33669c35ef3cb81c3aaf6a18a6db2e5815e94
SHA256

2e9b09f15e141f72f5562e5a163f7f6e7d7889d35bab6e041c49a34c8171124f
SHA512

8baef3df33636b5c094db8895bb7ceb3e6de95fac9d8a5fdc47d413dde70150595eb4131255136260b8154c62e3a0c209a6de814dd395a6c455f0cd2ffafa3fb
SSDEEP

98304:b/IXp73lyCxvEyibGb9u9MIzpWR3QTAM+eD:+3ly0ErGboUR3QkM+eD

Score

8^/10

banker collection credential_access discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

app.android.ninestore

ioc process

/system/bin/su app.android.ninestore

ioc	process
/system/bin/su	app.android.ninestore

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

T1516

T1513

T1417.001

T1417.002

Processes:

app.android.ninestore

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	app.android.ninestore

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Acquires the wake lock 1 IoCs

Processes:

app.android.ninestore

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock app.android.ninestore
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

app.android.ninestore

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo app.android.ninestore
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

app.android.ninestore

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo app.android.ninestore
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

app.android.ninestore

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone app.android.ninestore
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

app.android.ninestore

description ioc process

Framework service call android.app.IActivityManager.registerReceiver app.android.ninestore
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

app.android.ninestore

description ioc process

File opened for read /proc/meminfo app.android.ninestore

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.android.ninestore

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.android.ninestore

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	app.android.ninestore

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	app.android.ninestore

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	app.android.ninestore

description	ioc	process
File opened for read	/proc/meminfo	app.android.ninestore

app.android.ninestore
1⤵
- Checks if the Android device is rooted.
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4235

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.android.ninestore/app_SGLib/libsgmainso-6.1.33.so.tmp
Filesize
539KB

MD5
2dc5010fa1ef6c3d6050bfd150ca36e0

SHA1
7958d89b5b491d1f9c14175b5cb14329322d163b

SHA256
7905cb71cf014fe9b8d220cd134f47ac27c51bcf1e6523355b590d77c1e4f15c

SHA512
7ec2f6c3df0020ff254b3723aad655c12b649ccb98bcfaa97c2e8fb4200856815e87437c2daf89f2b657bb5798f5012a200443b36e198bbd622921a7e5f8a6f3

Download Submit
/data/data/app.android.ninestore/app_wa/wa/sv/11gpsdfe_1718189527945004235.wa
Filesize
1KB

MD5
a3f93289daccec51f814d5a7c86132df

SHA1
108294827a7b87e18fcc9be47aba7b5b249e4c72

SHA256
2589432ae38b88c631b12be6ca86b2359beb4da1f4e51e9c84d4279d91705b87

SHA512
22e0df856f593932f945c4b421e729902e64858319486eb60f53fe0eef8452889ef809bcb0c44bc61637e0486623be335a46f542db6ea2de8682e584f2d8d7a1

Download Submit
/data/data/app.android.ninestore/cache/httpCache/journal.tmp
Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/app.android.ninestore/crashsdk/tags/unique
Filesize
36B

MD5
f6e472b87cf5d62690eb687157485cd6

SHA1
6f06d47a5a9d1259e54e14a8e6de8d9694bd1fb1

SHA256
3f32f7dd6ff28c134efe0ec041408bddeead294ed7e6c11f848cb018a94da890

SHA512
f9ce8ba53c2fdc783b6881e0fcd08c1cae59fa83e24dfde833c81d93d0bdecf2faf7216e4f61fa0e43711be040d09bd2ef9510d4f26d2bf4574cb6ae0aa5fbb0

Download Submit
/data/data/app.android.ninestore/databases/WaSession.db-journal
Filesize
512B

MD5
51c2f6d132d171525de937dce4617a48

SHA1
38365e6a96e861f6aa0d3d54ce9615ec6fe10fb8

SHA256
f03f62f2e33d39dcf6db502cccf65f2274236a1de36362fe1f4dd7a17cc0e3dd

SHA512
b2e07a4b49ce42ecf1db9c6cd496c1b32c83857c2167b66951a6f4b893132b23559be9efe54eed93ba6c53e9d46510262ae2ad96abc47d3b1427b67d83c0fff4

Download Submit
/data/data/app.android.ninestore/databases/WaSession.db-wal
Filesize
36KB

MD5
6fc963bf7add9546e6a4b5bb79ce646c

SHA1
14429de0fbfc52f15d4a2e05861ff1cd48670f69

SHA256
898575621b7c813e434fdbb240f35cb6d67b7218ff7eb2f0a29c937e49712734

SHA512
2a0663b6533692dbe966002037d711bd699ed593bc25b03022ada179e96323039c1f1d1637e97d9e13436e9ce403bd82262fb21af539e75d0856a955dfd8e7a3

Download Submit
/data/data/app.android.ninestore/databases/WaValue.db-journal
Filesize
512B

MD5
d19592a52c5db09f94b9a8b6795868b5

SHA1
f885b49c38ac22247a11c69647d80fcf7ee3b6fc

SHA256
f539d8851a0e7fdf6f79c14cec7738ee01cf634423c48112e4dde218381fc4a8

SHA512
c27b5bc82a8585c52dc067c0c18bfd5e9ad5876d0079aed05cd3e2145beca8b85123c5ba5c99ff81196ecfe75e73358c67aae0d4a9a263516de21a74c039d77c

Download Submit
/data/data/app.android.ninestore/databases/WaValue.db-wal
Filesize
72KB

MD5
dd5908f4dc7f73d5958af6c6a5c95f0a

SHA1
f79819589f3fb80f9f306452b4b87ea5c4fe0fa9

SHA256
93fe483cf3f6fbf4511a62b3422760eed002635e7a1e053ed932e558471cd4d4

SHA512
3352153c5f8b5023ec8c675a35b374aaa24930a439ba631f296d191d4bb23eec3f075fca3648c902836beea61720e232d2453b0c2aded72564dbe2950b552ccd

Download Submit
/data/data/app.android.ninestore/databases/downloader-journal
Filesize
512B

MD5
9e7b341aaf38744a90fd2babb9745ba1

SHA1
4f366eb2c749215d5b2f4d5a8465d1af805bab13

SHA256
0d53e3a0b24a2f30e6b4ba7b34640dd9eccb2d416e420d53435f7afb3edca8f8

SHA512
951af8983c3a599851c8888cedf5b5d546b90fdbf5ced136c0fd8df378ff684eea23f3223795b1a1584e46658fe78e5dd3dd5c477cc063ae1677c2078b9b3098

Download Submit
/data/data/app.android.ninestore/databases/downloader-wal
Filesize
36KB

MD5
0039437053e6ad278c010c4fe882a81f

SHA1
0ec0418e9eed5da6647a6038585f21f576d14ed5

SHA256
1c8845c4bc1ab048d9b0bc52bf5756033303ea63d5141a3ddd7d0d9e84c089b5

SHA512
e4e94b29e8a6f7a1795597a0c29ccb569572dff82b01d98e88a6218ea3258a4a5e4efcd9f3eeb7bc37d29a267a3fce4960344308b0c69487d05563a0a0dc35c2

Download Submit
/data/data/app.android.ninestore/databases/pushmessage
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.android.ninestore/databases/pushmessage-journal
Filesize
512B

MD5
44702f1fb4fbf1b526685daeed376448

SHA1
1dcaa0de1c8fec69e60e85b923e20185cb57c51e

SHA256
d173edf7353c55ce5b21e8b055f2bc293fc1e33648a52bd5eedbf76543208d47

SHA512
5c0e8ea0c11685973283e5e73bdcb016e52ee144b95b727012accf72bd6078a6f43f05a696d95d98c4141880189e9e6777c9382e2bfae537d4397ddff2503e26

Download Submit
/data/data/app.android.ninestore/databases/pushmessage-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.android.ninestore/databases/pushmessage-wal
Filesize
28KB

MD5
5a3568b23c022dadd943c7dad73d50a0

SHA1
6a8212447d164557cdb5fe89d177000cca11fa2e

SHA256
216aefe6293cf75e7f7eda09c8ac9e6604116ccde769d381ae00f04df412e6dc

SHA512
a2dbe995f219deafb929883e3092036f3ab519eed9b20085d77b16ce3575158e6fcc7a2df7de13d612cecfe7b76adf79c37a9b9eb922fa0bc6844702cad5a2c0

Download Submit
/data/data/app.android.ninestore/files/daemon
Filesize
13KB

MD5
e415dc9f7ae531ca1da4d00d5a072607

SHA1
2d08971ae91cad6fafae2e91d2701b97a5fe9415

SHA256
8fa4c27529ddd36b19323cb156d8f186974e8b85e02ea6ee6167808508198d13

SHA512
ad1e166987dd3c4894e95ec13bde4bdb4dab62fae88327f82af235a80d5e22f201fdb66b2171257b4d4dd003794ba682f7aa064de57867d5afeb8cca672b18e4

Download Submit