093f59e21155961b3103d1b366b1bbc12727bd124c408dd95787323b3ea0792b

Analysis

max time kernel
93s
max time network
172s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
12-06-2024 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0fe08922e5c9dc631d43cd126621c65_JaffaCakes118.apk
Size

12.6MB
MD5

a0fe08922e5c9dc631d43cd126621c65
SHA1

2c84de7e3e38762b1e6669d3f61adfc1cba9bd26
SHA256

093f59e21155961b3103d1b366b1bbc12727bd124c408dd95787323b3ea0792b
SHA512

e8ba8625deed098121a605597e1b1b4b2b0f2ce74a1ea53a017a77885c78de448b7b59416c00a1d5508a3cf7e767a00f2d6209a3780799dd3d247a8156d6823c
SSDEEP

393216:8fOIqk9YT7PnR97RgPlycEQivGnwetBULr45vOXVqF:xWYT7PYoOptWYBmG

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

T1407

Processes:

de.nr.android.app.locator.premium

ioc	pid	process
/product/framework/com.google.android.maps.jar	5106	de.nr.android.app.locator.premium
/product/framework/com.google.android.maps.jar	5106	de.nr.android.app.locator.premium

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

de.nr.android.app.locator.premium

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo de.nr.android.app.locator.premium
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

de.nr.android.app.locator.premium

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo de.nr.android.app.locator.premium
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

de.nr.android.app.locator.premium

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone de.nr.android.app.locator.premium
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

de.nr.android.app.locator.premium

description ioc process

Framework service call android.app.IActivityManager.registerReceiver de.nr.android.app.locator.premium

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	de.nr.android.app.locator.premium

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	de.nr.android.app.locator.premium

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	de.nr.android.app.locator.premium

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	de.nr.android.app.locator.premium

de.nr.android.app.locator.premium
1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5106

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/de.nr.android.app.locator.premium/app_fiverocks/events2
Filesize
16KB

MD5
ac8fcac67e1235eeb90313d9b450af27

SHA1
0a56b0557d54706d3881d59e39fb36b9188dc0ca

SHA256
0c84957ac42a1e19209745a578e6b612146b167850c0d184d226b4989d24d1c9

SHA512
26af3955d5d977f58c4c29917c577f51104e39bfd0b5414d44005fbf6ed4f9bf7f5c76e2d76694adcabe183e341a24f430388ff3bd5f87ec529ebaa680169aba

Download Submit
/data/data/de.nr.android.app.locator.premium/app_fiverocks/events2-journal
Filesize
512B

MD5
84aabcc3a9b0fc40c00752a30dc02469

SHA1
6f3dab6c2654a83e54f2ddd0f84310dfaf4e506a

SHA256
1452de0b955870708486d33a6402499a6f578c60248113dd7bc191c400438239

SHA512
3a14283af36308a8ef9464130a19d784ee867da13d270fa0c31bb40666bd5f237962199064be323e1b7eefc38fbc7c182602a1cda0ded8cb4c62e6eebf626941

Download Submit
/data/data/de.nr.android.app.locator.premium/app_fiverocks/events2-journal
Filesize
8KB

MD5
03b71e941c22c1473487e56fc3794989

SHA1
b5048ab8961f894b9136c6dbda1f9fc4cacf932d

SHA256
476d37c58af9e43296c656b900de790bc4223ab09debda1db66355e63cbdb27e

SHA512
24100c11705df57206e048c58eef7aa918e3a25afd45bfb91149202afd957c3347f5d90700ed360a714cf8f5b919d15e588fd0df8a44ae935d626ee3f3834749

Download Submit
/data/data/de.nr.android.app.locator.premium/app_fiverocks/events2-journal
Filesize
8KB

MD5
33a8956a8414c9575f754bc59278844c

SHA1
5f3e9abfde7b669ad726d179d4ee74872b7474b9

SHA256
69107f9805703670a536008e7acafb10280cdb77e0475850697cbdad98c719ce

SHA512
99dd9197dea32cc9f8ccc7e51cd5f5fb647e2ba1a1e606e6296c6710ff84f3105ea7dc9dfe94c9635ca20e8c47142639e8a6dab0fd46fae15a48a72860efc9e9

Download Submit
/data/data/de.nr.android.app.locator.premium/app_fiverocks/events2-journal
Filesize
8KB

MD5
493940e62340061d91a4111eb2e446a0

SHA1
36bdcbe25b3aa366f53a9fafea3a57c6ca804d0f

SHA256
5e63f06de3c4d60f25eeddbf51f09bd6a6669beec69fc9856eac92778711e859

SHA512
b7ec8cd612a3bfe744080b039867ba0888e71c5d2bc1d194903fe8d28f2f2e9861f0f5c1743a9594e8f75a1e055244d4f62398d03109d540c9bd996caa5b6742

Download Submit
/product/framework/com.google.android.maps.jar
Filesize
315KB

MD5
4899aca36d1ed747a447dcac0d101a62

SHA1
32e43edc0bf3e036683ea8639472e6cd31ab9929

SHA256
67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

SHA512
50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f

Download Submit