3bbf6a4878cef428803ebb139392d7f27d78857c611f8318649a365ab6e1a8d2

Analysis

max time kernel
21s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13-06-2024 06:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a42770f390580bb13c231940dbc58c6d_JaffaCakes118.apk
Size

31.3MB
MD5

a42770f390580bb13c231940dbc58c6d
SHA1

b6d23132a50b7b13c3417dd2260164fa6070e65e
SHA256

3bbf6a4878cef428803ebb139392d7f27d78857c611f8318649a365ab6e1a8d2
SHA512

e3257a71355d1c55dd7f78a4b57266e42f09f184208a9b1543306743636ae353dd0835a6314621a0d386af83319123d9d175c161d9fec670bcf852b2939ed6bb
SSDEEP

786432:XL1XBmb4zTuEnV+px3jpUHxkduZqeoUD+rt4BBa9IkmKqBKABpkDV8nSEDvokIrM:XLLmMeqRHxbZ1lDFza9ISqBKgpkDb6vJ

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 3 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.chillingo.slyfoxfree.android.aja/mzwres/sdk/mzw.jar	4337	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.chillingo.slyfoxfree.android.aja/mzwres/sdk/mzw.jar --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/data/com.chillingo.slyfoxfree.android.aja/mzwres/sdk/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.chillingo.slyfoxfree.android.aja/mzwres/sdk/mzw.jar	4305	com.chillingo.slyfoxfree.android.aja
/data/data/com.chillingo.slyfoxfree.android.aja/mzwres/sdk/mzw.jar	4420	com.chillingo.slyfoxfree.android.aja:helper

com.chillingo.slyfoxfree.android.aja
1⤵
- Loads dropped Dex/Jar
PID:4305
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.chillingo.slyfoxfree.android.aja/mzwres/sdk/mzw.jar --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/data/com.chillingo.slyfoxfree.android.aja/mzwres/sdk/oat/x86/mzw.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4337

com.chillingo.slyfoxfree.android.aja:helper
1⤵
- Loads dropped Dex/Jar
PID:4420

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.chillingo.slyfoxfree.android.aja/mzwres/sdk/dex

Filesize
1.8MB

MD5
e38d6f342a1453b198285d0d60b8e6f1

SHA1
733b71e73ba44a9b44981239a84a93884877fb29

SHA256
2a18c54325f2b0acc1e195ed196610afc914a46bcd9e6355066ee981f0657c59

SHA512
bd101eaa8c4df97b770618793a60c8701303fb58cd4bca46e17c80914e3e08341706590346fe5ede0ef88e6d542a36954e009aa46d59f2f9ead9f13e44c01945

Download Submit
/data/data/com.chillingo.slyfoxfree.android.aja/mzwres/sdk/mzw.jar

Filesize
4.5MB

MD5
4107b45db77c030749afcdc9bdc036b3

SHA1
82e7cd707d7549f6c9da9681f4016ed54d45b2e5

SHA256
6a1efc56b3727208ba4da8fb37a024a06e7993d7e6d264ab9e226d63a7f393bc

SHA512
73c85c12866e5572b23edbf96456f8bec59f67e987471bafb345f17c1673be176973c4e6e19ddeb0ccbab10b2b2a9f4585040039fd0ed0601348de5a0f6e4e60

Download Submit
/data/data/com.chillingo.slyfoxfree.android.aja/mzwres/sdk/mzw.jar

Filesize
4.2MB

MD5
4ff53889c26a2b5c3d7469ebfde9fc10

SHA1
631f68e31bfbb83eec874c008ac0c3481534977a

SHA256
8c1c4b979c67ca726d1a6f9b999ac930c4ffb8a13bca249dfd214bdbb1841d4b

SHA512
1220ce9939b96a4b1c53e6632f6662256807476f5753176ba75be64eaf57ef96a70ea64a41af6064ce689fef535e38c7b806b7135195fccbc1358281c146aa7c

Download Submit
/data/data/com.chillingo.slyfoxfree.android.aja/mzwres/sdk/pack

Filesize
6.1MB

MD5
91cfe57ec73bba423c301f3ffc0cdec0

SHA1
c25f1eba78583d9fb2f80d9e3a5899a20ebab528

SHA256
b21558b30ab57848fdf578a626251d89dc376d8fc8fc3f46f746288100baa717

SHA512
eff1ceb8a42de5335c6c3137e6f8b3d79b969fe419a5973bbe547c3eed1e41aca0037077a60ce1b38a295d337ceadfb89b033bd1d1ae6f37b7f6b04e499f456f

Download Submit