c98cf4c07fc337db0c6fc0ba7f22c87824c874ae0326de00e561976f5869fe5f

General

Target

a749c39d319b871f1f918e6290bd3a5f_JaffaCakes118.apk
Size

4.3MB
MD5

a749c39d319b871f1f918e6290bd3a5f
SHA1

6dac9460c0f0b8e58865b1e03e1a600ca1c5cc38
SHA256

c98cf4c07fc337db0c6fc0ba7f22c87824c874ae0326de00e561976f5869fe5f
SHA512

333e75694f60adbd6fed39d4f56edb3d8aba341394fa0538abc5a6143d42ebc0c5bf740c9480261d0fb5024a9b1efb3215ea4c1c9a894af5ff3f5ad4cc42557f
SSDEEP

98304:Qs2mTvBHMRD3d91tBUeDTdzc5nfRkBokOwsBM2Pdf5Q/9i:h2UvFMRbBUaJzwKBmBMD9i

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.veding.buyer

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.veding.buyer

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.veding.buyer
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.veding.buyer:pushservice

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.veding.buyer
Framework API call	javax.crypto.Cipher.doFinal	com.veding.buyer:pushservice

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.veding.buyer

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.veding.buyer

com.veding.buyer
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4277

com.veding.buyer:pushservice
1⤵
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4405

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Clipboard Data

1

T1414

Discovery

Process Discovery

1

T1424

System Information Discovery

2

T1426

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Clipboard Data

1

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Data Manipulation

1

T1641

Transmitted Data Manipulation

1

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.veding.buyer/databases/pushsdk.db-journal

Filesize
512B

MD5
c601eecad4ac56fd4a73e34b402fb1dc

SHA1
0dd729b15727834cb701fec3c63c889624cb6d11

SHA256
80d8a78b00aed32c1c7311f73fc8524e84e9fba27bb81bf470069f4faddc0a05

SHA512
5a53049ec633159720b1bb68eeefe3c5221f35c6eb7b743e0b13fbf862a4ad5dfa9a0dcd10e4a71e903ca07413b03365680bac5b42b3ec143f74a99522813053

Download Submit
/data/user/0/com.veding.buyer/databases/pushsdk.db-journal

Filesize
8KB

MD5
0d1e0d9ab6732ceaee74e22c0886b906

SHA1
758eeb756d784edc7cb67e5453c9469d6f49ff5f

SHA256
0c0e7657c6ae7eddf3fbd2c88c6505b063390ff93118c0aeb447eade4fe1e6a5

SHA512
e4e9b650bae93c4f6d740aec7ebddd87660f417c0045992b0a35250d33e234fc45d8a2005733a34b3b129f692d46234a4a908b6b12989172564ee3acd105fa5f

Download Submit
/data/user/0/com.veding.buyer/databases/pushsdk.db-journal

Filesize
8KB

MD5
0282e10ff8ff964740727a032c53a67a

SHA1
361534845c883f13f42c032999e656c4ff6957aa

SHA256
d45a4acf3f3638af1bed34df3d4f112181c8330cf44b2b9f8b368331af3c0087

SHA512
a322f4f8d1771dd87b92af36942b8c33991e89d5ab3e6a72f39d328096213938f9fc0a6128522b1a0d11d6c01ebb12131de4102c696f1cddc2122189f0447d09

Download Submit
/data/user/0/com.veding.buyer/databases/pushsdk.db-journal

Filesize
4KB

MD5
c3fed5ae8337bdf8cc8cd30b6e163f1e

SHA1
d6f11cb13b83651d05c1aa4f1cc8a60c213172ad

SHA256
96bc39f67c39118270573cac04e2109437c1d9a1c10824c369b4453d1b754e97

SHA512
10d53adab4ed822cea595ba3846f826a2b9122da0b7c0e1c6b7b480a7a6cffd12642957320008176388baf013b07a49be33523d13fc642ba283aaffdc163aece

Download Submit
/data/user/0/com.veding.buyer/databases/pushsdk.db-journal

Filesize
8KB

MD5
bfd3814ab6d621273ebd0326d61426b7

SHA1
46819a90d3c1b5b91cbe7290d6408392c61fbe27

SHA256
3a6d4aaeaf31e996766efc830cdde6889dacf5140562b878601c4c7c1bc4ac45

SHA512
9675e82a67056965cc5967da64f7bb176a72ff5fb79fa7b95fb6d16f125d93e3927dca309986ccb86fabf3775295f6bde7f181bdeb5e4c800930cd92efa57287

Download Submit
/data/user/0/com.veding.buyer/databases/pushsdk.db-journal

Filesize
8KB

MD5
3cd9726d7925ff8c28e1360d8b867f27

SHA1
798bbd306a672b5a926487a5eaefaad3d7f486d6

SHA256
472943e731cd125818493a9eb82adca2d0a50933dac5cda653e02c57e69583e8

SHA512
ace45652edfb0d1b5174e49a6c7efb6fa97b142bccf51351be67d5f6c7096e02908b5970f58ca23a654414878ebace7708d64828612aae1ec34a4839c0c11d35

Download Submit
/data/user/0/com.veding.buyer/files/libcuid.so

Filesize
109B

MD5
a4acdbe0ab814f03da5628237dfbd8ff

SHA1
94d0e485cd9f2190ab65eabb1c9b7f68582a74aa

SHA256
f825bbe5868d67f1334a2a4517dde55f371f0f8ca3821ac565f4e2754d58c8c9

SHA512
79567f34351de66964218241a6578f853581d1c1a972a9c424c70df1738e4a538697369b16e89735f3efbc3e494c511f9f635ea54111ed69bc2648e349228632

Download Submit
/storage/emulated/0/backups/.SystemConfig/.cuid2

Filesize
48KB

MD5
06f1231e68434962c3bc03327c426e53

SHA1
21305479befd43442e60e37a4f379223529bcf5e

SHA256
a542a8937d0a88207af553cb82544dc1094a4f685c642431df11197f7b56385d

SHA512
73ffaf03f150b16b166b5984a4f2c7b3023d0579e126b8bca95f0c806fd69edb222e8f4b833e20b7cfba958631b106dcf4414130eb5070a798b34f2a7586748d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads